From sec-adv at secunia.com Wed Mar 2 10:32:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Mar 2011 19:32:00 +0100 Subject: [SEC] [SA43424] Tiny Tiny RSS Script Insertion Vulnerability Message-ID: <201103021832.p22IW0Y7023788@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Tiny Tiny RSS Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43424 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43424/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43424 RELEASE DATE: 2011-03-02 DISCUSS ADVISORY: http://secunia.com/advisories/43424/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43424/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43424 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Tiny Tiny RSS, which can be exploited by malicious people to conduct script insertion attacks. The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. insert arbitrary HTML and script code in filter labels by tricking an administrator into visiting a malicious web site while being logged-in to the application. The vulnerability is confirmed in version 1.5.1. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Paul Davis ORIGINAL ADVISORY: http://tt-rss.org/redmine/issues/323 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 11:32:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Mar 2011 20:32:10 +0100 Subject: [SEC] [SA43385] Drupal Messaging Module Script Insertion Vulnerability Message-ID: <201103021932.p22JWA8Y014354@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Drupal Messaging Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43385 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43385/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43385 RELEASE DATE: 2011-03-02 DISCUSS ADVISORY: http://secunia.com/advisories/43385/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43385/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43385 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Messaging module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "administer messaging" permissions. The vulnerability is reported in versions prior to 6.x-2.4. SOLUTION: Update to version 6.x-2.4 or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Justin Klein Keane. ORIGINAL ADVISORY: SA-CONTRIB-2011-010: http://drupal.org/node/1064024 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 12:31:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Mar 2011 21:31:56 +0100 Subject: [SEC] [SA43387] Red Hat update for java-1.6.0-sun Message-ID: <201103022031.p22KVusp004903@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.6.0-sun SECUNIA ADVISORY ID: SA43387 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43387/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43387 RELEASE DATE: 2011-03-02 DISCUSS ADVISORY: http://secunia.com/advisories/43387/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43387/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43387 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.6.0-sun. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA43262 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0282-1: https://rhn.redhat.com/errata/RHSA-2011-0282.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 13:32:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Mar 2011 22:32:15 +0100 Subject: [SEC] [SA43427] Debian update for moodle Message-ID: <201103022132.p22LWFOK027895@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for moodle SECUNIA ADVISORY ID: SA43427 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43427/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43427 RELEASE DATE: 2011-03-02 DISCUSS ADVISORY: http://secunia.com/advisories/43427/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43427/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43427 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for moodle. This fixes multiple vulnerabilities, which can be exploited by malicious users to perform certain actions with escalated privileges, disclose sensitive information, and hijack another user's session and by malicious people to conduct cross-site scripting attacks. For more information: SA40845 SA41655 SOLUTION: Install updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2172-1: http://www.debian.org/security/2011/dsa-2172 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 14:24:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Mar 2011 23:24:09 +0100 Subject: [SEC] [SA43397] Fedora update for krb5 Message-ID: <201103022224.p22MO9R5018101@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for krb5 SECUNIA ADVISORY ID: SA43397 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43397/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43397 RELEASE DATE: 2011-03-02 DISCUSS ADVISORY: http://secunia.com/advisories/43397/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43397/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43397 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for krb5. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43260 SOLUTION: Apply updated packages via the yum utility ("yum update krb5"). ORIGINAL ADVISORY: FEDORA-2011-1210: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054161.html FEDORA-2011-1225: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054158.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 14:45:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Mar 2011 23:45:05 +0100 Subject: [SEC] [SA43408] MySQL Eventum Script Insertion and Cross-Site Request Forgery Message-ID: <201103022245.p22Mj5BR006902@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: MySQL Eventum Script Insertion and Cross-Site Request Forgery SECUNIA ADVISORY ID: SA43408 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43408/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43408 RELEASE DATE: 2011-03-02 DISCUSS ADVISORY: http://secunia.com/advisories/43408/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43408/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43408 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in MySQL Eventum, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks. 1) Input passed via the "full_name" POST parameter to preferences.php (when the "cat" POST parameter is set to "update_name") is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. add an administrative user by tricking an administrator into visiting a malicious web site while being logged-in to the application. The vulnerabilities are confirmed in version 2.3.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: 1) Saif El-Sherei 2) An anonymous person. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 15:10:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 00:10:06 +0100 Subject: [SEC] [SA43392] ClamAV "vba_read_project_strings()" Double-Free Vulnerability Message-ID: <201103022310.p22NA6JT028298@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: ClamAV "vba_read_project_strings()" Double-Free Vulnerability SECUNIA ADVISORY ID: SA43392 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43392/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43392 RELEASE DATE: 2011-03-02 DISCUSS ADVISORY: http://secunia.com/advisories/43392/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43392/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43392 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to a double-free error within the "vba_read_project_strings()" function in libclamav/vba_extract.c and can be exploited via specially crafted files. The vulnerability is reported in versions prior to 0.97. SOLUTION: Update to version 0.97. PROVIDED AND/OR DISCOVERED BY: Reported by T?r?k Edwin in a ClamAV bug report. ORIGINAL ADVISORY: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486 http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=d21fb8d975f8c9688894a8cef4d50d977022e09f OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 15:24:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 00:24:02 +0100 Subject: [SEC] [SA43426] Fedora update for Django Message-ID: <201103022324.p22NO2Id016780@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for Django SECUNIA ADVISORY ID: SA43426 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43426/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43426 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43426/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43426/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43426 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for Django. This fixes two vulnerabilities, which can be exploited by malicious people to conduct script insertion and cross-site request forgery attacks. For more information: SA43230 SOLUTION: Apply updated packages via the yum utility ("yum update Django"). ORIGINAL ADVISORY: FEDORA-2011-1261: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.html FEDORA-2011-1235: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054208.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 15:45:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 00:45:35 +0100 Subject: [SEC] [SA43422] Icy Phoenix "Referer" Header Script Insertion Vulnerability Message-ID: <201103022345.p22NjZUc005613@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Icy Phoenix "Referer" Header Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43422 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43422/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43422 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43422/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43422/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43422 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Saif El-Sherei has discovered a vulnerability in Icy Phoenix, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the "Referer" HTTP header isn't properly sanitised before being used. This can be exploited to inject HTML and script code, which will be executed in an user's browser session in context of an affected site when the malicious data is viewed in the "Http Referrers" section of the application. The vulnerability is confirmed in version 1.3.0.53a. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Saif El-Sherei ORIGINAL ADVISORY: Exploit-DB#16199: http://www.exploit-db.com/exploits/16199/ Icy Phoenix Forum: http://www.icyphoenix.com/viewtopic.php?f=1&t=7661 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 16:11:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 01:11:59 +0100 Subject: [SEC] [SA43394] PIPI Player PIPIWebPlayer ActiveX Control Buffer Overflow Vulnerability Message-ID: <201103030011.p230BxT2027095@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: PIPI Player PIPIWebPlayer ActiveX Control Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43394 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43394/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43394 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43394/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43394/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43394 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in PIPI Player PIPIWebPlayer ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when processing the "PlayURL()" and "PlayURLWithLocalPlayer()" methods. This can be exploited to cause a stack-based buffer overflow via an overly long string passed to the methods. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.8.0.0 (PIPIWebPlayer.ocx version 1.4.0.0). Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: riusksk ORIGINAL ADVISORY: http://www.wooyun.org/bugs/wooyun-2010-01382 http://www.wooyun.org/bugs/wooyun-2010-01383 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 16:46:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 01:46:03 +0100 Subject: [SEC] [SA43294] Debian update for mailman Message-ID: <201103030046.p230k3gG016477@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for mailman SECUNIA ADVISORY ID: SA43294 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43294/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43294 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43294/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43294/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43294 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for mailman. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA41265 SA43389 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2170-1: http://www.debian.org/security/2011/dsa-2170 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 17:13:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 02:13:44 +0100 Subject: [SEC] [SA43389] Mailman "Full Name" Script Insertion Vulnerabilities Message-ID: <201103030113.p231DiVH005580@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Mailman "Full Name" Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA43389 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43389/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43389 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43389/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43389/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43389 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "full name" is not properly sanitised before being used in the "Confirm unsubscription request", "Confirm change of email address request", and "Re-enable mailing list membership" pages. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are reported in version 2.1.14. Other versions may also be affected. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Mailman: http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 17:46:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 02:46:18 +0100 Subject: [SEC] [SA43417] PivotX Password Reset Vulnerability Message-ID: <201103030146.p231kIPD027318@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: PivotX Password Reset Vulnerability SECUNIA ADVISORY ID: SA43417 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43417/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43417 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43417/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43417/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43417 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in PivotX, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the application allowing an attacker to change the password of an existing user by guessing a valid user name. No further information is currently available. The vulnerability is reported in version 2.2.3. Prior versions may also be affected. NOTE: The vulnerability is currently being actively exploited. SOLUTION: Update to version 2.2.5. PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: PivotX: http://blog.pivotx.net/archive/2011/02/16/pivotx-225-released OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 18:10:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 03:10:54 +0100 Subject: [SEC] [SA43412] Moodle phpMyAdmin Module Multiple Vulnerabilities Message-ID: <201103030210.p232AsZi016277@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Moodle phpMyAdmin Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43412 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43412/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43412 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43412/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43412/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43412 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the phpMyAdmin module for Moodle, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose system information and conduct cross-site scripting and spoofing attacks. For more information: SA42408 SA42485 SA43324 SOLUTION: Update to the latest version. ORIGINAL ADVISORY: MSA-11-0001: http://moodle.org/mod/forum/discuss.php?d=169336 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 18:46:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 03:46:15 +0100 Subject: [SEC] [SA43152] Newscoop Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201103030246.p232kF42005736@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Newscoop Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43152 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43152/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43152 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43152/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43152/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43152 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Newscoop, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "request" parameter to e.g. admin/login.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This vulnerability is confirmed in version 3.5.0. Prior versions may also be affected. 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected web site. SOLUTION: Update to version 3.5.1. PROVIDED AND/OR DISCOVERED BY: 1) Russ McRee via Secunia. 2) Reported by the vendor ORIGINAL ADVISORY: Newscoop: http://www.sourcefabric.org/en/products/newscoop_release/510/Newscoop-351-released!.htm Russ McRee: https://holisticinfosec.org/content/view/177/45/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 19:13:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 04:13:51 +0100 Subject: [SEC] [SA43433] Avaya CMS Solaris FTP Server Denial of Service Vulnerability Message-ID: <201103030313.p233Dpmr027714@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Avaya CMS Solaris FTP Server Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43433 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43433/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43433 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43433/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43433/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43433 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Avaya has acknowledged a vulnerability in Avaya Call Management System, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #2: SA42984 The vulnerability is reported in the following versions R15, R16, R16.1, and R16.2. SOLUTION: Apply patch 144053-04. ORIGINAL ADVISORY: ASA-2011-040: https://support.avaya.com/css/P8/documents/100127892 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 19:46:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 04:46:15 +0100 Subject: [SEC] [SA43434] Ruby "FileUtils.remove_entry_secure" Race Condition Security Issue Message-ID: <201103030346.p233kFJE017042@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ruby "FileUtils.remove_entry_secure" Race Condition Security Issue SECUNIA ADVISORY ID: SA43434 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43434/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43434 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43434/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43434/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43434 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Ruby, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to a race condition within the "FileUtils.remove_entry_secure" method, which can be exploited to delete arbitrary directories and files via symlink attacks. The security issue is reported in versions 1.8.6 patchlevel 420 and prior, 1.8.7 patchlevel 330 and prior, 1.9.1 patchlevel 430 and prior, and 1.9.2 patchlevel 136 and prior. SOLUTION: Update to versions 1.8.7-334, 1.9.1-p431, or 1.9.2-p180. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Ruby: http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 20:11:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 05:11:09 +0100 Subject: [SEC] [SA43429] Asterisk UPDTL Buffer Overflow Vulnerabilities Message-ID: <201103030411.p234B9vU006018@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Asterisk UPDTL Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA43429 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43429/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43429 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43429/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43429/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43429 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to boundary errors within the "decode_open_type()" and "udptl_rx_packet()" functions in main/udptl.c, which can be exploited to cause heap-based and stack-based buffer overflows by e.g. sending specially crafted UDPTL packets to a server performing T.38 pass through or termination. Successful exploitation requires that the "t38pt_udptl" option is set to "yes" ("no" by default). The vulnerabilities are reported in Asterisk Open Source Edition prior to versions 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 and Asterisk Business Edition prior to version C.3.6.3. SOLUTION: Update to a fixed version or apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://downloads.asterisk.org/pub/security/AST-2011-002.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 20:46:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 05:46:05 +0100 Subject: [SEC] [SA43263] Firebook "NAME" Cross-Site Scripting Vulnerability Message-ID: <201103030446.p234k5vD027847@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Firebook "NAME" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43263 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43263/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43263 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43263/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43263/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43263 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: MustLive has reported a vulnerability in Firebook, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "NAME" parameter to e.g. index.html is not properly sanitised in cgi-bin/firebook/firebook.pm before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 3.100328. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: http://websecurity.com.ua/4717/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 21:11:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 06:11:22 +0100 Subject: [SEC] [SA43423] Avaya CMS Solaris "libc" Privilege Escalation Vulnerability Message-ID: <201103030511.p235BMso016843@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Avaya CMS Solaris "libc" Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA43423 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43423/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43423 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43423/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43423/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43423 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Avaya has acknowledged a vulnerability in Avaya Call Management System, which can be exploited by malicious, local users to gain escalated privileges. For more information see vulnerability #7: SA42984 The vulnerability is reported in the following versions R15, R16, R16.1, and R16.2. SOLUTION: The vendor recommends that local and network access to the affected systems be restricted until an update is available. ORIGINAL ADVISORY: ASA-2011-042: https://support.avaya.com/css/P8/documents/100127905 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 21:45:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 06:45:59 +0100 Subject: [SEC] [SA43361] Avahi Empty UDP Packet Denial of Service Vulnerability Message-ID: <201103030545.p235jxfc006267@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Avahi Empty UDP Packet Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43361 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43361/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43361 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43361/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43361/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43361 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Avahi, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing certain UDP packets, which can be exploited to trigger an infinite loop by e.g. sending an empty packet to port 5353/UDP. The vulnerability is reported in version 0.6.24 and later. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported in a Red Hat bug by "nuh". ORIGINAL ADVISORY: Avahi: http://www.avahi.org/ticket/325 http://git.0pointer.de/?p=avahi.git;a=commitdiff;h=46109dfec75534fe270c0ab902576f685d5ab3a6 Red Hat Bug #667187: https://bugzilla.redhat.com/show_bug.cgi?id=667187 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 2 22:11:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 07:11:13 +0100 Subject: [SEC] [SA43401] VirtueMart Unspecified SQL Injection Vulnerability Message-ID: <201103030611.p236BDCG027660@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: VirtueMart Unspecified SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43401 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43401/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43401 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43401/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43401/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43401 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in VirtueMart, which can be exploited by malicious people to conduct SQL injection attacks. Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in versions 1.1.7 and prior. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: VirtueMart: http://virtuemart.net/security-bulletins/396-vm-security-bulletin-2011-02-18 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 10:31:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 19:31:40 +0100 Subject: [SEC] [SA43609] Domain Technologie Control Multiple Vulnerabilities Message-ID: <201103031831.p23IVeu5010749@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Domain Technologie Control Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43609 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43609/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43609 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43609/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43609/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43609 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Domain Technologie Control, which can be exploited by malicious users and malicious people to bypass certain security restrictions and by malicious people to conduct SQL injection attacks. 1) Input passed via the "cid" parameter to admin/bw_per_month.php and client/bw_per_month.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) The admin/bw_per_month.php and client/bw_per_month.php scripts do not properly check for authentication, which can lead to disclosure of bandwidth usage information. 3) An error in the handling of access permissions in shared/inc/sql/ssh.php can be exploited to delete arbitrary user accounts. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ansgar Burchardt. ORIGINAL ADVISORY: http://gplhost.sg/lists/dtcannounce/msg00025.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 11:30:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 20:30:56 +0100 Subject: [SEC] [SA43595] PolarSSL Diffie-Hellman Key Exchange Vulnerability Message-ID: <201103031930.p23JUuC9001195@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: PolarSSL Diffie-Hellman Key Exchange Vulnerability SECUNIA ADVISORY ID: SA43595 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43595/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43595 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43595/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43595/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43595 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in PolarSSL, which can be exploited by malicious people to disclose sensitive information or manipulate certain data. The vulnerability is caused due to PolarSSL not properly rejecting certain weak keys used in a Diffie-Hellman key exchange, which can be exploited to force the generation of a predictable secret by modifying the parameters during the handshake via a Man-in-the-Middle (MitM) attack. Successful exploitation requires that the SSL_EDH_RSA_DES_168_SHA, SSL_EDH_RSA_AES_128_SHA, SSL_EDH_RSA_AES_256_SHA, SSL_EDH_RSA_CAMELLIA_128_SHA, or SSL_EDH_RSA_CAMELLIA_256_SHA cipher suites are used without full authentication. SOLUTION: Update to versions 0.99-pre3 and 0.14.2 or apply the patch. PROVIDED AND/OR DISCOVERED BY: The vendor credits Larry Highsmith, Subreption LLC ORIGINAL ADVISORY: http://polarssl.org/trac/wiki/SecurityAdvisory201101 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 12:31:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 21:31:41 +0100 Subject: [SEC] [SA43607] Ubuntu update for thunderbird Message-ID: <201103032031.p23KVfej024234@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for thunderbird SECUNIA ADVISORY ID: SA43607 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43607/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43607 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43607/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43607/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43607 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA43586 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1050-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001271.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 13:31:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 22:31:12 +0100 Subject: [SEC] [SA43619] IBM WebSphere Application Server Community Edition Java Double Literal Denial of Service Message-ID: <201103032131.p23LVCfW014756@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Application Server Community Edition Java Double Literal Denial of Service SECUNIA ADVISORY ID: SA43619 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43619/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43619 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43619/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43619/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43619 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM WebSphere Application Server Community Edition, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1: SA43262 The vulnerability is reported in versions 2.1 through 2.1.1.5. SOLUTION: The vendor has released an updated version 2.1.1.5, which fixes the vulnerability. ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg21468267 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 14:25:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 23:25:43 +0100 Subject: [SEC] [SA43582] Apple iTunes Multiple Vulnerabilities Message-ID: <201103032225.p23MPhk6005031@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Apple iTunes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43582 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43582/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43582 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43582/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43582/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43582 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious people to compromise a user's system. 1) Some errors exists due to the use of a vulnerable libpng library. For more information: SA40302 2) An array indexing error in the CoreGraphics library (ImageIO) when processing the International Color Consortium (ICC) profile within a JPEG image can be exploited to corrupt heap-based memory. 3) An error in the libTIFF library when handling JPEG encoded TIFF images can be exploited to cause a buffer overflow. 4) A boundary error in the libTIFF library when handling CCITT Group 4 encoded TIFF images. For more information: SA43593 5) A double free error in the libxml library when handling XPath expressions. For more information: SA42721 6) An error exists in the libxml library when traversing the XPath. For more information: SA42175 7) Multiple unspecified errors in the WebKit component can be exploited to corrupt memory. 8) An error in the WebKit component when elements are being appended to the DOM tree during the display of an error message can be exploited to access a freed element via a specially crafted document. 9) An error in the WebKit component when handling a DOM level 2 range object can be exploited to corrupt memory by manipulating the DOM via an event listener. 10) A use-after-free error in the "setOuterText()" method in the htmlelement library (WebKit) when tracking DOM manipulations can be exploited to dereference freed memory. 11) A use-after-free error in the WebKit component when promoting a run-in element can be exploited to dereference freed memory. 12) An error in the WebKit component when performing layout operations for a floating block of a pseudo-element can be exploited to dereference uninitialised glyph data. 13) An error in the WebKit component when parsing a Root HTMLBRElement element can be exploited to call an unmapped dangling pointer. 14) An error in the Javascript array "sort()" method (WebKit) can be exploited to manipulate elements outside of the array's boundary. SOLUTION: Update to version 10.2. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 2) Andrzej Dyjak via iDefense VCP 3, 4) Reported by the vendor 8, 11 - 13) wushi of team509 via ZDI 9) J23 via ZDI 10, 14) An anonymous person via ZDI 11) Jose A. Vazquez via ZDI The vendor also credits: 5) Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences 6) Bui Quang Minh, Bkis 8) kuzcc 9) Emil A Eklund, Google Inc 13) SkyLined, Google Chrome Security Team The vendor provides a bundled list of credits for vulnerabilities in #7: Sergey Glazunov Andreas Kling, Nokia Yuzo Fujishima, Google Inc. Abhishek Arya (Inferno), Google, Inc. Mihai Parparita, Google, Inc. Emil A Eklund, Google, Inc. Michal Zalewski, Google, Inc. Chris Evans, Google Chrome Security Team SkyLined, Google Chrome Security Team Chris Rohlf, Matasano Security Aki Helin, OUSPG Dirk Schulze Slawomir Blazek David Bloom Famlam Jan Tosovsky Michael Gundlach ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4554 iDefense VCP: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=897 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-095/ http://www.zerodayinitiative.com/advisories/ZDI-11-096/ http://www.zerodayinitiative.com/advisories/ZDI-11-097/ http://www.zerodayinitiative.com/advisories/ZDI-11-098/ http://www.zerodayinitiative.com/advisories/ZDI-11-099/ http://www.zerodayinitiative.com/advisories/ZDI-11-100/ http://www.zerodayinitiative.com/advisories/ZDI-11-101/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 14:45:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Mar 2011 23:45:59 +0100 Subject: [SEC] [SA43602] PyWebDAV MySQL Authentication SQL Injection Vulnerability Message-ID: <201103032245.p23Mjxdw026212@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: PyWebDAV MySQL Authentication SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43602 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43602/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43602 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43602/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43602/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43602 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in PyWebDAV, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "user" and "pw" parameters to the "get_userinfo()" method of the MySQLAuthHandler class (DAVServer/mysqlauth.py) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in versions prior to 0.9.4.1. SOLUTION: Update to version 0.9.4.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Teeed. ORIGINAL ADVISORY: http://code.google.com/p/pywebdav/updates/list OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 15:11:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 00:11:13 +0100 Subject: [SEC] [SA43606] Novell Vibe OnPrem Unspecified Vulnerability Message-ID: <201103032311.p23NBD5h015193@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Novell Vibe OnPrem Unspecified Vulnerability SECUNIA ADVISORY ID: SA43606 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43606/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43606 RELEASE DATE: 2011-03-03 DISCUSS ADVISORY: http://secunia.com/advisories/43606/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43606/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43606 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Novell Vibe OnPrem, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error. No further information is currently available. The vulnerability is reported in version 3.0. SOLUTION: Apply Hot Patch 1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits an anonymous person. ORIGINAL ADVISORY: Novell: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5088845.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 15:46:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 00:46:06 +0100 Subject: [SEC] [SA43523] Debian update for dtc Message-ID: <201103032346.p23Nk6Pi004581@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for dtc SECUNIA ADVISORY ID: SA43523 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43523/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43523 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43523/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43523/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43523 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for dtc. This fixes multiple vulnerabilities, which can be exploited by malicious users and malicious people to bypass certain security restrictions and by malicious people to conduct SQL injection attacks. For more information: SA43609 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2179: http://www.us.debian.org/security/2011/dsa-2179 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 16:11:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 01:11:35 +0100 Subject: [SEC] [SA43590] EnterpriseDB Postgres Plus Advanced Server DBA Management Server Vulnerability Message-ID: <201103040011.p240BZoo025986@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: EnterpriseDB Postgres Plus Advanced Server DBA Management Server Vulnerability SECUNIA ADVISORY ID: SA43590 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43590/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43590 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43590/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43590/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43590 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability is reported in EnterpriseDB Postgres Plus Advanced Server, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the authentication mechanism of the DBA Management Server component when allowing access to the JBoss jmx-console or web-console and can be exploited instantiate arbitrary classes. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 8.4. SOLUTION: Update DBA Management Server to Build 39 via the StackBuilder Plus module. Please contact the vendor for more details. PROVIDED AND/OR DISCOVERED BY: AbdulAziz Hariri via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-102/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 16:46:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 01:46:03 +0100 Subject: [SEC] [SA42848] SUSE update for tomcat5 Message-ID: <201103040046.p240k3rs015381@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for tomcat5 SECUNIA ADVISORY ID: SA42848 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42848/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42848 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/42848/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42848/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42848 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for tomcat5. This fixes two vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks. For more information: SA43198 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0147-1: https://hermes.opensuse.org/messages/7511290 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 17:13:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 02:13:48 +0100 Subject: [SEC] [SA43420] Ruby "#to_s" Safe Level Security Bypass Vulnerability Message-ID: <201103040113.p241DmMZ004461@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ruby "#to_s" Safe Level Security Bypass Vulnerability SECUNIA ADVISORY ID: SA43420 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43420/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43420 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43420/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43420/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43420 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the exception "#to_s" handling and can be exploited to bypass the safe level protection and e.g. modify protected strings. The vulnerability is reported in version 1.8.6 patchlevel 420 and prior and version 1.8.7 patchlevel 330 and prior. The 1.9.x branch is not affected. SOLUTION: Update to version 1.8.7-334. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Ruby: http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 17:46:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 02:46:00 +0100 Subject: [SEC] [SA43384] Atlassian JIRA Redirection Weakness Message-ID: <201103040146.p241k0Sg026169@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Atlassian JIRA Redirection Weakness SECUNIA ADVISORY ID: SA43384 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43384/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43384 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43384/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43384/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43384 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Atlassian JIRA, which can be exploited by malicious people to conduct spoofing attacks. Certain unspecified input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. The weakness is reported in versions prior to 4.2.2. SOLUTION: Update to version 4.2.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2011-02-21 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 18:11:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 03:11:03 +0100 Subject: [SEC] [SA43319] Dokeos "code" Cross-Site Scripting Vulnerability Message-ID: <201103040211.p242B3tH015127@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Dokeos "code" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43319 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43319/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43319 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43319/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43319/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43319 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Dokeos, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "code" parameter to main/inc/latex.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.8.6.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/Dokeos.1.8.6.2_Reflected.Cross-site.Scripting_107.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 18:46:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 03:46:12 +0100 Subject: [SEC] [SA43327] I.C.E. CMS "SESSION.USER_ID" SQL Injection Vulnerability Message-ID: <201103040246.p242kCJO004537@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: I.C.E. CMS "SESSION.USER_ID" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43327 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43327/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43327 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43327/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43327/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43327 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in I.C.E. CMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "SESSION.USER_ID" parameter to media.cfm is not properly sanitised before being used in SQL queries in api/ice_media.cfc. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Rohan Stelling and Steven Seeley, stratsec ORIGINAL ADVISORY: SS-2011-001: http://www.stratsec.net/Research/Advisories/Lingxia-273-I-C-E-CMS-Blind-SQL-Injection-%28SS-2011 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 19:17:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 04:17:41 +0100 Subject: [SEC] [SA43346] Red Hat update for subversion Message-ID: <201103040317.p243Hf2X026703@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for subversion SECUNIA ADVISORY ID: SA43346 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43346/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43346 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43346/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43346/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43346 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for subversion. This fixes a security issue and two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA41652 SA42780 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0258-1: https://rhn.redhat.com/errata/RHSA-2011-0258.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 19:45:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 04:45:02 +0100 Subject: [SEC] [SA43348] Photopad Cross-Site Scripting Vulnerabilities Message-ID: <201103040345.p243j2sX015768@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Photopad Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43348 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43348/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43348 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43348/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43348/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43348 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered some vulnerabilities in Photopad, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "id" parameter and the "data[title]" POST parameter in files.php (when "action" is set to "edit") and "id" parameter in gallery.php (when "action" is set to "view") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22828: http://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_photopad.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 20:10:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 05:10:01 +0100 Subject: [SEC] [SA42504] Ubuntu update for openssl Message-ID: <201103040410.p244A1aP004709@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for openssl SECUNIA ADVISORY ID: SA42504 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42504/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42504 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/42504/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42504/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42504 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). For more information: SA43227 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1064-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001248.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 20:24:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 05:24:19 +0100 Subject: [SEC] [SA43353] Fedora update for nbd Message-ID: <201103040424.p244OJZd025613@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for nbd SECUNIA ADVISORY ID: SA43353 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43353/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43353 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43353/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43353/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43353 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for nbd. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA18135 SOLUTION: Apply updated packages via the yum utility ("yum update nbd"). ORIGINAL ADVISORY: FEDORA-2011-1097: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054071.html FEDORA-2011-1108: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054083.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 20:45:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 05:45:00 +0100 Subject: [SEC] [SA43341] naughter.com AutoPlay "FontName" Parsing Buffer Overflows Message-ID: <201103040445.p244j08v014383@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: naughter.com AutoPlay "FontName" Parsing Buffer Overflows SECUNIA ADVISORY ID: SA43341 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43341/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43341 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43341/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43341/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43341 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in naughter.com AutoPlay, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors when processing the "FontName" setting for buttons or combo boxes, which can be exploited to cause stack-based buffer overflows by e.g. tricking a user into opening a specially crafted *.ini file. The vulnerabilities are confirmed in version 1.33. Other versions may also be affected. SOLUTION: Do not open untrusted *.ini files. PROVIDED AND/OR DISCOVERED BY: badc0re aka Dame Jovanoski. Additional information provided by Secunia Research. ORIGINAL ADVISORY: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4994.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 21:10:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 06:10:35 +0100 Subject: [SEC] [SA43321] IBM FileNet Content Manager Unspecified Security Bypass Vulnerability Message-ID: <201103040510.p245AZ1I003348@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM FileNet Content Manager Unspecified Security Bypass Vulnerability SECUNIA ADVISORY ID: SA43321 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43321/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43321 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43321/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43321/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43321 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM FileNet Content Manager, which can be exploited by malicious people to bypass certain security restrictions. An unspecified error in the Rendition Engine can be exploited to gain access rights as a user with permissions to configure an internal database. No further information is currently available. The vulnerability is reported in the following Rendition Engine releases: * P8RE 4.5.1 at the GA base level. * P8RE 4.5.0 at the GA base level. * P8RE 4.0.1 at the GA base level, Interim Fix 001 level, and Interim Fix 002 level. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg21462440 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 21:24:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 06:24:10 +0100 Subject: [SEC] [SA43358] Linux Kernel "xfs_fs_geometry()" Memory Disclosure Weakness Message-ID: <201103040524.p245OAvA024209@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Linux Kernel "xfs_fs_geometry()" Memory Disclosure Weakness SECUNIA ADVISORY ID: SA43358 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43358/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43358 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43358/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43358/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43358 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose certain system information. The weakness is caused due to the "xfs_fs_geometry()" function in fs/xfs/xfs_fsops.c is not properly initialising the "logsunit" member of the "xfs_fsop_geom_t" structure before copying it to userspace, which can be exploited to disclose kernel stack memory. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: https://patchwork.kernel.org/patch/555461/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 21:45:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 06:45:37 +0100 Subject: [SEC] [SA43354] Red Hat update for dhcp Message-ID: <201103040545.p245jbv4013023@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for dhcp SECUNIA ADVISORY ID: SA43354 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43354/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43354 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43354/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43354/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43354 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43006 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0256-1: https://rhn.redhat.com/errata/RHSA-2011-0256.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 3 22:10:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 07:10:37 +0100 Subject: [SEC] [SA43115] Red Hat update for subversion Message-ID: <201103040610.p246AbA1001923@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for subversion SECUNIA ADVISORY ID: SA43115 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43115/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43115 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43115/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43115/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43115 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for subversion. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA42780 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0257-1: https://rhn.redhat.com/errata/RHSA-2011-0257.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 10:30:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 19:30:38 +0100 Subject: [SEC] [SA43583] Debian update for subversion Message-ID: <201103041830.p24IUcQ0023098@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for subversion SECUNIA ADVISORY ID: SA43583 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43583/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43583 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43583/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43583/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43583 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for subversion. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43603 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2181-1: http://www.debian.org/security/2011/dsa-2181 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 11:30:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 20:30:38 +0100 Subject: [SEC] [SA43603] Apache Subversion mod_dav_svn NULL Pointer Dereference Vulnerability Message-ID: <201103041930.p24JUcrn013645@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Apache Subversion mod_dav_svn NULL Pointer Dereference Vulnerability SECUNIA ADVISORY ID: SA43603 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43603/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43603 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43603/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43603/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43603 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apache Subversion, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error in the mod_dav_svn module when processing a lock token, which can be exploited to cause a crash via a specially crafted HTTP request. Successful exploitation requires that the Subversion server allows anonymous read access. The vulnerability is reported in versions prior to 1.6.16. SOLUTION: Update to version 1.6.16. PROVIDED AND/OR DISCOVERED BY: The vendor credits Philip Martin, WANdisco. ORIGINAL ADVISORY: http://subversion.apache.org/security/CVE-2011-0715-advisory.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 12:30:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 21:30:15 +0100 Subject: [SEC] [SA43594] Linux Kernel DNS Resolver Key NULL Pointer Dereference Vulnerability Message-ID: <201103042030.p24KUFDE004134@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Linux Kernel DNS Resolver Key NULL Pointer Dereference Vulnerability SECUNIA ADVISORY ID: SA43594 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43594/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43594 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43594/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43594/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43594 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error when reading a DNS resolver key instantiated with an error indication, which can be exploited to crash the kernel. The vulnerability is confirmed in version 2.6.37. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Disclosed in a GIT commit. ORIGINAL ADVISORY: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=1362fa078dae16776cd439791c6605b224ea6171 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 13:30:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 22:30:07 +0100 Subject: [SEC] [SA43581] Q libtool Search Path Privilege Escalation Security Issue Message-ID: <201103042130.p24LU7Fh027080@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Q libtool Search Path Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA43581 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43581/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43581 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43581/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43581/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43581 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Q, which can be exploited by malicious, local users to potentially gain escalated privileges. The security issue is caused due to the use of vulnerable libtool code. For more information: SA37414 The security issue is reported in version 7.11. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. ORIGINAL ADVISORY: FEDORA-2011-1958: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 14:24:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 23:24:09 +0100 Subject: [SEC] [SA43575] Gri Insecure Temporary Files Security Issue Message-ID: <201103042224.p24MO9rP017336@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Gri Insecure Temporary Files Security Issue SECUNIA ADVISORY ID: SA43575 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43575/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43575 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43575/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43575/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43575 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Gri, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to application using temporary files in an insecure manner. This can be exploited via symlink attacks to e.g. overwrite arbitrary files with the privileges of the user running the application. The security issue is reported in versions prior to 2.12.18. SOLUTION: Update to version 2.12.18. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://gri.sourceforge.net/gridoc/html/Version_2_12.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 14:45:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Mar 2011 23:45:14 +0100 Subject: [SEC] [SA43614] RhinOS "gradient.php" File Disclosure Vulnerability Message-ID: <201103042245.p24MjErf006119@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: RhinOS "gradient.php" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA43614 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43614/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43614 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43614/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43614/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43614 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered a vulnerability in RhinOS, which can be exploited by malicious people to disclose sensitive information. Input passed via the "rot", "ini", "med", "fin", or "tam" parameters to admin/lib/gradient/gradient.php is not properly verified before being used to read files. This can be exploited to read arbitrary files from local resources via directory traversal sequences. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 3.0 r1113. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/RhinOS.3.0.r1113_Local.File.Inclusion_133.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 15:10:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 00:10:15 +0100 Subject: [SEC] [SA43597] Ubuntu update for firefox and xulrunner Message-ID: <201103042310.p24NAF4x027487@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for firefox and xulrunner SECUNIA ADVISORY ID: SA43597 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43597/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43597 RELEASE DATE: 2011-03-04 DISCUSS ADVISORY: http://secunia.com/advisories/43597/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43597/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43597 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for firefox and xulrunner. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system. For more information: SA43550 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1049-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001270.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 15:24:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 00:24:33 +0100 Subject: [SEC] [SA43530] Debian update for iceape Message-ID: <201103042324.p24NOXdJ015956@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for iceape SECUNIA ADVISORY ID: SA43530 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43530/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43530 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43530/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43530/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43530 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for iceape. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system. For more information: SA43550 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2180-1: http://www.debian.org/security/2011/dsa-2180 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 15:45:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 00:45:30 +0100 Subject: [SEC] [SA43616] Fedora update for firefox and xulrunner Message-ID: <201103042345.p24NjUWr004724@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for firefox and xulrunner SECUNIA ADVISORY ID: SA43616 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43616/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43616 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43616/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43616/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43616 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for firefox and xulrunner. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system. For more information: SA43550 SOLUTION: Apply updated packages via the yum utility ("yum update firefox" and "yum update xulrunner"). ORIGINAL ADVISORY: FEDORA-2011-2444: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054923.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054926.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 16:11:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 01:11:11 +0100 Subject: [SEC] [SA43528] AltiGen AltiServ Gateway Service Memory Corruption Vulnerability Message-ID: <201103050011.p250BBoQ026137@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: AltiGen AltiServ Gateway Service Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA43528 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43528/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43528 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43528/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43528/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43528 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Patrick Kelley has reported a vulnerability in AltiGen AltiServ, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error within the altigateway.exe process and can be exploited to corrupt heap-based memory via requests sent to TCP port 5061. SOLUTION: Restrict access to the affected service to trusted hosts only. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Patrick Kelley ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2011-02/0256.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 16:46:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 01:46:03 +0100 Subject: [SEC] [SA43604] Fedora update for moodle Message-ID: <201103050046.p250k3pS015538@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for moodle SECUNIA ADVISORY ID: SA43604 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43604/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43604 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43604/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43604/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43604 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for moodle. This fixes multiple vulnerabilities, which can be exploited to conduct cross-site scripting attacks and disclose sensitive information. For more information: SA43570 SOLUTION: Apply updated packages via the yum utility ("yum update moodle"). ORIGINAL ADVISORY: FEDORA-2011-2100: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054977.html FEDORA-2011-2101: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055001.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 17:14:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 02:14:12 +0100 Subject: [SEC] [SA43611] Red Hat update for libcgroup Message-ID: <201103050114.p251ECY1004626@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for libcgroup SECUNIA ADVISORY ID: SA43611 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43611/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43611 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43611/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43611/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43611 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for libcgroup. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges. The vulnerability is caused due to a boundary error in the "parse_cgroup_spec()" function (src/tools/tools-common.c) and can be exploited to cause a heap-based buffer overflow via a specially crafted list of controllers. NOTE: Additionally, a weakness exists in the cgrulesengd daemon when handling NETLINK messages and can be exploited to put processes into an existing control group allowing those tasks to run with more resources (e.g. memory or CPU). SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Nelson Elhage ORIGINAL ADVISORY: RHSA-2011:0320-1: https://rhn.redhat.com/errata/RHSA-2011-0320.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 17:46:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 02:46:35 +0100 Subject: [SEC] [SA43592] Ubuntu update for pango1.0 Message-ID: <201103050146.p251kZ6D026327@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for pango1.0 SECUNIA ADVISORY ID: SA43592 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43592/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43592 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43592/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43592/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43592 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for pango1.0. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. Note: CVE-2010-0421 affects Ubuntu 8.04 LTS and 9.10 only. CVE-2011-006 affects Ubuntu 9.10, 10.04 LTS, and 10.10 only. For more information: SA40504 SA42934 SA43578 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1082-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001267.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 18:12:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 03:12:29 +0100 Subject: [SEC] [SA43355] Tembria Server Monitor Cross-Site Scripting and Credentials Disclosure Vulnerabilities Message-ID: <201103050212.p252CTdT015328@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Tembria Server Monitor Cross-Site Scripting and Credentials Disclosure Vulnerabilities SECUNIA ADVISORY ID: SA43355 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43355/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43355 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43355/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43355/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43355 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities and a weakness have been reported in Tembria Server Monitor, which can be exploited by malicious, local users to disclose sensitive information and by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "siteid" and "type" parameters in event-history.asp, admin-history.asp, device-views.asp, and monitor-views.asp, "siteid" parameter in dashboard-view.asp, device-events.asp, device-finder.asp, device-list.asp, device-monitors.asp, logbook.asp, monitor-events.asp, reports-config-by-device.asp, monitor-list.asp, reports-config-by-monitor.asp, reports-list.asp, and reports-monitoring-queue.asp, "action" parameter in device-list.asp, site-list.asp, and monitor-list.asp, "id" parameter in dashboard-view.asp, "sel" parameter in device-list.asp, monitor-list.asp, and reports-list.asp, "dn" parameter in device-events.asp and device-monitors.asp, and "submit" parameter in device-finder.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) A weakness due to the use of a simple substitution cipher used to protect usernames and passwords stored in certain files within the application's installation directory can be exploited by local users to gain access to clear text credentials. The vulnerabilities and a weakness are reported in version 6.0.4 Build 2229. Other versions may also be affected. SOLUTION: Reportedly fixed in version 6.0.5 Build 2252. PROVIDED AND/OR DISCOVERED BY: 1) Rob Kraus, Jose Hernandez, and Solutionary Engineering Research Team. 2) Rob Kraus and Solutionary Engineering Research Team. ORIGINAL ADVISORY: http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-XSS.html http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-Weak-Xpto-Pwd-Storage.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 18:46:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 03:46:13 +0100 Subject: [SEC] [SA43352] Joomla! People Component SQL Injection Vulnerability Message-ID: <201103050246.p252kDmD004660@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Joomla! People Component SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43352 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43352/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43352 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43352/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43352/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43352 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the People component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in versions prior to 1.0.1. SOLUTION: Update to version 1.0.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ptt-solution.com/change-log.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 19:16:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 04:16:47 +0100 Subject: [SEC] [SA43351] Red Hat Enterprise Linux flash-plugin Multiple Vulnerabilities Message-ID: <201103050316.p253Gl2g026773@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat Enterprise Linux flash-plugin Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43351 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43351/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43351 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43351/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43351/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43351 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has acknowledged multiple vulnerabilities in flash-plugin, which can be exploited by malicious people to compromise a user's system. For more information: SA43267 SOLUTION: Do not use the vulnerable package. The vendor plans to release an update disabling flash-plugin in mid of March 2011. ORIGINAL ADVISORY: RHSA-2011:0259-1: https://rhn.redhat.com/errata/RHSA-2011-0259.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 19:46:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 04:46:23 +0100 Subject: [SEC] [SA42505] Ubuntu update for shadow Message-ID: <201103050346.p253kNBI015923@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for shadow SECUNIA ADVISORY ID: SA42505 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42505/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42505 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/42505/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42505/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42505 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for shadow. This fixes a vulnerability, which can be exploited by malicious, local users to manipulate certain data. The vulnerability is caused due to an input validation error in the "chfn" and "chsh" utilities, which does not properly handle newlines characters when updating the GECOS fields. This can be exploited to add arbitrary content to the /etc/passwd file and e.g. create NIS users or groups. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1065-1: http://www.ubuntu.com/usn/usn-1065-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 20:10:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 05:10:58 +0100 Subject: [SEC] [SA43359] 7-Technologies Interactive Graphical SCADA System ODBC Server Vulnerability Message-ID: <201103050410.p254Aw46004855@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: 7-Technologies Interactive Graphical SCADA System ODBC Server Vulnerability SECUNIA ADVISORY ID: SA43359 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43359/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43359 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43359/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43359/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43359 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in 7-Technologies Interactive Graphical SCADA System, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to an error in the ODBC server, which can be exploited to corrupt memory and crash the server by sending a specially crafted packet to TCP port 20222. Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to the latest version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Jeremy Brown ORIGINAL ADVISORY: http://www.us-cert.gov/control_systems/pdf/ICSA-11-018-02.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 20:46:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 05:46:06 +0100 Subject: [SEC] [SA43343] ActiveFax (ActFax) FTP and LPD/LPR Server Buffer Overflow Vulnerabilities Message-ID: <201103050446.p254k6eM026686@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: ActiveFax (ActFax) FTP and LPD/LPR Server Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA43343 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43343/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43343 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43343/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43343/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43343 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in ActiveFax (ActFax), which can be exploited by malicious users and malicious people to compromise a user's system. 1) A boundary error when processing the FTP "RETR" command can be exploited to cause a stack-based buffer overflow by sending a "RETR" command with an overly long parameter to the FTP server. 2) A boundary error within the LPD/LPR server can be exploited to cause a stack-based buffer overflow by sending a specially crafted command to the server. The vulnerabilities are confirmed in version 4.25 Build 0221. Other versions may also be affected. SOLUTION: Restrict access to trusted users. Restrict access to the affected services using a firewall. PROVIDED AND/OR DISCOVERED BY: chap0 ORIGINAL ADVISORY: 1) http://www.exploit-db.com/exploits/16177/ 2) http://www.exploit-db.com/exploits/16176/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 21:11:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 06:11:32 +0100 Subject: [SEC] [SA43199] SMC SMCD3G-CCR Two Vulnerabilities Message-ID: <201103050511.p255BWJK015654@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SMC SMCD3G-CCR Two Vulnerabilities SECUNIA ADVISORY ID: SA43199 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43199/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43199 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43199/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43199/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43199 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in SMC SMCD3G-CCR, which can be exploited by malicious people to conduct brute force and cross-site request forgery attacks. 1) The web management application generates session identifiers incrementally, which can be exploited to brute force a valid session identifier via the "userid" cookie. 2) The web management application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. enable management via Telnet by tricking an administrator into visiting a malicious web site while being logged-in to the application. SOLUTION: Reportedly fixed in firmware version 1.4.0.49.2. PROVIDED AND/OR DISCOVERED BY: Zack Fasel and Matthew Jakubowski, Trustwave's SpiderLabs. ORIGINAL ADVISORY: Trustwave's SpiderLabs (TWSL2011-002): https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 21:46:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 06:46:58 +0100 Subject: [SEC] [SA43344] Wikipad Multiple Vulnerabilities Message-ID: <201103050546.p255kwFd005074@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Wikipad Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43344 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43344/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43344 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43344/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43344/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43344 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in Wikipad, which can be exploited by malicious users to manipulate certain data and by malicious people to disclose potentially sensitive information and to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed to the "id" parameter in pages.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "id" parameter in pages.php (when "action" is set to "edit") is not properly verified before being used to access files. This can be exploited to view and modify files with a "*.txt" extension through directory traversal attacks. Successful exploitation to modify files requires editing rights. 3) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. manipulate certain data when a logged-in user with editing rights visits a specially crafted web page. The vulnerabilities are confirmed in version 1.6. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22826: http://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_wikipad.html HTB22827: http://www.htbridge.ch/advisory/file_content_disclosure_in_wikipad.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 4 22:11:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 07:11:13 +0100 Subject: [SEC] [SA43405] Linux Kernel World-Writable sysfs and procfs Files Weaknesses Message-ID: <201103050611.p256BDG4026415@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Linux Kernel World-Writable sysfs and procfs Files Weaknesses SECUNIA ADVISORY ID: SA43405 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43405/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43405 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43405/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43405/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43405 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions. The weaknesses are caused due to various procfs and sysfs file being world-writable, which can be exploited to e.g. change certain settings, write into certain hardware registers or the NVRAM, or install certain firmware. SOLUTION: Partially fixed in 2.6.37-rc6 and 2.6.32.30. PROVIDED AND/OR DISCOVERED BY: Vasiliy Kulikov ORIGINAL ADVISORY: https://lkml.org/lkml/2011/2/4/109 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8040835760adf0ef66876c063d47f79f015fb55d http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8a6a142c1286797978e4db266d22875a5f424897 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b80b168f918bba4b847e884492415546b340e19d OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 10:32:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 19:32:02 +0100 Subject: [SEC] [SA43376] Batavi Cross-Site Scripting and Local File Inclusion Vulnerabilities Message-ID: <201103051832.p25IW2Ds015154@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Batavi Cross-Site Scripting and Local File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA43376 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43376/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43376 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43376/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43376/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43376 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered multiple vulnerabilities in Batavi, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. 1) Input passed via the "mID" parameter to admin/templates/pages/event_manager/edit.php, "store_root" parameter to admin/ext/color_picker/default.php, and "altmethodpayload" parameter to ext/xmlrpc/debugger/controller.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via various parameters to multiple scripts is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Examples: http://[host]/admin/templates/pages/templates_boxes/info.php?module=[path] http://[host]/admin/templates/pages/images/main.php?module=[path] http://[host]/admin/templates/pages/statistics/main.php?module=[path] http://[host]/admin/templates/pages/templates/batch_delete.php?template=[path] http://[host]/admin/templates/pages/templates/delete_rule.php?template=[path] http://[host]/admin/templates/pages/templates/edit.php?template=[path] http://[host]/admin/templates/pages/templates/edit_rule.php?template=[path] http://[host]/admin/templates/pages/templates/info.php?template=[path] http://[host]/admin/templates/pages/templates/uninstall.php?template=[path] http://[host]/admin/templates/pages/export/download.php?file=[path] http://[host]/admin/templates/pages/page_layout/main.php?filter=[path] Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/Batavi.1.0_Reflected.Cross-site.Scripting_115.html http://www.autosectools.com/Advisories/Batavi.1.0_Local.File.Inclusion_116.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 11:30:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 20:30:45 +0100 Subject: [SEC] [SA43368] Debian update for chromium-browser Message-ID: <201103051930.p25JUj6M005621@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for chromium-browser SECUNIA ADVISORY ID: SA43368 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43368/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43368 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43368/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43368/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43368 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for chromium-browser. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA43021 SA43193 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA 2166-1: http://lists.debian.org/debian-security-announce/2011/msg00032.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 12:30:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 21:30:57 +0100 Subject: [SEC] [SA43378] IBM CICS Transaction Gateway Java Double Literal Parsing Denial of Service Message-ID: <201103052030.p25KUvDQ028556@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM CICS Transaction Gateway Java Double Literal Parsing Denial of Service SECUNIA ADVISORY ID: SA43378 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43378/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43378 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43378/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43378/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43378 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM CICS Transaction Gateway, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43295 SOLUTION: Apply updates. Contact the vendor for further information. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg21468358 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 13:32:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 22:32:09 +0100 Subject: [SEC] [SA43379] Novell ZENworks Configuration Management novell-tftp.exe Buffer Overflow Message-ID: <201103052132.p25LW99M019141@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Novell ZENworks Configuration Management novell-tftp.exe Buffer Overflow SECUNIA ADVISORY ID: SA43379 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43379/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43379 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43379/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43379/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43379 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in novell-tftp.exe when parsing requests. This can be exploited to cause a heap-based buffer overflow via a specially crafted request sent to UDP port 69. The vulnerability is reported in versions 10.3.1, 10.3.2, and 11.0. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Independently reported by: * Francis Provencher, Protek Research Lab's via ZDI * SilentSignal via ZDI * AbdulAziz Hariri, ThirdEyeTesters via ZDI ORIGINAL ADVISORY: Novell: http://www.novell.com/support/viewContent.do?externalId=7007896 ZDI-11-089: http://www.zerodayinitiative.com/advisories/ZDI-11-089/ Protek Research Lab's: http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=22&Itemid=22 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 14:25:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 23:25:19 +0100 Subject: [SEC] [SA43347] IBM FileNet Products Content Engine Security Bypass Vulnerability Message-ID: <201103052225.p25MPJf0009361@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM FileNet Products Content Engine Security Bypass Vulnerability SECUNIA ADVISORY ID: SA43347 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43347/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43347 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43347/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43347/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43347 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM FileNet Content Manager and Business Process Manager, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the Content Engine when handling actions that require PRIVILEGED_WRITE access. This can be exploited to modify some properties of certain objects in the Object Store. The vulnerability is reported in the following Content Engine releases: * P8CE 5.0.0 at the GA base level. * P8CE 4.5.1 at any level. * P8CE 4.5.0 at any level. * P8CE 4.0.1 at any level. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg21462438 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 14:46:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Mar 2011 23:46:00 +0100 Subject: [SEC] [SA43391] Debian update for phpmyadmin Message-ID: <201103052246.p25Mk0ad030511@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for phpmyadmin SECUNIA ADVISORY ID: SA43391 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43391/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43391 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43391/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43391/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43391 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for phpmyadmin. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions. For more information: SA43324 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA 2167-1: http://lists.debian.org/debian-security-announce/2011/msg00033.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 15:11:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 00:11:00 +0100 Subject: [SEC] [SA43404] Debian update for telepathy-gabble Message-ID: <201103052311.p25NB0II019469@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for telepathy-gabble SECUNIA ADVISORY ID: SA43404 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43404/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43404 RELEASE DATE: 2011-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/43404/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43404/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43404 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for telepathy-gabble. This fixes a vulnerability, which can be exploited by malicious people to conduct hijacking attacks. For more information: SA43369 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2169-1: http://lists.debian.org/debian-security-announce/2011/msg00035.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 15:47:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 00:47:03 +0100 Subject: [SEC] [SA43334] Apache Archiva User Management Page Cross-Site Scripting Vulnerability Message-ID: <201103052347.p25Nl3Ca008925@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Apache Archiva User Management Page Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43334 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43334/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43334 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43334/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43334/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43334 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apache Archiva, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input passed to the user management page is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This may be related to vulnerability #1 in: SA43261 The vulnerability is reported in versions prior to 1.3.4. SOLUTION: Update to version 1.3.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://archiva.apache.org/security.html http://mail-archives.apache.org/mod_mbox/www-announce/201102.mbox/%3CF9C5C032-80D0-42BA-83A1-AB3D61C2BBF9 at apache.org%3E OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 16:11:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 01:11:58 +0100 Subject: [SEC] [SA43375] resource-agents LD_LIBRARY_PATH Security Issues Message-ID: <201103060011.p260BwjH030273@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: resource-agents LD_LIBRARY_PATH Security Issues SECUNIA ADVISORY ID: SA43375 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43375/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43375 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43375/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43375/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43375 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two security issues have been reported in resource-agents, which can be exploited by malicious, local users to gain escalated privileges. The security issues are caused due to the "SAPDatabase" and "SAPInstance" scripts incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges by e.g. tricking a user into running the script in a directory containing a malicious library. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Red Hat credits Raphael Geissert. ORIGINAL ADVISORY: http://git.fedorahosted.org/git/?p=resource-agents.git;a=commit;h=394c23c8f9e1e0fb934ba994e2e5a786467d6bec RHSA-2011:0264-1: https://rhn.redhat.com/errata/RHSA-2011-0264.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 16:46:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 01:46:16 +0100 Subject: [SEC] [SA43364] Red Hat update for python Message-ID: <201103060046.p260kGu8019643@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for python SECUNIA ADVISORY ID: SA43364 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43364/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43364 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43364/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43364/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43364 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for python. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information see vulnerability #1 in: SA42888 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0260-1: http://rhn.redhat.com/errata/RHSA-2011-0260.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 17:13:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 02:13:41 +0100 Subject: [SEC] [SA43395] Gazie "Login" Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201103060113.p261DfRh008700@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Gazie "Login" Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43395 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43395/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43395 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43395/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43395/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43395 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered two vulnerabilities in Gazie, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "Login" parameter to modules/root/login_admin.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "Login" parameter to modules/root/login_admin.php (when "actionflag" is set) is not properly sanitised in library/include/mysql.lib.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 5.11. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic, Zero Science Lab. ORIGINAL ADVISORY: Zero Science Lab: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4995.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 17:46:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 02:46:06 +0100 Subject: [SEC] [SA43383] Cisco Security Agent Management Center File Upload Vulnerability Message-ID: <201103060146.p261k6Fn030394@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Cisco Security Agent Management Center File Upload Vulnerability SECUNIA ADVISORY ID: SA43383 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43383/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43383 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43383/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43383/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43383 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Security Agent, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an input validation error in the Management Center web interface (webagent.exe) when processing certain POST parameters. This can be exploited to create an arbitrary file with supplied contents in a specially crafted "st_upload" request. Successful exploitation may allow execution of arbitrary code with SYSTEM privileges. The vulnerability is reported in versions 6.0. SOLUTION: Update to version 6.0.2.145. PROVIDED AND/OR DISCOVERED BY: Gerry Eisenhaur via ZDI. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20110216-csa.shtml ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-088/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 18:11:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 03:11:08 +0100 Subject: [SEC] [SA43357] WordPress User Photo Plugin "user-photo.php" Arbitrary File Upload Vulnerability Message-ID: <201103060211.p262B8q9019339@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress User Photo Plugin "user-photo.php" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA43357 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43357/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43357 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43357/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43357/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43357 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the User Photo component for WordPress, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the wp-content/plugins/user-photo/user-photo.php script not properly validating uploaded file types, which can be exploited to e.g. execute arbitrary PHP code by uploading a specially crafted PHP file. The vulnerability is confirmed in version 0.9.4. Prior versions may also be affected. SOLUTION: Update to version 0.9.5.1. PROVIDED AND/OR DISCOVERED BY: Sebastien Andrivet and Flora Bottaccio, ADVtools Sarl ORIGINAL ADVISORY: http://seclists.org/fulldisclosure/2011/Feb/354 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 18:46:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 03:46:14 +0100 Subject: [SEC] [SA43350] Fedora update for java-1.6.0-openjdk Message-ID: <201103060246.p262kEjl008751@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for java-1.6.0-openjdk SECUNIA ADVISORY ID: SA43350 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43350/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43350 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43350/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43350/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43350 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for java-1.6.0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system. For more information: SA43262 1) An error within the "JNLPClassLoader" class when handling multiple signers can be exploited cause the class to assign an inappropriate security descriptor. SOLUTION: Apply updated packages via the yum utility ("yum update java-1.6.0-openjdk"). ORIGINAL ADVISORY: FEDORA-2011-1631: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html FEDORA-2011-1645: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 19:16:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 04:16:34 +0100 Subject: [SEC] [SA43382] Ubuntu update for python-django Message-ID: <201103060316.p263GYsv031971@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for python-django SECUNIA ADVISORY ID: SA43382 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43382/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43382 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43382/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43382/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43382 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for python-django. This fixes some vulnerabilities, which can be exploited by malicious people to conduct script insertion and cross-site request forgery attacks. For more information: SA43230 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1066-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001250.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 19:45:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 04:45:49 +0100 Subject: [SEC] [SA43398] Fedora update for webkitgtk Message-ID: <201103060345.p263jnMH019285@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for webkitgtk SECUNIA ADVISORY ID: SA43398 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43398/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43398 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43398/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43398/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43398 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for webkitgtk. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct a DoS (Denial of Service), bypass certain security restrictions, and compromise a user's system. NOTE: This update also fixes a regression caused by a fix for CVE-2010-1791, which can cause a crash on certain web sites with javascript. For more information: SA40664 SA40743 SA41888 SA42109 SA42472 SA42605 SA43193 SOLUTION: Apply updated packages via the yum utility ("yum update webkitgtk"). ORIGINAL ADVISORY: FEDORA-2011-1224: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054157.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 20:10:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 05:10:34 +0100 Subject: [SEC] [SA43372] Red Hat update for rgmanager Message-ID: <201103060410.p264AYZ4008225@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for rgmanager SECUNIA ADVISORY ID: SA43372 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43372/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43372 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43372/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43372/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43372 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for rgmanager. This fixes some security issues, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA32602 SA43375 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0264-1: https://rhn.redhat.com/errata/RHSA-2011-0264.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 20:24:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 05:24:18 +0100 Subject: [SEC] [SA43407] OpenAFS Two Vulnerabilities Message-ID: <201103060424.p264OIcB029056@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: OpenAFS Two Vulnerabilities SECUNIA ADVISORY ID: SA43407 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43407/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43407 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43407/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43407/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43407 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in OpenAFS, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to cause a DoS and potentially compromise a vulnerable system. 1) An error within the "afs_linux_lock()" function in src/afs/LINUX/osi_vnodeops.c can be exploited to cause a kernel crash. Note: This only affects Linux systems. 2) A double-free error within the RX server can be exploited to cause a crash and potentially execute arbitrary code by sending specially crafted ASN1 encoded values to the RX server. SOLUTION: Update to version 1.4.14. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: OpenAFS: http://www.openafs.org/release/latest.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 20:45:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 05:45:24 +0100 Subject: [SEC] [SA43381] Layer Four Traceroute (LFT) Unspecified Security Issue Message-ID: <201103060445.p264jORq017832@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Layer Four Traceroute (LFT) Unspecified Security Issue SECUNIA ADVISORY ID: SA43381 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43381/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43381 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43381/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43381/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43381 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability with an unknown impact has been reported in Layer Four Traceroute (LFT). The vulnerability is caused due to an unspecified error. No further information is currently available. The vulnerability is reported in versions prior to 3.3. SOLUTION: Update to version 3.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://pwhois.org/lft/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 21:11:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 06:11:09 +0100 Subject: [SEC] [SA43390] gitolite Admin-Defined Commands Directory Traversal Security Issue Message-ID: <201103060511.p265B95x006808@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: gitolite Admin-Defined Commands Directory Traversal Security Issue SECUNIA ADVISORY ID: SA43390 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43390/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43390 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43390/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43390/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43390 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in gitolite, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to an error within the handling of admin-defined commands (ADC), which can be exploited to execute arbitrary commands with the privileges of the gitolite server via directory traversal attacks. Successful exploitation requires that ADC commands are enabled ("GL_ADC_PATH" is set in the rc file). The security issue is reported in versions prior to 1.5.9.1. SOLUTION: Update to version 1.5.9.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Dylan Simon. ORIGINAL ADVISORY: http://groups.google.com/group/gitolite/browse_thread/thread/797a93ec26e1dcbc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 21:45:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 06:45:18 +0100 Subject: [SEC] [SA43336] SUSE update for dbus Message-ID: <201103060545.p265jIr9028568@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for dbus SECUNIA ADVISORY ID: SA43336 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43336/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43336 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43336/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43336/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43336 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for dbus. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA42580 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0123-1: https://hermes.opensuse.org/messages/7422638 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 5 22:09:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 07:09:48 +0100 Subject: [SEC] [SA43396] Qi Bo CMS "aidDB[]" SQL Injection Vulnerability Message-ID: <201103060609.p2669mMY017490@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Qi Bo CMS "aidDB[]" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43396 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43396/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43396 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43396/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43396/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43396 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Qi Bo CMS, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "aidDB[]" parameter to member/list.php (when "step" is set to "2" and "Type" is set to "delete") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "Generate true static" option is enabled. The vulnerability is reported in version v7. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: k4shifz, Wolves Security Team ORIGINAL ADVISORY: http://bbs.wolvez.org/viewtopic.php?id=211 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 10:30:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 19:30:08 +0100 Subject: [SEC] [SA43373] Debian update for asterisk Message-ID: <201103061830.p26IU8QG006196@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for asterisk SECUNIA ADVISORY ID: SA43373 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43373/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43373 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43373/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43373/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43373 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for asterisk. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA42935 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2171-1: http://lists.debian.org/debian-security-announce/2011/msg00037.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 11:30:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 20:30:37 +0100 Subject: [SEC] [SA43371] Debian update for openafs Message-ID: <201103061930.p26JUboB029136@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for openafs SECUNIA ADVISORY ID: SA43371 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43371/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43371 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43371/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43371/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43371 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for openafs. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA43407 SOLUTION: Apply updated packages via the apt-get package manager when available. Reportedly, for Debian GNU/Linux 5.x (lenny), this will be fixed in 1.4.7.dfsg1-6+lenny4, which should be available soon. ORIGINAL ADVISORY: DSA 2168-1: http://lists.debian.org/debian-security-announce/2011/msg00034.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 12:30:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 21:30:23 +0100 Subject: [SEC] [SA43410] Independent Escort CMS SQL Injection Vulnerability Message-ID: <201103062030.p26KUNpd019638@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Independent Escort CMS SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43410 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43410/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43410 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43410/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43410/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43410 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Independent Escort CMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via certain parameters when viewing model information is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: NoNameMT ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/16198/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 13:30:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 22:30:01 +0100 Subject: [SEC] [SA43370] JAKCMS "JAK_COOKIE_NAME" and "JAK_COOKIE_PASS" SQL Injection Vulnerabilities Message-ID: <201103062130.p26LU1QV010129@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: JAKCMS "JAK_COOKIE_NAME" and "JAK_COOKIE_PASS" SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43370 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43370/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43370 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43370/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43370/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43370 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Steven Seeley has discovered two vulnerabilities in JAKCMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "JAK_COOKIE_NAME" and "JAK_COOKIE_PASS" cookies to e.g. admin/index.php is not properly sanitised in the "jakCheckLogged()" function in class/class.userlogin.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows bypassing the authentication mechanism, but requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 2.0. Other versions may also be affected. SOLUTION: Update to version 2.0.3 or later. PROVIDED AND/OR DISCOVERED BY: Steven Seeley, stratsec. ORIGINAL ADVISORY: JAKCMS: http://www.jakcms.com/forum/t/73/jakcms-pro-23 stratsec: http://www.stratsec.net/Research/Advisories/JAKCMS-SQL-Injection-%28SS-2011-002%29 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 14:24:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 23:24:30 +0100 Subject: [SEC] [SA43374] WSN Guest Multiple SQL Injection Vulnerabilities Message-ID: <201103062224.p26MOUSm000333@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WSN Guest Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43374 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43374/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43374 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43374/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43374/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43374 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in WSN Guest, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed via the "wsnuser" cookie to e.g. index.php is not properly sanitised in the "member()" function in classes/member.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "field" parameter to memberlist.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) Input passed via array parameters (e.g. "searchfields[0]" to search.php) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 4) Input passed via the "condition" parameter to edit.php and search.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.24. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: 1, 2) Aliaksandr Hartsuyeu 3, 4) FAChwErk ORIGINAL ADVISORY: EVULN#EV0174: http://evuln.com/vulns/174/summary.html EVULN#EV0175: http://evuln.com/vulns/175/summary.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 14:45:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Mar 2011 23:45:10 +0100 Subject: [SEC] [SA43413] MoinMoin "refuri" Cross-Site Scripting Vulnerability Message-ID: <201103062245.p26MjAX7021549@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: MoinMoin "refuri" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43413 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43413/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43413 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43413/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43413/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43413 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in MoinMoin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "refuri" node attribute to the reStructuredText parser is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected web site. Successful exploitation requires that reStructuredText has been set as the parser. The vulnerability is reported in version 1.9.3. Other versions may also be affected. SOLUTION: Fixed in the Mercurial repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Provided by the vendor. ORIGINAL ADVISORY: MoinMoin: http://moinmo.in/SecurityFixes OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 15:10:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 00:10:09 +0100 Subject: [SEC] [SA43418] Joomla! JCE Component Arbitrary File Upload Vulnerability Message-ID: <201103062310.p26NA9G8010482@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Joomla! JCE Component Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA43418 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43418/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43418 RELEASE DATE: 2011-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/43418/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43418/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43418 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Vertical Pigeon has reported a vulnerability in the JCE component for Joomla!, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the application allowing the upload of arbitrary files to a folder inside the web root. This can be exploited to e.g. upload and execute arbitrary PHP files. The vulnerability is reported in versions prior to 1.5.7.7. SOLUTION: Update to version 1.5.7.7. PROVIDED AND/OR DISCOVERED BY: Vertical Pigeon ORIGINAL ADVISORY: JCE: http://www.joomlacontenteditor.net/news/item/jce-1577-released Vertical Pigeon: http://verticalpigeon.com/joomla/security/JCE/Joomla-JCE-Vulnerable-arbirary-file-upload OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 15:24:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 00:24:37 +0100 Subject: [SEC] [SA43416] Fedora update for gitolite Message-ID: <201103062324.p26NObm1031348@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for gitolite SECUNIA ADVISORY ID: SA43416 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43416/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43416 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43416/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43416/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43416 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for gitolite. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions. For more information: SA43390 SOLUTION: Apply updated packages via the yum utility ("yum update gitolite"). ORIGINAL ADVISORY: FEDORA-2011-1644: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054250.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 15:45:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 00:45:15 +0100 Subject: [SEC] [SA43409] Escort Directory CMS SQL Injection Vulnerability Message-ID: <201103062345.p26NjFS1020092@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Escort Directory CMS SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43409 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43409/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43409 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43409/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43409/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43409 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Escort Directory CMS, which can be exploited by malicious people to conduct SQL injection attacks. Certain input passed via the URL is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: NoNameMT OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 16:10:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 01:10:50 +0100 Subject: [SEC] [SA43414] Battlefield 2 / 2142 NULL Pointer Dereference Denial of Service Message-ID: <201103070010.p270Ao4s009055@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Battlefield 2 / 2142 NULL Pointer Dereference Denial of Service SECUNIA ADVISORY ID: SA43414 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43414/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43414 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43414/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43414/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43414 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Battlefield 2 and Battlefield 2142, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference when processing certain commands and can be exploited to crash a server by sending a specially crafted packet. The vulnerability is reported in Battlefield 2 version 1.5.3153-802.0 and Battlefield 2142 version 1.10.112.0. SOLUTION: Host games in trusted networks only. PROVIDED AND/OR DISCOVERED BY: SomaFM, Luigi Auriemma, and Francis Lavoie-Renaud. ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/bf2null-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 16:45:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 01:45:12 +0100 Subject: [SEC] [SA43406] WordPress Comment Rating Plugin "id" SQL Injection Vulnerability Message-ID: <201103070045.p270jCBg030826@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress Comment Rating Plugin "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43406 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43406/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43406 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43406/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43406/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43406 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Comment Rating plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter in ck-processkarma.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 2.9.23. Prior versions may also be affected. SOLUTION: Update to version 2.9.24. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22841: http://www.htbridge.ch/advisory/sql_injection_in_comment_rating_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 17:13:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 02:13:35 +0100 Subject: [SEC] [SA43419] WordPress Z-Vote Plugin "zvote" SQL Injection Vulnerability Message-ID: <201103070113.p271DZSq019913@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress Z-Vote Plugin "zvote" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43419 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43419/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43419 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43419/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43419/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43419 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in the Z-Vote plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "zvote" parameter to e.g. index.php is not properly sanitised in wp-content/plugins/zvote/zvote.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA (HTB22839): http://www.htbridge.ch/advisory/sql_injection_in_z_vote_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 17:45:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 02:45:11 +0100 Subject: [SEC] [SA43380] TTtuangou Two SQL Injection Vulnerabilities Message-ID: <201103070145.p271jBOa009160@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: TTtuangou Two SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43380 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43380/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43380 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43380/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43380/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43380 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in TTtuangou, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed via the "email" parameter to ajax.php (when "mod" is set to "check" and "code" is set to "email") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "id" parameter to index.php (when "mod" is set to "index" and "code" is set to "expressconfirm") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 1.3.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: K4shifz, Wolves Security Team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 18:10:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 03:10:20 +0100 Subject: [SEC] [SA43403] WordPress GD Star Rating Plugin "wpfn" Cross-Site Scripting Vulnerability Message-ID: <201103070210.p272AKHJ030506@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress GD Star Rating Plugin "wpfn" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43403 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43403/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43403 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43403/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43403/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43403 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in the GD Star Rating plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "wpfn" parameter to wp-content/plugins/gd-star-rating/widgets/widget_top.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected web site. Successful exploitation requires that "register_globals" is enabled. The vulnerability is confirmed in version 1.9.7. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA (HTB22844): http://www.htbridge.ch/advisory/xss_in_gd_star_rating_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 18:24:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 03:24:21 +0100 Subject: [SEC] [SA43443] BIND IXFR or DDNS Update Deadlock Denial of Service Vulnerability Message-ID: <201103070224.p272OLRU018927@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: BIND IXFR or DDNS Update Deadlock Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43443 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43443/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43443 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43443/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43443/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43443 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a deadlock error when an authoritative server processes IXFR or DDNS updates combined with a query, which can be exploited to stop the server from processing further requests. Note: A high workload increases the chance of a deadlock. The vulnerability is reported in versions 9.7.1 through 9.7.2-P3. SOLUTION: Update to version 9.7.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits Neustar. ORIGINAL ADVISORY: https://www.isc.org/software/bind/advisories/cve-2011-0414 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 18:45:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 03:45:22 +0100 Subject: [SEC] [SA43444] Red Hat update for java-1.4.2-ibm Message-ID: <201103070245.p272jMld007698@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.4.2-ibm SECUNIA ADVISORY ID: SA43444 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43444/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43444 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43444/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43444/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43444 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.4.2-ibm. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43262 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0292-1: https://rhn.redhat.com/errata/RHSA-2011-0292.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 19:24:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 04:24:30 +0100 Subject: [SEC] [SA43441] Lunascape Insecure Executable Loading Vulnerability Message-ID: <201103070324.p273OUI6030125@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Lunascape Insecure Executable Loading Vulnerability SECUNIA ADVISORY ID: SA43441 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43441/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43441 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43441/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43441/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43441 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Lunascape, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the applications loading an executable file in an insecure manner and can be exploited by tricking a user into e.g. opening certain files using the "script" functionality located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in versions prior to 6.4.3. SOLUTION: Update to version 6.4.3. PROVIDED AND/OR DISCOVERED BY: JVN credits Makoto Shiotsuki. ORIGINAL ADVISORY: http://lunapedia.lunascape.jp/index.php?title=Lunascape6#2011.2F02.2F18_ver_6.4.3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 19:45:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 04:45:53 +0100 Subject: [SEC] [SA43425] Ubuntu update for mailman Message-ID: <201103070345.p273jr5c018911@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for mailman SECUNIA ADVISORY ID: SA43425 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43425/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43425 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43425/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43425/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43425 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for mailman. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA41265 SA43389 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1069-1: http://www.ubuntu.com/usn/usn-1069-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 20:11:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 05:11:18 +0100 Subject: [SEC] [SA43445] Red Hat update for java-1.5.0-ibm Message-ID: <201103070411.p274BIOg007862@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.5.0-ibm SECUNIA ADVISORY ID: SA43445 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43445/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43445 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43445/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43445/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43445 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.5.0-ibm. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43262 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0291-1: https://rhn.redhat.com/errata/RHSA-2011-0291.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 20:45:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 05:45:32 +0100 Subject: [SEC] [SA43402] Bo-Blog SQL Injection and Arbitrary File Creation Vulnerabilities Message-ID: <201103070445.p274jWHZ029616@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Bo-Blog SQL Injection and Arbitrary File Creation Vulnerabilities SECUNIA ADVISORY ID: SA43402 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43402/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43402 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43402/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43402/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43402 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Bo-Blog, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct SQL injection attacks. 1) Input passed via the "go" parameter to index.php (when "act" is set to "main" and "mode" is set to "1") is not properly sanitised in inc/mod_main.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to xmlrpc.php is not properly verified to check for file extensions and file contents before being used to create files. This can be exploited to e.g. create and execute arbitrary PHP files. Successful exploitation of this vulnerability requires "Writer" privileges. The vulnerabilities are reported in version 2.1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. Grant only trusted users "Writer" privileges. PROVIDED AND/OR DISCOVERED BY: Wolves Security Team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 21:10:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 06:10:51 +0100 Subject: [SEC] [SA43446] Red Hat update for java-1.6.0-ibm Message-ID: <201103070510.p275Ap2D018567@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.6.0-ibm SECUNIA ADVISORY ID: SA43446 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43446/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43446 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43446/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43446/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43446 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.6.0-ibm. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43262 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0290-1: https://rhn.redhat.com/errata/RHSA-2011-0290.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 21:44:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 06:44:51 +0100 Subject: [SEC] [SA43415] policycoreutils "seunshare" Temporary Directory Security Bypass Weakness Message-ID: <201103070544.p275ipc4007915@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: policycoreutils "seunshare" Temporary Directory Security Bypass Weakness SECUNIA ADVISORY ID: SA43415 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43415/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43415 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43415/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43415/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43415 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Tavis Ormandy has reported a weakness in policycoreutils, which can be exploited by malicious, local users to bypass certain security features. The weakness is caused due to the "seunshare" utility allowing unprivileged users to create fake temporary directories without the sticky bit being set. This can be exploited to e.g. perform symlink attacks on applications relying on the temporary directory being protected by the sticky bit. SOLUTION: Restrict access to the "seunshare" utility to trusted users only. PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy ORIGINAL ADVISORY: Tavis Ormandy: http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html Red Hat Bug #633544: https://bugzilla.redhat.com/show_bug.cgi?id=633544 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 6 22:10:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 07:10:03 +0100 Subject: [SEC] [SA43411] Ubuntu update for aptdaemon Message-ID: <201103070610.p276A302029268@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for aptdaemon SECUNIA ADVISORY ID: SA43411 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43411/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43411 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43411/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43411/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43411 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for aptdaemon. This fixes a vulnerability, which can be exploited by malicious, local users to disclose sensitive information. The vulnerability is caused due to an error in the "update_cache()" function when processing the "sources_list" argument and can be exploited to disclose contents of arbitrary files. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Sergey Nizovtsev. ORIGINAL ADVISORY: USN-1068-1: http://www.ubuntu.com/usn/usn-1068-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 10:31:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 19:31:01 +0100 Subject: [SEC] [SA43652] WordPress PHP Speedy Plugin Cross-Site Scripting and Remote File Inclusion Vulnerabilities Message-ID: <201103071831.p27IV1ID018039@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress PHP Speedy Plugin Cross-Site Scripting and Remote File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA43652 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43652/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43652 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43652/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43652/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43652 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in the PHP Speedy plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. 1) Input passed to the "title" parameter in wp-content/plugins/php_speedy_wp/libs/php_speedy/view/admin_container.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "page" parameter to wp-content/plugins/php_speedy_wp/libs/php_speedy/view/admin_container.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or remote resources. Successful exploitation of these vulnerabilities requires that "register_globals" is enabled. The vulnerabilities are confirmed in version 0.5.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: 1) An anonymous person 2) mr_me OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 11:30:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 20:30:07 +0100 Subject: [SEC] [SA43647] PBlogEX Multiple Vulnerabilities Message-ID: <201103071930.p27JU7Vm008512@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: PBlogEX Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43647 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43647/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43647 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43647/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43647/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43647 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in PBlogEX, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. 1) The vulnerability is caused due to the admin/admin.password.php script allowing password change requests without checking for authentication. This can be exploited to change the administrative password and gain administrative access to the application. 2) The vulnerability is caused due to the admin/image.upload.php script allowing the upload of arbitrary files to a folder inside the web root. This can be exploited to e.g. upload and execute arbitrary PHP files. The vulnerabilities are reported in versions prior to 1.2.1. SOLUTION: Update to version 1.2.1. PROVIDED AND/OR DISCOVERED BY: l3lack_lord ORIGINAL ADVISORY: TwelveDev: http://www.twelvedev.com/pblogex.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 12:30:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 21:30:30 +0100 Subject: [SEC] [SA43641] OpenVZ update for kernel Message-ID: <201103072030.p27KUU6N031444@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: OpenVZ update for kernel SECUNIA ADVISORY ID: SA43641 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43641/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43641 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43641/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43641/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43641 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: OpenVZ has released an update for the kernel. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, disclose certain system information, and potentially gain escalated privileges. For more information: SA42570 SA42765 SOLUTION: Update to version 2.6.32-feoktistov.1. ORIGINAL ADVISORY: http://wiki.openvz.org/Download/kernel/2.6.32/2.6.32-feoktistov.1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 13:30:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 22:30:41 +0100 Subject: [SEC] [SA43610] Debian update for nbd Message-ID: <201103072130.p27LUfee021958@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for nbd SECUNIA ADVISORY ID: SA43610 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43610/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43610 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43610/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43610/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43610 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for nbd. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA18135 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2183-1: http://www.debian.org/security/2011/dsa-2183 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 14:24:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 23:24:19 +0100 Subject: [SEC] [SA43623] Microsoft Internet Explorer Address Bar Spoofing Weakness Message-ID: <201103072224.p27MOJZ7012190@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Internet Explorer Address Bar Spoofing Weakness SECUNIA ADVISORY ID: SA43623 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43623/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43623 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43623/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43623/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43623 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: cyber flash has discovered a weakness in Microsoft Internet Explorer, which can be exploited by malicious people to conduct spoofing attacks. The weakness is caused due to an error when updating the address bar field of a pop-up window. This can be exploited to load a malicious web page and cause the address bar to display only a certain part of the address in a manner that may trick users into believing that the web page is served by a trusted site. The weakness is confirmed in Internet Explorer 7 and 8 on a fully patched Windows XP SP3. SOLUTION: Do not browse untrusted websites. PROVIDED AND/OR DISCOVERED BY: cyber flash ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-03/0072.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 14:45:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Mar 2011 23:45:15 +0100 Subject: [SEC] [SA43622] Debian update for logwatch Message-ID: <201103072245.p27MjFQt000887@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for logwatch SECUNIA ADVISORY ID: SA43622 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43622/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43622 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43622/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43622/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43622 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for logwatch. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA43495 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2182-1: http://www.debian.org/security/2011/dsa-2182 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 15:10:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 00:10:29 +0100 Subject: [SEC] [SA43633] cgit "convert_query_hexchar()" Infinite Loop Denial of Service Message-ID: <201103072310.p27NATep022292@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: cgit "convert_query_hexchar()" Infinite Loop Denial of Service SECUNIA ADVISORY ID: SA43633 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43633/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43633 RELEASE DATE: 2011-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/43633/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43633/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43633 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in cgit, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an off-by-one error within the "convert_query_hexchar()" function in html.c, which can be exploited to trigger an infinite loop by e.g. requesting certain specially crafted URLs. The vulnerability is reported in versions prior to 0.8.3.5. SOLUTION: Update to version 0.8.3.5. PROVIDED AND/OR DISCOVERED BY: Jim Meyering ORIGINAL ADVISORY: http://hjemli.net/git/cgit/commit/?h=stable&id=fc384b16fb9787380746000d3cea2d53fccc548e OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 15:24:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 00:24:20 +0100 Subject: [SEC] [SA43624] SUSE update for java-1_6_0-openjdk Message-ID: <201103072324.p27NOKBA010735@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for java-1_6_0-openjdk SECUNIA ADVISORY ID: SA43624 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43624/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43624 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43624/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43624/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43624 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for java-1_6_0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system. For more information: SA43262 1) An error within the "JNLPClassLoader" class when handling multiple signers can be exploited to cause the class to assign an inappropriate security descriptor. SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0155-1: https://hermes.opensuse.org/messages/7533009 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 15:45:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 00:45:20 +0100 Subject: [SEC] [SA43613] Debian update for isc-dhcp Message-ID: <201103072345.p27NjKx5031904@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for isc-dhcp SECUNIA ADVISORY ID: SA43613 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43613/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43613 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43613/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43613/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43613 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for isc-dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43006 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2184-1: http://www.debian.org/security/2011/dsa-2184 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 16:11:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 01:11:06 +0100 Subject: [SEC] [SA43667] Fedora update for TeXmacs Message-ID: <201103080011.p280B6Yc020881@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for TeXmacs SECUNIA ADVISORY ID: SA43667 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43667/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43667 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43667/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43667/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43667 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for TeXmacs. This fixes two security issues, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA43645 SOLUTION: Apply updated packages via the yum utility ("yum update TeXmacs"). ORIGINAL ADVISORY: FEDORA-2011-2127: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055054.html FEDORA-2011-2146: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055041.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 16:45:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 01:45:28 +0100 Subject: [SEC] [SA43666] Fedora update for rubygem-actionpack Message-ID: <201103080045.p280jSwx010240@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for rubygem-actionpack SECUNIA ADVISORY ID: SA43666 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43666/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43666 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43666/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43666/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43666 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for rubygem-actionpack. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. For more information: SA43274 SOLUTION: Apply updated packages via the yum utility ("yum update rubygem-actionpack"). ORIGINAL ADVISORY: FEDORA-2011-2133: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html FEDORA-2011-2138: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 17:13:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 02:13:41 +0100 Subject: [SEC] [SA43660] Hiawatha HTTP Header Parsing Denial of Service Vulnerability Message-ID: <201103080113.p281Df33031725@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Hiawatha HTTP Header Parsing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43660 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43660/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43660 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43660/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43660/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43660 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Rodrigo Escobar has discovered a vulnerability in Hiawatha, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when parsing HTTP header data. This can be exploited to cause a server to crash via a large value in the "Content-Length" header. The vulnerability is confirmed in version 7.4. Other versions may also be affected. SOLUTION: Apply patch (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Rodrigo Escobar ORIGINAL ADVISORY: Hiawatha: http://www.hiawatha-webserver.org/weblog/16 Rodrigo Escobar: http://archives.neohapsis.com/archives/bugtraq/2011-03/0066.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 17:45:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 02:45:50 +0100 Subject: [SEC] [SA43632] mrouted Insecure Temporary Files Security Issues Message-ID: <201103080145.p281joQJ020991@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: mrouted Insecure Temporary Files Security Issues SECUNIA ADVISORY ID: SA43632 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43632/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43632 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43632/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43632/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43632 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some security issues have been reported in mrouted, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issues are caused due to mrouted creating temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. The security issues are reported in versions prior to 3.9.5. SOLUTION: Update to version 3.9.5. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://git.vmlinux.org/mrouted.git/blob/HEAD:/ChangeLog OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 18:10:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 03:10:57 +0100 Subject: [SEC] [SA43627] Hitachi Cosminexus Products Java Multiple Vulnerabilities Message-ID: <201103080210.p282AvqA009922@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43627 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43627/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43627 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43627/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43627/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43627 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged some vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java. For more information: SA43262 Please see the vendor's advisory for a full list of affected products. SOLUTION: Update to a fixed version. Please see vendor advisory for more details. ORIGINAL ADVISORY: Hitachi (English): http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-003/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 18:45:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 03:45:48 +0100 Subject: [SEC] [SA43645] GNU TeXmacs LD_LIBRARY_PATH Security Issues Message-ID: <201103080245.p282jmro031719@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: GNU TeXmacs LD_LIBRARY_PATH Security Issues SECUNIA ADVISORY ID: SA43645 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43645/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43645 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43645/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43645/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43645 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two security issues have been reported in GNU TeXmacs, which can be exploited by malicious, local users to gain escalated privileges. The security issues are caused due to the "src/plugins/mupad/bin/tm_mupad_help" and "src/misc/bundle/TeXmacs" scripts incorrectly setting the environment variables LD_LIBRARY_PATH or DYLD_LIBRARY_PATH. This can be exploited to gain escalated privileges by e.g. tricking a user into running the scripts in a directory containing a malicious library. The security issues are reported in version 1.0.7. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Red Hat credits Raphael Geissert. ORIGINAL ADVISORY: Red Hat Bug #638427: https://bugzilla.redhat.com/show_bug.cgi?id=638427 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 19:20:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 04:20:29 +0100 Subject: [SEC] [SA43630] InterPhoto Gallery "IPLANG" Local File Inclusion Vulnerability Message-ID: <201103080320.p283KTQs021570@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: InterPhoto Gallery "IPLANG" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA43630 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43630/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43630 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43630/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43630/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43630 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in InterPhoto Gallery, which can be exploited by malicious people to disclose sensitive information. Input passed via the "IPLANG" cookie parameter to e.g. about.php is not properly verified before being used. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL encoded NULL-bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 2.5.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/InterPhoto.2.4.2_Local.File.Inclusion_134.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 19:45:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 04:45:47 +0100 Subject: [SEC] [SA43665] Fedora update for moin Message-ID: <201103080345.p283jlas010519@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for moin SECUNIA ADVISORY ID: SA43665 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43665/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43665 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43665/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43665/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43665 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for moin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA43413 SOLUTION: Apply updated packages via the yum utility ("yum update moin"). ORIGINAL ADVISORY: FEDORA-2011-2156: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html FEDORA-2011-2157: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 20:10:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 05:10:38 +0100 Subject: [SEC] [SA43617] Fedora update for q Message-ID: <201103080410.p284AcT8031862@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for q SECUNIA ADVISORY ID: SA43617 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43617/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43617 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43617/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43617/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43617 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for q. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges. For more information: SA43581 SOLUTION: Apply updated packages via the yum utility ("yum update q"). ORIGINAL ADVISORY: FEDORA-2011-1958: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html FEDORA-2011-1967: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 20:24:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 05:24:31 +0100 Subject: [SEC] [SA43634] Wing FTP Server SFTP Connection Denial of Service Vulnerability Message-ID: <201103080424.p284OV5V020285@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Wing FTP Server SFTP Connection Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43634 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43634/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43634 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43634/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43634/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43634 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Wing FTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error when handling SFTP connections and can be exploited to cause a server to freeze or crash. The vulnerability is reported in versions prior to 3.8.0. SOLUTION: Update to version 3.8.0. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor ORIGINAL ADVISORY: http://www.wftpserver.com/serverhistory.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 20:45:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 05:45:38 +0100 Subject: [SEC] [SA43436] Simple Machines Forum Guest Access Security Bypass Message-ID: <201103080445.p284jcDK009056@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Simple Machines Forum Guest Access Security Bypass SECUNIA ADVISORY ID: SA43436 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43436/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43436 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43436/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43436/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43436 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Simple Machines Forum, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to SSI.php not checking for guest access permission when making function calls. This can be exploited to call certain restricted functions and e.g. disclose "Recent Posts" and "Recent Topics" in forums with guest access disabled. The security issue is confirmed in version 1.1.12. Prior versions may also be affected. SOLUTION: Update to version 1.1.13. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.simplemachines.org/community/index.php?P=2fd5266e000b83407b05d142bd006d4a&topic=421547.0 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 21:11:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 06:11:45 +0100 Subject: [SEC] [SA43447] Red Hat Directory Server Denial of Service and Privilege Escalation Vulnerabilities Message-ID: <201103080511.p285BjQK030446@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat Directory Server Denial of Service and Privilege Escalation Vulnerabilities SECUNIA ADVISORY ID: SA43447 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43447/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43447 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43447/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43447/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43447 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Red Hat Directory Server, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges and by malicious people to cause a DoS (Denial of Service). 1) An error when handling simple paged search requests can be exploited to cause the server to crash via multiple search requests. 2) An error in certain setup scripts due to setting insecure permissions on the "/var/run/dirsrv/" directory containing process ID files can be exploited to manipulate the PID files resulting in e.g. preventing the server from starting or killing an arbitrary process when the server shuts down. Successful exploitation of this vulnerability requires multiple server instances to be configured to run under different unprivileged users. 3) An error due to certain scripts incorrectly setting the environment variable LD_LIBRARY_PATH to contain an empty path can be exploited to gain escalated privileges by e.g. tricking a user into running the script in a directory containing a malicious library. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: RHSA-2011:0293-1: http://rhn.redhat.com/errata/RHSA-2011-0293.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 21:45:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 06:45:33 +0100 Subject: [SEC] [SA43438] RT Information Disclosure Vulnerability Message-ID: <201103080545.p285jXqa019783@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: RT Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA43438 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43438/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43438 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43438/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43438/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43438 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Request Tracker, which can be exploited by malicious users to disclose potentially sensitive information. The vulnerability is caused due to an error within the handling of tickets, which can be exploited by disclose certain information. Note: Enhancements related to the login process and password hashing are also reported. The vulnerability is reported in versions prior to 3.8.9. SOLUTION: Update to version 3.8.9. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 7 22:10:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 07:10:27 +0100 Subject: [SEC] [SA43437] GNOME Display Manager "PostLogin" Script Weakness Message-ID: <201103080610.p286ARcj008715@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: GNOME Display Manager "PostLogin" Script Weakness SECUNIA ADVISORY ID: SA43437 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43437/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43437 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43437/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43437/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43437 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in GNOME Display Manager, which can lead to unexpected behavior with potentially security relevant implications. The weakness is caused due to the GNOME Display Manager invoking the "PostLogin" script with an incorrect username, which results in e.g. the $USER, $USERNAME, and $LOGNAME variables being assigned a wrong value (e.g. "gdm" instead of the username of the user who just logged in). Note: This only affects deployments where the "PostLogin" script relies on the correctness of e.g. the $USER, $USERNAME, and $LOGNAME variables (the default "PostLogin" script does not contain any functionality). SOLUTION: Update to version 2.30.0. PROVIDED AND/OR DISCOVERED BY: Reported by ericlesoll in a GNOME bug. ORIGINAL ADVISORY: GNOME Bug #602403: https://bugzilla.gnome.org/show_bug.cgi?id=602403 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 10:31:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 19:31:36 +0100 Subject: [SEC] [SA43648] WordPress GRAND Flash Album Gallery Plugin File Disclosure and SQL Injection Vulnerabilities Message-ID: <201103081831.p28IVawN029853@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress GRAND Flash Album Gallery Plugin File Disclosure and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43648 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43648/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43648 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43648/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43648/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43648 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered two vulnerabilities in the GRAND Flash Album Gallery plugin for WordPress, which can be exploited by malicious people to disclose sensitive information and conduct SQL injection attacks. 1) Input passed via the "want2Read" parameter to wp-content/plugins/flash-album-gallery/admin/news.php is not properly verified before being used to read files. This can be exploited to read arbitrary files from local resources via directory traversal sequences. 2) Input passed via the "pid" parameter to wp-content/plugins/flash-album-gallery/lib/hitcounter.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 0.58pl1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified and sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA (HTB22870, HTB22871): http://www.htbridge.ch/advisory/sql_injection_in_grand_flash_album_gallery_wordpress_plugin.html http://www.htbridge.ch/advisory/file_content_disclosure_in_grand_flash_album_gallery_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 11:31:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 20:31:41 +0100 Subject: [SEC] [SA43637] NetBSD sysctl Tree Handler Denial of Service Vulnerability Message-ID: <201103081931.p28JVfck020375@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: NetBSD sysctl Tree Handler Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43637 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43637/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43637 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43637/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43637/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43637 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in NetBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the kern.proc sysctl tree handler, which can be exploited to e.g. exhaust all available kernel memory or trigger assertion errors. SOLUTION: Fixed in the CVS repository (please see the vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: NetBSD-SA2011-003: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-003.txt.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 12:31:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 21:31:28 +0100 Subject: [SEC] [SA43628] Microsoft Windows Remote Desktop Client Insecure Library Loading Vulnerability Message-ID: <201103082031.p28KVSU3010864@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Remote Desktop Client Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA43628 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43628/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43628 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43628/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43628/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43628 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the Remote Desktop Client loading libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a Remote Desktop configuration (.rdp) file located on a remote WebDAV or SMB share. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: MS11-017 (KB2508062, KB2483618, KB2481109, KB2483619, KB2483614): http://www.microsoft.com/technet/security/bulletin/MS11-017.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 13:30:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 22:30:59 +0100 Subject: [SEC] [SA43626] Microsoft Windows DirectShow/Windows Media Two Vulnerabilities Message-ID: <201103082130.p28LUxRl001307@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Windows DirectShow/Windows Media Two Vulnerabilities SECUNIA ADVISORY ID: SA43626 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43626/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43626 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43626/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43626/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43626 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. 1) DirectShow loads certain libraries in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into e.g. opening .wtv, .drv-ms, or .mpg files located on a remote WebDAV or SMB share. 2) An unspecified error exists within the Stream Buffer Engine (SBE.dll) when parsing Microsoft Digital Video Recording (.dvr-ms) media files. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Matthew Watchinski. ORIGINAL ADVISORY: MS11-015 (KB2510030, KB2502898, KB2479943, KB2494132): http://www.microsoft.com/technet/security/bulletin/MS11-015.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 14:25:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 23:25:10 +0100 Subject: [SEC] [SA43663] Fedora update for patch Message-ID: <201103082225.p28MPA0G024005@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for patch SECUNIA ADVISORY ID: SA43663 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43663/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43663 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43663/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43663/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43663 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for patch. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data or compromise a vulnerable system. For more information: SA43677 SOLUTION: Apply updated packages via the yum utility ("yum update patch"). ORIGINAL ADVISORY: FEDORA-2011-1272: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html FEDORA-2011-1269: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 14:45:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Mar 2011 23:45:58 +0100 Subject: [SEC] [SA43510] Linksys WAG120N Cross-Site Request Forgery Vulnerability Message-ID: <201103082245.p28MjwWG012755@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Linksys WAG120N Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA43510 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43510/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43510 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43510/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43510/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43510 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Khashayar Fereidani has reported a vulnerability in Linksys WAG120N, which can be exploited by malicious people to conduct cross-site request forgery attacks. The setup.cgi script allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. enable remote management or change the administrator's password by tricking a logged in administrator into visiting a malicious web site. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Khashayar Fereidani ORIGINAL ADVISORY: http://ircrash.com/?p=21 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 15:11:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 00:11:11 +0100 Subject: [SEC] [SA43640] WordPress 1 Flash Gallery Plugin Multiple Vulnerabilities Message-ID: <201103082311.p28NBBtD001646@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress 1 Flash Gallery Plugin Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43640 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43640/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43640 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43640/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43640/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43640 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in 1 Flash Gallery plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "type" and "gall_id" parameters to wp-content/plugins/1-flash-gallery/folder.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "gall_id" POST parameter to wp-content/plugins/1-flash-gallery/massedit_album.php (when the "album_id" POST parameter is set to a numeric value and the "images" POST parameter is set) is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.0.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA Additional information provided by Secunia Research. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 15:45:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 00:45:33 +0100 Subject: [SEC] [SA43677] GNU patch Directory Traversal Vulnerability Message-ID: <201103082345.p28NjXWA023461@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: GNU patch Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA43677 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43677/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43677 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43677/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43677/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43677 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in GNU patch, which can be exploited by malicious people to manipulate certain data or compromise a vulnerable system. The vulnerability is caused due to an error in the application, which does not properly handle paths in patches. This can be exploited to modify arbitrary files outside of the intended destination directory. This is related to vulnerability #1 in: SA42826 SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Originally reported by Jakub Wilk in dpkg. ORIGINAL ADVISORY: http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html https://bugzilla.redhat.com/show_bug.cgi?id=667529 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 16:11:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 01:11:13 +0100 Subject: [SEC] [SA43599] Focalmedia Quick Polls File Inclusion and File Deletion Vulnerabilities Message-ID: <201103090011.p290BDmV012439@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Focalmedia Quick Polls File Inclusion and File Deletion Vulnerabilities SECUNIA ADVISORY ID: SA43599 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43599/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43599 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43599/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43599/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43599 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Mark Stanislav has reported two vulnerabilities in Focalmedia Quick Polls, which can be exploited by malicious users to disclose sensitive information and manipulate certain data. 1) Input passed via the "p" parameter to index.php (when "fct" is set to "preview") is not properly verified before being used to include files. This can be exploited to include arbitrary files via directory traversal sequences and URL-encoded NULL-bytes. 2) Input passed via the "p" parameter to index.php (when "fct" is set to "delete") is not properly verified before being used to delete files. This can be exploited to delete arbitrary files via directory traversal sequences and URL-encoded NULL-bytes. Successful exploitation requires administrator privileges and that "magic_quotes_gpc" is disabled. The vulnerabilities have been reported in version 1.0.1. Prior versions may also be affected. SOLUTION: Update to version 1.0.2. PROVIDED AND/OR DISCOVERED BY: Mark Stanislav ORIGINAL ADVISORY: http://www.uncompiled.com/2011/03/quick-polls-local-file-inclusion-deletion-vulnerabilities-cve-2011-1099/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 16:45:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 01:45:51 +0100 Subject: [SEC] [SA43646] Postfix "STARTTLS" Plaintext Injection Vulnerability Message-ID: <201103090045.p290jpTG001758@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Postfix "STARTTLS" Plaintext Injection Vulnerability SECUNIA ADVISORY ID: SA43646 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43646/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43646 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43646/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43646/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43646 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Postfix, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data (e.g. SMTP commands) during the plaintext phase, which will then be executed after upgrading to the TLS ciphertext phase. The vulnerability is reported in version 2.2 and all releases prior to versions 2.4.16, 2.5.12, 2.6.9, and 2.7.3. SOLUTION: Update to versions 2.4.16, 2.5.12, 2.6.9, and 2.7.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.postfix.org/CVE-2011-0411.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 17:13:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 02:13:44 +0100 Subject: [SEC] [SA43674] Ubuntu update for tiff Message-ID: <201103090113.p291DifW023279@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for tiff SECUNIA ADVISORY ID: SA43674 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43674/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43674 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43674/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43674/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43674 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for tiff. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. For more information: SA40241 SA40422 SA43582 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1085-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001272.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 17:45:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 02:45:51 +0100 Subject: [SEC] [SA43636] BMForum Myna "forumid" SQL Injection Vulnerability Message-ID: <201103090145.p291jpiB012550@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: BMForum Myna "forumid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43636 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43636/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43636 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43636/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43636/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43636 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in BMForum Myna, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "forumid" parameter to js_viewnew.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that the "View New Forum" add-on is used, that "magic_quotes_gpc" is disabled, and that "register_globals" is enabled. The vulnerability is confirmed in version 6.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Stephan Sattler OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 18:10:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 03:10:31 +0100 Subject: [SEC] [SA43673] Ubuntu update for avahi Message-ID: <201103090210.p292AVtX001415@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for avahi SECUNIA ADVISORY ID: SA43673 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43673/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43673 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43673/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43673/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43673 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43361 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1084-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001273.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 18:24:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 03:24:54 +0100 Subject: [SEC] [SA43659] HP OpenView Network Node Manager Denial of Service Vulnerability Message-ID: <201103090224.p292OsMW022325@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: HP OpenView Network Node Manager Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43659 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43659/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43659 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43659/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43659/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43659 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1 in: SA43262 The vulnerability is reported in version 7.53 for HP-UX, Linux, Solaris, and Windows. SOLUTION: Update the Java Development Kit (JDK) and Java Runtime Environment (JRE) via the FDUpdater tool. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBUX02641 SSRT100412: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02738573 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 18:45:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 03:45:56 +0100 Subject: [SEC] [SA43664] Fedora update for libtiff Message-ID: <201103090245.p292jutC011096@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for libtiff SECUNIA ADVISORY ID: SA43664 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43664/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43664 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43664/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43664/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43664 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for libtiff. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA43593 SOLUTION: Apply updated packages via the yum utility ("yum update libtiff"). ORIGINAL ADVISORY: FEDORA-2011-2540: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 19:20:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 04:20:26 +0100 Subject: [SEC] [SA43675] VMware ESX Server Service Console Multiple Vulnerabilities Message-ID: <201103090320.p293KQuW000854@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: VMware ESX Server Service Console Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43675 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43675/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43675 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43675/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43675/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43675 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has acknowledged multiple vulnerabilities in VMware ESX Server, which can be exploited by malicious, local users to disclose potentially sensitive information, perform certain actions with escalated privileges, and cause a DoS (Denial of Service) and by malicious people to manipulate certain data, bypass certain restrictions, and cause a DoS (Denial of Service). For more information: SA40028 SA40978 SA41654 SA42088 SA42374 SA42435 The vulnerabilities are reported in versions 4.0 and 4.1. SOLUTION: Apply patches (please see the vendor's advisory for details). ORIGINAL ADVISORY: VMSA-2011-0004: http://www.vmware.com/security/advisories/VMSA-2011-0004.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 19:45:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 04:45:48 +0100 Subject: [SEC] [SA43676] Ipswitch IMail Server "STARTTLS" Plaintext Injection Vulnerability Message-ID: <201103090345.p293jmk6022284@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ipswitch IMail Server "STARTTLS" Plaintext Injection Vulnerability SECUNIA ADVISORY ID: SA43676 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43676/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43676 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43676/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43676/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43676 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ipswitch IMail Server, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data (e.g. SMTP commands) during the plaintext phase, which will then be executed after upgrading to the TLS ciphertext phase. SOLUTION: Reportedly, the vendor will fix this in an upcoming version. PROVIDED AND/OR DISCOVERED BY: Wietse Venema ORIGINAL ADVISORY: US-CERT VU#555316: http://www.kb.cert.org/vuls/id/555316 http://www.kb.cert.org/vuls/id/MAPG-8DBRD4 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 20:10:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 05:10:26 +0100 Subject: [SEC] [SA43668] Fedora update for kernel Message-ID: <201103090410.p294AQp0011207@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA43668 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43668/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43668 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43668/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43668/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43668 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for the kernel. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges. For more information: SA42172 SA42176 SA42570 SA43009 SOLUTION: Apply updated packages via the yum utility ("yum update kernel"). ORIGINAL ADVISORY: FEDORA-2011-2134: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055238.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 20:24:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 05:24:46 +0100 Subject: [SEC] [SA43644] Red Hat update for logwatch Message-ID: <201103090424.p294OkSx032057@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for logwatch SECUNIA ADVISORY ID: SA43644 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43644/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43644 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43644/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43644/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43644 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for logwatch. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA43495 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0324-1: https://rhn.redhat.com/errata/RHSA-2011-0324.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 20:45:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 05:45:41 +0100 Subject: [SEC] [SA43601] VMware ESX Server / ESXi Service Location Protocol Daemon Denial of Service Message-ID: <201103090445.p294jfqR020805@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: VMware ESX Server / ESXi Service Location Protocol Daemon Denial of Service SECUNIA ADVISORY ID: SA43601 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43601/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43601 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43601/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43601/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43601 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in VMware ESX Server and ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in the Service Location Protocol (SLPD) daemon. This can be exploited to cause the daemon to consume significant CPU resources. The vulnerability is reported in the following products: * ESXi versions 4.0 and 4.1. * ESX Server versions 4.0 and 4.1. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Nicolas Gregoire, US CERT. ORIGINAL ADVISORY: VMSA-2011-0004: http://www.vmware.com/security/advisories/VMSA-2011-0004.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 21:11:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 06:11:29 +0100 Subject: [SEC] [SA43589] Automne Arbitrary File Upload Vulnerability Message-ID: <201103090511.p295BTTJ009798@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Automne Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA43589 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43589/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43589 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43589/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43589/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43589 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered a vulnerability in Automne, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the admin/upload-controler.php script not properly validating uploaded file types, which can be exploited to execute arbitrary PHP code by uploading a PHP file. The vulnerability is confirmed in version 4.1.0. Other versions may also be affected. SOLUTION: Restrict access to the upload/ directory (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/Automne.4.1.0_Race.Condition_135.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 21:45:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 06:45:45 +0100 Subject: [SEC] [SA43642] Oracle Solaris Kerberos Standalone Mode Denial of Service Vulnerability Message-ID: <201103090545.p295jj5E031548@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Kerberos Standalone Mode Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43642 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43642/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43642 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43642/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43642/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43642 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1: SA43260 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2010_4022_improper_input OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 8 22:10:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 07:10:55 +0100 Subject: [SEC] [SA43650] SUSE update for acroread Message-ID: <201103090610.p296AtOx020499@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for acroread SECUNIA ADVISORY ID: SA43650 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43650/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43650 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43650/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43650/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43650 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks and compromise a user's system. For more information: SA42095 SA43207 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0156-1: https://hermes.opensuse.org/messages/7533006 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 10:30:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 19:30:16 +0100 Subject: [SEC] [SA43649] Esselbach Storyteller CMS System "id" SQL Injection Vulnerability Message-ID: <201103091830.p29IUGv5009148@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Esselbach Storyteller CMS System "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43649 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43649/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43649 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43649/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43649/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43649 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Esselbach Storyteller CMS System, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to page.php is not properly sanitised in core.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.8. Other versions may also be affected. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Shamus ORIGINAL ADVISORY: http://www.contentteller.com/forums/threads/security-sql-injection-vulnerability-in-storyteller-cms.1148/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 11:31:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 20:31:11 +0100 Subject: [SEC] [SA43684] Apache Tomcat "@ServletSecurity" Annotation Security Bypass Message-ID: <201103091931.p29JVBeD032096@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Apache Tomcat "@ServletSecurity" Annotation Security Bypass SECUNIA ADVISORY ID: SA43684 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43684/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43684 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43684/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43684/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43684 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the application not properly enforcing "@ServletSecurity" annotations when loading servlets. This can be exploited to e.g. bypass the security constraints specified via the annotations and disclose certain information. The vulnerability is reported in versions 7.0.0 through 7.0.10. SOLUTION: Incompletely fixed in version 7.0.10. As a workaround, update to version 7.0.10 and specify at least one security constraint in web.xml. PROVIDED AND/OR DISCOVERED BY: Michael McCutcheon ORIGINAL ADVISORY: http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.10_%28released_8_Mar_2011%29 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 12:30:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 21:30:34 +0100 Subject: [SEC] [SA43639] SUSE update for kernel Message-ID: <201103092030.p29KUYgL022574@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA43639 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43639/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43639 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43639/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43639/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43639 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system and potentially sensitive information, cause a DoS (Denial of Service), bypass certain security restrictions, and gain escalated privileges and by malicious people to disclose potentially sensitive information and cause a DoS and by malicious people with physical access to potentially compromise a vulnerable system. For more information: SA40205 SA41002 SA41881 SA42061 SA42176 SA42684 SA42765 SA42372 SA42570 SA43009 SA43358 SA43477 1) An error within the Econet protocol implementation can be exploited to cause a crash by sending Acorn Universal Networking packets over UDP. 2) An error within the "sctp_icmp_proto_unreachable()" function in net/sctp/input.c can be exploited to cause a crash. SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0160-1: https://hermes.opensuse.org/messages/7561275 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 13:30:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 22:30:32 +0100 Subject: [SEC] [SA43655] Maian Weblog "post" SQL Injection Vulnerability Message-ID: <201103092130.p29LUWqv013077@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Maian Weblog "post" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43655 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43655/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43655 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43655/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43655/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43655 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Maian Weblog, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "post" parameter to index.php (when "cmd" is set to "blog") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 4.0 released on August 31, 2010. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: mr_me OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 14:26:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 23:26:12 +0100 Subject: [SEC] [SA43671] Stonesoft StoneGate SSL VPN OpenSSL TLS Server Extension Parsing Vulnerability Message-ID: <201103092226.p29MQCEb003381@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Stonesoft StoneGate SSL VPN OpenSSL TLS Server Extension Parsing Vulnerability SECUNIA ADVISORY ID: SA43671 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43671/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43671 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43671/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43671/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43671 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stonesoft has acknowledged a vulnerability in StoneGate SSL VPN, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA42243 The vulnerability is reported in versions prior to 1.4.5 build 1519. SOLUTION: Update to version 1.4.5 build 1519. ORIGINAL ADVISORY: https://my.stonesoft.com/support/attachment.do?docid=6410&file=SSL-VPN_1.4.5-RLNT.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 14:46:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Mar 2011 23:46:10 +0100 Subject: [SEC] [SA43574] Apple Mac OS X update for Java Message-ID: <201103092246.p29MkAZC024494@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X update for Java SECUNIA ADVISORY ID: SA43574 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43574/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43574 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43574/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43574/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43574 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apple has issued an update for Java for Mac OS X. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA43262 SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://support.apple.com/kb/HT4562 http://support.apple.com/kb/HT4563 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 15:10:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 00:10:53 +0100 Subject: [SEC] [SA43635] Debian update for proftpd-dfsg Message-ID: <201103092310.p29NArCP013418@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for proftpd-dfsg SECUNIA ADVISORY ID: SA43635 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43635/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43635 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43635/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43635/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43635 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for proftpd-dfsg. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43234 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2185-1: http://lists.debian.org/debian-security-announce/2011/msg00052.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 15:45:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 00:45:32 +0100 Subject: [SEC] [SA43672] Red Hat update for subversion Message-ID: <201103092345.p29NjWHe002754@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for subversion SECUNIA ADVISORY ID: SA43672 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43672/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43672 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43672/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43672/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43672 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for subversion. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43603 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0327-1: https://rhn.redhat.com/errata/RHSA-2011-0327.html RHSA-2011:0328-1: https://rhn.redhat.com/errata/RHSA-2011-0328.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 16:11:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 01:11:41 +0100 Subject: [SEC] [SA43683] Google Chrome Multiple Vulnerabilities Message-ID: <201103100011.p2A0BfuU024177@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43683 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43683/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43683 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43683/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43683/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43683 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chorme, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system. 1) An error when handling sandboxed frames can be exploited to navigate to or close the top location. 2) An unspecified error can lead to cross-origin message leaks. 3) An error related to counter nodes can be exploited to corrupt memory. 4) An error when handling box layout may lead to a stale node. 5) An error in certain workers can lead to cross-origin message leaks. 6) A use-after-free error exists within the DOM URL handling. 7) An error when handling unicode ranges can be exploited to cause an out-of-bounds read. This vulnerability affects builds for Linux only. 8) An error in v8 can be exploited to bypass the same origin policy. 9) An unspecified error allows bypassing the pop-up blocker. 10) A use-after-free error exists within the document script lifetime handling. 11) An error within the OGG container can be exploited to cause an out-of-bounds write. 12) An error when handling table painting may lead to a stale pointer. 13) An error within the video code may result in use of corrupt out-of-bounds structures. 14) An unspecified error exists in the handling of the DataView object. 15) An error related to a bad cast exists within the handling of text rendering. 16) An error in the WebKit context code can lead to a stale pointer. 17) An error in XSLT may leak heap addresses. 18) An error in the handling of SVG cursors can lead to a stale pointer. 19) An error when handling attributes can be exploited to corrupt the DOM tree. 20) An error when handling re-entrancy of RegExp code can lead to memory corruption. 21) An error in v8 can be exploited to access invalid memory. The vulnerabilities are reported in versions prior to 10.0.648.127. SOLUTION: Upgrade to version 10.0.648.127. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) sirdarckcat, Google Security Team. 2, 5, 8) Daniel Divricean. 3, 4, 12) Martin Barbella. 6, 14, 16, 18, 19) Sergey Glazunov. 7, 10, 15) miaubiz. 9) Chamal de Silva. 11) SkyLined, Google Chrome Security Team (SkyLined) and David Weston, MSVR. 13) Tavis Ormandy, Google Security Team. 17) Chris Evans, Google Chrome Security Team. 20, 21) Christian Holler. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 16:45:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 01:45:40 +0100 Subject: [SEC] [SA43686] Red Hat update for kernel Message-ID: <201103100045.p2A0jec1013505@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA43686 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43686/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43686 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43686/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43686/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43686 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a use-after-free error within lockd, which can be exploited to cause a crash by sending specially crafted data packets. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Adam Prince. ORIGINAL ADVISORY: RHSA-2011:0329-01: https://rhn.redhat.com/errata/RHSA-2011-0329.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 17:13:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 02:13:55 +0100 Subject: [SEC] [SA43629] Ubuntu update for linux-ec2 Message-ID: <201103100113.p2A1DtmW002554@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-ec2 SECUNIA ADVISORY ID: SA43629 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43629/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43629 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43629/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43629/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43629 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-ec2. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information and to cause a DoS (Denial of Service). For more information: SA42061 SA42176 SA42187 SA42801 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1086-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001275.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 17:45:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 02:45:43 +0100 Subject: [SEC] [SA43685] Avaya CMS Solaris Kernel Multiple Vulnerabilities Message-ID: <201103100145.p2A1jhDm024226@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Avaya CMS Solaris Kernel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43685 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43685/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43685 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43685/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43685/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43685 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Avaya has acknowledged multiple vulnerabilities in Avaya Call Management System, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges and by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA42984 The vulnerabilities are reported in the following versions R15, R16, R16.1, and R16.2. SOLUTION: The vendor recommends that local and network access to the affected systems be restricted until an update is available. ORIGINAL ADVISORY: ASA-2011-041: https://support.avaya.com/css/P8/documents/100128919 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 18:10:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 03:10:37 +0100 Subject: [SEC] [SA43293] TeamViewer Insecure Directory Permissions Security Issue Message-ID: <201103100210.p2A2AbAx013159@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: TeamViewer Insecure Directory Permissions Security Issue SECUNIA ADVISORY ID: SA43293 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43293/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43293 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43293/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43293/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43293 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dennis P. Nikolaenko has discovered a security issue in TeamViewer, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the application setting insecure file system permissions to the application's installation directory. This can be exploited to overwrite any program or library in the "Version6" directory. Successful exploitation allows execution of arbitrary code with escalated privileges when e.g. an administrative user launches the desktop application, but requires the "Remote Access" functionality to be enabled during installation (disabled by default). The security issue is confirmed in version 6.0.10194 running on Windows 7. Other versions may also be affected. The installation on a Windows XP system is not affected. SOLUTION: Update to version 6.0.10344. PROVIDED AND/OR DISCOVERED BY: Dennis P. Nikolaenko via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 18:25:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 03:25:10 +0100 Subject: [SEC] [SA43658] Joomla! Multiple Vulnerabilities Message-ID: <201103100225.p2A2PA9E001561@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Joomla! Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43658 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43658/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43658 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43658/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43658/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43658 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Joomla!, which can be exploited by malicious users to bypass certain security restrictions and cause a DoS (Denial of Service) and by malicious people to disclose sensitive information, conduct cross-site scripting and request forgery, and SQL injection attacks. 1) Certain unspecified input is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to disclose the installation path via SQL error messages. 2) Certain unhandled exceptions can be exploited to disclose the full installation path. 3) Certain double URL-encoded input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 5) An error in the checking of access permissions can be exploited to disclose certain information. 6) Certain unspecified input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary site e.g. when the user clicks a specially crafted link to the affected script hosted on a trusted domain. 7) Certain unspecified input is not properly sanitised before being used. This can be exploited to disclose potentially sensitive information. 8) An error in the handling of access permissions can be exploited to edit otherwise restricted files. 9) The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions within the application by tricking a user into visiting a malicious web site while being logged in to the application. 10) An error within the editor caching facility can be exploited to use all available disk space. The vulnerabilities are reported in versions prior to 1.6.1. SOLUTION: Update to version 1.6.1. PROVIDED AND/OR DISCOVERED BY: 4) Reported by vendor and Jeff Channell The vendor credits: 1, 2) YGN Ethical Hacker Group 3) Hoyt LLC Research 5, 6, 7, 8, 10) Jeff Channell 9) Marius Van Rijnsoever ORIGINAL ADVISORY: Joomla!: http://www.joomla.org/announcements/release-news/5350-joomla-161-released.html http://developer.joomla.org/security/news/328-20110201-core-sql-injection-path-disclosure http://developer.joomla.org/security/news/329-20110202-core-path-disclosure http://developer.joomla.org/security/news/330-20110203-core-xss-vulnerabilities http://developer.joomla.org/security/news/331-20110204-core-xss-vulnerabilities http://developer.joomla.org/security/news/332-20110301-core-information-disclosure http://developer.joomla.org/security/news/333-20110302-core-redirect-vulnerabilities http://developer.joomla.org/security/news/334-20110303-core-information-disclosure http://developer.joomla.org/security/news/335-20110304-core-unauthorised-access http://developer.joomla.org/security/news/336-20110305-core-csrf-vulnerability http://developer.joomla.org/security/news/337-20110306-core-dos-vulnerabilities http://developer.joomla.org/security/news/338-20110307-core-xss-vulnerabilities http://developer.joomla.org/security/news/339-20110308-core-csrf-vulnerability OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 18:45:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 03:45:55 +0100 Subject: [SEC] [SA43450] SUSE update for java-1_6_0-sun Message-ID: <201103100245.p2A2jtPF022763@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for java-1_6_0-sun SECUNIA ADVISORY ID: SA43450 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43450/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43450 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43450/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43450/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43450 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for java-1_6_0-sun. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA43262 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0126-1: https://hermes.opensuse.org/messages/7434181 SUSE-SA:2011:010: http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00005.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 19:18:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 04:18:07 +0100 Subject: [SEC] [SA43462] Citrix XenApp and XenDesktop XML Service Interface Vulnerability Message-ID: <201103100318.p2A3I70i012461@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Citrix XenApp and XenDesktop XML Service Interface Vulnerability SECUNIA ADVISORY ID: SA43462 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43462/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43462 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43462/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43462/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43462 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Citrix XenApp and XenDesktop, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the XML service interface. No further information is currently available. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in the following products: * Feature Pack 1 for Presentation Server 4.5 * XenApp 5.0 for Windows Server 2003 x64 * XenApp 5.0 for Windows Server 2003 x86 * XenApp 6.0 for Windows Server 2008 R2 * XenApp Fundamentals 3.0 * XenApp Fundamentals 6.0 for Windows Server 2008 R2 * XenDesktop 4 x32 * XenDesktop 4 x64 SOLUTION: Apply Hotfixes. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits AbdulAziz Hariri via iDefense. ORIGINAL ADVISORY: Citrix (CTX128169): http://support.citrix.com/article/CTX128169 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 19:46:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 04:46:08 +0100 Subject: [SEC] [SA43428] WordPress cdnvote Plugin "cdn_vote_postid" / "cdnvote_point" SQL Injection Message-ID: <201103100346.p2A3k8Ip001478@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress cdnvote Plugin "cdn_vote_postid" / "cdnvote_point" SQL Injection SECUNIA ADVISORY ID: SA43428 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43428/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43428 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43428/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43428/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43428 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in the WordPress cdnvote Plugin, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "cdn_vote_postid" and "cdnvote_point" parameters in cdnvote-post.php are not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 0.4.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22845: http://www.htbridge.ch/advisory/sql_injection_in_cdnvote_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 20:10:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 05:10:25 +0100 Subject: [SEC] [SA43459] Citrix Licensing Multiple Vulnerabilities Message-ID: <201103100410.p2A4AP8b022833@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Citrix Licensing Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43459 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43459/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43459 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43459/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43459/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43459 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Citrix Licensing, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to unspecified errors within underlying components of the Citrix Licensing Administration Console. No further information is currently available. The vulnerabilities are reported in versions 11.6 and prior. SOLUTION: Restrict access to the system to trusted users only. Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Citrix (CTX128167): http://support.citrix.com/article/CTX128167 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 20:24:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 05:24:42 +0100 Subject: [SEC] [SA43468] Microsoft Products Malware Protection Engine Privilege Escalation Message-ID: <201103100424.p2A4OgSt011275@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Products Malware Protection Engine Privilege Escalation SECUNIA ADVISORY ID: SA43468 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43468/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43468 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43468/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43468/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43468 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in various Microsoft products, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error in Microsoft Malware Protection Engine during scanning and can be exploited to gain LocalSystem privileges by setting a specially crafted value for a registry key. The vulnerability is reported in version 1.1.6502.0 and prior of Microsoft Malware Protection Engine. SOLUTION: Ensure that systems are running version 1.1.6603.0 or later of Microsoft Malware Protection Engine. Typically, malware definitions and updates for Microsoft Malware Protection Engine are applied automatically. An updated version of Malicious Software Removal Tool was released on Tuesday, March 8th 2011. PROVIDED AND/OR DISCOVERED BY: The vendor credits Cesar Cerrudo, Argeniss. ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/2491888.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 20:45:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 05:45:39 +0100 Subject: [SEC] [SA43457] SUSE update for git Message-ID: <201103100445.p2A4jdQp032431@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for git SECUNIA ADVISORY ID: SA43457 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43457/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43457 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43457/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43457/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43457 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for git. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to potentially gain escalated privileges and by malicious people to conduct cross-site scripting attacks. For more information: SA41569 SA42645 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0115-1: https://hermes.opensuse.org/messages/7350631 SUSE-SR:2011:004: http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 21:11:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 06:11:22 +0100 Subject: [SEC] [SA43442] SUSE update for krb5 Message-ID: <201103100511.p2A5BMrP021404@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for krb5 SECUNIA ADVISORY ID: SA43442 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43442/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43442 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43442/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43442/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43442 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for krb5. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43260 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0106-1: https://hermes.opensuse.org/messages/7305676 openSUSE-SU-2011:0111-1: https://hermes.opensuse.org/messages/7337735 SUSE-SR:2011:004: http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 21:45:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 06:45:42 +0100 Subject: [SEC] [SA43455] SUSE update for exim Message-ID: <201103100545.p2A5jgQM010750@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for exim SECUNIA ADVISORY ID: SA43455 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43455/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43455 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43455/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43455/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43455 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for exim. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA43101 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0105-1: https://hermes.opensuse.org/messages/7298343 SUSE-SR:2011:004: http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 9 22:10:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 07:10:31 +0100 Subject: [SEC] [SA43452] DIY Web CMS Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201103100610.p2A6AVsl032073@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: DIY Web CMS Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43452 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43452/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43452 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43452/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43452/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43452 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in DIY Web CMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "msg" parameter to login.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "Brand" and "Model" parameters to Catalog.asp, "menuid" parameter to template.asp, and "id" parameter to viewcatalog.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: p0pc0rn Additional information provided by Secunia Research. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 10:33:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 19:33:29 +0100 Subject: [SEC] [SA43651] LMS Web Ensino Multiple Vulnerabilities Message-ID: <201103101833.p2AIXSdo015125@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: LMS Web Ensino Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43651 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43651/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43651 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43651/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43651/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43651 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: DcLabs Security Research Group has reported multiple vulnerabilities in LMS Web Ensino, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site scripting, cross-site request forgery and session fixation attacks. 1) Input passed via the "Incluir Publicacao" field to index.php (when "modo" is set to "area_publicacao") is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Input passed via the "codBibliotecaCategoria" to index.php (when "modo" is set to "itensCategoriaBiblioteca") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. change a user's password by tricking a user into visiting a malicious web site while being logged-in to the application. 4) Input passed via the "pChave" parameter to index.php (when "modo" is set to "resbusca_biblioteca" and "Submit" is set to "Buscar") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 5) An error in the handling of sessions can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Flavio do Carmo Junior (waKKu), DcLabs Security Research Group ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2011-03/0063.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 11:32:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 20:32:00 +0100 Subject: [SEC] [SA43638] Debian update for iceweasel and xulrunner Message-ID: <201103101932.p2AJW0i7005569@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for iceweasel and xulrunner SECUNIA ADVISORY ID: SA43638 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43638/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43638 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43638/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43638/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43638 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for iceweasel and xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system. For more information: SA43550 SOLUTION: Apply updated packages via the apt-get package manager. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2186-1: http://lists.debian.org/debian-security-announce/2011/msg00053.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 12:32:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 21:32:19 +0100 Subject: [SEC] [SA43661] WordPress Lazyest Gallery Plugin "image" Cross-Site Scripting Vulnerability Message-ID: <201103102032.p2AKWJZI028502@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress Lazyest Gallery Plugin "image" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43661 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43661/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43661 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43661/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43661/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43661 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in the Lazyest Gallery plugin for Wordpress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "image" parameter to wp-content/plugins/lazyest-gallery/lazyest-popup.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.0.28. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22875: http://www.htbridge.ch/advisory/xss_in_lazyest_gallery_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 13:35:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 22:35:16 +0100 Subject: [SEC] [SA43656] Debian update for icedove Message-ID: <201103102135.p2ALZGTR019138@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for icedove SECUNIA ADVISORY ID: SA43656 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43656/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43656 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43656/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43656/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43656 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for icedove. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system. For more information: SA43550 SA43586 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2187-1: http://lists.debian.org/debian-security-announce/2011/msg00054.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 14:26:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 23:26:18 +0100 Subject: [SEC] [SA43701] Red Hat update for tomcat6 Message-ID: <201103102226.p2AMQIjH009242@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for tomcat6 SECUNIA ADVISORY ID: SA43701 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43701/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43701 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43701/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43701/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43701 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for tomcat6. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43194 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0335-1: https://rhn.redhat.com/errata/RHSA-2011-0335.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 14:46:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Mar 2011 23:46:45 +0100 Subject: [SEC] [SA43643] Icinga Two Cross-Site Scripting Vulnerabilities Message-ID: <201103102246.p2AMkjKp030362@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Icinga Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43643 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43643/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43643 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43643/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43643/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43643 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has discovered two vulnerabilities in Icinga, which can be exploited by malicious people to conduct cross-site scripting attacks. Input appended to the URL after cgi-bin/status.cgi and cgi-bin/notifications.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.3.0. Other versions may also be affected. SOLUTION: Fixed in the CVS repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz ORIGINAL ADVISORY: Icinga: https://dev.icinga.org/issues/1275 Stefan Schurtz: http://www.rul3z.de/advisories/SSCHADV2011-001.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 15:11:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 00:11:55 +0100 Subject: [SEC] [SA43709] Wikiwig "to_p_dict" and "to_r_list" Cross-Site Scripting Vulnerabilities Message-ID: <201103102311.p2ANBtNk019306@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Wikiwig "to_p_dict" and "to_r_list" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43709 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43709/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43709 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43709/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43709/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43709 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered two vulnerabilities in WikiWig, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "to_p_dict" and "to_r_list" parameters to _wk/Xinha/plugins/SpellChecker/spell-check-savedicts.php is not properly sanitised before being returned to the user. For more information see vulnerability #4 in: SA40669 The vulnerabilities are confirmed in version 5.01. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools. ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/WikiWig.5.01_Persistent-Reflected.Cross-site.Scripting_139.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 15:46:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 00:46:40 +0100 Subject: [SEC] [SA43702] Fedora update for asterisk Message-ID: <201103102346.p2ANkeDS008681@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for asterisk SECUNIA ADVISORY ID: SA43702 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43702/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43702 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43702/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43702/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43702 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for asterisk. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA43429 SOLUTION: Apply updated packages via the yum utility ("yum update asterisk"). ORIGINAL ADVISORY: FEDORA-2011-2438: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 16:12:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 01:12:02 +0100 Subject: [SEC] [SA43694] Red Hat update for tomcat5 Message-ID: <201103110012.p2B0C2cM030031@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for tomcat5 SECUNIA ADVISORY ID: SA43694 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43694 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43694/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43694/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43694 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for tomcat5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43198 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0336-1: https://rhn.redhat.com/errata/RHSA-2011-0336.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 16:46:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 01:46:27 +0100 Subject: [SEC] [SA43704] JBoss Enterprise Portal Platform Java Double Literal Denial of Service Vulnerability Message-ID: <201103110046.p2B0kRGd019397@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: JBoss Enterprise Portal Platform Java Double Literal Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43704 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43704/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43704 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43704/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43704/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43704 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has acknowledged a vulnerability in JBoss Enterprise Portal Platform, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1 in: SA43262 SOLUTION: Updated packages are available via Red Hat Costumer Portal. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: RHSA-2011:0334-1: https://rhn.redhat.com/errata/RHSA-2011-0334.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 17:14:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 02:14:18 +0100 Subject: [SEC] [SA43690] SUSE update for gimp Message-ID: <201103110114.p2B1EI8o008462@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for gimp SECUNIA ADVISORY ID: SA43690 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43690/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43690 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43690/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43690/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43690 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for gimp. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA42771 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0162-1: https://hermes.opensuse.org/messages/7576604 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 17:46:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 02:46:36 +0100 Subject: [SEC] [SA43713] Linux SCSI target framework (tgt) "iscsi_rx_handler()" Vulnerability Message-ID: <201103110146.p2B1kaD7030124@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Linux SCSI target framework (tgt) "iscsi_rx_handler()" Vulnerability SECUNIA ADVISORY ID: SA43713 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43713/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43713 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43713/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43713/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43713 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Linux SCSI target framework (tgt), which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "iscsi_rx_handler()" function in usr/iscsi/iscsid.c, which can be exploited to crash the tgtd daemon by sending specially crafted network traffic. The vulnerability is reported in version 1.0.14. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Emmanuel Bouillon, NATO C3 Agency ORIGINAL ADVISORY: Linux SCSI Target Framework (tgt): http://lists.wpkg.org/pipermail/stgt/2011-March/004473.html Red Hat: https://rhn.redhat.com/errata/RHSA-2011-0332.html https://bugzilla.redhat.com/show_bug.cgi?id=667261 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 18:11:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 03:11:22 +0100 Subject: [SEC] [SA43697] Apple TV Multiple Vulnerabilities Message-ID: <201103110211.p2B2BMx5019042@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Apple TV Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43697 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43697/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43697 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43697/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43697/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43697 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apple has acknowledge a security issue and multiple vulnerabilities in Apple TV, which can be exploited by malicious people to disclose sensitive information, cause a Dos (Denial of Service), and potentially compromise a vulnerable system. 1) Apple TV bundles vulnerable versions of FreeType and libTIFF libraries. For more information: SA41738 SA43582 SA43593 2) The IPv6 implementation includes the device's MAC address as the interface identifier for outgoing connections when using stateless address autoconfiguration (SLAAC). This can be exploited to track the device across different connections. 3) A boundary error when processing wireless network frames can be exploited to restart the device. SOLUTION: Update to Apple TV version 4.2. PROVIDED AND/OR DISCOVERED BY: 2) Reported by the vendor. 3) The vendor credits Scott Boyd, ePlus Technology. ORIGINAL ADVISORY: http://support.apple.com/kb/HT4565 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 18:47:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 03:47:01 +0100 Subject: [SEC] [SA43698] Apple iOS Multiple Vulnerabilities Message-ID: <201103110247.p2B2l1Wr008459@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Apple iOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43698 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43698/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43698 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43698/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43698/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43698 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), and compromise a vulnerable device. For more information: SA43582 1) An error in the WebKit component when handling regular expressions can be exploited to corrupt memory. For more information see vulnerability #14: SA40664 2) An error in the FreeType library when processing TrueType fonts can be exploited to cause a heap-based buffer overflow. For more information see vulnerability #1: SA41738 3) An error in the WebKit component when handling redirects during HTTP Basic Authentication can be exploited to disclose the credentials to another site. This may be related to: SA40110 4) Two errors in the WebKit component when handling Cascading Style Sheets (CSS) and cached resources. For more information see vulnerabilities #2 and #3: SA43696 5) An unspecified error in the WebKit component can be exploited to corrupt memory. 6) A weakness in MobileSafari when being re-opened after another application is launched via a URL handler can be exploited to prevent the browser from being used. 7) A boundary error when handling Wi-Fi frames can be exploited to cause a device to restart. The vulnerabilities are reported in versions prior to 4.3. SOLUTION: Update to version 4.3. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1-4) Reported by the vendor The vendor also credits: 5) Benoit Jacob, Mozilla 6) Nitesh Dhanjani, Ernst & Young LLP 7) Scott Boyd, ePlus Technology, Inc. ORIGINAL ADVISORY: http://support.apple.com/kb/HT4564 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 19:20:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 04:20:43 +0100 Subject: [SEC] [SA43631] Majordomo 2 "_list_file_get()" Directory Traversal Vulnerability Message-ID: <201103110320.p2B3Kh8S030651@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Majordomo 2 "_list_file_get()" Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA43631 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43631/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43631 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43631/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43631/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43631 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Nikolas Sotiriu has reported a vulnerability in Majordomo 2, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to an input validation error in the "_list_file_get()" function (lib/Majordomo.pm) when handling files. This can be exploited to disclose an arbitrary file via directory traversal specifiers sent in a specially crafted request to any of the application's interfaces (e.g. email or web) This is related to: SA43125 The vulnerability is reported in snapshots prior to 20110204. SOLUTION: Update to snapshot 20110204 or later. PROVIDED AND/OR DISCOVERED BY: Nikolas Sotiriu. ORIGINAL ADVISORY: https://bugzilla.mozilla.org/show_bug.cgi?id=631307 Nikolas Sotiriu: http://sotiriu.de/adv/NSOADV-2011-003.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 19:47:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 04:47:02 +0100 Subject: [SEC] [SA43670] libvirt Read-Only API Calls Security Bypass Security Issue Message-ID: <201103110347.p2B3l2lj019655@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: libvirt Read-Only API Calls Security Bypass Security Issue SECUNIA ADVISORY ID: SA43670 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43670/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43670 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43670/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43670/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43670 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in libvirt, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the libvirt "virNodeDeviceDettach()", "virNodeDeviceReset()", "virDomainRevertToSnapshot()", and "virDomainSnapshotDelete()" API calls not properly enforcing read-only connections, which can be exploited to e.g. crash the host server. SOLUTION: Use a firewall to restrict access to trusted clients only. PROVIDED AND/OR DISCOVERED BY: Red Hat ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=683650 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 20:11:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 05:11:39 +0100 Subject: [SEC] [SA43653] Comtrend CT-5367 "password.cgi" Security Bypass Vulnerability Message-ID: <201103110411.p2B4BdM5008567@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Comtrend CT-5367 "password.cgi" Security Bypass Vulnerability SECUNIA ADVISORY ID: SA43653 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43653/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43653 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43653/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43653/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43653 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Comtrend CT-5367, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the device allowing unrestricted access to the "password.cgi" script. This can be exploited to e.g. change the administrator password via a specially crafted HTTP request and gain administrative access to the device. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Todor Donev OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 20:46:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 05:46:26 +0100 Subject: [SEC] [SA43679] unixODBC "SQLDriverConnect()" Buffer Overflow Vulnerability Message-ID: <201103110446.p2B4kQu3030335@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: unixODBC "SQLDriverConnect()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43679 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43679/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43679 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43679/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43679/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43679 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in unixODBC, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error within the "SQLDriverConnect()" function in DriverManager/SQLDriverConnect.c, which can be exploited to cause a stack-based buffer overflow by providing an overly long "SAVEFILE" parameter. The vulnerability is reported in version 2.3.0. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Disclosed in an SVN commit. ORIGINAL ADVISORY: http://unixodbc.svn.sourceforge.net/viewvc/unixodbc?revision=27&view=revision OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 21:12:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 06:12:51 +0100 Subject: [SEC] [SA43696] Apple Safari Multiple Vulnerabilities Message-ID: <201103110512.p2B5Cpc6019339@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43696 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43696/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43696 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43696/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43696/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43696 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and spoofing attacks, and compromise a user's system. For more information: SA43582 1) An error in the WebKit component when handling redirects during HTTP Basic Authentication can be exploited to disclose the credentials to another site. This may be related to: SA40110 2) An error in the WebKit component when handling the Attr.style accessor can be exploited to inject an arbitrary Cascading Style Sheet (CSS) into another document. 3) A type checking error in the WebKit component when handling cached resources can be exploited to poison the cache and prevent certain resources from being requested. 4) An error in the WebKit component when handling HTML5 drag and drop operations across different origins can be exploited to disclose certain content to another site. 5) An error in the tracking of window origins within the WebKit component can be exploited to disclose the content of files to a remote server. 6) Input passed to the "window.console._inspectorCommandLineAPI" property while browsing using the Web Inspector is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 5.0.4. SOLUTION: Update to version 5.0.4. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 2, 3, 6) Reported by the vendor. The vendor also credits: 1) McIntosh Cooey, Twelve Hundred Group 1) Harald Hanche-Olsen 1) Chuck Hohn, 1111 Internet LLC via CERT 1) Paul Hinze, Braintree 4) Michal Zalewski, Google Inc. 5) Aaron Sigel, vtty.com ORIGINAL ADVISORY: http://support.apple.com/kb/HT4566 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 21:46:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 06:46:23 +0100 Subject: [SEC] [SA43703] Fedora update for pywebdav Message-ID: <201103110546.p2B5kN7Y008655@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for pywebdav SECUNIA ADVISORY ID: SA43703 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43703/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43703 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43703/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43703/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43703 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for pywebdav. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks. For more information: SA43602 SOLUTION: Apply updated packages via the yum utility ("yum update pywebdav"). ORIGINAL ADVISORY: FEDORA-2011-2470: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html FEDORA-2011-2460 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 10 22:11:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 07:11:22 +0100 Subject: [SEC] [SA43706] Red Hat update for scsi-target-utils Message-ID: <201103110611.p2B6BM6m029995@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for scsi-target-utils SECUNIA ADVISORY ID: SA43706 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43706/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43706 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43706/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43706/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43706 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for scsi-target-utils. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43713 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0332-01: https://rhn.redhat.com/errata/RHSA-2011-0332.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 10:31:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 19:31:44 +0100 Subject: [SEC] [SA43731] Red Hat update for tomcat5 and tomcat6 Message-ID: <201103111831.p2BIViU2018691@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for tomcat5 and tomcat6 SECUNIA ADVISORY ID: SA43731 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43731/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43731 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43731/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43731/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43731 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for tomcat5 and tomcat6. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43194 SA43198 SOLUTION: Updated packages are available via the Red Hat Customer Portal. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0348-01: https://rhn.redhat.com/errata/RHSA-2011-0348.html RHSA-2011:0349-01: https://rhn.redhat.com/errata/RHSA-2011-0349.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 11:31:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 20:31:24 +0100 Subject: [SEC] [SA43693] Linux Kernel InfiniBand Request Handling Denial of Service Message-ID: <201103111931.p2BJVOUE009187@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Linux Kernel InfiniBand Request Handling Denial of Service SECUNIA ADVISORY ID: SA43693 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43693/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43693 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43693/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43693/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43693 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to a race condition within the InfiniBand request handling, which can be exploited to cause a kernel crash. SOLUTION: Do not use InfiniBand to interconnect with untrusted systems. PROVIDED AND/OR DISCOVERED BY: Red Hat credits Jens Kuehnel. ORIGINAL ADVISORY: Red Hat Bug #653648: https://bugzilla.redhat.com/show_bug.cgi?id=653648 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 12:31:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 21:31:17 +0100 Subject: [SEC] [SA43688] Debian webkit Multiple Vulnerabilities Message-ID: <201103112031.p2BKVHBn032083@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian webkit Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43688 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43688/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43688 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43688/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43688/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43688 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has acknowledged multiple vulnerabilities in webkit, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a user's system. For more information: SA40664 SA40743 SA41888 SA42109 SA42472 SA42605 SA42850 SA43193 SOLUTION: The vendor recommends an upgrade of the webkit packages for Debian GNU/Linux 5.0 (lenny), due to security updates being discontinued for the current distributed version. ORIGINAL ADVISORY: DSA-2188-1: http://lists.debian.org/debian-security-announce/2011/msg00055.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 13:31:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 22:31:53 +0100 Subject: [SEC] [SA43692] Debian update for webkit Message-ID: <201103112131.p2BLVrUn022602@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for webkit SECUNIA ADVISORY ID: SA43692 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43692/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43692 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43692/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43692/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43692 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for webkit. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a user's system. For more information: SA40664 SA40743 SA41888 SA42109 SA42472 SA42605 SA42850 SA43193 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2188-1: http://lists.debian.org/debian-security-announce/2011/msg00055.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 14:25:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 23:25:01 +0100 Subject: [SEC] [SA43710] SUSE update for IBMJava2 Message-ID: <201103112225.p2BMP1w2012801@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for IBMJava2 SECUNIA ADVISORY ID: SA43710 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43710/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43710 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43710/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43710/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43710 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for IBMJava2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA41882 SA43325 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SUSE-SU-2011:0165-1: https://hermes.opensuse.org/messages/7579774 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 14:46:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Mar 2011 23:46:18 +0100 Subject: [SEC] [SA43738] Linux Kernel "ldm_frag_add()" Buffer Overflow Vulnerability Message-ID: <201103112246.p2BMkIeK001505@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Linux Kernel "ldm_frag_add()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43738 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43738/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43738 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43738/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43738/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43738 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people with physical access to potentially compromise a vulnerable system. The vulnerability is caused due to an error within the "ldm_frag_add()" function in fs/partitions/ldm.c. For more information: SA43716 SOLUTION: Use a kernel compiled without the CONFIG_LDM_PARTITION option. PROVIDED AND/OR DISCOVERED BY: Timo Warns, PRESENSE Technologies GmbH ORIGINAL ADVISORY: http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 15:11:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 00:11:20 +0100 Subject: [SEC] [SA43708] Red Hat update for openldap Message-ID: <201103112311.p2BNBKYQ022883@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for openldap SECUNIA ADVISORY ID: SA43708 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43708/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43708 RELEASE DATE: 2011-03-11 DISCUSS ADVISORY: http://secunia.com/advisories/43708/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43708/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43708 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. For more information see vulnerability #1 in: SA43331 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0346-1: https://rhn.redhat.com/errata/RHSA-2011-0346.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 15:47:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 00:47:03 +0100 Subject: [SEC] [SA43716] Linux Kernel "ldm_frag_add()" Buffer Overflow Vulnerability Message-ID: <201103112347.p2BNl3XL012295@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Linux Kernel "ldm_frag_add()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43716 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43716/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43716 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43716/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43716/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43716 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people with physical access to potentially compromise a vulnerable system. The vulnerability is caused due to an error within the "ldm_frag_add()" function in fs/partitions/ldm.c, which can be exploited to cause a buffer overflow by e.g. plugging in a USB drive with a specially crafted LDM partition. SOLUTION: Use a kernel compiled without the CONFIG_LDM_PARTITION option. PROVIDED AND/OR DISCOVERED BY: Timo Warns, PRESENSE Technologies GmbH ORIGINAL ADVISORY: http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 16:11:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 01:11:46 +0100 Subject: [SEC] [SA43733] Red Hat update for qemu-kvm Message-ID: <201103120011.p2C0Bkdw001158@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for qemu-kvm SECUNIA ADVISORY ID: SA43733 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43733/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43733 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43733/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43733/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43733 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for qemu-kvm. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42830 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0345-01: https://rhn.redhat.com/errata/RHSA-2011-0345.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 16:46:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 01:46:27 +0100 Subject: [SEC] [SA43699] SUSE update for java-1_4_2-ibm Message-ID: <201103120046.p2C0kRtU022979@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for java-1_4_2-ibm SECUNIA ADVISORY ID: SA43699 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43699/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43699 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43699/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43699/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43699 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for java-1_4_2-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA41882 SA43325 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0167-1: https://hermes.opensuse.org/messages/7580242 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 17:14:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 02:14:57 +0100 Subject: [SEC] [SA43734] Fedora update for logwatch Message-ID: <201103120114.p2C1Ev4B012076@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for logwatch SECUNIA ADVISORY ID: SA43734 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43734/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43734 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43734/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43734/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43734 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for logwatch. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA43495 SOLUTION: Apply updated packages via the yum utility ("yum update logwatch"). ORIGINAL ADVISORY: FEDORA-2011-2318: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055585.html FEDORA-2011-2328: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055579.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 17:47:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 02:47:43 +0100 Subject: [SEC] [SA43287] Nagios "layer" Cross-Site Scripting Vulnerability Message-ID: <201103120147.p2C1lhFh001290@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Nagios "layer" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43287 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43287/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43287 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43287/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43287/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43287 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has discovered a vulnerability in Nagios, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "layer" parameter to cgi-bin/statusmap.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 3.2.3. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz ORIGINAL ADVISORY: Nagios: http://tracker.nagios.org/view.php?id=207 Stefan Schurtz: http://www.rul3z.de/advisories/SSCHADV2011-002.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 18:16:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 03:16:53 +0100 Subject: [SEC] [SA43711] CometBird Multiple Vulnerabilities Message-ID: <201103120216.p2C2Gr8l022846@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: CometBird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43711 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43711/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43711 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43711/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43711/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43711 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in CometBird, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system. For more information: SA43550 SOLUTION: Update to version 3.6.15. ORIGINAL ADVISORY: http://www.cometforums.com/forum-20/announcement-17-new-cometbird-version-3615-has-been-released/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 18:46:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 03:46:19 +0100 Subject: [SEC] [SA43678] Kerio Connect "STARTTLS" Plaintext Injection Vulnerability Message-ID: <201103120246.p2C2kJuC011985@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Kerio Connect "STARTTLS" Plaintext Injection Vulnerability SECUNIA ADVISORY ID: SA43678 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43678/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43678 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43678/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43678/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43678 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Kerio Connect, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data (e.g. SMTP commands) during the plaintext phase, which will then be executed after upgrading to the TLS ciphertext phase. The vulnerability is reported in version 7.1.4 build 2985. Other versions may also be affected. SOLUTION: Reportedly, the vendor will fix this in an upcoming version. PROVIDED AND/OR DISCOVERED BY: Wietse Venema ORIGINAL ADVISORY: US-CERT VU#555316: http://www.kb.cert.org/vuls/id/555316 http://www.kb.cert.org/vuls/id/MAPG-8D9M4P OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 19:20:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 04:20:18 +0100 Subject: [SEC] [SA43718] Red Hat update for openldap Message-ID: <201103120320.p2C3KI80001701@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for openldap SECUNIA ADVISORY ID: SA43718 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43718/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43718 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43718/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43718/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43718 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for openldap. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA43331 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0347-1: https://rhn.redhat.com/errata/RHSA-2011-0347.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 19:46:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 04:46:18 +0100 Subject: [SEC] [SA43695] Pidgin YMSG Denial of Service Weakness Message-ID: <201103120346.p2C3kIEw023135@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Pidgin YMSG Denial of Service Weakness SECUNIA ADVISORY ID: SA43695 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43695/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43695 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43695/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43695/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43695 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Pidgin, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to a NULL pointer dereference error when processing certain YMSG packets, which can be exploited to crash the process by sending specially crafted YMSG packets. The weakness is reported in versions 2.6.0 through 2.7.10. SOLUTION: Update to version 2.7.11. PROVIDED AND/OR DISCOVERED BY: The vendor credits Marius Wachtler. ORIGINAL ADVISORY: http://www.pidgin.im/news/security/?id=51 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 20:11:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 05:11:33 +0100 Subject: [SEC] [SA43691] Debian update for chromium-browser Message-ID: <201103120411.p2C4BXhw012073@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for chromium-browser SECUNIA ADVISORY ID: SA43691 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43691/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43691 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43691/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43691/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43691 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for chromium-browser. This fixes some vulnerabilities, where some have an unknown impact while others can be exploited to potentially compromise a user's system. For more information: SA43519 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2189-1: http://www.debian.org/security/2011/dsa-2189 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 20:46:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 05:46:17 +0100 Subject: [SEC] [SA43732] Red Hat update for kernel-rt Message-ID: <201103120446.p2C4kHHE001373@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel-rt SECUNIA ADVISORY ID: SA43732 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43732/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43732 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43732/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43732/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43732 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for kernel-rt. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system and potentially sensitive information, cause a DoS (Denial of Service), bypass certain security restrictions, and potentially gain escalated privileges. For more information: SA41245 SA42035 SA42172 SA42176 SA42354 SA42570 SA43009 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0330-01: https://rhn.redhat.com/errata/RHSA-2011-0330.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 21:11:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 06:11:44 +0100 Subject: [SEC] [SA43705] JBoss Enterprise SOA Platform Java Double Literal Denial of Service Vulnerability Message-ID: <201103120511.p2C5BiXV022767@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: JBoss Enterprise SOA Platform Java Double Literal Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43705 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43705/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43705 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43705/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43705/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43705 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has acknowledged a vulnerability in JBoss Enterprise SOA Platform, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1 in: SA43262 SOLUTION: Updated packages are available via Red Hat Costumer Portal. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: RHSA-2011:0333-1: https://rhn.redhat.com/errata/RHSA-2011-0333.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 21:46:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 06:46:20 +0100 Subject: [SEC] [SA43458] Cisco ASA 5500 Series Two Denial of Service Vulnerabilities Message-ID: <201103120546.p2C5kK9Q012132@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Cisco ASA 5500 Series Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA43458 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43458/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43458 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43458/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43458/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43458 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Cisco Adaptive Security Appliance (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A packet buffer exhaustion error when acting as transparent firewall can be exploited to stop the appliance from forwarding traffic by sending IPv6 traffic to a device not configured for IPv6. 2) An error when handling certain SCCP messages can be exploited to cause a device to reload via specially crafted SCCP messages in transit traffic. Successful exploitation requires that SCCP inspection is enabled. SOLUTION: Apply updated software versions. Please see vendor advisories for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20110223-asa.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14d.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 11 22:11:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 07:11:26 +0100 Subject: [SEC] [SA43456] Red Hat update for kernel Message-ID: <201103120611.p2C6BQWt001001@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA43456 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43456/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43456 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43456/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43456/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43456 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA42172 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0283-1: https://rhn.redhat.com/errata/RHSA-2011-0283.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 10:31:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 19:31:42 +0100 Subject: [SEC] [SA43475] ProQuiz "functions.php" Arbitrary File Upload Vulnerability Message-ID: <201103121831.p2CIVggN022145@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: ProQuiz "functions.php" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA43475 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43475/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43475 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43475/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43475/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43475 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered a vulnerability in ProQuiz, which can be exploited by malicious users to compromise a vulnerable system. Input passed via the profile update form to the functions.php script (when "action" is set to "edit_profile" and "type" is set to "other") is not properly verified before being used to store files to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a PHP file. The vulnerability is confirmed in version 2.0b. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/ProQuiz.V2_Arbitrary.Upload_117.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 11:31:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 20:31:25 +0100 Subject: [SEC] [SA42320] MuPDF Two Integer Overflow Vulnerabilities Message-ID: <201103121931.p2CJVPfY012624@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: MuPDF Two Integer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA42320 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42320/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42320 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/42320/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42320/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42320 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered two vulnerabilities in MuPDF, which can be exploited by malicious people to compromise a user's system. 1) An integer overflow error within the "loadsamplefunc()" function in mupdf/pdf_function.c can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PDF file containing a sample function with a specially crafted size. 2) An integer overflow error within the "fz_newpixmap()" function in fitz/res_pixmap.c can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PDF file containing an image with specially crafted dimensions. The vulnerabilities are confirmed in version 0.7. Other versions may also be affected. SOLUTION: Update to version 0.8. PROVIDED AND/OR DISCOVERED BY: Stefan Cornelius, Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-12/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 12:31:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 21:31:39 +0100 Subject: [SEC] [SA43489] IBM Tivoli Common Reporting Java Double Literal Denial of Service Vulnerability Message-ID: <201103122031.p2CKVdCB003116@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Common Reporting Java Double Literal Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43489 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43489/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43489 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43489/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43489/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43489 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM Tivoli Common Reporting, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1: SA43262 The vulnerability is reported in versions 1.2, 1.3 and 2.1. SOLUTION: Apply interim fixes when they become available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg21469046 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 13:31:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 22:31:50 +0100 Subject: [SEC] [SA43487] Red Hat Network Satellite Server Session Fixation Vulnerability Message-ID: <201103122131.p2CLVoPj026042@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat Network Satellite Server Session Fixation Vulnerability SECUNIA ADVISORY ID: SA43487 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43487/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43487 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43487/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43487/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43487 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Red Hat Network Satellite Server, which can be exploited by malicious people to conduct session fixation attacks. The vulnerability is caused due to an error in the handling of sessions and can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link. NOTE: Additionally, a weakness exists in the handling of failed authentication attempts and can be exploited to conduct a password brute force attack. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Thomas Biege, SuSE Security Team. ORIGINAL ADVISORY: RHSA-2011:0300-1: https://rhn.redhat.com/errata/RHSA-2011-0300.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 14:26:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 23:26:24 +0100 Subject: [SEC] [SA43488] Cisco ASA 5500 Series Multiple Vulnerabilities Message-ID: <201103122226.p2CMQObQ016287@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Cisco ASA 5500 Series Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43488 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43488/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43488 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43488/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43488/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43488 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Adaptive Security Appliance (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service) and disclose potentially sensitive information. 1) A packet exhaustion error can be exploited to stop the device from forwarding traffic. For more information see vulnerability #1 in: SA43458 2) An error when handling malformed SCCP messages can be exploited to cause the device to reload. For more information see vulnerability #2 in: SA43458 3) An error when processing RIP updates can be exploited to cause the device to reload. Successful exploitation requires that a global media termination address is configured and RIP and the Cisco Phone Proxy features are enabled. Configurations where the media termination is tied to an interface are not vulnerable. 4) An error when the device is configured as local CA server can be exploited to access certain file systems (e.g. "flash:", "disk0:", or "disk1:" but not "system:"). This can be exploited to gain access to e.g. certificates, Cisco software images, or backup device configurations, which may contain shared secrets or passwords. SOLUTION: Apply updated software versions. Please see vendor advisories for details. PROVIDED AND/OR DISCOVERED BY: 1-3) Reported by the vendor. 4) Discovered by the vendor when handling a customer support case. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20110223-asa.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14d.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 14:46:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Mar 2011 23:46:37 +0100 Subject: [SEC] [SA43461] WordPress Relevanssi Plugin "s" Script Insertion Vulnerability Message-ID: <201103122246.p2CMkbNw004977@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress Relevanssi Plugin "s" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43461 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43461/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43461 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43461/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43461/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43461 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Relevanssi plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the "s" parameter to index.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires that "Keep a log of user queries" option is set (disabled by default). The vulnerability is confirmed in version 2.7.2. Prior versions may also be affected. SOLUTION: Update to version 2.7.3. PROVIDED AND/OR DISCOVERED BY: Saif El-Sherei ORIGINAL ADVISORY: Relevanssi: http://wordpress.org/extend/plugins/relevanssi/changelog/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 15:11:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 00:11:53 +0100 Subject: [SEC] [SA43453] Cisco Firewall Services Module SCCP Denial of Service Vulnerability Message-ID: <201103122311.p2CNBrGa026324@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Cisco Firewall Services Module SCCP Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43453 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43453/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43453 RELEASE DATE: 2011-03-12 DISCUSS ADVISORY: http://secunia.com/advisories/43453/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43453/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43453 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Cisco Firewall Services Module (FWSM), which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling certain SCCP messages, which can be exploited to cause a device to reload via specially crafted SCCP messages in transit traffic. Successful exploitation requires that SCCP inspection is enabled (default). SOLUTION: Update to version 3.1(20), 3.2(20), 4.0(15), or 4.1(5). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20110223-fwsm.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e148.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 15:46:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 00:46:35 +0100 Subject: [SEC] [SA43049] F-Secure Policy Manager Web Reporting Path Disclosure and Cross-Site Scripting Message-ID: <201103122346.p2CNkZ0H015683@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: F-Secure Policy Manager Web Reporting Path Disclosure and Cross-Site Scripting SECUNIA ADVISORY ID: SA43049 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43049/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43049 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43049/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43049/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43049 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Sow Ching Shiong has discovered a weakness and a vulnerability in F-Secure Policy Manager, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site scripting attacks. 1) The weakness is caused due to the application displaying the full installation path in an error report when accessing an invalid report e.g. via report/infection-table.html or report/productsummary-table.html. 2) Input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The weakness and the vulnerability are confirmed in version 9.00.30231 and also reported in versions 8.00 and 8.1x. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Sow Ching Shiong via Secunia. ORIGINAL ADVISORY: F-Secure (FSC-2011-2): http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 16:12:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 01:12:09 +0100 Subject: [SEC] [SA42321] SumatraPDF Two Integer Overflow Vulnerabilities Message-ID: <201103130012.p2D0C9Ps004626@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SumatraPDF Two Integer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA42321 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42321/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42321 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/42321/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42321/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42321 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered two vulnerabilities in SumatraPDF, which can be exploited by malicious people to compromise a user's system. 1) An integer overflow error within the "loadsamplefunc()" function in mupdf/pdf_function.c can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PDF file containing a sample function with a specially crafted size. 2) An integer overflow error within the "fz_newpixmap()" function in mupdf/fitz/res_pixmap.c can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PDF file containing an image with specially crafted dimensions. The vulnerabilities are confirmed in version 1.2. Other versions may also be affected. SOLUTION: Update to version 1.3. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Stefan Cornelius, Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-13/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 16:46:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 01:46:54 +0100 Subject: [SEC] [SA43431] Novell Netware XNFS.NLM "xdrDecodeString()" Buffer Overflow Vulnerability Message-ID: <201103130046.p2D0ksUn026383@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Novell Netware XNFS.NLM "xdrDecodeString()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43431 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43431/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43431 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43431/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43431/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43431 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Novell Netware, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "xdrDecodeString()" function in the XNFS.NLM component when handling a NFS RPC request. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted RPC request to port 1234/UDP. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in all 6.5 versions. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Francis Provencher, Protek Research Labs via ZDI. ORIGINAL ADVISORY: Novell: http://download.novell.com/Download?buildid=1z3z-OsVCiE~ ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-090/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 17:14:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 02:14:13 +0100 Subject: [SEC] [SA43483] Mutare Software EVM Cross-Site Request Forgery Vulnerability Message-ID: <201103130114.p2D1EDUT015429@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Mutare Software EVM Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA43483 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43483/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43483 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43483/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43483/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43483 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Mutare Software Enabled VoiceMail (EVM), which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due the application allowing users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. delete a user's voice messages or change a user's PIN and forwarding email address when a logged-in user visits a specially crafted web page. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Travis Lee via US-CERT. ORIGINAL ADVISORY: US-CERT VU#136612: http://www.kb.cert.org/vuls/id/136612 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 17:46:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 02:46:19 +0100 Subject: [SEC] [SA43439] Ubuntu update for bind9 Message-ID: <201103130146.p2D1kJb9004642@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for bind9 SECUNIA ADVISORY ID: SA43439 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43439/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43439 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43439/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43439/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43439 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for bind9. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43443 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1070-1: http://www.ubuntu.com/usn/usn-1070-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 18:11:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 03:11:45 +0100 Subject: [SEC] [SA43463] Python "CGIHTTPServer" Module Code Disclosure Vulnerability Message-ID: <201103130211.p2D2BjiC026007@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Python "CGIHTTPServer" Module Code Disclosure Vulnerability SECUNIA ADVISORY ID: SA43463 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43463/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43463 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43463/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43463/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43463 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Python, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to the "CGIHTTPServer" module incorrectly handling HTTP requests to scripts in the "cgi-bin" directory without e.g. "/" at the beginning of the URI. This can be exploited to retrieve the source code of CGI scripts by sending specially crafted requests to the server. The vulnerability is confirmed in version 2.6.6. Other versions may also be affected. SOLUTION: Fixed in the SVN repository and version 2.7 and later. PROVIDED AND/OR DISCOVERED BY: Reported by m.sucajtys in a Python bug. ORIGINAL ADVISORY: Python Bug 2254: http://bugs.python.org/issue2254 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 18:47:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 03:47:14 +0100 Subject: [SEC] [SA43451] Cisco TelePresence Products Multiple Vulnerabilities Message-ID: <201103130247.p2D2lE73015393@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Cisco TelePresence Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43451 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43451/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43451 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43451/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43451/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43451 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco TelePresence products, which can be exploited by malicious users to cause a DoS (Denial of Service) and compromise a vulnerable system and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system 1) An error when processing CGI requests can be exploited to inject arbitrary commands via a specially crafted request sent to TCP port 8082. 2) Some errors when processing CGI requests can be exploited to inject arbitrary commands via a specially crafted request sent to TCP port 443. Successful exploitation of this vulnerability requires valid credentials. 3) An error when handling TFTP GET requests can be exploited to disclose authentication and configuration information via a request sent to UDP port 69. 4) An error when handling SOAP requests can be exploited to inject an arbitrary IP address into a configuration file causing a certain service on a device to crash and become unusable via a specially crafted request sent to TCP port 8081 or 9501. Successful exploitation of this vulnerability requires an attacker to impersonate a Manager system. 5) An error when handling XML-RPC requests can be exploited to inject arbitrary commands via a specially crafted request sent to TCP port 61441 or 61445. Successful exploitation of this vulnerability requires an attacker to be within the same broadcast domain as the target. 6) An error when handling Cisco Discovery Protocol (CDP) packets can be exploited to cause a buffer overflow via a specially crafted ethernet frame sent to an affected device. 7) An error when handling SOAP requests can be exploited to invoke arbitrary methods within the SOAP interface without prior authentication via a specially crafted request sent to TCP port 8080 or 8443. 8) An error in the Java RMI interface can be exploited to inject arbitrary commands via a specially crafted request sent to TCP port 1100 or 32000. 9) An error when processing CGI requests can be exploited to inject arbitrary commands via a specially crafted request sent to TCP port 443. 10) Some errors within the Java Servlet framework can be exploited to access certain Java Servlets containing sensitive administrative information via requests sent to TCP ports 80, 443, or 8080. 11) An error in the administrative web interface can be exploited to upload a file to an arbitrary location on the device. 12) An error when processing XML-RPC requests can be exploited to overwrite an arbitrary file with logging data via a specially crafted request sent to TCP port 12102 or 12104. 13) An error in the administrative web interface can be exploited to access a certain Java Servlet resulting in a DoS condition on a device. Successful exploitation of this vulnerability requires valid credentials. 14) An error within the Java Servlet framework due to improper access restrictions to the Java RMI interface can be exploited to cause an out-of-memory condition via specially crafted requests sent to TCP port 8999. 15) An error when processing Real-Time Transport Control Protocol (RTCP) packets can be exploited to crash a certain control process via a specially crafted packet. Successful exploitation of this vulnerability requires knowing a UDP port associated with a listening RTCP control port, which is randomly assigned during a call setup process. 16) An error when processing certain XML-RPC requests can be exploited to cause a call geometry process to crash via a specially crafted request sent to TCP port 9000. This vulnerability is reported in versions prior to 1.7.2. 17) An error when handling certain requests can be exploited to cause all recording and playback threads to be consumed resulting in an unusable device. 18) An error within the XML-RPC interface of the Recording server due to lack of authentication can be exploited to perform certain actions that should be restricted to authorized users. The vulnerabilities are reported in versions prior to 1.7.1. SOLUTION: Update to version 1.7.2 when it becomes available in March 2011. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-cts.shtml http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-ctsman.shtml http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-ctms.shtml http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-ctrs.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 19:17:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 04:17:14 +0100 Subject: [SEC] [SA43472] Sybase Afaria Data Security Manager Symbian Login Security Bypass Message-ID: <201103130317.p2D3HEuY005016@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Sybase Afaria Data Security Manager Symbian Login Security Bypass SECUNIA ADVISORY ID: SA43472 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43472/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43472 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43472/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43472/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43472 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Sybase Afaria Data Security Manager, which can be exploited by malicious people with physical access to bypass certain security restrictions. The vulnerability is caused due to an unspecified error, which can be exploited to bypass the login feature and allow access to the device if a certain sequence of events occurs. The vulnerability is reported in versions prior to 6.5 Hot-fix 81 and Afaria 6.6 Hot-fix 2011-01 running on Symbian Series 60 3rd Edition Feature Pack 0, 1, and 2 and 5th Edition devices. SOLUTION: Apply Hotfixes. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.sybase.com/detail?id=1091043 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 19:46:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 04:46:17 +0100 Subject: [SEC] [SA43491] t1lib "token()" and "linetoken()" Buffer Overflow Vulnerabilities Message-ID: <201103130346.p2D3kHgA024716@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: t1lib "token()" and "linetoken()" Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA43491 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43491/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43491 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43491/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43491/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43491 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in t1lib, which can be exploited by malicious people to compromise an application using the library. 1) A boundary error within the "token()" function in lib/t1lib/parseAFM.c can be exploited to cause a heap-based buffer overflow by tricking a user into processing a specially crafted AFM font file in an application using the library. This is related to vulnerability #3 in: SA42769 2) A boundary error within the "linetoken()" function in lib/t1lib/parseAFM.c can be exploited to cause a heap-based buffer overflow by tricking a user into processing a specially crafted AFM font file in an application using the library. This is related to vulnerability #5 in: SA42769 The vulnerabilities are confirmed in version 5.1.2. Other versions may also be affected. SOLUTION: Do not open untrusted AFM font files in an application using the library. PROVIDED AND/OR DISCOVERED BY: 1) Originally reported in Evince by Jon Larimer, IBM X-Force. 2) Originally reported in Evince by rock-madrid. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 20:11:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 05:11:44 +0100 Subject: [SEC] [SA43377] CA Host-Based Intrusion Prevention System "XMLSecDB.DIParser" ActiveX Control Vulnerability Message-ID: <201103130411.p2D4BiQ5013667@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: CA Host-Based Intrusion Prevention System "XMLSecDB.DIParser" ActiveX Control Vulnerability SECUNIA ADVISORY ID: SA43377 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43377/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43377 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43377/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43377/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43377 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in CA Host-Based Intrusion Prevention System, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due an input validation error in the "Save()" method of the "XMLSecDB.DIParser" ActiveX control (UmxXmlSd.dll). This can be exploited to create an arbitrary file using directory traversal specifiers and supply controlled content via the "SetXml()" method. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in UmxXmlSd version 1.5.0.263 and reported in the following products: * HIPS Management Server versions prior to 8.1.0.88. * HIPS client versions prior to 1.6.450. SOLUTION: Apply RO26950 and set registry values. Please see the vendor's advisory for more details. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi aka rgod via ZDI Additional details provided by Secunia Research. ORIGINAL ADVISORY: CA (CA20110223-01): https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4} ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-093/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 20:46:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 05:46:11 +0100 Subject: [SEC] [SA43485] Fedora update for telepathy-gabble Message-ID: <201103130446.p2D4kBmc002989@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for telepathy-gabble SECUNIA ADVISORY ID: SA43485 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43485/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43485 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43485/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43485/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43485 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for telepathy-gabble. This fixes a vulnerability, which can be exploited by malicious people to conduct hijacking attacks. For more information: SA43369 SOLUTION: Apply updated packages via the yum utility ("yum update telepathy-gabble"). ORIGINAL ADVISORY: FEDORA-2011-1668: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054324.html FEDORA-2011-1903: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054408.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 21:12:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 06:12:22 +0100 Subject: [SEC] [SA43490] CA Internet Security Suite XMLSecDB ActiveX Component Insecure Methods Message-ID: <201103130512.p2D5CMmk024379@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: CA Internet Security Suite XMLSecDB ActiveX Component Insecure Methods SECUNIA ADVISORY ID: SA43490 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43490/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43490 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43490/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43490/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43490 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in CA Internet Security Suite, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to insecure methods in the XMLSecDB ActiveX control (UmxXmlSd.dll). For more information: SA43377 The vulnerabilities are reported in CA Internet Security Suite (ISS) 2010. SOLUTION: Set the kill-bit for the affected ActiveX control. Reportedly, the vendor will issue fix information soon. PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi aka rgod via ZDI. ORIGINAL ADVISORY: CA (CA20110223-01): https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4} ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-093/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 21:46:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 06:46:17 +0100 Subject: [SEC] [SA43469] SUSE update for xpdf Message-ID: <201103130546.p2D5kHJB013700@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for xpdf SECUNIA ADVISORY ID: SA43469 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43469/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43469 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43469/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43469/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43469 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for xpdf. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA41709 SA43491 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0130-1: https://hermes.opensuse.org/messages/7446025 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 12 22:11:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 07:11:09 +0100 Subject: [SEC] [SA43460] SOPHIA CMS "pageid" SQL Injection Vulnerability Message-ID: <201103130611.p2D6B9s2002564@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SOPHIA CMS "pageid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43460 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43460/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43460 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43460/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43460/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43460 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SOPHIA CMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "pageid" parameter to dsp_page.cfm is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: p0pc0rn OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 11:31:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 19:31:13 +0100 Subject: [SEC] [SA43470] Red Hat update for acroread Message-ID: <201103131831.p2DIVDpC023679@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for acroread SECUNIA ADVISORY ID: SA43470 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43470/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43470 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43470/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43470/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43470 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. For more information: SA43207 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0301-1: https://rhn.redhat.com/errata/RHSA-2011-0301.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 12:31:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 20:31:15 +0100 Subject: [SEC] [SA43506] SUSE update for t1lib Message-ID: <201103131931.p2DJVFmC014170@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for t1lib SECUNIA ADVISORY ID: SA43506 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43506/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43506 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43506/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43506/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43506 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for t1lib. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library. For more information: SA43491 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0140-1: https://hermes.opensuse.org/messages/7465582 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 13:30:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 21:30:38 +0100 Subject: [SEC] [SA43492] GNU C Library "fnmatch()" Stack Corruption Vulnerability Message-ID: <201103132030.p2DKUcWx004622@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: GNU C Library "fnmatch()" Stack Corruption Vulnerability SECUNIA ADVISORY ID: SA43492 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43492/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43492 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43492/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43492/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43492 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the GNU C Library, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within the implementation of the "fnmatch()" function, which can be exploited to cause a stack corruption by e.g. tricking an application into using the function on specially crafted input. The vulnerability is reported in versions prior to 2.12.2. SOLUTION: Update to version 2.12.2. PROVIDED AND/OR DISCOVERED BY: Originally reported as a Chrome bug by Simon Berry-Byrne. ORIGINAL ADVISORY: GNU C Library Bug #11883: http://sourceware.org/bugzilla/show_bug.cgi?id=11883 Chrome Bug #48733: http://code.google.com/p/chromium/issues/detail?id=48733 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 14:30:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 22:30:40 +0100 Subject: [SEC] [SA43495] Logwatch Command Injection Vulnerability Message-ID: <201103132130.p2DLUetT027542@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Logwatch Command Injection Vulnerability SECUNIA ADVISORY ID: SA43495 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43495/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43495 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43495/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43495/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43495 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Logwatch, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to Logwatch not properly sanitising the filename of log files before using them in a "system()" call, which can be exploited to inject and execute shell commands. Successful exploitation requires that the attacker can create logfiles with a specially crafted filename (e.g. by logging in to a Samba server with a malicious username). The vulnerability is reported in version 7.3.6. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported in a Logwatch bug by Dominik George. ORIGINAL ADVISORY: Logwatch Bug #1316824: http://sourceforge.net/tracker/?func=detail&aid=3184223&group_id=312875&atid=1316824 http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&revision=26 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 15:24:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 23:24:39 +0100 Subject: [SEC] [SA43464] WordPress GigPress Plugin "Notes" Script Insertion Vulnerability Message-ID: <201103132224.p2DMOdfl017757@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress GigPress Plugin "Notes" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43464 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43464/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43464 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43464/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43464/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43464 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the GigPress plugin for WordPress, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "Notes" field when adding or editing a show is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires a user role with permissions to use GigPress. The vulnerability is confirmed in version 2.1.8 and reported in version 2.1.10. Prior versions may also be affected. SOLUTION: Update to version 2.1.11. PROVIDED AND/OR DISCOVERED BY: Saif El-Sherei ORIGINAL ADVISORY: GigPress: http://gigpress.com/download/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 15:45:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Mar 2011 23:45:54 +0100 Subject: [SEC] [SA43479] SUSE update for bind Message-ID: <201103132245.p2DMjsms006513@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for bind SECUNIA ADVISORY ID: SA43479 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43479/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43479 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43479/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43479/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43479 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43443 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0135-1: https://hermes.opensuse.org/messages/7458687 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 16:11:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 00:11:11 +0100 Subject: [SEC] [SA43473] MyBB Recent Topics on Index page Plugin "subject" Script Insertion Vulnerability Message-ID: <201103132311.p2DNBBql027843@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: MyBB Recent Topics on Index page Plugin "subject" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43473 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43473/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43473 RELEASE DATE: 2011-03-13 DISCUSS ADVISORY: http://secunia.com/advisories/43473/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43473/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43473 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Recent Topics on Index page plugin for MyBB, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "subject" parameter to newthread.php (when "action" is set to "do_newthread") is not properly sanitised in inc/plugins/recenttopicsindex.php before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious thread is being viewed. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Xinapse OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 16:45:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 00:45:24 +0100 Subject: [SEC] [SA43514] IBM Tivoli Storage Manager Administration Center Java Double Literal Denial of Service Message-ID: <201103132345.p2DNjOia017172@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Storage Manager Administration Center Java Double Literal Denial of Service SECUNIA ADVISORY ID: SA43514 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43514/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43514 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43514/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43514/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43514 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM Tivoli Storage Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1: SA43262 The vulnerability is reported in versions 6.1 and 6.2. SOLUTION: Apply patches when they become available. Restrict access to the affected system e.g. using a firewall. ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg21469266 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 17:11:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 01:11:09 +0100 Subject: [SEC] [SA43467] WordPress IWantOneButton Plugin "post_id" Cross-Site Scripting and SQL Injection Message-ID: <201103140011.p2E0B9xG006132@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress IWantOneButton Plugin "post_id" Cross-Site Scripting and SQL Injection SECUNIA ADVISORY ID: SA43467 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43467/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43467 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43467/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43467/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43467 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered two vulnerabilities in the IWantOneButton plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "post_id" parameter to wp-content/plugins/wantHave/updateAJAX.php (when "add" is set to "want" or "have") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "post_id" parameter to wp-content/plugins/wantHave/updateAJAX.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 3.0.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA (HTB22846, HTB22847): http://www.htbridge.ch/advisory/sql_injection_in_iwantonebutton_wordpress_plugin.html http://www.htbridge.ch/advisory/xss_in_iwantonebutton_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 17:46:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 01:46:26 +0100 Subject: [SEC] [SA43430] IBM Lotus Sametime Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201103140046.p2E0kQDf027919@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM Lotus Sametime Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43430 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43430/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43430 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43430/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43430/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43430 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in IBM Lotus Sametime, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "messageString" parameter in stconf.nsf/WebMessage (when "OpenView" is set) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the URL to stconf.nsf is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed to the "authReasonCode" parameter in stcenter.nsf (when "OpenDatabase" is set) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 8.0.1. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: 1, 2) Dave Daly 3) Andrew Barkley ORIGINAL ADVISORY: Dave Daly: http://archives.neohapsis.com/archives/bugtraq/2011-02/0214.html Andrew Barkley: http://archives.neohapsis.com/archives/bugtraq/2011-02/0217.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 18:13:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 02:13:57 +0100 Subject: [SEC] [SA43484] bitweaver Cross-Site Scripting and Script Insertion Vulnerabilities Message-ID: <201103140113.p2E1Dv4p016965@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: bitweaver Cross-Site Scripting and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA43484 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43484/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43484 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43484/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43484/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43484 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in bitweaver, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. 1) Input passed via the "author_name" to articles/edit.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious article is being viewed. 2) Input passed via the "liberty_textarea_height" and "liberty_textarea_width" parameters to kernel/admin/index.php (when "page" is set to "liberty") is not properly sanitised in liberty/admin/admin_liberty_inc.php before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 2.8.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: lemlajt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 18:46:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 02:46:11 +0100 Subject: [SEC] [SA43509] IBM Tivoli Monitoring Java Double Literal Denial of Service Vulnerability Message-ID: <201103140146.p2E1kBBD006185@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Monitoring Java Double Literal Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43509 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43509/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43509 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43509/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43509/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43509 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM Tivoli Monitoring, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1: SA43262 The vulnerability is reported in versions 6.1, 6.2, 6.2.1, and 6.2.2. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg21468884 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 19:11:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 03:11:06 +0100 Subject: [SEC] [SA43440] Foxit Phantom ICC Processing Integer Overflow Vulnerability Message-ID: <201103140211.p2E2B6im027516@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Foxit Phantom ICC Processing Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA43440 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43440/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43440 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43440/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43440/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43440 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered a vulnerability in Foxit Phantom, which can be exploited by malicious people to compromise a user's system. For more information: SA43329 The vulnerability is confirmed in version 2.3.3.1112. Other versions may also be affected. SOLUTION: An updated version is scheduled for 28th February 2011. PROVIDED AND/OR DISCOVERED BY: Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-14/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 19:45:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 03:45:44 +0100 Subject: [SEC] [SA43329] Foxit Reader ICC Processing Integer Overflow Vulnerability Message-ID: <201103140245.p2E2ji8b016866@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Foxit Reader ICC Processing Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA43329 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43329/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43329 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43329/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43329/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43329 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when parsing certain ICC chunks and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 4.3.1.0118. Other versions may also be affected. SOLUTION: Update to version 4.3.1.0218. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-14/ Foxit Software: http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#memory OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 20:21:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 04:21:36 +0100 Subject: [SEC] [SA43466] Edraw Office Viewer Component ActiveX Control "HttpPost()" Buffer Overflow Message-ID: <201103140321.p2E3LasZ006781@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Edraw Office Viewer Component ActiveX Control "HttpPost()" Buffer Overflow SECUNIA ADVISORY ID: SA43466 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43466/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43466 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43466/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43466/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43466 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Alexander Gavrun has discovered a vulnerability in Edraw Office Viewer Component ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing the "HttpPost()" method. This can be exploited to cause a stack-based buffer overflow via an overly long string passed in the "WebUrl" parameter. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 7.4.0.277. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Alexander Gavrun ORIGINAL ADVISORY: http://0x1byte.blogspot.com/2011/02/0-days-for-fun.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 20:45:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 04:45:36 +0100 Subject: [SEC] [SA43478] Fedora update for phpMyAdmin Message-ID: <201103140345.p2E3ja27028036@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for phpMyAdmin SECUNIA ADVISORY ID: SA43478 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43478/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43478 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43478/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43478/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43478 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for phpMyAdmin. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions. For more information: SA43324 SOLUTION: Apply updated packages via the yum utility ("yum update phpMyAdmin"). ORIGINAL ADVISORY: FEDORA-2011-1373: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html FEDORA-2011-1408: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054355.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 21:10:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 05:10:43 +0100 Subject: [SEC] [SA43481] Ubuntu update for linux-source-2.6.15 Message-ID: <201103140410.p2E4AhA1016966@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-source-2.6.15 SECUNIA ADVISORY ID: SA43481 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43481/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43481 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43481/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43481/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43481 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-source-2.6.15. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system and sensitive information, conduct a DoS (Denial of Service), and gain escalated privileges and by malicious people to conduct a DoS. For more information: SA28696 SA41440 SA41493 SA42035 SA42061 SA42094 SA42126 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1071-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001255.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 21:24:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 05:24:39 +0100 Subject: [SEC] [SA43496] Linux Kernel "/proc//" Permissions Handling Weakness Message-ID: <201103140424.p2E4Od6h005376@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Linux Kernel "/proc//" Permissions Handling Weakness SECUNIA ADVISORY ID: SA43496 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43496/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43496 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43496/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43496/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43496 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: halfdog has discovered a weakness in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions. The weakness is caused due to improper permissions handling of opened files within the "/proc//" directory when a SUID program is being executed. This can be exploited to disclose certain memory information or manipulate some process settings (e.g. coredump_filter). The weakness is confirmed in version 2.6.37. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: halfdog ORIGINAL ADVISORY: halfdog: http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/ LKML: https://lkml.org/lkml/2011/2/7/368 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 21:45:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 05:45:16 +0100 Subject: [SEC] [SA43502] WordPress OPS Old Post Spinner Plugin "ops_file" File Disclosure Vulnerability Message-ID: <201103140445.p2E4jGCO026495@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress OPS Old Post Spinner Plugin "ops_file" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA43502 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43502/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43502 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43502/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43502/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43502 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the OPS Old Post Spinner plugin for WordPress, which can be exploited by malicious people to disclose potentially sensitive information. Input passed via the "ops_file" parameter to wp-content/plugins/old-post-spinner/logview.php is not properly verified before being used to read files. This can be exploited to read the contents of arbitrary files from local resources via directory traversal sequences. The vulnerability is confirmed in version 2.2.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/WordPress.OPS.Old.Post.Spinner.2.2_Local.File.Inclusion_128.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 22:11:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 06:11:47 +0100 Subject: [SEC] [SA43465] Debian update for avahi Message-ID: <201103140511.p2E5BlXd015494@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for avahi SECUNIA ADVISORY ID: SA43465 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43465/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43465 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43465/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43465/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43465 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43361 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2174-1: http://www.debian.org/security/2011/dsa-2174 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 22:45:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 06:45:34 +0100 Subject: [SEC] [SA43516] v86d Netlink Message Verification Security Bypass Message-ID: <201103140545.p2E5jYR6004785@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: v86d Netlink Message Verification Security Bypass SECUNIA ADVISORY ID: SA43516 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43516/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43516 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43516/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43516/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43516 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in v86d, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to v86d not properly verifying the origin of Netlink messages, which can be exploited to e.g. manipulate certain uvesafb settings by sending Netlink messages to v86d. The security issue is reported in versions prior to 0.1.10. SOLUTION: Update to version 0.1.10. PROVIDED AND/OR DISCOVERED BY: Nelson Elhage ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2011/02/26/1 http://repo.or.cz/w/v86d.git/commitdiff/f9abfd412639286c3143e93e8ba2c9598dfba640 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 13 23:10:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 07:10:33 +0100 Subject: [SEC] [SA43527] HP-UX update for Java Message-ID: <201103140610.p2E6AXsK026129@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: HP-UX update for Java SECUNIA ADVISORY ID: SA43527 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43527/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43527 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43527/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43527/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43527 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has issued an update for Java in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1 in: SA43262 The vulnerability is reported in HP-UX versions 11.11, 11.23, and 11.31 running all versions of Java. SOLUTION: Update the Java Development Kit (JDK) via the FPUpdater tool. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: HPSBUX02633 SSRT100387: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02729756 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 11:30:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 19:30:59 +0100 Subject: [SEC] [SA43743] Constructr CMS Cross-Site Scripting And SQL Injection Vulnerabilities Message-ID: <201103141830.p2EIUx7Y014799@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Constructr CMS Cross-Site Scripting And SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43743 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43743/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43743 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43743/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43743/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43743 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered multiple vulnerabilities in Constructr CMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "user" and "hash" parameters to backend/login.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "page_id" parameter to xmlOutput/constructrXmlOutput.content.xml.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 3.03.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Gjoko 'LiquidWorm' Krstic ORIGINAL ADVISORY: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5001.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 12:31:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 20:31:07 +0100 Subject: [SEC] [SA43712] SUSE update for MozillaFirefox and mozilla-xulrunner Message-ID: <201103141931.p2EJV769005261@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for MozillaFirefox and mozilla-xulrunner SECUNIA ADVISORY ID: SA43712 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43712/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43712 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43712/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43712/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43712 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for MozillaFirefox and mozilla-xulrunner. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system. For more information: SA43550 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0170-1: https://hermes.opensuse.org/messages/7589574 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 13:31:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 21:31:00 +0100 Subject: [SEC] [SA43752] Fedora update for clamav Message-ID: <201103142031.p2EKV00O028150@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for clamav SECUNIA ADVISORY ID: SA43752 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43752/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43752 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43752/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43752/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43752 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA43392 SOLUTION: Apply updated packages via the yum utility ("yum update clamav"). ORIGINAL ADVISORY: FEDORA-2011-2741: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html FEDORA-2011-2743: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 14:31:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 22:31:23 +0100 Subject: [SEC] [SA43737] SAP NetWeaver Cross-Site Scripting and Script Insertion Vulnerabilities Message-ID: <201103142131.p2ELVNYj018648@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SAP NetWeaver Cross-Site Scripting and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA43737 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43737/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43737 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43737/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43737/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43737 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in SAP NetWeaver, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1) Certain unspecified input is not properly sanitised in the XI SOAP Adapter (com.sap.aii.af.soapadapter) before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "logonUrl" parameter in the BSP logon page (/sap/bc/public/bsp/sap/system_public/logon.htm) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed to the "fileNameL" and "directoryNameL" parameters in the CheckService and ExportabilityCheck servlets, "XiDynPage_ThreadId" parameter in the ViewCaches servlet, "thread", "invert", and "filter" parameters in the ShowMemLog servlet, "id" parameter in error_msg.jsp, and "refresh" parameter in ViewCaches.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Input passed via the "logger" parameter to ViewLogger.jsp and "class" parameter to the ShowMemLog servlet is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. SOLUTION: Apply fixes (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: 1, 3, 4) Dmitriy Evdokimov, Digital Security Research Group (DSecRG) 2) Alexey Sintsov, Digital Security Research Group (DSecRG) ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1438191 https://service.sap.com/sap/support/notes/1450270 https://service.sap.com/sap/support/notes/1512776 Digital Security Research Group (DSECRG-11-009, DSECRG-11-010, DSECRG-11-012, DSECRG-11-013): http://dsecrg.com/pages/vul/show.php?id=309 http://dsecrg.com/pages/vul/show.php?id=310 http://dsecrg.com/pages/vul/show.php?id=312 http://dsecrg.com/pages/vul/show.php?id=313 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 15:24:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 23:24:59 +0100 Subject: [SEC] [SA43723] SAP Crystal Reports Server Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201103142224.p2EMOxpU008845@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SAP Crystal Reports Server Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43723 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43723/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43723 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43723/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43723/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43723 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dmitriy Chastuhin has reported multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "backURL" parameter to aa-add-analytic2.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "pagePos" parameter to aa-add-validate.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "entry" parameter to aa-analytic-frameset.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Input passed via the "MetaDataCachePeriod", "AppBuilderCachePeriod", "SessionCachePeriod", and "RefreshDashboardPeriod" parameters to aa-cacheparams.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 5) Input passed via the "swf" parameter to aa-display-flash.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 6) Input passed via the "Sel" parameter to aa-dmgraph.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 7) Input passed via the "defTar" parameter to aa-edit-goal.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 8) Input passed via the "analyticToken" parameter to aa-map-frameset.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 9) Input passed via the "url", "sWindow", "BEGIN_DATE", "END_DATE", "CURRENT_DATE", and "CURRENT_SLICE" parameters to aa-open-inlist.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 10) Input passed via the "DocName" and "Label" parameters to aa-overviewctxt.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Dmitriy Chastuhin, Digital Security Research Group (DSecRG). ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1509610 DSECRG-00147: http://dsecrg.com/pages/vul/show.php?id=311 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 15:45:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Mar 2011 23:45:43 +0100 Subject: [SEC] [SA43736] bbPress "re" Cross-Site Scripting Vulnerability Message-ID: <201103142245.p2EMjhNG029958@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: bbPress "re" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43736 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43736/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43736 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43736/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43736/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43736 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Aung Khant has discovered a vulnerability in bbPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "re" parameter in bb-login.php is not properly sanitised before being used to redirect a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.0.2. Other versions may also be affected. SOLUTION: Update to version 1.0.3 PROVIDED AND/OR DISCOVERED BY: Aung Khant, YGN Ethical Hacker Group ORIGINAL ADVISORY: http://yehg.net/lab/pr0js/advisories/[bbpress-1.0.2]_cross_site_scripting OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 16:10:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 00:10:43 +0100 Subject: [SEC] [SA43746] SUSE update for MozillaFirefox, MozillaThunderbird, mozilla-xulrunner, and seamonkey Message-ID: <201103142310.p2ENAh0O018861@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for MozillaFirefox, MozillaThunderbird, mozilla-xulrunner, and seamonkey SECUNIA ADVISORY ID: SA43746 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43746/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43746 RELEASE DATE: 2011-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/43746/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43746/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43746 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for MozillaFirefox, MozillaThunderbird, mozilla-xulrunner, and seamonkey. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system. For more information: SA43550 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0169-1: https://hermes.opensuse.org/messages/7588010 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 16:46:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 00:46:27 +0100 Subject: [SEC] [SA43680] Cosmoshop Multiple Vulnerabilities Message-ID: <201103142346.p2ENkRv1008257@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Cosmoshop Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43680 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43680/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43680 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43680/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43680/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43680 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has reported multiple vulnerabilities in Cosmoshop, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "rcopy" parameter to admin/rubrikadmin.cgi, the "typ" parameter to admin/artikeladmin.cgi, and the "suchbegriff" parameter to admin/shophilfe_suche.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "text-de" parameter to admin/edit_startseitentext.cgi is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 3) Input passed via the "id" parameter to admin/index.cgi is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of vulnerabilities #2 and #3 may require administrative privileges. The vulnerabilities are reported in version ePRO 10.05.00. Other versions may also be affected. SOLUTION: Filter malicious characters or character sequences via a proxy. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA (HTB22879, HTB22880, and HTB22881): http://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_cosmoshop.html http://www.htbridge.ch/advisory/xss_vulnerability_in_cosmoshop_1.html http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_cosmoshop.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 17:12:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 01:12:02 +0100 Subject: [SEC] [SA43759] Fedora update for wireshark Message-ID: <201103150012.p2F0C2rZ029595@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for wireshark SECUNIA ADVISORY ID: SA43759 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43759/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43759 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43759/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43759/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43759 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for wireshark. This fixes several vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA43554 SA41535 SOLUTION: Apply updated packages via the yum utility ("yum update wireshark"). ORIGINAL ADVISORY: FEDORA-2011-2620: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html FEDORA-2011-2632: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 17:45:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 01:45:51 +0100 Subject: [SEC] [SA43721] Fedora update for pidgin Message-ID: <201103150045.p2F0jpXv018888@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for pidgin SECUNIA ADVISORY ID: SA43721 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43721/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43721 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43721/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43721/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43721 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43695 SOLUTION: Apply updated packages via the yum utility ("yum update pidgin"). ORIGINAL ADVISORY: FEDORA-2011-3113: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 18:14:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 02:14:13 +0100 Subject: [SEC] [SA43741] SUSE aaa_base "/etc/init.d/boot.localfs" Security Issue Message-ID: <201103150114.p2F1EDEW007952@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE aaa_base "/etc/init.d/boot.localfs" Security Issue SECUNIA ADVISORY ID: SA43741 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43741/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43741 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43741/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43741/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43741 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has acknowledged a security issue in aaa_base, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the /etc/init.d/boot.localfs script creating the /dev/shm/mtab file in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. SOLUTION: Apply updated packages via the zypper package manager. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor within a Novell bug report. ORIGINAL ADVISORY: Novell Bug #665479: https://bugzilla.novell.com/show_bug.cgi?id=665479 openSUSE-SU-2011:0171-1: https://hermes.opensuse.org/messages/7611269 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 18:46:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 02:46:06 +0100 Subject: [SEC] [SA43728] Ubuntu update for libvpx Message-ID: <201103150146.p2F1k6DF029559@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for libvpx SECUNIA ADVISORY ID: SA43728 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43728/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43728 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43728/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43728/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43728 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for libvpx. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system. For more information see vulnerability #6 in: SA42472 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1087-1: http://www.ubuntu.com/usn/usn-1087-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 19:10:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 03:10:48 +0100 Subject: [SEC] [SA43576] Linux Kernel TPM Information Disclosure Weakness Message-ID: <201103150210.p2F2AmNB018455@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Linux Kernel TPM Information Disclosure Weakness SECUNIA ADVISORY ID: SA43576 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43576/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43576 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43576/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43576/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43576 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information. The weaknesses are caused due to the "tpm_open()", "tpm_transmit()", "tpm_write()", and "tpm_read()" functions in drivers/char/tpm/tpm.c do not properly clearing certain memory, which can be exploited to disclose potentially sensitive information. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Peter Huewe ORIGINAL ADVISORY: http://tpmdd.git.sourceforge.net/git/gitweb.cgi?p=tpmdd/tpmdd;a=commitdiff;h=459e0537ebb7b786cd29a26f4e41c721632cd840 http://tpmdd.git.sourceforge.net/git/gitweb.cgi?p=tpmdd/tpmdd;a=commitdiff;h=f0bbed1ee49a4779dfb32159fea669ced8789336 http://tpmdd.git.sourceforge.net/git/gitweb.cgi?p=tpmdd/tpmdd;a=commitdiff;h=44480e4077cd782aa8f54eb472b292547f030520 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 19:46:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 03:46:29 +0100 Subject: [SEC] [SA43754] Qualitynet CMS "id" SQL Injection Vulnerability Message-ID: <201103150246.p2F2kTEX007850@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Qualitynet CMS "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43754 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43754/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43754 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43754/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43754/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43754 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: ITSecTeam has reported a vulnerability in Qualitynet CMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to e.g. dynamic-menu.php (when "act" is set to "go") and content_page.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: M3hr at n.s, ITSecTeam OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 20:21:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 04:21:56 +0100 Subject: [SEC] [SA43720] Ibid Two Information Disclosure Weaknesses Message-ID: <201103150321.p2F3LuTu030084@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ibid Two Information Disclosure Weaknesses SECUNIA ADVISORY ID: SA43720 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43720/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43720 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43720/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43720/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43720 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two weaknesses have been reported in Ibid, which can be exploited by malicious, local users and malicious users to disclose potentially sensitive information. 1) An error due to a "bot" creating a log file with insecure permissions when it first sends a message can be exploited to disclose the contents of private messages. 2) An error when a "bot" sends a private message in a public meeting can be exploited to read the message in the meeting minutes. The weaknesses are reported in versions prior to 0.1.1. SOLUTION: Update to version 0.1.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://ibid.omnia.za.net/docs/0.1.0/changes.html#release-0-1-1-pimpernel-2011-02-24 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 20:45:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 04:45:51 +0100 Subject: [SEC] [SA43729] Debian update for wordpress Message-ID: <201103150345.p2F3jpLR018943@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for wordpress SECUNIA ADVISORY ID: SA43729 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43729/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43729 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43729/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43729/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43729 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for wordpress. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks. For more information: SA43238 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2190-1: http://www.debian.org/security/2011/dsa-2190 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 21:10:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 05:10:47 +0100 Subject: [SEC] [SA43719] Unik Scripts Cover Vision "id" SQL Injection Vulnerability Message-ID: <201103150410.p2F4Albn007846@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Unik Scripts Cover Vision "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43719 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43719/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43719 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43719/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43719/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43719 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Unik Scripts Cover Vision, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to content.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: Egyptian.H4x0rz OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 21:45:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 05:45:48 +0100 Subject: [SEC] [SA43745] SRWare Iron Multiple Vulnerabilities Message-ID: <201103150445.p2F4jmpo029604@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SRWare Iron Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43745 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43745/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43745 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43745/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43745/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43745 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in SRWare Iron, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system. For more information: SA43683 SOLUTION: Upgrade to version 10.0.650.0. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.srware.net/forum/viewtopic.php?f=18&t=2270 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 22:11:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 06:11:48 +0100 Subject: [SEC] [SA43724] ABBS Audio Media Player Playlist Processing Buffer Overflow Vulnerability Message-ID: <201103150511.p2F5Bm4T018556@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: ABBS Audio Media Player Playlist Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43724 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43724/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43724 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43724/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43724/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43724 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in ABBS Audio Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing playlist files and can be exploited to cause a stack-based buffer overflow via a specially crafted LST (".lst") file. Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious playlist file. The vulnerability is confirmed in version 3.0. Other versions may also be affected. SOLUTION: Do not open playlist files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Rh0 ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/16971/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 22:46:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 06:46:07 +0100 Subject: [SEC] [SA43747] Oracle Solaris Adobe Flash Player Multiple Vulnerabilities Message-ID: <201103150546.p2F5k79I007874@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43747 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43747/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43747 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43747/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43747/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43747 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to compromise a user's system. For more information: SA43267 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 14 23:11:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 07:11:16 +0100 Subject: [SEC] [SA43753] Fedora update for libxml2 Message-ID: <201103150611.p2F6BGBK029185@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for libxml2 SECUNIA ADVISORY ID: SA43753 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43753/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43753 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43753/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43753/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43753 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information: SA42721 SOLUTION: Apply updated packages via the yum utility ("yum update libxml2"). ORIGINAL ADVISORY: FEDORA-2011-2697: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 11:31:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 19:31:33 +0100 Subject: [SEC] [SA43625] Foxit Phantom "createDataObject()" Arbitrary File Creation Vulnerability Message-ID: <201103151831.p2FIVXc0017853@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Foxit Phantom "createDataObject()" Arbitrary File Creation Vulnerability SECUNIA ADVISORY ID: SA43625 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43625/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43625 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43625/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43625/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43625 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Foxit Phantom PDF Suite, which can be exploited by malicious people to compromise a user's system. For more information: SA43776 The vulnerability is confirmed in version 2.2.4.0225. Other versions may also be affected. SOLUTION: Do not open PDF files from untrusted sources. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 12:30:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 20:30:47 +0100 Subject: [SEC] [SA43727] Nucleus CMS "user" Script Insertion Vulnerability Message-ID: <201103151930.p2FJUlVU008302@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Nucleus CMS "user" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43727 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43727/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43727 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43727/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43727/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43727 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Nucleus CMS, which can be exploited by malicious people to conduct script insertion attacks. Input passed to the "user" parameter in index.php (when "action" is set to "addcomment") is not properly sanitised before being used in the "parse_user()" function in COMMENTACTIONS.PHP. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed. The vulnerability is confirmed in version 3.63. Prior versions may also be affected. SOLUTION: Update to version 3.64. PROVIDED AND/OR DISCOVERED BY: The vendor credits Katsumi and John Leitch of AutoSec Tools. ORIGINAL ADVISORY: Nuclesu CMS 3.64 Announcement: http://nucleuscms.org/index.php?itemid=3060 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 13:30:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 21:30:37 +0100 Subject: [SEC] [SA43726] Debian update for proftpd-dfsg Message-ID: <201103152030.p2FKUbe7031177@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for proftpd-dfsg SECUNIA ADVISORY ID: SA43726 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43726/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43726 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43726/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43726/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43726 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for proftpd-dfsg. This fixes a vulnerability, which can be exploited by malicious users to manipulate certain data. For more information see vulnerability #2 in: SA42052 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2191-1: http://www.debian.org/security/2011/dsa-2191 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 14:30:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 22:30:39 +0100 Subject: [SEC] [SA43761] SSWebPlus CMS "idx" SQL Injection Vulnerability Message-ID: <201103152130.p2FLUdUt021652@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SSWebPlus CMS "idx" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43761 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43761/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43761 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43761/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43761/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43761 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Sepehr Security Team has reported a vulnerability in SSWebPlus CMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "idx" parameter to info_view.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: H3X, Sepehr Security Team ORIGINAL ADVISORY: http://www.sepehr-team.org/forums/showthread.php?p=1687#post1687 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 15:24:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 23:24:46 +0100 Subject: [SEC] [SA43757] Google Chrome Flash Player Unspecified Code Execution Vulnerability Message-ID: <201103152224.p2FMOkU6011859@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Google Chrome Flash Player Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA43757 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43757/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43757 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43757/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43757/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43757 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a vulnerability in the bundled version of Adobe Flash Player. For more information: SA43751 SOLUTION: Do not browse untrusted sites. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 15:45:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Mar 2011 23:45:58 +0100 Subject: [SEC] [SA43735] BlackBerry Device Software WebKit Integer Overflow Vulnerability Message-ID: <201103152245.p2FMjwWg000536@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: BlackBerry Device Software WebKit Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA43735 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43735/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43735 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43735/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43735/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43735 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BlackBerry Device Software, which can be exploited by malicious people to compromise a vulnerable device. The vulnerability is caused due to an integer overflow in the WebKit browser engine when visiting a website. Successful exploitation allows execution of arbitrary code. This is related to: SA43748 SOLUTION: The vendor recommends to disable JavaScript in the BlackBerry Browser. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Vincenzo Iozzo, Ralf Philipp Weinmann, and Willem Pinckaers via ZDI. ORIGINAL ADVISORY: http://www.blackberry.com/btsc/KB26132 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 16:11:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 00:11:00 +0100 Subject: [SEC] [SA43744] PECL phar Extension Format String Vulnerabilities Message-ID: <201103152311.p2FNB0UH021913@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: PECL phar Extension Format String Vulnerabilities SECUNIA ADVISORY ID: SA43744 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43744/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43744 RELEASE DATE: 2011-03-15 DISCUSS ADVISORY: http://secunia.com/advisories/43744/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43744/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43744 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the PECL phar extension, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The "zend_throw_exception_ex()" function is improperly called with controlled format string arguments while performing certain operations related to PHP archives (phar), which can be exploited to e.g. disclose or potentially corrupt memory. This is related to vulnerability #3 in: SA43328 SOLUTION: Do not use the extension to process untrusted PHP archives. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://bugs.php.net/bug.php?id=54247 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 16:46:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 00:46:03 +0100 Subject: [SEC] [SA43776] Foxit Reader "createDataObject()" Arbitrary File Creation Vulnerability Message-ID: <201103152346.p2FNk3DO011278@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Foxit Reader "createDataObject()" Arbitrary File Creation Vulnerability SECUNIA ADVISORY ID: SA43776 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43776/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43776 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43776/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43776/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43776 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Chris Evans has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an insecure "createDataObject()" function of the JavaScript API allowing creation of arbitrary files with controlled content via a specially crafted PDF file. Successful exploitation requires "Safe Reading Mode" to be disabled (enabled by default). The vulnerability is confirmed in versions 4.3.1.0118 and 4.3.1.0218. Other versions may also be affected. SOLUTION: Ensure that "Safe Reading Mode" is enabled. PROVIDED AND/OR DISCOVERED BY: Chris Evans ORIGINAL ADVISORY: http://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 17:11:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 01:11:27 +0100 Subject: [SEC] [SA43766] HP Client Automation Enterprise Unspecified Code Execution Vulnerability Message-ID: <201103160011.p2G0BRer032606@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: HP Client Automation Enterprise Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA43766 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43766/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43766 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43766/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43766/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43766 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Client Automation Enterprise, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error and may allow execution of arbitrary code. No further information is currently available. The vulnerability is reported in versions 5.11, 7.2, 7.5, 7.8, and 7.9. SOLUTION: Apply a workaround (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits an anonymous person via ZDI. ORIGINAL ADVISORY: HPSBMA02644 SSRT100284: https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02750690 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 17:45:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 01:45:48 +0100 Subject: [SEC] [SA43730] feedparser Multiple Vulnerabilities Message-ID: <201103160045.p2G0jmtm021925@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: feedparser Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43730 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43730/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43730 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43730/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43730/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43730 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in feedparser, which can be exploited by malicious people to cause a DoS (Denial of Service) and conduct script insertion attacks. 1) An error when parsing certain HTML / DOCTYPE combinations can raise an exception. This can be exploited to crash the parser via specially crafted feeds. 2) Input passed via certain comments is not properly sanitised before being used. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 3) Input passed via certain URI schemes is not properly sanitised before being used. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. SOLUTION: Update to version 5.0.1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) barry.haddow 2, 3) db.pub.mail ORIGINAL ADVISORY: 1) http://code.google.com/p/feedparser/issues/detail?id=91 2) http://code.google.com/p/feedparser/issues/detail?id=254 3) http://code.google.com/p/feedparser/issues/detail?id=255 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 18:14:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 02:14:03 +0100 Subject: [SEC] [SA43682] LotusCMS Multiple Vulnerabilities Message-ID: <201103160114.p2G1E342010995@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: LotusCMS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43682 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43682/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43682 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43682/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43682/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43682 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been discovered in LotusCMS, which can be exploited by malicious users to disclose sensitive information and compromise a vulnerable system and by malicious people to conduct cross-site scripting and request forgery attacks, disclose sensitive information, and compromise a vulnerable system. 1) Input passed via the "active" parameter to index.php (when "system" is set to "Users" or "Editor" and "page" is set to "edit" or "editor") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. add an administrator to the application or conduct script insertion attacks by tricking an administrator into visiting a malicious web site while being logged-in to the application. 3) The "saveFile()" function in core/lib/cacher.php script displays different error messages depending on the existence of a user passed via the "page" parameter to index.php. This can be exploited to enumerate existing users of the system via directory traversal sequences. 4) The application stores backup files with a predictable file name inside the web root, which can be exploited to disclose sensitive information by downloading the file. 5) Input passed via the "active" parameter to index.php (when "system" is set to "Editor" and "page" is set to "editor") is not properly verified before being used to read files. This can be exploited to read arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires "editor" access and that "magic_quotes_gpc" is disabled. 6) Input passed via the "page" parameter to index.php is not properly verified in the "openFile()" function in core/model/PageModel.php before being used to read files. This can be exploited to read arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 7) The vulnerability is caused due to the "FileManger" module not properly validating uploaded file types, which can be exploited to execute arbitrary PHP code by uploading a PHP file. Successful exploitation of this vulnerability requires "editor" access. 8) Input passed via the "req" parameter to index.php (when system" is set to "Modules", "page" is set to "admin", and "active" is set to Menu") is not properly sanitised before being used in an "eval()" call. This can be exploited to execute arbitrary PHP code. Successful exploitation of this vulnerability requires "editor" access. 9) Input passed via the "page" parameter to index.php is not properly sanitised in the "Router()" function in core/lib/router.php before being used in an "eval()" call. This can be exploited to execute arbitrary PHP code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 3.0.3. Other versions may also be affected. SOLUTION: Update to version 3.0.5, which fixes vulnerabilities #1, #3, #5, and #6. Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. Restrict access to the modules/Backup/zips directory (e.g. via .htaccess). Grant only trusted users "editor" access. Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: 1, 3-5, and 7-9) Secunia Research 2, 6) Independently discovered by Secunia Research and High-Tech Bridge SA. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-15/ http://secunia.com/secunia_research/2011-16/ http://secunia.com/secunia_research/2011-17/ http://secunia.com/secunia_research/2011-18/ http://secunia.com/secunia_research/2011-19/ http://secunia.com/secunia_research/2011-20/ http://secunia.com/secunia_research/2011-21/ LotusCMS: http://forum.lotuscms.org/viewtopic.php?f=3&t=159 High-Tech Bridge SA: http://www.htbridge.ch/advisory/xsrf_csrf_in_lotuscms.html http://www.htbridge.ch/advisory/file_content_disclosure_in_lotuscms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 18:45:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 02:45:42 +0100 Subject: [SEC] [SA43751] Adobe Flash Player Unspecified Code Execution Vulnerability Message-ID: <201103160145.p2G1jgak032595@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA43751 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43751/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43751 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43751/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43751/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43751 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error. Further information is currently not available. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in versions 10.2.152.33 and prior for Windows, Macintosh, Linux, and Solaris, versions 10.2.154.18 and prior for Chrome, and versions 10.1.106.16 and prior for Android. NOTE: The vulnerability is reportedly being actively exploited. SOLUTION: Adobe plans to release a fixed version during the week of March 21, 2011. PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: http://www.adobe.com/support/security/advisories/apsa11-01.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 19:10:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 03:10:52 +0100 Subject: [SEC] [SA43755] ABBS Electronic Flash Cards File Processing Buffer Overflow Vulnerability Message-ID: <201103160210.p2G2AqIJ021518@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: ABBS Electronic Flash Cards File Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43755 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43755/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43755 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43755/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43755/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43755 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in ABBS Electronic Flash Cards, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing Flash Card Data files and can be exploited to cause a stack-based buffer overflow via a specially crafted FCD (".fcd") file. Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious file. The vulnerability is confirmed in version 2.1. Other versions may also be affected. SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: h1ch4m OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 19:45:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 03:45:34 +0100 Subject: [SEC] [SA43772] Adobe Reader/Acrobat authplay.dll Unspecified Code Execution Vulnerability Message-ID: <201103160245.p2G2jYIb010864@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Adobe Reader/Acrobat authplay.dll Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA43772 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43772/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43772 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43772/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43772/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43772 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a vulnerable bundled version of Flash Player (authplay.dll). For more information: SA43751 Successful exploitation allows execution of arbitrary code. The vulnerability is reported in versions 10.0.1 and prior and versions 9.x for Windows and Macintosh. SOLUTION: Delete, rename, or remove access to authplay.dll to prevent running SWF content in PDF files. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: http://www.adobe.com/support/security/advisories/apsa11-01.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 20:22:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 04:22:59 +0100 Subject: [SEC] [SA43715] TYPO3 Direct Mail Extension Two Vulnerabilities Message-ID: <201103160322.p2G3Mxrp000741@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: TYPO3 Direct Mail Extension Two Vulnerabilities SECUNIA ADVISORY ID: SA43715 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43715/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43715 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43715/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43715/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43715 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in the Direct Mail extension for TYPO3, which can be exploited by malicious users to conduct script insertion and SQL injection attacks. 1) Certain unspecified input passed to the Direct Mail configuration backend module is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Certain unspecified input passed to the Direct Mail configuration backend module is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of these vulnerabilities requires access to the Direct Mail configuration backend module. The vulnerabilities are reported in versions prior to 2.6.10. SOLUTION: Update to version 2.6.10. PROVIDED AND/OR DISCOVERED BY: The vendor credits Georg Ringer, TYPO3 Security Team. ORIGINAL ADVISORY: TYPO3-SA-2011-002: http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-002/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 20:45:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 04:45:35 +0100 Subject: [SEC] [SA43707] SAP GUI Insecure Library Loading Vulnerability Message-ID: <201103160345.p2G3jZ7k021973@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SAP GUI Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA43707 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43707/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43707 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43707/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43707/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43707 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SAP GUI, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application (e.g SAPGui.exe and BExAnalyzer.exe) loading libraries (e.g. MFC80LOC.DLL) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a SAP GUI shortcut file (".sap") located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in versions 6.4 through 7.2. Other versions may also be affected. SOLUTION: Apply fixes (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Alexey Sintsov and Alexandr Polyakov, Digital Security Research Group (DSecRG) ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1511179 Digital Security Research Group (DSECRG-11-014): http://dsecrg.com/pages/vul/show.php?id=314 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 21:11:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 05:11:10 +0100 Subject: [SEC] [SA43748] Google Chrome Style Handling Memory Corruption Vulnerability Message-ID: <201103160411.p2G4BAVj010927@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Google Chrome Style Handling Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA43748 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43748/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43748 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43748/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43748/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43748 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error related to the style handling and can be exploited to corrupt memory. The vulnerability is reported in versions prior to 10.0.648.133. SOLUTION: Update to version 10.0.648.133. PROVIDED AND/OR DISCOVERED BY: Vincenzo Iozzo, Ralf Philipp Weinmann, and Willem Pinckaers via ZDI. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 21:45:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 05:45:11 +0100 Subject: [SEC] [SA43535] WordPress ComicPress Manager Plugin "lang" Cross-Site Scripting Vulnerability Message-ID: <201103160445.p2G4jBvo032642@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress ComicPress Manager Plugin "lang" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43535 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43535/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43535 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43535/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43535/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43535 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the ComicPress Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "lang" parameter to wp-content/plugins/comicpress-manager/jscalendar-1.0/test.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 1.4.9.9 and confirmed in version 1.4.9.2. Prior versions may also be affected. SOLUTION: Update to version 1.4.9.10. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: ComicPress Manager: http://wordpress.org/extend/plugins/comicpress-manager/changelog/ AutoSec Tools: http://www.autosectools.com/Advisories/WordPress.ComicPress.Manager.1.4.9.9_Reflected.Cross-site.Scripting_125.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 22:11:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 06:11:17 +0100 Subject: [SEC] [SA43532] WordPress IGIT Posts Slider Widget Plugin "src" Cross-Site Scripting Vulnerability Message-ID: <201103160511.p2G5BHCl021591@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress IGIT Posts Slider Widget Plugin "src" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43532 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43532/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43532 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43532/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43532/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43532 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the IGIT Posts Slider Widget plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "src" parameter to wp-content/plugins/igit-posts-slider-widget/timthumb.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/WordPress.IGIT.Posts.Slider.Widget.1.0_Reflected.Cross-site.Scripting_127.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 22:45:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 06:45:31 +0100 Subject: [SEC] [SA43531] WordPress jQuery Mega Menu Widget Plugin "skin" File Disclosure Vulnerability Message-ID: <201103160545.p2G5jV9t010908@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress jQuery Mega Menu Widget Plugin "skin" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA43531 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43531/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43531 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43531/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43531/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43531 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in jQuery Mega Menu Widget plugin for WordPress, which can be exploited by malicious people to disclose potentially sensitive information. Input passed via the "skin" parameter to wp-content/plugins/jquery-mega-menu/skin.php is not properly verified before being used to read files. This can be exploited to read the contents of arbitrary files from local resources via directory traversal sequences. The vulnerability is confirmed in version 1.0. Prior versions may also be affected. SOLUTION: Update to version 1.1. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/WordPress.jQuery.Mega.Menu.1.0_Local.File.Inclusion_129.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 15 23:10:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 07:10:40 +0100 Subject: [SEC] [SA43497] Citrix Secure Gateway Unspecified Vulnerability Message-ID: <201103160610.p2G6Ae8t032225@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Citrix Secure Gateway Unspecified Vulnerability SECUNIA ADVISORY ID: SA43497 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43497/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43497 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43497/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43497/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43497 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error. No further information is currently available. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 3.1.4. SOLUTION: Update to version 3.1.5 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Citrix (CTX128168): http://support.citrix.com/article/CTX128168 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 11:31:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 19:31:30 +0100 Subject: [SEC] [SA43798] Open Virtual Machine Tools RLIMIT_FSIZE Security Issue Message-ID: <201103161831.p2GIVUQ8020918@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Open Virtual Machine Tools RLIMIT_FSIZE Security Issue SECUNIA ADVISORY ID: SA43798 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43798/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43798 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43798/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43798/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43798 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Open Virtual Machine Tools, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The security is caused due to the "mount.vmhgfs" utility not properly handling the SIGXFSZ signal when e.g. adding new file system descriptions to "/etc/mtab", which can be exploited to e.g. corrupt the /etc/mtab file by setting a low RLIMIT_FSIZE limit. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2011/03/04/9 http://www.openwall.com/lists/oss-security/2011/03/15/6 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 12:30:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 20:30:42 +0100 Subject: [SEC] [SA43596] util-linux mount RLIMIT_FSIZE Security Issue Message-ID: <201103161930.p2GJUgrA011369@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: util-linux mount RLIMIT_FSIZE Security Issue SECUNIA ADVISORY ID: SA43596 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43596/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43596 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43596/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43596/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43596 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in util-linux, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The security is caused due to the "mount" utility not properly handling the SIGXFSZ signal when e.g. adding new file system descriptions to "/etc/mtab", which can be exploited to e.g. corrupt the "/etc/mtab" file or leave a stale "/etc/mtab~" file by setting a low RLIMIT_FSIZE limit. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2011/03/04/9 http://www.openwall.com/lists/oss-security/2011/03/15/6 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 13:30:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 21:30:40 +0100 Subject: [SEC] [SA43765] TIBCO tibbr Web Server Cross-Site Scripting Vulnerability Message-ID: <201103162030.p2GKUe6o001790@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: TIBCO tibbr Web Server Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43765 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43765/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43765 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43765/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43765/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43765 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in TIBCO tibbr, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input passed to the tibbr web server is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions 1.0.0 through 1.5.0. SOLUTION: Upgrade to version 2.0.0. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.tibco.com/services/support/advisories/tibbr-tibbr-service-advisory_20110315.jsp http://www.tibco.com/multimedia/tibbr_advisory_20110315_tcm8-13474.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 14:30:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 22:30:53 +0100 Subject: [SEC] [SA43796] RSA Access Manager Server Security Bypass Vulnerability Message-ID: <201103162130.p2GLUq6A024735@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: RSA Access Manager Server Security Bypass Vulnerability SECUNIA ADVISORY ID: SA43796 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43796/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43796 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43796/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43796/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43796 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in RSA Access Manager Server, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error in input handling and can be exploited to gain unauthorized access to protected resources. The vulnerability is reported in versions 5.5.x, 6.0.x, and 6.1.x. SOLUTION: Apply hot fixes. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ESA-2011-009: http://archives.neohapsis.com/archives/bugtraq/2011-03/att-0148/ESA-2011-009.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 15:24:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 23:24:53 +0100 Subject: [SEC] [SA43700] Ubuntu update for krb5 Message-ID: <201103162224.p2GMOres014941@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for krb5 SECUNIA ADVISORY ID: SA43700 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43700/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43700 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43700/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43700/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43700 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA43783 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1088-1: http://www.ubuntu.com/usn/usn-1088-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 15:45:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Mar 2011 23:45:56 +0100 Subject: [SEC] [SA43797] EMC Avamar Information Disclosure Weakness Message-ID: <201103162245.p2GMjuVv003653@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: EMC Avamar Information Disclosure Weakness SECUNIA ADVISORY ID: SA43797 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43797/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43797 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43797/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43797/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43797 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in EMC Avamar, which can be exploited by malicious people to disclose potentially sensitive information. The weakness is caused due to certain information (e.g. internal customer emails) being transmitted in clear text for certain events and can be disclosed by e.g sniffing network traffic. The weakness is reported in versions 5.0.0-407 and later but prior to 5.0.4. SOLUTION: Apply hotfix 24753 or update to version 5.0.4 (5.0 SP4). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ESA-2011-007: http://archives.neohapsis.com/archives/bugtraq/2011-03/att-0147/ESA-2011-007.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 16:10:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 00:10:38 +0100 Subject: [SEC] [SA43657] Red Hat update for java-1.6.0-ibm Message-ID: <201103162310.p2GNAcHx024971@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.6.0-ibm SECUNIA ADVISORY ID: SA43657 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43657/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43657 RELEASE DATE: 2011-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/43657/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43657/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43657 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.6.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA43262 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0357-1: https://rhn.redhat.com/errata/RHSA-2011-0357.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 16:25:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 00:25:00 +0100 Subject: [SEC] [SA43762] OpenVZ update for kernel Message-ID: <201103162325.p2GNP00A013384@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: OpenVZ update for kernel SECUNIA ADVISORY ID: SA43762 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43762/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43762 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43762/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43762/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43762 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: OpenVZ has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose system and potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges, and by malicious people to cause a DoS. For more information: SA42789 SA42884 SA42964 SA43568 SOLUTION: Update to Kernel branch RHEL5 version 028stab085.2. ORIGINAL ADVISORY: http://wiki.openvz.org/Download/kernel/rhel5/028stab085.2 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 16:45:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 00:45:58 +0100 Subject: [SEC] [SA43782] Debian update for chromium-browser Message-ID: <201103162345.p2GNjwmn002057@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for chromium-browser SECUNIA ADVISORY ID: SA43782 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43782/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43782 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43782/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43782/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43782 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for chromium-browser. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA43748 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2192-1: http://www.debian.org/security/2011/dsa-2192 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 17:11:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 01:11:09 +0100 Subject: [SEC] [SA43760] Red Hat update for krb5 Message-ID: <201103170011.p2H0B9U0023436@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for krb5 SECUNIA ADVISORY ID: SA43760 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43760/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43760 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43760/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43760/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43760 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA43783 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0356-1: https://rhn.redhat.com/errata/RHSA-2011-0356.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 17:46:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 01:46:21 +0100 Subject: [SEC] [SA43787] Fedora update for whatsup Message-ID: <201103170046.p2H0kLE6012782@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for whatsup SECUNIA ADVISORY ID: SA43787 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43787/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43787 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43787/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43787/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43787 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for whatsup. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA36425 SOLUTION: Apply updated packages via the yum utility ("yum update whatsup"). ORIGINAL ADVISORY: FEDORA-2011-2794: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055920.html FEDORA-2011-2801: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055925.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 18:13:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 02:13:58 +0100 Subject: [SEC] [SA43788] Fedora update for cgit Message-ID: <201103170113.p2H1Dw0S001762@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for cgit SECUNIA ADVISORY ID: SA43788 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43788/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43788 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43788/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43788/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43788 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for cgit. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43633 SOLUTION: Apply updated packages via the yum utility ("yum update cgit"). ORIGINAL ADVISORY: FEDORA-2011-2815: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.html FEDORA-2011-2803: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 18:46:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 02:46:07 +0100 Subject: [SEC] [SA43725] b2evolution "p" Script Insertion Vulnerability Message-ID: <201103170146.p2H1k7LY023442@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: b2evolution "p" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43725 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43725/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43725 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43725/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43725/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43725 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered a vulnerability in b2evolution, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the "p" parameter to blogs/htsrv/comment_post.php when commenting on a blog is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is confirmed in version 4.0.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/b2evolution.4.0.3_Persistent.Cross-site.Scripting_152.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 19:11:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 03:11:11 +0100 Subject: [SEC] [SA43749] EMC Avamar Unspecified Vulnerability Message-ID: <201103170211.p2H2BBMH012364@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: EMC Avamar Unspecified Vulnerability SECUNIA ADVISORY ID: SA43749 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43749/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43749 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43749/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43749/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43749 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in EMC Avamar, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to gain administrative privileges. No further information is currently available. The vulnerability is reported in versions 5.0.4-26 and prior. SOLUTION: Apply hot fix 24753 or update to version 5.0.4-30 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ESA-2011-006: http://archives.neohapsis.com/archives/bugtraq/2011-03/att-0149/ESA-2011-006.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 19:46:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 03:46:00 +0100 Subject: [SEC] [SA43774] SugarCRM Duplicate Accounts and Contacts Information Disclosure Weakness Message-ID: <201103170246.p2H2k0Yc001644@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SugarCRM Duplicate Accounts and Contacts Information Disclosure Weakness SECUNIA ADVISORY ID: SA43774 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43774/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43774 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43774/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43774/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43774 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: RedTeam Pentesting has discovered a weakness in SugarCRM, which can by exploited by malicious users to disclose potentially sensitive information. The weakness is caused due to the modules/Accounts/ShowDuplicates.php and modules/Contacts/ShowDuplicates.php scripts not checking the "List" permission of a user when viewing or creating accounts and contacts. This can be exploited to disclose some information about accounts and contacts owned by other users. The weakness is confirmed in version 6.1.3. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: RedTeam Pentesting GmbH ORIGINAL ADVISORY: RT-SA-2011-002: http://www.redteam-pentesting.de/en/advisories/rt-sa-2011-002/-sugarcrm-list-privilege-restriction-bypass OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 20:16:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 04:16:54 +0100 Subject: [SEC] [SA43763] SUSE update for build Message-ID: <201103170316.p2H3GsjM023732@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for build SECUNIA ADVISORY ID: SA43763 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43763/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43763 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43763/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43763/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43763 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for build. This fixes a security issue, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the "init_buildsystem" script using cpio to extract RPM packages, which can be exploited to e.g. overwrite arbitrary files via specially crafted RPM packages containing symlinks. SOLUTION: Apply updated packages via the zypper package manager. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: openSUSE-SU-2011:0174-1: https://hermes.opensuse.org/messages/7628937 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 20:45:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 04:45:39 +0100 Subject: [SEC] [SA43783] Kerberos KDC "prepare_error_as" Double-Free Vulnerability Message-ID: <201103170345.p2H3jdsG012804@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Kerberos KDC "prepare_error_as" Double-Free Vulnerability SECUNIA ADVISORY ID: SA43783 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43783/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43783 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43783/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43783/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43783 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Kerberos, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused due to an error in KDC within the "prepare_error_as()" function in src/kdc/do_as_req.c when handling AS-REQ request and can be exploited to trigger a double-free condition by sending specially crafted AS-REQ requests. Successful exploitation may allow execution of arbitrary code, but requires that the Public Key Cryptography for Initial Authentication (PKINIT) capability is enabled. The vulnerability is reported in KDC in releases krb5-1.7 and later. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Cameron Meadors, Red Hat ORIGINAL ADVISORY: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-003.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 21:10:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 05:10:38 +0100 Subject: [SEC] [SA43717] VMware vCenter Server Orchestrator Multiple Vulnerabilities Message-ID: <201103170410.p2H4Acu3001638@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: VMware vCenter Server Orchestrator Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43717 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43717/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43717 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43717/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43717/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43717 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in VMware vCenter Server, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a vulnerable system. VMWare vCenter Server bundles a vulnerable version of Apache Struts. For more information: SA32497 SA40575 SOLUTION: Apply the workaround (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Vulnerability Research Team, Digital Defense ORIGINAL ADVISORY: VMSA-2011-0005: http://www.vmware.com/security/advisories/VMSA-2011-0005.html http://kb.vmware.com/kb/1034175 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 21:25:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 05:25:03 +0100 Subject: [SEC] [SA43775] Nostromo Directory Traversal Vulnerability Message-ID: <201103170425.p2H4P3vi022524@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Nostromo Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA43775 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43775 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43775/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43775/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43775 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: RedTeam Pentesting has discovered a vulnerability in Nostromo, which can be exploited by malicious people to disclose system information and compromise a vulnerable system. Input passed via the URL is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. NOTE: Additionally, a weakness exists due to accessed executable files being treated as CGI scripts, which allows execution of arbitrary shell commands when combined with the directory traversal attack. The vulnerability is confirmed in version 1.9.3. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: RedTeam Pentesting ORIGINAL ADVISORY: http://www.redteam-pentesting.de/advisories/rt-sa-2011-001.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 21:45:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 05:45:58 +0100 Subject: [SEC] [SA43764] Newscoop Comments Script Insertion Vulnerability Message-ID: <201103170445.p2H4jwIr011236@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Newscoop Comments Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43764 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43764/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43764 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43764/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43764/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43764 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Newscoop, which can be exploited by malicious users to conduct script insertion attacks. Input passed while posting comments is not properly sanitised before being displayed to the user. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of the affected site when the malicious data is viewed. The vulnerability is reported in versions prior to 3.5.2. SOLUTION: Update to version 3.5.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.sourcefabric.org/en/products/newscoop_release/570/Newscoop-352-is-out!.htm http://dev.sourcefabric.org/browse/CS-2921 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 22:11:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 06:11:20 +0100 Subject: [SEC] [SA43504] Joomla! Xmap Component Compromised Source Packages Backdoor Security Issue Message-ID: <201103170511.p2H5BKQp032568@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Joomla! Xmap Component Compromised Source Packages Backdoor Security Issue SECUNIA ADVISORY ID: SA43504 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43504/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43504 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43504/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43504/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43504 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in the Xmap component for Joomla!, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the distribution of compromised Xmap component source code packages containing a backdoor, which can be exploited to e.g. execute arbitrary PHP code. The compromised source files were distributed from February 21st, 2011 to February 23rd, 2011 in version 1.2.10. SOLUTION: Updated to a fixed version 1.2.10 or later. Please see the vendor's advisories for additional details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://joomla.vargas.co.cr/en/news/4-xmap/95-security-notice OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 22:45:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 06:45:32 +0100 Subject: [SEC] [SA43536] WordPress Local Market Explorer Plugin "api-key" Cross-Site Scripting Vulnerability Message-ID: <201103170545.p2H5jWVf021883@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress Local Market Explorer Plugin "api-key" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43536 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43536/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43536 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43536/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43536/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43536 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Local Market Explorer plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "api-key" parameter to wp-content/plugins/local-market-explorer/modules/walk-score-iframe.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 3.1.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/WordPress.Local.Market.Explorer.3.1.1_Reflected.Cross-site.Scripting_124.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 16 23:11:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 07:11:04 +0100 Subject: [SEC] [SA43493] Drupal Cumulus Module "tagcloud" Cross-Site Scripting Vulnerability Message-ID: <201103170611.p2H6B49r010861@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Drupal Cumulus Module "tagcloud" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43493 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43493/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43493 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43493/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43493/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43493 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: MustLive has discovered a vulnerability in the Cumulus module for Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "tagcloud" parameter to modules/cumulus/cumulus.swf (when "mode" is set to "tags") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 6.x-1.4. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: MustLive: http://websecurity.com.ua/4954/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 11:30:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 19:30:56 +0100 Subject: [SEC] [SA43740] OpenSCAP Unspecified Vulnerability Message-ID: <201103171830.p2HIUukn026278@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: OpenSCAP Unspecified Vulnerability SECUNIA ADVISORY ID: SA43740 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43740/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43740 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43740/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43740/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43740 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability with unknown impacts has been reported in OpenSCAP. The vulnerability is caused due to an unspecified error. No further information is currently available. The vulnerability is reported in versions prior to 0.7.1. SOLUTION: Update to version 0.7.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://www.redhat.com/archives/open-scap-list/2011-March/msg00001.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 12:30:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 20:30:41 +0100 Subject: [SEC] [SA43786] WordPress SodaHead Polls Plugin Two Cross-Site Scripting Vulnerabilities Message-ID: <201103171930.p2HJUfks016758@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WordPress SodaHead Polls Plugin Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43786 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43786/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43786 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43786/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43786/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43786 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has reported two vulnerabilities in the SodaHead Polls plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "customize" parameter in wp-content/plugins/sodahead-polls/poll.php and "poll_id" parameter in wp-content/plugins/sodahead-polls/customizer.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 2.0.2. Other versions may also be affected. SOLUTION: Update to version 2.0.4. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: SodaHead Polls: http://wordpress.org/extend/plugins/sodahead-polls/changelog/ High-Tech Bridge SA (HTB22893): http://www.htbridge.ch/advisory/xss_in_sodahead_polls_wordpress_plugin.html High-Tech Bridge SA (HTB22894): http://www.htbridge.ch/advisory/xss_in_sodahead_polls_wordpress_plugin_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 13:31:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 21:31:19 +0100 Subject: [SEC] [SA43689] IBM Lotus Quickr Unspecified Vulnerability Message-ID: <201103172031.p2HKVJhK007274@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: IBM Lotus Quickr Unspecified Vulnerability SECUNIA ADVISORY ID: SA43689 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43689/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43689 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43689/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43689/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43689 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability with an unknown impact has been reported in IBM Lotus Quickr. The vulnerability is caused due to an unspecified error. No further information is currently available. The vulnerability is reported in IBM Lotus Quickr for Domino versions 8.1. SOLUTION: Apply APAR LO58209 or update to version 8.1 Fix pack 27 (8.1.0.27). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (LO58209): http://www.ibm.com/support/docview.wss?uid=swg27013341 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 14:30:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 22:30:33 +0100 Subject: [SEC] [SA43784] WordPress Rating-Widget Plugin Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201103172130.p2HLUX4C030121@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WordPress Rating-Widget Plugin Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43784 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43784/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43784 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43784/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43784/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43784 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered multiple vulnerabilities in the Rating-Widget plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "selected_key" parameter in wp-content/plugins/rating-widget/view/availability_options.php, "vars[type]" parameter in wp-content/plugins/rating-widget/view/rating.php, and "rw_form_hidden_field_name" parameter in wp-content/plugins/rating-widget/view/save.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that "register_globals" is enabled. The vulnerabilities are confirmed in version 1.3.2. Other version may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22889: http://www.htbridge.ch/advisory/xss_in_rating_widget_wordpress_plugin.html HTB22890: http://www.htbridge.ch/advisory/xss_in_rating_widget_wordpress_plugin_1.html HTB22891: http://www.htbridge.ch/advisory/xss_in_rating_widget_wordpress_plugin_2.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 15:26:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 23:26:05 +0100 Subject: [SEC] [SA43799] Fedora update for seamonkey Message-ID: <201103172226.p2HMQ56M020396@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for seamonkey SECUNIA ADVISORY ID: SA43799 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43799/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43799 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43799/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43799/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43799 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for seamonkey. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system. For more information: SA43550 SOLUTION: Apply updated packages via the yum utility ("yum update seamonkey"). ORIGINAL ADVISORY: FEDORA-2011-2797: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056038.html FEDORA-2011-2796: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056070.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 15:45:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Mar 2011 23:45:50 +0100 Subject: [SEC] [SA43722] Asterisk Two Denial of Service Vulnerabilities Message-ID: <201103172245.p2HMjoRa009074@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Asterisk Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA43722 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43722/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43722 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43722/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43722/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43722 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) The Asterisk Manager Interface does not properly handle failed writes to manager clients, which can be exploited to cause a CPU and memory exhaustion by opening, sending invalid data, and closing multiple connections in a short period of time. Successful exploitation requires that the manager interface is enabled (disabled by default). 2) A NULL pointer dereference error within the "handle_tcptls_connection()" function in main/tcptls.c can be exploited to cause a crash by opening multiple connections to services using the "ast_tcptls_*" API (e.g. chan_sip, manager, and res_phoneprov) in a short period of time. The vulnerabilities are reported in Asterisk Open Source versions 1.6.1.x prior to 1.6.1.23, 1.6.2.x prior to 1.6.2.17.1, and 1.8.x prior to 1.8.3.1. SOLUTION: Update to versions 1.6.1.23, 1.6.2.17.1, or 1.8.3.1 or apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Blake Cornell 2) Blake Cornell and Chris Maj ORIGINAL ADVISORY: 1) http://downloads.asterisk.org/pub/security/AST-2011-003.html 2) http://downloads.asterisk.org/pub/security/AST-2011-004.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 16:11:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 00:11:08 +0100 Subject: [SEC] [SA43769] Novell Access Manager Java Double Literal Denial of Service Vulnerability Message-ID: <201103172311.p2HNB8lo030399@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Novell Access Manager Java Double Literal Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43769 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43769/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43769 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43769/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43769/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43769 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Novell has acknowledged a vulnerability in Novell Access Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1: SA43262 The vulnerability is reported in the following components: * Novell Access Manager 3.1 Linux Access Gateway * Novell Access Manager 3.1 Access Administration * Novell Access Manager 3.1 SSLVPN Server * Novell Access Manager 3.1 Windows Novell Identity Server * Novell Access Manager 3.1 Linux Novell Identity Server * Novell Access Manager 3.1 Java Agents SOLUTION: Apply a workaround (please see the vendor's advisory for details). A fix is scheduled to be released in the 3.1.3 IR1 patch. ORIGINAL ADVISORY: http://www.novell.com/support/viewContent.do?externalId=7008129 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 16:46:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 00:46:14 +0100 Subject: [SEC] [SA43779] Drupal Tagadelic Module Taxonomy Script Insertion Weakness Message-ID: <201103172346.p2HNkE2i019761@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Drupal Tagadelic Module Taxonomy Script Insertion Weakness SECUNIA ADVISORY ID: SA43779 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43779/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43779 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43779/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43779/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43779 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Greg Knaddison has reported a weakness in the Tagadelic module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain input related to taxonomy vocabulary names and descriptions is not properly sanitised before being displayed on listing pages and blocks. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires the "Taxonomy-Administrators" privileges. The weakness is reported in versions prior to 6.x-1.3. SOLUTION: Update to version 6.x-1.3. PROVIDED AND/OR DISCOVERED BY: Greg Knaddison (greggles), Drupal Security Team. ORIGINAL ADVISORY: SA-CONTRIB-2011-013: http://drupal.org/node/1095030 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 17:12:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 01:12:24 +0100 Subject: [SEC] [SA43778] Pointter PHP Content Management System Multiple Vulnerabilities Message-ID: <201103180012.p2I0COZH008744@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Pointter PHP Content Management System Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43778 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43778/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43778 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43778/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43778/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43778 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered multiple vulnerabilities in Pointter PHP Content Management System, which can be exploited by malicious people to conduct script insertion and SQL injection attacks. 1) Input passed via the "category" parameter to admin/functions/createcategory.php is not properly sanitised before being displayed to the user. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of the affected site when the malicious data is viewed. 2) Input passed via the "onoff", "pos", "count", "boxname", "tonoff", "tpos", "tname", "monoff", "mpos", "mname", "nonoff", "npos", "nname", "memonoff", "mempos", "memname", "searchonoff", "searchname", and "mail" parameters to admin/functions/editsettings.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. NOTE: Some issues, which can overwrite arbitrary files within the webroot and render the application unusable have also been reported. The vulnerabilities are confirmed in version 1.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified and sanitised. PROVIDED AND/OR DISCOVERED BY: Gjoko 'LiquidWorm' Krstic ORIGINAL ADVISORY: Zero Science Lab: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5002.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 17:47:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 01:47:05 +0100 Subject: [SEC] [SA43802] Xen "arch_set_info_guest()" Denial of Service Vulnerability Message-ID: <201103180047.p2I0l5lt030481@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Xen "arch_set_info_guest()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43802 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43802/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43802 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43802/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43802/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43802 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service). The vulnerability is caused due to the "arch_set_info_guest()" function in xen/arch/x86/domain.c not properly verifying that a valid usermode pagetable has been provided, which can be exploited to e.g. cause a lockup of the host system. Successful exploitation requires a x86_64 system. SOLUTION: Fixed in the Mercurial repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported in a SUSE bug by Jan Beulich. ORIGINAL ADVISORY: SUSE Bug #679344: https://bugzilla.novell.com/show_bug.cgi?id=679344 Xen commit: http://xenbits.xen.org/hg/staging/xen-4.0-testing.hg/rev/ee088a0b5cb8 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 18:14:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 02:14:09 +0100 Subject: [SEC] [SA43794] Fedora update for subversion Message-ID: <201103180114.p2I1E9qM019480@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for subversion SECUNIA ADVISORY ID: SA43794 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43794/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43794 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43794/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43794/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43794 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for subversion. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43603 SOLUTION: Apply updated packages using the yum utility ("yum update subversion"). PROVIDED AND/OR DISCOVERED BY: The vendor credits Hyrum Wright. ORIGINAL ADVISORY: FEDORA-2011-2698: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056072.html FEDORA-2011-2657: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056071.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 18:46:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 02:46:32 +0100 Subject: [SEC] [SA43804] SUSE update for IBMJava5 Message-ID: <201103180146.p2I1kW1e008738@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SUSE update for IBMJava5 SECUNIA ADVISORY ID: SA43804 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43804/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43804 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43804/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43804/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43804 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for IBMJava5. This fixes multiple vulnerabilities, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA41882 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SUSE-SU-2011:0186-1: https://hermes.opensuse.org/messages/7645637 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 19:11:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 03:11:42 +0100 Subject: [SEC] [SA43800] Fedora update for pango Message-ID: <201103180211.p2I2BgVW030036@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for pango SECUNIA ADVISORY ID: SA43800 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43800/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43800 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43800/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43800/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43800 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for pango. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA43578 SOLUTION: Apply updated packages via the yum utility ("yum update pango"). ORIGINAL ADVISORY: FEDORA-2011-3194: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 19:46:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 03:46:40 +0100 Subject: [SEC] [SA43803] Xen "arch_set_info_guest()" Denial of Service Vulnerability Message-ID: <201103180246.p2I2kevN019402@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Xen "arch_set_info_guest()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43803 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43803/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43803 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43803/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43803/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43803 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "arch_set_info_guest()" function in xen/arch/x86/domain.c. For more information: SA43802 SOLUTION: Fixed in the Mercurial repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported in a SUSE bug by Jan Beulich. ORIGINAL ADVISORY: SUSE Bug #679344: https://bugzilla.novell.com/show_bug.cgi?id=679344 Xen commit: http://xenbits.xen.org/hg/staging/xen-unstable.hg/rev/c79aae866ad8 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 20:19:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 04:19:35 +0100 Subject: [SEC] [SA43781] OneBridge Mobile Groupware Server and DMZ Proxy Unspecified Vulnerability Message-ID: <201103180319.p2I3JZuf009155@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: OneBridge Mobile Groupware Server and DMZ Proxy Unspecified Vulnerability SECUNIA ADVISORY ID: SA43781 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43781/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43781 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43781/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43781/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43781 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability with an unknown impact has been reported in OneBridge Mobile Groupware. The vulnerability is caused due to an unspecified error in the iMailGateway service within the OneBridge Server and DMZ Proxy. No further information is currently available. The vulnerability is reported in versions 5.5.2008.0312, 5.6.2008.0312, and later. SOLUTION: The vendor recommends to disable the iMailGateway service. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.sybase.com/detail?id=1092074 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 20:46:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 04:46:26 +0100 Subject: [SEC] [SA43654] Microsiga Protheus Username Enumeration Weakness Message-ID: <201103180346.p2I3kQme030533@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Microsiga Protheus Username Enumeration Weakness SECUNIA ADVISORY ID: SA43654 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43654/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43654 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43654/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43654/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43654 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Flavio do Carmo Junior has reported a weakness in Microsiga Protheus, which can be exploited by malicious people to disclose sensitive information. The authentication procedure returns different messages depending on the existence of the provided username. This can be exploited to enumerate valid usernames. The weakness is reported in versions 8 and 10. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Flavio do Carmo Junior (waKKu), DcLabs Security Research Group ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2011-03/0062.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 21:10:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 05:10:44 +0100 Subject: [SEC] [SA43758] Debian update for libcgroup Message-ID: <201103180410.p2I4Ai7U019411@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Debian update for libcgroup SECUNIA ADVISORY ID: SA43758 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43758/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43758 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43758/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43758/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43758 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for libcgroup. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges. For more information: SA43611 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2193-1: http://www.debian.org/security/2011/dsa-2193 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 21:45:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 05:45:33 +0100 Subject: [SEC] [SA43540] WordPress Zotpress Plugin "citation" Cross-Site Scripting Vulnerability Message-ID: <201103180445.p2I4jXQt008767@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WordPress Zotpress Plugin "citation" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43540 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43540/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43540 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43540/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43540/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43540 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Zotpress plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "citation" parameter to wp-content/plugins/zotpress/zotpress.image.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 2.6.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/WordPress.Zotpress.2.6_Reflected.Cross-site.Scripting_120.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 22:11:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 06:11:10 +0100 Subject: [SEC] [SA43494] SEIL Routers PPP Access Concentrator Buffer Overflow Vulnerability Message-ID: <201103180511.p2I5BAHR030106@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SEIL Routers PPP Access Concentrator Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43494 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43494/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43494 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43494/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43494/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43494 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SEIL Routers, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the PPP Access Concentrator (PPPAC) when processing PPPoE packets and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in the following products: * SEIL/x86 firmware 1.00 to 1.61. * SEIL/B1 firmware 1.00 to 3.11. * SEIL/X1 firmware 1.00 to 3.11. * SEIL/X2 firmware 1.00 to 3.11. * SEIL/Turbo firmware 1.80 to 2.10. * SEIL/neu 2FE Plus firmware 1.80 to 2.10. SOLUTION: Update to a patched version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.seil.jp/support/security/a01001.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 22:45:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 06:45:58 +0100 Subject: [SEC] [SA43534] SUSE update for subversion Message-ID: <201103180545.p2I5jwje019447@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SUSE update for subversion SECUNIA ADVISORY ID: SA43534 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43534/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43534 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43534/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43534/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43534 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for subversion. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA42780 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0136-1: https://hermes.opensuse.org/messages/7459434 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 17 23:10:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 07:10:28 +0100 Subject: [SEC] [SA43526] HP Web Jetadmin Unspecified Security Bypass Message-ID: <201103180610.p2I6AS1f008348@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: HP Web Jetadmin Unspecified Security Bypass SECUNIA ADVISORY ID: SA43526 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43526/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43526 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43526/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43526/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43526 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Web Jetadmin, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability has caused due to an unspecified error and can be exploited to gain access to certain resources. No further information is currently available. The vulnerability is reported in versions 10.2 Service Release 3 and Service Release 4. SOLUTION: Update to version 10.2 Service Release 5 or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBPI02635 SSRT100391: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02714670 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 11:30:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 19:30:47 +0100 Subject: [SEC] [SA43750] ChekView Directory Traversal Vulnerability Message-ID: <201103181830.p2IIUlvs029434@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: ChekView Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA43750 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43750/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43750 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43750/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43750/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43750 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in ChekView, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "WIFI" file transfer functionality of the application via an URL is not properly sanitised before being used to access files. This can be exploited to access files outside of the application root and e.g. download an iPhone address book via directory traversal attacks. Note: The file transfer functionality is not enabled by default and only accessible through WLAN. The vulnerability is confirmed in version 1.1. Other versions may also be affected. SOLUTION: Only use the file transfer functionality within a trusted WLAN. PROVIDED AND/OR DISCOVERED BY: kim at story ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/16972/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 12:30:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 20:30:43 +0100 Subject: [SEC] [SA43790] iFileExplorer Free Directory Traversal Vulnerability Message-ID: <201103181930.p2IJUhoU019919@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: iFileExplorer Free Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA43790 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43790/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43790 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43790/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43790/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43790 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in iFileExplorer Free, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the WIFI file transfer functionality of the application via an URL is not properly sanitised before being used to access files. This can be exploited to access files outside of the application root and e.g. download an iPhone address book via directory traversal attacks. Note: The file transfer functionality is only accessible through WLAN. The vulnerability is reported in version 2.7 and confirmed in version 2.8. Other versions may also be affected. SOLUTION: Do not use the application in an untrusted WLAN. PROVIDED AND/OR DISCOVERED BY: Khashayar Fereidani ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/16245/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 13:30:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 21:30:29 +0100 Subject: [SEC] [SA43448] SideBooks Directory Traversal Vulnerability Message-ID: <201103182030.p2IKUTEI010394@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SideBooks Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA43448 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43448/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43448 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43448/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43448/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43448 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in SideBooks, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the FTP component of the application is not properly sanitised before being used to access files. This can be exploited to access files outside of the application root and e.g. download an iPhone address book via directory traversal attacks. Note: The FTP component of SideBooks is not enabled by default and only accessible through WLAN. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Only use the FTP component within a trusted WLAN. PROVIDED AND/OR DISCOVERED BY: R3d at l3rt, Sp at 2K, and Sunlight. ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/16209/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 14:30:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 22:30:47 +0100 Subject: [SEC] [SA43771] WordPress WP-reCAPTCHA Plugin Cross-Site Request Forgery Vulnerability Message-ID: <201103182130.p2ILUlBN000819@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WordPress WP-reCAPTCHA Plugin Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA43771 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43771/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43771 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43771/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43771/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43771 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gabriel Quadros has discovered a vulnerability in the WP-reCAPTCHA plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. disable the captcha verification for the registration form or conduct script insertion attacks by tricking an administrator into visiting a malicious web site while being logged-in to the application. The vulnerability is confirmed in version 2.9.8.2. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Gabriel Quadros, Conviso IT Security ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-03/0206.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 15:24:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 23:24:32 +0100 Subject: [SEC] [SA43768] BoutikOne CMS Multiple SQL Injection Vulnerabilities Message-ID: <201103182224.p2IMOW6g023478@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: BoutikOne CMS Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43768 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43768/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43768 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43768/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43768/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43768 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Alz has reported multiple vulnerabilities in BoutikOne CMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "path" parameter to list.php, description.php, and categories.php, the "id" parameter to description.php, the "advCat" and "advComp" parameters to search.php, the "lang" parameter to rss/rss_news.php, rss/rss_flash.php, rss/rss_promo.php, and rss/rss_top10.php, the "codePromo" and "codeCadeau" parameters to caddie.php, and the "country" parameter to calculate.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: Alz ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2011-03/0127.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 15:45:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Mar 2011 23:45:38 +0100 Subject: [SEC] [SA43801] Pennyauctionsoft Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201103182245.p2IMjcCh012220@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Pennyauctionsoft Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43801 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43801/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43801 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43801/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43801/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43801 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Pennyauctionsoft, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the URL to index.php, jobs.php, contact.php, and forum/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "client-ip" HTTP header to allauctions.php, registration.php, and forum/forum_detail.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: sangte amtham OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 16:10:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 00:10:26 +0100 Subject: [SEC] [SA43777] WordPress WP Related Posts Plugin Cross-Site Request Forgery Vulnerability Message-ID: <201103182310.p2INAQAb001049@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WordPress WP Related Posts Plugin Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA43777 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43777/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43777 RELEASE DATE: 2011-03-18 DISCUSS ADVISORY: http://secunia.com/advisories/43777/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43777/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43777 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in WordPress WP Related Posts Plugin, which can be exploited by malicious people to conduct cross-site request forgery attacks. The plugin allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. conduct cross-site scripting and script insertion attacks when a logged-in user visits a specially crafted web page. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Gabriel Quadros, Conviso IT Security Company ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-03/0205.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 16:25:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 00:25:01 +0100 Subject: [SEC] [SA43812] ACTi Multiple Products Web Configurator Shell Command Injection Vulnerability Message-ID: <201103182325.p2INP1Eb021946@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: ACTi Multiple Products Web Configurator Shell Command Injection Vulnerability SECUNIA ADVISORY ID: SA43812 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43812/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43812 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43812/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43812/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43812 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple ACTi products, which can be exploited by malicious people to compromise a vulnerable device. Input passed to the "iperf" parameter in cgi-bin/test of the Web Configurator management interface is not properly sanitised before being used as a command line argument. This can be exploited to inject arbitrary shell commands. The vulnerability is reported in the following products: * ACTi ACD-2100 Video Encoder * ACTi ACM-1432 Bullet Camera SOLUTION: Restrict access to the Web Configurator interface to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Todor Donev OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 16:45:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 00:45:43 +0100 Subject: [SEC] [SA43809] Red Hat update for java-1.5.0-ibm Message-ID: <201103182345.p2INjhY9010666@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.5.0-ibm SECUNIA ADVISORY ID: SA43809 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43809/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43809 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43809/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43809/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43809 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system. For more information: SA43262 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0364-1: https://rhn.redhat.com/errata/RHSA-2011-0364.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 17:11:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 01:11:01 +0100 Subject: [SEC] [SA43810] SUSE update for libtiff Message-ID: <201103190011.p2J0B1Sa031986@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SUSE update for libtiff SECUNIA ADVISORY ID: SA43810 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43810/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43810 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43810/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43810/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43810 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA43582 SA43593 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0189-1: https://hermes.opensuse.org/messages/7654705 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 17:46:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 01:46:00 +0100 Subject: [SEC] [SA43669] TP-LINK TL-WR740N WebConsole and UPnP Denial of Service Vulnerability Message-ID: <201103190046.p2J0k0DF021345@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: TP-LINK TL-WR740N WebConsole and UPnP Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43669 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43669/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43669 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43669/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43669/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43669 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ewerson Guimaraes has reported a vulnerability in TP-LINK TL-WR740N, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error when processing requests and can be exploited to cause the WebConsole and UPnP services to become unresponsive by e.g. sending a large number of packets. The vulnerability is reported in versions 3.12.4 Build 100910 Rel.57694n and 3.11.7 Build 100603 Rel.56412n. Other versions may also be affected. SOLUTION: Update to firmware released on 2011-03-18 or later. Please contact the vendor for more details. PROVIDED AND/OR DISCOVERED BY: Ewerson Guimaraes aka Crash. ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2011-03/0060.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 18:13:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 02:13:35 +0100 Subject: [SEC] [SA43808] CORE Multimedia Suite 2011 CORE Player Playlist Processing Buffer Overflow Message-ID: <201103190113.p2J1DZR5010374@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: CORE Multimedia Suite 2011 CORE Player Playlist Processing Buffer Overflow SECUNIA ADVISORY ID: SA43808 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43808/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43808 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43808/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43808/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43808 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in CORE Multimedia Suite 2011, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the CORE Player when processing playlist files and can be exploited to cause a stack-based buffer overflow via a specially crafted M3U (".m3u") file. Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious playlist file. The vulnerability is confirmed in version 2.4. Other versions may also be affected. SOLUTION: Do not open playlist files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Rh0 ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/17001/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 18:45:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 02:45:50 +0100 Subject: [SEC] [SA43501] coRED CMS "rubID" SQL Injection Vulnerability Message-ID: <201103190145.p2J1jonS031998@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: coRED CMS "rubID" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43501 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43501/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43501 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43501/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43501/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43501 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in coRED CMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "rubID" parameter to /coRED/content/rubric/index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: BALTAZAR OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 19:11:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 03:11:02 +0100 Subject: [SEC] [SA43477] Ubuntu update for linux Message-ID: <201103190211.p2J2B2F9020920@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux SECUNIA ADVISORY ID: SA43477 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43477/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43477 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43477/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43477/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43477 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux. This fixes multiple weaknesses, a security issue, and multiple vulnerabilities, which can be exploited my malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, expose system and potentially sensitive information, and to gain escalated privileges and by malicious people to cause a DoS. For more information: SA38863 SA41263 SA41440 SA41493 SA41693 SA42035 SA42061 SA42094 SA42126 SA42148 SA42172 SA42173 SA42354 1) The "get_name()" function in net/tipc/socket.c is not properly initializing a structure before copying it to userspace. This can be exploited to disclose potentially sensitive information. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1073-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001257.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 19:45:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 03:45:42 +0100 Subject: [SEC] [SA43539] WordPress YT-Audio Plugin "v" Cross-Site Scripting Vulnerability Message-ID: <201103190245.p2J2jg09010267@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WordPress YT-Audio Plugin "v" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43539 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43539/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43539 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43539/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43539/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43539 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in YT-Audio: Audio Hosting From YouTube in WordPress plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "v" parameter to wp-content/plugins/yt-audio-streaming-audio-from-youtube/frame.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.7. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/WordPress.YT-Audio.1.7_Reflected.Cross-site.Scripting_121.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 20:15:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 04:15:48 +0100 Subject: [SEC] [SA43512] Samba "FD_SET" Memory Corruption Vulnerability Message-ID: <201103190315.p2J3Fmfw032261@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Samba "FD_SET" Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA43512 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43512/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43512 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43512/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43512/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43512 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Samba, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious users to cause a DoS and potentially compromise a vulnerable system. The vulnerability is caused due to missing range checks on file descriptors related to the "FD_SET" macro, which can be exploited to corrupt stack-based memory by performing a select on a specially crafted file descriptor set. The vulnerability is reported in all 3.x versions prior to 3.5.7. SOLUTION: Update to version 3.5.7 or apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://samba.org/samba/security/CVE-2011-0719.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 20:46:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 04:46:30 +0100 Subject: [SEC] [SA41865] Avactis Shopping Cart Cross-Site Request Forgery Message-ID: <201103190346.p2J3kUpV021403@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Avactis Shopping Cart Cross-Site Request Forgery SECUNIA ADVISORY ID: SA41865 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41865/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41865 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/41865/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41865/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41865 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Russ McRee has discovered a vulnerability in Avactis Shopping Cart, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add an administrative user by tricking a logged in administrator into visiting a malicious web site. The vulnerability is confirmed in version 2.0 free edition. Other versions may also be affected. SOLUTION: Update to version 2.1.0. PROVIDED AND/OR DISCOVERED BY: Russ McRee via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 21:11:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 05:11:55 +0100 Subject: [SEC] [SA43555] Ubuntu update for openjdk-6 Message-ID: <201103190411.p2J4BtLb010348@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for openjdk-6 SECUNIA ADVISORY ID: SA43555 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43555/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43555 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43555/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43555/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43555 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openjdk-6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system. For more information: SA43262 1) An error within the "JNLPClassLoader" class when handling multiple signers can be exploited to cause the class to assign an inappropriate security descriptor. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1079-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001264.html USN-1079-2: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001278.html USN-1079-3: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001280.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 21:46:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 05:46:24 +0100 Subject: [SEC] [SA43480] Ubuntu update for linux Message-ID: <201103190446.p2J4kObY032057@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux SECUNIA ADVISORY ID: SA43480 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43480/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43480 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43480/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43480/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43480 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux. This fixes multiple weaknesses, a security issue, and multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose system and potentially sensitive information, and gain escalated privileges and by malicious people to cause a DoS and to disclose potentially sensitive information. For more information: SA38863 SA40205 SA41002 SA41263 SA41440 SA41493 SA41693 SA42035 SA42061 SA42094 SA42126 SA42148 SA42372 SA43477 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1072-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001256.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 22:12:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 06:12:19 +0100 Subject: [SEC] [SA43476] Ubuntu update for linux-fsl-imx51 Message-ID: <201103190512.p2J5CJEs021019@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-fsl-imx51 SECUNIA ADVISORY ID: SA43476 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43476/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43476 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43476/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43476/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43476 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-fsl-imx51. This fixes multiple weaknesses, a security issue, and multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, disclose system and potentially sensitive information, and gain escalated privileges and by malicious people to cause a DoS, disclose potentially sensitive information, and to potentially compromise a vulnerable system. For more information: SA28696 SA37590 SA38499 SA38863 SA39490 SA40205 SA40656 SA40691 SA40965 SA41055 SA41245 SA41263 SA41284 SA41378 SA41440 SA41462 SA41493 SA41650 SA41693 SA41881 SA42378 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1074-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001258.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 22:46:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 06:46:46 +0100 Subject: [SEC] [SA43471] libpam-pgsql "pg_execParam()" Incorrect Format Specifier Vulnerability Message-ID: <201103190546.p2J5kkb8010345@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: libpam-pgsql "pg_execParam()" Incorrect Format Specifier Vulnerability SECUNIA ADVISORY ID: SA43471 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43471/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43471 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43471/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43471/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43471 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in libpam-pgsql, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to the "pg_execParam()" function in src/backend_pgsql.c using an incorrect format specifier, which can be exploited to cause a heap-based buffer overflow by e.g. connecting from an IPv4 address containing an octet larger than 127 to an application using the module. The vulnerability is reported in version 0.7.1. Other versions may also be affected. SOLUTION: Do not use a vulnerable version of the module. PROVIDED AND/OR DISCOVERED BY: Krzysztof Galazka within a Debian bug report. ORIGINAL ADVISORY: Debian bug #603436: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603436 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 18 23:11:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 07:11:28 +0100 Subject: [SEC] [SA43544] Fedora update for abcm2ps Message-ID: <201103190611.p2J6BSxj031638@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for abcm2ps SECUNIA ADVISORY ID: SA43544 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43544/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43544 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43544/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43544/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43544 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for abcm2ps. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA40033 SOLUTION: Apply updated packages via the yum utility ("yum update abcm2ps"). ORIGINAL ADVISORY: FEDORA-2011-1851: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054424.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 11:31:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 19:31:19 +0100 Subject: [SEC] [SA43518] Movavi Video Suite Image File Processing Vulnerability Message-ID: <201103191831.p2JIVJjW020298@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Movavi Video Suite Image File Processing Vulnerability SECUNIA ADVISORY ID: SA43518 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43518/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43518 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43518/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43518/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43518 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Movavi Video Suite, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in the ConvertManager.dll module when processing image files using the slideshow utility. This can be exploited to corrupt memory via e.g. a specially crafted JPG file containing overly large image width and height values. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into creating a slideshow with a malicious image file. The vulnerability is confirmed in version 9.3.2. Other versions may also be affected. SOLUTION: Do not open image files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: KedAns-Dz ORIGINAL ADVISORY: http://packetstormsecurity.org/files/view/98767/movavi-overflow.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 12:31:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 20:31:38 +0100 Subject: [SEC] [SA43543] WeeChat SSL Certificate Validation Security Issue Message-ID: <201103191931.p2JJVcKT010799@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WeeChat SSL Certificate Validation Security Issue SECUNIA ADVISORY ID: SA43543 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43543/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43543 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43543/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43543/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43543 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: JD has discovered a security issue in WeeChat, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to the application not verifying the validity of the SSL certificates presented when logging in to a server which does not request a client certificate during the handshake. This can be exploited to spoof a valid server and e.g. conduct Man-in-the-Middle (MitM) attacks. The security issue is confirmed in version 0.3.4. Other versions may also be affected. SOLUTION: Do not rely on the certificate checks. PROVIDED AND/OR DISCOVERED BY: JD ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html http://savannah.nongnu.org/patch/index.php?7459 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 13:31:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 21:31:27 +0100 Subject: [SEC] [SA43533] PEAR Installer Insecure Temporary Files Security Issue Message-ID: <201103192031.p2JKVRpq001201@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: PEAR Installer Insecure Temporary Files Security Issue SECUNIA ADVISORY ID: SA43533 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43533/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43533 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43533/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43533/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43533 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in PEAR, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the PEAR installer creating temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. The security issue is reported in versions 1.9.1 and 1.9.2. Prior versions may also be affected. SOLUTION: Fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: Raphael Geissert ORIGINAL ADVISORY: PEAR: http://pear.php.net/advisory-20110228.txt http://pear.php.net/bugs/bug.php?id=18056 http://news.php.net/php.pear.core/9791 Debian Bug #546164: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 14:31:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 22:31:33 +0100 Subject: [SEC] [SA43503] Ubuntu update for samba Message-ID: <201103192131.p2JLVX22024135@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for samba SECUNIA ADVISORY ID: SA43503 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43503/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43503 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43503/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43503/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43503 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious users to cause a DoS and potentially compromise a vulnerable system. For more information: SA43512 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1075-1: http://www.ubuntu.com/usn/usn-1075-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 15:25:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 23:25:23 +0100 Subject: [SEC] [SA43545] Fedora update for telepathy-glib Message-ID: <201103192225.p2JMPNrI014340@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for telepathy-glib SECUNIA ADVISORY ID: SA43545 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43545/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43545 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43545/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43545/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43545 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for telepathy-glib. This fixes a vulnerability, which can be exploited by malicious people to conduct hijacking attacks. For more information: SA43369 SOLUTION: Apply updated packages via the yum utility ("yum update telepathy-glib"). ORIGINAL ADVISORY: FEDORA-2011-1903: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054409.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 15:46:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Mar 2011 23:46:46 +0100 Subject: [SEC] [SA43498] Ubuntu update for clamav Message-ID: <201103192246.p2JMkkWL003053@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for clamav SECUNIA ADVISORY ID: SA43498 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43498/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43498 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43498/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43498/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43498 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA43392 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1076-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001261.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 16:11:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 00:11:43 +0100 Subject: [SEC] [SA43356] Ubuntu update for logwatch Message-ID: <201103192311.p2JNBhB2024382@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for logwatch SECUNIA ADVISORY ID: SA43356 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43356/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43356 RELEASE DATE: 2011-03-19 DISCUSS ADVISORY: http://secunia.com/advisories/43356/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43356/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43356 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for logwatch. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA43495 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1078-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001263.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 16:46:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 00:46:27 +0100 Subject: [SEC] [SA43482] Debian update for samba Message-ID: <201103192346.p2JNkRuE013723@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Debian update for samba SECUNIA ADVISORY ID: SA43482 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43482/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43482 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43482/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43482/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43482 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious users to cause a DoS and potentially compromise a vulnerable system. For more information: SA43512 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2175: http://www.us.debian.org/security/2011/dsa-2175 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 17:11:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 01:11:51 +0100 Subject: [SEC] [SA43558] IBM WebSphere MQ File Transfer Edition Java Double Literal Denial of Service Vulnerability Message-ID: <201103200011.p2K0BpQ1002611@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: IBM WebSphere MQ File Transfer Edition Java Double Literal Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43558 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43558/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43558 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43558/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43558/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43558 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM WebSphere MQ File Transfer Edition, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1: SA43262 The vulnerability is reported in versions 7.0.2 and 7.0.3. SOLUTION: Apply patch using the IBM Update Installer for Java or apply Fix Packs 7.0.2.2 or 7.0.3.1 when available. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg21468521 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 17:46:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 01:46:31 +0100 Subject: [SEC] [SA43505] Debian update for pam-pgsql Message-ID: <201103200046.p2K0kVfY024377@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Debian update for pam-pgsql SECUNIA ADVISORY ID: SA43505 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43505/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43505 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43505/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43505/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43505 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for pam-pgsql. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA43471 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2173-1: http://lists.debian.org/debian-security-announce/2011/msg00039.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 18:14:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 02:14:35 +0100 Subject: [SEC] [SA43541] Ubuntu update for linux-fsl-imx51 Message-ID: <201103200114.p2K1EZ4F013441@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-fsl-imx51 SECUNIA ADVISORY ID: SA43541 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43541/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43541 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43541/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43541/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43541 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-fsl-imx51. This fixes multiple weaknesses, a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), expose system and potentially sensitive information, bypass certain security restrictions, gain escalated privileges, and conduct DNS cache poisoning attacks and by malicious people to cause a DoS, disclose potentially sensitive information, and potentially compromise a vulnerable system. For more information: SA37590 SA38499 SA38863 SA39490 SA39982 SA40205 SA40691 SA40965 SA41002 SA41234 SA41245 SA41263 SA41284 SA41378 SA41440 SA41462 SA41493 SA41650 SA41693 SA41881 SA42172 SA42354 SA42758 1) An error withing the Econet protocol implementation can be exploited to cause a stack overflow by sending specially crafted network traffic. 2) An error within the "econet_sendmsg()" function in net/econet/af_econet.c when handling remote addresses can be exploited to cause a crash. 3) An error within the "ec_dev_ioctl()" function in net/econet/af_econet.c incorrectly enforces access restriction, which can be exploited to assign an Econet address to arbitrary interfaces. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1074-2: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001262.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 18:46:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 02:46:39 +0100 Subject: [SEC] [SA43537] Linux Kernel Multiple Vulnerabilities Message-ID: <201103200146.p2K1kdUE002613@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Linux Kernel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43537 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43537/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43537 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43537/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43537/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43537 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Vasiliy Kulikov has reported a weakness and some vulnerabilities in the Linux Kernel, which can be exploited by malicious, local users to disclose system information or cause a DoS (Denial of Service). 1) The "sco_sock_getsockopt_old()" function in net/bluetooth/sco.c is not properly initialising a member of a certain structure before copying it to userspace, which can be exploited to disclose kernel stack memory. 2) The "bnep_sock_ioctl()" function in net/bluetooth/bnep/sock.c does not properly terminate the device name, which can be exploited to cause a "BUG()" or disclose system information. 3) The "do_replace()" function in net/bridge/netfilter/ebtables.c does not properly terminate a string, which can be exploited to disclose system information. Successful exploitation of vulnerabilities #2 and #3 requires CAP_NET_ADMIN capabilities. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Vasiliy Kulikov ORIGINAL ADVISORY: 1) https://lkml.org/lkml/2011/2/14/49 2) https://lkml.org/lkml/2011/2/14/50 3) https://lkml.org/lkml/2011/2/14/51 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 19:11:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 03:11:52 +0100 Subject: [SEC] [SA43519] Google Chrome Multiple Vulnerabilities Message-ID: <201103200211.p2K2BqZd023964@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43519 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43519/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43519 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43519/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43519/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43519 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited to conduct spoofing attacks, disclose sensitive information, and potentially compromise a user's system. 1) An unspecified error related to the URL bar can be exploited to conduct spoofing attacks. 2) An unspecified error exists in the handling of JavaScript dialogs. 3) An error when handling stylesheet nodes can lead to a stale pointer. 4) An error when handling key frame rules can lead to a stale pointer. 5) An unspecified error exists in the handling of form controls. 6) An unspecified error exists while rendering SVG content. 7) An unspecified error in pickle deserialization can be exploited to cause out-of-bounds reads. This vulnerability affects 64-bit builds for Linux only. 8) An unspecified error in table handling can lead to a stale node. 9) An unspecified error in table rendering can lead to a stale pointer. 10) An unspecified error in SVG animations can lead to a stale pointer. 11) An unspecified error when handling XHTML can lead to a stale node. 12) An unspecified error exists in the textarea handling. 13) An unspecified error when handling device orientation can lead to a stale pointer. 14) An unspecified error in WebGL can be exploited to cause out-of-bounds reads. 15) An integer overflow exists in the textarea handling. 16) An unspecified error in WebGL can be exploited to cause out-of-bounds reads. 17) An unspecified error can lead to exposure of internal extension functions. 18) A use-after-free error exists within the handling of blocked plug-ins. 19) An unspecified error when handling layouts can lead to a stale pointer. The vulnerabilities are reported in versions prior to 9.0.597.107. SOLUTION: Update to version 9.0.597.107. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Jordi Chancel. 2) Sergey Radchenko. 3, 4, 13) Sergey Glazunov. 5) Stefan van Zanden. 6) Slawomir Blazek. 7) Evgeniy Stepanov, Chromium development community. 8, 9, 19) Martin Barbella. 10, 14, 15) miaubiz. 11, 12) wushi, team509. 16) Inferno, Google Chrome Security Team. 17) Tavis Ormandy, Google Security Team. 18) Chamal de Silva. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 19:46:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 03:46:21 +0100 Subject: [SEC] [SA43548] Tor "policy_summarize()" Directory Authority Denial of Service Vulnerability Message-ID: <201103200246.p2K2kL5f013304@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Tor "policy_summarize()" Directory Authority Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43548 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43548/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43548 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43548/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43548/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43548 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Tor, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error within the "policy_summarize()" function in src/or/policies.c, which can be exploited to crash a Tor directory authority. The vulnerability is reported in versions prior to 0.2.1.30. SOLUTION: Update to version 0.2.1.30. PROVIDED AND/OR DISCOVERED BY: The vendor credits piebeer. ORIGINAL ADVISORY: https://lists.torproject.org/pipermail/tor-announce/2011-February/000000.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 20:16:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 04:16:34 +0100 Subject: [SEC] [SA43517] Slackware update for samba Message-ID: <201103200316.p2K3GYeQ002886@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Slackware update for samba SECUNIA ADVISORY ID: SA43517 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43517/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43517 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43517/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43517/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43517 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious users to cause a DoS and potentially compromise a vulnerable system. For more information: SA43512 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2011-059-01: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593629 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 20:46:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 04:46:16 +0100 Subject: [SEC] [SA43550] Mozilla Firefox / SeaMonkey Multiple Vulnerabilities Message-ID: <201103200346.p2K3kG2i022608@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox / SeaMonkey Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43550 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43550/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43550 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43550/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43550/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43550 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and some vulnerabilities have been reported in Mozilla Firefox and SeaMonkey, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system. 1) Multiple errors in the browser engine can be exploited to corrupt memory and potentially execute arbitrary code. 2) An error when handling recursive calls to "eval()" within a "try/catch" statement can lead to dialogs being displayed incorrectly and returning "true" when being closed. This can e.g. be exploited to gain escalated privileges by forcing a user into accepting certain dialogs. 3) A use-after-free error in the js3250.dll library when processing the "JSON.stringify()" method can be exploited to dereference an invalid pointer in a call to the "js_HasOwnProperty()" function. 4) An error within the internal memory mapping of non-local JavaScript variables can be exploited to cause a buffer overflow and potentially execute arbitrary code. 5) An error within the internal string mapping of the JavaScript engine related to an offset pointer when handling more than 64K values can be exploited to cause an exception object to be read from invalid memory. 6) A use-after-free error related to JavaScript "Workers" can be exploited to dereference invalid memory and execute arbitrary code. 7) An error when allocating memory for layout objects displaying long strings can be exploited to cause a memory corruption and execute arbitrary code. Note: This may only affect the Windows platform. 8) The "ParanoidFragmentSink" class does not properly filter "javascript:" URLs and inline JavaScript, which can be exploited to execute arbitrary JavaScript code. Successful exploitation requires that e.g. an extension using the function to sanitise HTML code before embedding it in a chrome document is installed. 9) An error when decoding certain JPEG images can be exploited to cause a buffer overflow and potentially execute arbitrary code. Note: This does not affect the Mozilla Firefox 3.5 branch. 10) When a request initiated by the plugin received a redirect response (307), the request including any custom headers is incorrectly forwarded to the new location without notifying the plugin, which can be used to e.g. bypass cross-site request forgery protections relying on custom headers. SOLUTION: Update to Mozilla Firefox version 3.5.17 or 3.6.14 and Mozilla SeaMonkey version 2.0.12. PROVIDED AND/OR DISCOVERED BY: 3) regenrecht, via ZDI 8) Reported by the vendor The vendor credits: 1) Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron, and Marcia Knous 2) Zach Hoffman 4, 5) Christian Holler 6) Daniel Kozlowski 7) Alex Miller 9) Jordi Chancel 10) Peleus Uhley, Adobe ORIGINAL ADVISORY: 1) http://www.mozilla.org/security/announce/2011/mfsa2011-01.html 2) http://www.mozilla.org/security/announce/2011/mfsa2011-02.html 3) http://www.mozilla.org/security/announce/2011/mfsa2011-03.html 4) http://www.mozilla.org/security/announce/2011/mfsa2011-04.html 5) http://www.mozilla.org/security/announce/2011/mfsa2011-05.html 6) http://www.mozilla.org/security/announce/2011/mfsa2011-06.html 7) http://www.mozilla.org/security/announce/2011/mfsa2011-07.html 8) http://www.mozilla.org/security/announce/2011/mfsa2011-08.html 9) http://www.mozilla.org/security/announce/2011/mfsa2011-09.html 10) http://www.mozilla.org/security/announce/2011/mfsa2011-10.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-103/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 21:11:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 05:11:15 +0100 Subject: [SEC] [SA43547] WordPress SimpleDark Theme "s" Cross-Site Scripting Vulnerability Message-ID: <201103200411.p2K4BFBL011533@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WordPress SimpleDark Theme "s" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43547 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43547/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43547 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43547/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43547/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43547 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the SimpleDark theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "s" parameter to index.php is not properly sanitised in wp-content/themes/simpledark/templates/content-header.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.2.10. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: jabdah OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 21:46:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 05:46:31 +0100 Subject: [SEC] [SA42805] PDF-Pro Multiple Vulnerabilities Message-ID: <201103200446.p2K4kVGA000824@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: PDF-Pro Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42805 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42805/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42805 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/42805/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42805/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42805 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Parvez Anwar has discovered some vulnerabilities in PDF-Pro, which can be exploited by malicious people to compromise a user's system. 1) The application loads libraries (e.g. dwmapi.dll) in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PDF file located on a remote WebDAV or SMB share. 2) A boundary error in the bundled PDF Reader ActiveX control (ePapyrusReader.ocx) when handling arguments passed to the "open()" method can be exploited to cause a stack-based buffer overflow. 3) Two boundary errors in ePapyrusReader.ocx when handling arguments passed to the "open_stream()" method can be exploited to cause heap-based buffer overflows. 4) A use-after-free error in ePapyrusReader.ocx when handling arguments passed to the "open_stream()" method can be exploited to dereference already freed memory. 5) A use-after-free error in ePapyrusReader.ocx when encountering corrupted arrays in a dictionary can be exploited to dereference already freed memory via a specially crafted PDF file. 6) The unsafe "RemoveFile()" method provided by ePapyrusReader.ocx allows deleting arbitrary files on a user's system. 7) The unsafe "DownloadFTP()" method in combination with the "SetFTPInfo()" method provided by ePapyrusReader.ocx allows downloading arbitrary files to a user's system. 8) The unsafe "UploadFTP" method in combination with the "SetFTPInfo()" method provided by ePapyrusReader.ocx allows retrieving arbitrary files from a user's system. The vulnerabilities are confirmed in version 4.0.1.758 bundling ePapyrusReader.ocx version 1.6.2.1874. Most of the vulnerabilities are also confirmed in version 4.5.2.1321 bundling ePapyrusReader.ocx version 1.6.2.2612. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control and do not open untrusted PDF files. PROVIDED AND/OR DISCOVERED BY: Parvez Anwar via Secunia. Additional information provided by Secunia Research. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 22:12:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 06:12:04 +0100 Subject: [SEC] [SA43551] WordPress Mingle Forum Plugin "message" Script Insertion Vulnerability Message-ID: <201103200512.p2K5C4as022211@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WordPress Mingle Forum Plugin "message" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43551 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43551/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43551 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43551/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43551/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43551 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in the Mingle Forum plugin for WordPress, which can be exploited by malicious users to conduct script insertion attacks. Input passed via BBCode in the "message" POST parameter to wp-content/plugins/mingle-forum/wpf-insert.php (when "add_topic_submit" or "add_post_submit" is set to any value) is not properly sanitised before being displayed to the user in wp-content/plugins/mingle-forum/wpf.class.php. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is confirmed in version 1.0.29. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22848: http://www.htbridge.ch/advisory/xss_in_mingle_forum_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 22:45:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 06:45:39 +0100 Subject: [SEC] [SA43566] 389 Directory Server Simple Paged Results Denial of Service Message-ID: <201103200545.p2K5jdgA011508@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: 389 Directory Server Simple Paged Results Denial of Service SECUNIA ADVISORY ID: SA43566 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43566/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43566 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43566/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43566/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43566 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the 389 Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to slapd not properly cleaning up staled Simple Paged Results requests, which can be exploited to cause slapd to crash or stop responding. The vulnerability is reported in version 1.2.7.5. Other versions may also be affected. SOLUTION: There's currently no known effective workaround. PROVIDED AND/OR DISCOVERED BY: Reported by Jeremy Mates in a Red Hat bug report. ORIGINAL ADVISORY: Red Hat Bug #668619: https://bugzilla.redhat.com/show_bug.cgi?id=668619 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Mar 19 23:11:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 07:11:13 +0100 Subject: [SEC] [SA43553] WordPress Question and Answer Forum Plugin "title" Cross-Site Scripting Vulnerability Message-ID: <201103200611.p2K6BD03000374@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WordPress Question and Answer Forum Plugin "title" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43553 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43553/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43553 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43553/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43553/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43553 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in the Question and Answer Forum plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "title" parameter to index.php is not properly sanitised in wp-content/plugins/question-and-answer-forum/coreform.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.2.5. Prior versions may also be affected. SOLUTION: Update to version 1.2.6. ORIGINAL ADVISORY: High-Tech Bridge SA (HTB22861): http://www.htbridge.ch/advisory/xss_in_question_and_answer_forum_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 11:31:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 19:31:45 +0100 Subject: [SEC] [SA43525] HP StorageWorks File Migration Agent Archive Manipulation Vulnerability Message-ID: <201103201831.p2KIVjqc021525@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: HP StorageWorks File Migration Agent Archive Manipulation Vulnerability SECUNIA ADVISORY ID: SA43525 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43525/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43525 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43525/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43525/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43525 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP StorageWorks File Migration Agent, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to the HsmCfgSvc.exe service not enforcing authentication, which allows an attacker to change the contents of archived files. SOLUTION: Restrict access to the HsmCfgSvc.exe service. PROVIDED AND/OR DISCOVERED BY: AbdulAziz Hariri via ZDI ORIGINAL ADVISORY: ZDI-11-094: http://www.zerodayinitiative.com/advisories/ZDI-11-094/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 12:31:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 20:31:20 +0100 Subject: [SEC] [SA43432] 389 Directory Server Normalisation Memory Leak Denial of Service Message-ID: <201103201931.p2KJVK6f011998@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: 389 Directory Server Normalisation Memory Leak Denial of Service SECUNIA ADVISORY ID: SA43432 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43432/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43432 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43432/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43432/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43432 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the 389 Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a memory leak within the normalisation code, which can be exploited to cause a DoS due to high memory consumption. The vulnerability is reported in versions prior to 1.2.7.5. SOLUTION: Update to version 1.2.7.5. PROVIDED AND/OR DISCOVERED BY: Reported in a Red Hat bug by Adrian Bridgett. ORIGINAL ADVISORY: Red Hat Bug #663597: https://bugzilla.redhat.com/show_bug.cgi?id=663597 389 Directory Server Release Notes: http://directory.fedoraproject.org/wiki/Release_Notes#Bugs_Fixed_4 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 13:31:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 21:31:59 +0100 Subject: [SEC] [SA43552] WordPress WP Forum Multiple SQL Injection Vulnerabilities Message-ID: <201103202031.p2KKVxrW002446@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WordPress WP Forum Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43552 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43552/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43552 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43552/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43552/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43552 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in the WP Forum plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "group_id" POST parameter to index.php (when "forumaction" is set to "grlogin_submit"), via the "thread" parameter to wp-content/plugins/wp-forum/forum_feed.php, and via the "id" parameter to wp-content/plugins/wp-forum/sendmail.php (when "action" is set to "quote") is not properly sanitised before being used in SQL queries. This can be exploited manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.7.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge (HTB22858): http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_wordpress_plugin.html High-Tech Bridge (HTB22859): http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_wordpress_plugin_1.html High-Tech Bridge (HTB22860): http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_wordpress_plugin_2.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 14:31:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 22:31:38 +0100 Subject: [SEC] [SA43500] Joomla! XCloner Component "config" Local File Inclusion Vulnerability Message-ID: <201103202131.p2KLVcq7025340@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Joomla! XCloner Component "config" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA43500 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43500/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43500 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43500/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43500/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43500 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the XCloner component for Joomla!, which can be exploited by malicious people to disclose sensitive information. Input passed via the "config" parameter to administrator/components/com_xcloner-backupandrestore/cloner.cron.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks. The vulnerability is confirmed in versions 3.0.4 and 2.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: mr_me OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 15:26:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 23:26:12 +0100 Subject: [SEC] [SA43554] Wireshark Denial of Service and Buffer Overflow Vulnerabilities Message-ID: <201103202226.p2KMQCbY015587@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Wireshark Denial of Service and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA43554 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43554/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43554 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43554/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43554/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43554 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) An error when processing certain pcap-ng files can be exploited to free an uninitialised pointer. 2) An error when handling certain packet lengths can be exploited to cause a crash via a specially crafted pcap-ng file. 3) An error when processing Nokia DCT3 trace files can be exploited to cause a buffer overflow via a specially crafted file. Successful exploitation of this vulnerability may allow execution of arbitrary code. 4) An error in the "dissect_ms_compressed_string()" (SMB dissector) and "dissect_mscldap_string()" (LDAP dissector) functions can be exploited to cause a crash due to an infinite recursive function call. 5) An error when processing LDAP Filter strings can be exploited to cause a crash by consuming memory resources via large filter strings. Vulnerabilities #1 through #5 are reported in versions prior to 1.2.15 and prior to 1.4.4. 6) A validation error in the "dissect_6lowpan_iphc()" function (epan/dissectors/packet-6lowpan.c) in the 6LoWPAN dissector when processing certain lengths can be exploited to cause a heap-based buffer overflow of a single byte resulting in a crash. 7) A NULL pointer dereference error within the "dissect_ntlmssp_string()" function in epan/dissectors/packet-ntlmssp.c when parsing a pcap file can be exploited to cause a crash. Vulnerabilities #6 and #7 are reported in versions prior to 1.4.4 only. SOLUTION: Update to version 1.2.15 and 1.4.4. PROVIDED AND/OR DISCOVERED BY: 3, 7) Reported by the vendor. The vendor also credits: 1, 2) Huzaifa Sidhpurwala, Red Hat Security Response Team. 4) joernchen, Phenoelit. 5) Xiaopeng Zhang of Fortinet's Fortiguard Labs. 6) Paul Makowski, SEI/CERT. ORIGINAL ADVISORY: http://www.wireshark.org/security/wnpa-sec-2011-03.html http://www.wireshark.org/security/wnpa-sec-2011-04.html http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 15:46:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Mar 2011 23:46:52 +0100 Subject: [SEC] [SA43511] Joomla! XCloner Component "mosmsg" and "option" Cross-Site Scripting Vulnerabilities Message-ID: <201103202246.p2KMkqnZ004279@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Joomla! XCloner Component "mosmsg" and "option" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43511 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43511/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43511 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43511/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43511/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43511 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in the XCloner component for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "mosmsg" parameter to administrator/components/com_xcloner-backupandrestore/admin.cloner.php is not properly sanitised in administrator/components/com_xcloner-backupandrestore/admin.cloner.html.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "option" parameter to administrator/components/com_xcloner-backupandrestore/admin.cloner.php (when "task" is set to "dologin") is not properly sanitised in administrator/components/com_xcloner-backupandrestore/cloner.functions.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires that "register_globals" is enabled. The vulnerabilities are reported in version 2.1. Other versions may also be affected. SOLUTION: Update to version 2.2. PROVIDED AND/OR DISCOVERED BY: mr_me OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 16:12:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 00:12:12 +0100 Subject: [SEC] [SA43538] WordPress XCloner Plugin Multiple Vulnerabilities Message-ID: <201103202312.p2KNCCOP025606@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WordPress XCloner Plugin Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43538 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43538/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43538 RELEASE DATE: 2011-03-20 DISCUSS ADVISORY: http://secunia.com/advisories/43538/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43538/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43538 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in the XCloner plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. 1) Input passed via the "mosmsg" parameter to wp-content/plugins/xcloner-backup-and-restore/admin.cloner.php is not properly sanitised in wp-content/plugins/xcloner-backup-and-restore/admin.cloner.html.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "option" parameter to wp-content/plugins/xcloner-backup-and-restore/admin.cloner.php (when "task" is set to "dologin") is not properly sanitised in wp-content/plugins/xcloner-backup-and-restore/cloner.functions.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires that "register_globals" is enabled. 3) Input passed via the "config" parameter to wp-content/plugins/xcloner-backup-and-restore/cloner.cron.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks. The vulnerabilities are confirmed in version 2.2.1. Other versions may also be affected. SOLUTION: Upgrade to version 3.0.1, which fixes vulnerabilities #1 and #2. Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: mr_me OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 16:46:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 00:46:24 +0100 Subject: [SEC] [SA43515] WordPress XCloner Plugin "config" Local File Inclusion Vulnerability Message-ID: <201103202346.p2KNkOBv014927@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WordPress XCloner Plugin "config" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA43515 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43515/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43515 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43515/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43515/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43515 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the XCloner plugin for WordPress, which can be exploited by malicious people to disclose sensitive information. Input passed via the "config" parameter to wp-content/plugins/xcloner-backup-and-restore/cloner.cron.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks. The vulnerability is confirmed in version 3.0.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: mr_me OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 17:12:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 01:12:06 +0100 Subject: [SEC] [SA43520] WordPress XCloner Plugin "mosmsg" and "option" Cross-Site Scripting Vulnerabilities Message-ID: <201103210012.p2L0C6S6003861@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WordPress XCloner Plugin "mosmsg" and "option" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43520 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43520/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43520 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43520/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43520/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43520 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in the XCloner plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "mosmsg" parameter to wp-content/plugins/xcloner-backup-and-restore/admin.cloner.php is not properly sanitised in wp-content/plugins/xcloner-backup-and-restore/admin.cloner.html.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "option" parameter to wp-content/plugins/xcloner-backup-and-restore/admin.cloner.php (when "task" is set to "dologin") is not properly sanitised in wp-content/plugins/xcloner-backup-and-restore/cloner.functions.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires that "register_globals" is enabled. The vulnerabilities are confirmed in version 3.0. Other versions may also be affected. SOLUTION: Update to version 3.0.1. PROVIDED AND/OR DISCOVERED BY: mr_me OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 17:46:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 01:46:30 +0100 Subject: [SEC] [SA43573] Fedora update for ruby Message-ID: <201103210046.p2L0kUst025580@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for ruby SECUNIA ADVISORY ID: SA43573 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43573/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43573 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43573/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43573/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43573 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for ruby. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to bypass certain security restrictions. For more information: SA43420 SA43434 SOLUTION: Apply updated packages via the yum utility ("yum update ruby"). ORIGINAL ADVISORY: FEDORA-2011-1913: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html FEDORA-2011-1876: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 18:14:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 02:14:20 +0100 Subject: [SEC] [SA43524] Things BBS and Things BBS Thread Cross-Site Scripting Vulnerability Message-ID: <201103210114.p2L1EK73014623@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Things BBS and Things BBS Thread Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43524 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43524/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43524 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43524/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43524/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43524 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Things BBS and Things BBS Thread, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported the following products: * Things BBS version 2.0.2 and prior. * Things BBS Thread version 2.0.2 and prior. SOLUTION: Update to version 2.0.3. PROVIDED AND/OR DISCOVERED BY: Yuji Tounai, bogus.jp via JPCERT/CC ORIGINAL ADVISORY: Things BBS: http://www.thingslabo.com/cgi/bbs/download.html Things BBS Thread: http://www.thingslabo.com/cgi/bbs_thread/download.html JVN#20982938: http://jvn.jp/en/jp/JVN20982938/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 18:46:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 02:46:23 +0100 Subject: [SEC] [SA43577] IBM Tivoli Netcool/OMNIbus Web GUI SQL Injection Vulnerability Message-ID: <201103210146.p2L1kNSn003830@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Netcool/OMNIbus Web GUI SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43577 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43577/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43577 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43577/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43577/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43577 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Tivoli Netcool/OMNIbus, which can be exploited by malicious people to conduct SQL injection attacks. Certain input passed to the Web GUI is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 7.3.0. SOLUTION: Apply APAR IZ83269 or update to version 7.3.0 Fix Pack 4 (7.3.0-TIV-NCOMNIbus_GUI-FP0004). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IZ83269): http://www.ibm.com/support/docview.wss?uid=swg1IZ83269 http://www.ibm.com/support/docview.wss?uid=swg24029093 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 19:13:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 03:13:08 +0100 Subject: [SEC] [SA43560] Red Hat update for firefox Message-ID: <201103210213.p2L2D8mx025219@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for firefox SECUNIA ADVISORY ID: SA43560 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43560/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43560 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43560/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43560/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43560 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system. For more information: SA43550 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0310-01: https://rhn.redhat.com/errata/RHSA-2011-0310.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 19:46:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 03:46:12 +0100 Subject: [SEC] [SA43486] Ubuntu update for fuse Message-ID: <201103210246.p2L2kCj7014475@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for fuse SECUNIA ADVISORY ID: SA43486 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43486/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43486 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43486/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43486/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43486 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for fuse. This fixes some security issues, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA38261 SA42961 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1077-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001259.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 20:27:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 04:27:52 +0100 Subject: [SEC] [SA43521] Debian update for cups Message-ID: <201103210327.p2L3RqQf005739@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Debian update for cups SECUNIA ADVISORY ID: SA43521 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43521/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43521 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43521/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43521/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43521 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for cups. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA37364 SA40165 SA41706 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2176-1: http://www.debian.org/security/2011/dsa-2176 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 20:45:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 04:45:29 +0100 Subject: [SEC] [SA43586] Mozilla Thunderbird Multiple Vulnerabilities Message-ID: <201103210345.p2L3jTfQ026696@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Mozilla Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43586 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43586/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43586 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43586/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43586/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43586 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to compromise a user's system. For more information: SA43550 SOLUTION: Update to version 3.1.8. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2011/mfsa2011-01.html http://www.mozilla.org/security/announce/2011/mfsa2011-08.html http://www.mozilla.org/security/announce/2011/mfsa2011-09.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 21:10:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 05:10:49 +0100 Subject: [SEC] [SA43565] WordPress BackWPup Plugin "wpabs" Two Remote File Inclusion Vulnerabilities Message-ID: <201103210410.p2L4AngW015610@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WordPress BackWPup Plugin "wpabs" Two Remote File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA43565 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43565/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43565 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43565/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43565/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43565 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in the BackWPup plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "wpabs" parameter to wp-content/plugins/backwpup/app/options-view_log-iframe.php (when "logfile" is set to an existing file) and to wp-content/plugins/backwpup/app/options-runnow-iframe.php (when "jobid" is set to a numeric value) is not properly verified before being used to include files. This can be exploited to include arbitrary files from remote resources placed on a SMB share. The vulnerabilities are confirmed in version 1.5.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Danilo Massa ORIGINAL ADVISORY: Danilo Massa: http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0663.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 21:45:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 05:45:50 +0100 Subject: [SEC] [SA43556] Red Hat update for samba Message-ID: <201103210445.p2L4jown004957@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for samba SECUNIA ADVISORY ID: SA43556 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43556/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43556 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43556/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43556/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43556 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious users to cause a DoS and potentially compromise a vulnerable system. For more information: SA43512 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0305-1: https://rhn.redhat.com/errata/RHSA-2011-0305.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 22:11:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 06:11:51 +0100 Subject: [SEC] [SA43580] Red Hat update for mailman Message-ID: <201103210511.p2L5Bp9E026316@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for mailman SECUNIA ADVISORY ID: SA43580 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43580/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43580 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43580/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43580/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43580 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for mailman. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA41265 SA43389 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0308-1: http://rhn.redhat.com/errata/RHSA-2011-0308.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 22:45:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 06:45:37 +0100 Subject: [SEC] [SA43507] Alcatel-Lucent OmniVista 4760 "lang" File Disclosure Vulnerability Message-ID: <201103210545.p2L5jbvg015611@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Alcatel-Lucent OmniVista 4760 "lang" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA43507 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43507/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43507 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43507/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43507/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43507 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Alcatel-Lucent OmniVista 4760, which can be exploited by malicious people to disclose sensitive information. Certain unspecified input is not properly verified before being used to read files. This can be exploited to display the contents of arbitrary files from local resources via directory traversal attacks. The vulnerability is reported in versions 5.0.07.05 and 5.1.06.03. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: r at b13$, Digital Defense, Inc. Vulnerability Research Team. ORIGINAL ADVISORY: Alcatel-Lucent: http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011002.pdf Digital Defense, Inc. Vulnerability Research Team: http://archives.neohapsis.com/archives/fulldisclosure/current/0007.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Mar 20 23:10:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 07:10:37 +0100 Subject: [SEC] [SA43557] Red Hat update for samba3x Message-ID: <201103210610.p2L6AbkG004488@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for samba3x SECUNIA ADVISORY ID: SA43557 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43557/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43557 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43557/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43557/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43557 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for samba3x. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious users to cause a DoS and potentially compromise a vulnerable system. For more information: SA43512 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0306-1: https://rhn.redhat.com/errata/RHSA-2011-0306.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 11:30:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 19:30:45 +0100 Subject: [SEC] [SA43805] Xoops Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201103211830.p2LIUjQF025563@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Xoops Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43805 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43805/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43805 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43805/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43805/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43805 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Xoops, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "module" parameter (when "fct" is set to "modulesadmin" and "op" is set to "install") in modules/system/admin.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "module[]", "newname[]", and "oldname[]" POST parameters (when "fct" is set to "modulesadmin" and "op" is set to "confirm") in modules/system/admin.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed to the "memberslist_id[]" POST parameter (when "fct" is set to "mailusers") in modules/system/admin.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 2.5.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Aung Khant, YGN Ethical Hacker Group ORIGINAL ADVISORY: http://yehg.net/lab/pr0js/advisories/[xoops_2.5.0]_cross_site_scripting http://xoops.org/modules/news/article.php?storyid=5851 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 12:32:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 20:32:49 +0100 Subject: [SEC] [SA43828] Kleophatra CMS Arbitrary File Upload Vulnerability Message-ID: <201103211932.p2LJWnJa016129@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Kleophatra CMS Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA43828 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43828/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43828 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43828/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43828/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43828 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Xr0b0t has discovered a vulnerability in Kleophatra CMS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the "do_avatar()" function in the modules/users/controllers/users.php script not properly validating uploaded file types, which can be exploited to execute arbitrary PHP code by uploading a PHP file. The vulnerability is confirmed in version 0.1.4. Other versions may also be affected. SOLUTION: Restrict access to the media/avatars directory (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: Xr0b0t ORIGINAL ADVISORY: Xr0b0t: http://blog.xrobot.mobi/x86/kleophatra-0-1-4-0day-arbitrary-upload-file-vulnerability OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 13:32:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 21:32:21 +0100 Subject: [SEC] [SA43837] SUSE update for libreoffice Message-ID: <201103212032.p2LKWLXF006584@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SUSE update for libreoffice SECUNIA ADVISORY ID: SA43837 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43837/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43837 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43837/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43837/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43837 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for libreoffice. This fixes a security issue and some vulnerabilites, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system. For more information: SA40775 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0196-1: https://hermes.opensuse.org/messages/7671999 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 14:31:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 22:31:31 +0100 Subject: [SEC] [SA43785] Joomla! BookLibrary Component "searchtext" SQL Injection Vulnerability Message-ID: <201103212131.p2LLVVUI029421@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Joomla! BookLibrary Component "searchtext" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43785 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43785/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43785 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43785/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43785/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43785 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the BookLibrary component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "searchtext" parameter to index.php (when "option" is set to "com_booklibrary" and "task" is set to "search") is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 2.0. Other versions may also be affected. SOLUTION: The vendor has released an updated version 2.0, which fixes the vulnerability. PROVIDED AND/OR DISCOVERED BY: Marc Doudiet ORIGINAL ADVISORY: OrdaSoft: http://ordasoft.com/Book-Library/security-upgrade-instructions-for-book-library.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 15:25:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 23:25:14 +0100 Subject: [SEC] [SA43843] Fedora update for samba Message-ID: <201103212225.p2LMPEVM019601@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for samba SECUNIA ADVISORY ID: SA43843 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43843/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43843 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43843/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43843/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43843 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA43512 SOLUTION: Apply updated packages via the yum utility ("yum update samba"). ORIGINAL ADVISORY: FEDORA-2011-3118: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056241.html FEDORA-2011-3120: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056229.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 15:46:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Mar 2011 23:46:07 +0100 Subject: [SEC] [SA43780] Debian update for libvirt Message-ID: <201103212246.p2LMk7fi008299@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Debian update for libvirt SECUNIA ADVISORY ID: SA43780 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43780/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43780 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43780/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43780/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43780 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for libvrt. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA43670 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2194-1: http://lists.debian.org/debian-security-announce/2011/msg00061.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 16:10:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 00:10:52 +0100 Subject: [SEC] [SA43621] libzip "_zip_name_locate()" NULL Pointer Dereference Vulnerability Message-ID: <201103212310.p2LNAqgj029576@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: libzip "_zip_name_locate()" NULL Pointer Dereference Vulnerability SECUNIA ADVISORY ID: SA43621 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43621/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43621 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43621/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43621/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43621 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in libzip, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error within the "_zip_name_locate()" function in lib/zip_name_locate.c, which can be exploited to cause a crash by e.g. tricking an application using the "zip_name_locate()" function with the "ZIP_FL_UNCHANGED" flag into processing an empty ZIP file. This is related to vulnerability #1 in: SA43328 The vulnerability is confirmed in version 0.9.3. Prior versions may also be affected. SOLUTION: Update to version 0.10. PROVIDED AND/OR DISCOVERED BY: Maksymilian Arciemowicz ORIGINAL ADVISORY: http://securityreason.com/achievement_securityalert/96 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 16:45:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 00:45:52 +0100 Subject: [SEC] [SA43845] Oracle Solaris libpng Multiple Vulnerabilities Message-ID: <201103212345.p2LNjq42018909@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Oracle Solaris libpng Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43845 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43845/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43845 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43845/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43845/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43845 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged some vulnerabilities in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA38774 SA40302 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_libpng OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 17:11:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 01:11:18 +0100 Subject: [SEC] [SA43833] Oracle Solaris Freetype "Ins_SHZ()" Vulnerability Message-ID: <201103220011.p2M0BIZ9007832@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Freetype "Ins_SHZ()" Vulnerability SECUNIA ADVISORY ID: SA43833 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43833/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43833 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43833/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43833/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43833 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Solaris, which can be exploited to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information see vulnerability #2 in: SA41738 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2010_3814_buffer_overflow OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 17:45:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 01:45:58 +0100 Subject: [SEC] [SA43449] Debian update for php5 Message-ID: <201103220045.p2M0jwVt029558@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Debian update for php5 SECUNIA ADVISORY ID: SA43449 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43449/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43449 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43449/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43449/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43449 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for php5. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA41724 1) The security issue is caused due to a race condition within the PHP cronjob, which can be exploited to delete arbitrary files via symlink attacks. SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2195-1: http://www.debian.org/security/2011/dsa-2195 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 18:14:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 02:14:06 +0100 Subject: [SEC] [SA43598] Ubuntu update for linux Message-ID: <201103220114.p2M1E6Gl018581@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux SECUNIA ADVISORY ID: SA43598 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43598/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43598 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43598/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43598/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43598 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information and to cause a DoS (Denial of Service). For more information: SA42061 SA42176 SA42187 SA42801 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1090-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001282.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 18:45:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 02:45:49 +0100 Subject: [SEC] [SA43817] Ubuntu update for linux and linux-ec2 Message-ID: <201103220145.p2M1jn5A007771@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux and linux-ec2 SECUNIA ADVISORY ID: SA43817 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43817/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43817 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43817/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43817/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43817 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux and linux-ec2. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, cause a DoS (Denial of Service), and potentially gain escalated privileges. For more information: SA42061 SA42176 SA42187 SA42801 1) An error within the RDS implementation can be exploited to execute arbitrary code with kernel privileges. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1089-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001281.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 19:11:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 03:11:10 +0100 Subject: [SEC] [SA43806] Linux Kernel Memory Leak Weaknesses Message-ID: <201103220211.p2M2BACE029085@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Linux Kernel Memory Leak Weaknesses SECUNIA ADVISORY ID: SA43806 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43806/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43806 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43806/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43806/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43806 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose system information. 1) The "do_replace()", "compat_do_replace()", and "do_arpt_get_ctl()" functions in net/ipv4/netfilter/arp_tables.c do not properly terminate members of certain structures, which can be exploited to disclose certain kernel memory. 2) The "do_replace()", "compat_do_replace()", and "do_ipt_get_ctl()" functions in net/ipv4/netfilter/ip_tables.c do not properly terminate members of certain structures, which can be exploited to disclose certain kernel memory. 3) The "do_replace()", "compat_do_replace()", and "do_ip6t_get_ctl()" functions in net/ipv6/netfilter/ip6_tables.c do not properly terminate members of certain structures, which can be exploited to disclose certain kernel memory. Successful exploitation of these weaknesses requires "CAP_NET_ADMIN" capabilities. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Vasiliy Kulikov ORIGINAL ADVISORY: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=42eab94fff18cb1091d3501cd284d6bd6cc9c143 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=78b79876761b86653df89c48a7010b5cbd41a84a http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6a8ab060779779de8aea92ce3337ca348f973f54 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 19:46:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 03:46:11 +0100 Subject: [SEC] [SA43107] Debian update for maradns Message-ID: <201103220246.p2M2kB07018415@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Debian update for maradns SECUNIA ADVISORY ID: SA43107 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43107/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43107 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43107/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43107/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43107 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for maradns. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA43027 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2196-1: http://www.debian.org/security/2011/dsa-2196 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 20:22:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 04:22:36 +0100 Subject: [SEC] [SA43824] Novell NetWare FTP Server "DELE" Buffer Overflow Vulnerability Message-ID: <201103220322.p2M3MaGm008304@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Novell NetWare FTP Server "DELE" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43824 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43824/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43824 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43824/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43824/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43824 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Novell NetWare, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to a boundary error within NWFTPD.NLM when processing FTP commands. This can be exploited to cause a stack-based buffer overflow via specially crafted arguments passed to the DELE command. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in NWFTPD.NLM versions prior to 5.10.02. SOLUTION: Update NWFTPD.NLM to version 5.10.02. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Francis Provencher of Protek Research Lab's via ZDI. ORIGINAL ADVISORY: Novell: http://www.novell.com/support/viewContent.do?externalId=3238588 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-106/ Protek Research Lab's: http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=25&Itemid=25 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 20:46:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 04:46:09 +0100 Subject: [SEC] [SA43842] Fedora update for pidgin Message-ID: <201103220346.p2M3k93W029531@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for pidgin SECUNIA ADVISORY ID: SA43842 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43842/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43842 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43842/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43842/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43842 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for pidgin. This fixes some security issues, which can be exploited by malicious, local users to disclose potentially sensitive information. For more information: SA43271 SOLUTION: Apply updated packages via the yum utility ("yum update pidgin"). ORIGINAL ADVISORY: FEDORA-2011-3132: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056282.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 21:11:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 05:11:47 +0100 Subject: [SEC] [SA43792] Douran Portal "FileNameAttach" File Disclosure Vulnerability Message-ID: <201103220411.p2M4BlBS018454@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Douran Portal "FileNameAttach" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA43792 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43792/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43792 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43792/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43792/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43792 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Douran Portal, which can be exploited by malicious people to disclose sensitive information. Input passed to the "FileNameAttach" parameter in download.aspx is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files within the web root. This may be related to: SA35141 The vulnerability is reported in version 3.9.7.8. Other versions may also be affected. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: HUrr!c4nE! and Soroush Dalili OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 21:46:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 05:46:32 +0100 Subject: [SEC] [SA43844] Fedora update for policycoreutils Message-ID: <201103220446.p2M4kW6E007775@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for policycoreutils SECUNIA ADVISORY ID: SA43844 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43844/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43844 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43844/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43844/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43844 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for policycoreutils. This fixes a weakness, which can be exploited by malicious, local users to bypass certain security features. For more information: SA43415 SOLUTION: Apply updated packages via the yum utility ("yum update policycoreutils"). ORIGINAL ADVISORY: FEDORA-2011-3043: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 22:11:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 06:11:38 +0100 Subject: [SEC] [SA43360] Honeywell ScanServer ActiveX Control Use-After-Free Vulnerability Message-ID: <201103220511.p2M5BcjH029058@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Honeywell ScanServer ActiveX Control Use-After-Free Vulnerability SECUNIA ADVISORY ID: SA43360 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43360/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43360 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43360/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43360/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43360 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered a vulnerability in Honeywell ScanServer ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a use-after-free error when handling the "addOSPLext()" method and can be exploited to dereference already freed memory via a specially crafted web page. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 780.0.20.5. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Carsten Eiram, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-22/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 22:46:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 06:46:07 +0100 Subject: [SEC] [SA43591] Drupal Secure Pages Module Redirection Weakness Message-ID: <201103220546.p2M5k7Mh018377@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Drupal Secure Pages Module Redirection Weakness SECUNIA ADVISORY ID: SA43591 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43591/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43591 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43591/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43591/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43591 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in the Secure Pages module for Drupal, which can be exploited by malicious people to conduct spoofing attacks. Certain unspecified input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. The vulnerability is reported in versions prior to 6.x-1.9. SOLUTION: Update to version 6.x-1.9 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Mike Potter ORIGINAL ADVISORY: SA-CONTRIB-2011-011: http://drupal.org/node/1079174 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 21 23:11:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 07:11:41 +0100 Subject: [SEC] [SA43578] Pango "hb_buffer_ensure()" Memory Reallocation Vulnerability Message-ID: <201103220611.p2M6Bfeh007283@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Pango "hb_buffer_ensure()" Memory Reallocation Vulnerability SECUNIA ADVISORY ID: SA43578 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43578/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43578 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43578/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43578/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43578 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Pango, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to the "hb_buffer_ensure()" function in pango/opentype/hb-buffer.c not properly checking the return value of memory reallocation operations, which can be exploited to cause the use of an incorrect base address when trying to access the buffer in subsequent functions. The vulnerability is reported in version 1.28.3. Other versions may also be affected. SOLUTION: Do not use applications using the library. PROVIDED AND/OR DISCOVERED BY: Red Hat credits the Mozilla Security Team. ORIGINAL ADVISORY: Mozilla Bug #606997: https://bugzilla.mozilla.org/show_bug.cgi?id=606997 Red Hat Bug #678563: https://bugzilla.redhat.com/show_bug.cgi?id=678563 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 11:31:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 19:31:57 +0100 Subject: [SEC] [SA43807] CATIA V5 Visual Basic for Applications Single-Byte Stack Overwrite Vulnerability Message-ID: <201103221831.p2MIVveL028331@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: CATIA V5 Visual Basic for Applications Single-Byte Stack Overwrite Vulnerability SECUNIA ADVISORY ID: SA43807 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43807/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43807 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43807/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43807/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43807 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in CATIA V5, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a vulnerable bundled version of Visual Basic for Applications. For more information: SA39663 SOLUTION: The vulnerability will be fixed in version V5R21. The vendor recommends to apply the patch available via Microsoft. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg1HE02859 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 12:31:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 20:31:55 +0100 Subject: [SEC] [SA43825] SUSE aaa_base Tab Expansion Filename Handling Privilege Escalation Message-ID: <201103221931.p2MJVtQ9018787@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SUSE aaa_base Tab Expansion Filename Handling Privilege Escalation SECUNIA ADVISORY ID: SA43825 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43825/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43825 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43825/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43825/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43825 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has acknowledged a vulnerability in aaa_base, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error within the handling of filenames containing meta characters when performing tab expansions, which can be exploited to e.g. trick another user into executing arbitrary commands via specially named files. SOLUTION: Apply updated packages via the zypper package manager. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: openSUSE-SU-2011:0207-1: https://hermes.opensuse.org/messages/7712778 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 13:31:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 21:31:41 +0100 Subject: [SEC] [SA43789] TIOD Directory Traversal Vulnerability Message-ID: <201103222031.p2MKVfh9009246@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: TIOD Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA43789 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43789/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43789 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43789/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43789/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43789 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in TIOD, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "Ready 4 Others" FTP functionality of the application is not properly sanitised before being used to access files. This can be exploited to access files outside of the application root and e.g. download an iPhone address book via directory traversal attacks. Note: The "Ready 4 Others" FTP functionality is not enabled by default and only accessible through WLAN. The vulnerability is confirmed in version 1.3.3. Other versions may also be affected. SOLUTION: Only use the "Ready 4 Others" FTP functionality within a trusted WLAN. PROVIDED AND/OR DISCOVERED BY: R3d at l3rt and H at ckk3y. ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/16271/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 14:31:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 22:31:57 +0100 Subject: [SEC] [SA43846] Linux Kernel ROSE Multiple Vulnerabilities Message-ID: <201103222131.p2MLVv3W032102@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Linux Kernel ROSE Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43846 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43846/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43846 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43846/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43846/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43846 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to cause a DoS and potentially compromise a vulnerable system. The vulnerabilities are caused due to various errors within the implementation of the ROSE protocol and can be exploited to e.g. cause memory corruptions via specially crafted FAC_CCITT_DEST_NSAP or FAC_CCITT_SRC_NSAP fields. SOLUTION: Restrict access to trusted users only. Do not use the ROSE protocol. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg and Ben Hutchings. ORIGINAL ADVISORY: http://www.spinics.net/lists/netdev/msg158874.html http://www.spinics.net/lists/netdev/msg158900.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 15:25:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 23:25:31 +0100 Subject: [SEC] [SA43821] Red Hat update for wireshark Message-ID: <201103222225.p2MMPVkk022282@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for wireshark SECUNIA ADVISORY ID: SA43821 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43821/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43821 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43821/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43821/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43821 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for wireshark. This fixes several vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA41535 SA43554 1) A boundary error within wiretap/pcapng.c when processing certain pcap-ng files can be exploited to cause a heap-based buffer overflow. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0370-1: http://rhn.redhat.com/errata/RHSA-2011-0370.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 15:47:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Mar 2011 23:47:27 +0100 Subject: [SEC] [SA43848] RealWin FlexWin Connection Packet Processing Buffer Overflow Vulnerabilities Message-ID: <201103222247.p2MMlRiG011019@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: RealWin FlexWin Connection Packet Processing Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA43848 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43848/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43848 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43848/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43848/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43848 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in RealWin, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error when processing "On_FC_CONNECT_FCS_LOGIN" packets can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 910. 2) A boundary error when processing "On_FC_CTAGLIST_FCS_CADDTAG", "On_FC_CTAGLIST_FCS_ADDTAGMS", and "On_FC_BINFILE_FCS_OPENREADFILE" packets can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 910. 3) A boundary error when processing "On_FC_CTAGLIST_FCS_CDELTAG" packets can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 910. 4) A boundary error when processing "On_FC_RFUSER_FCS_LOGIN" packets can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 910. 5) A boundary error when processing "On_FC_BINFILE_FCS_DIRLIST" packets can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 910. 6) An input validation error when processing "On_FC_MISC_FCS_MSGBROADCAST" packets can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to TCP port 910. 7) An input validation error when processing "On_FC_MISC_FCS_MSGSEND" packets can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to TCP port 910. 8) A boundary error when processing "On_FC_CGETTAG_FCS_GETTELEMETRY" packets can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 910. 9) A boundary error when processing "On_FC_CGETTAG_FCS_GETCHANNELTELEMETRY" packets can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 910. 10) A boundary error when processing "On_FC_CPUTTAG_FCS_SETTELEMETRY" packets can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 910. 11) A boundary error when processing "On_FC_CPUTTAG_FCS_SETCHANNELTELEMETRY" packets can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 910. 12) A boundary error when processing "On_FC_SCRIPT_FCS_STARTPROG" packets can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 910. Successful exploitation of the vulnerabilities allows execution of arbitrary code. The vulnerabilities are confirmed in version 2.1 Build 6.1.10.10. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/realwin_2-adv.txt http://aluigi.altervista.org/adv/realwin_3-adv.txt http://aluigi.altervista.org/adv/realwin_4-adv.txt http://aluigi.altervista.org/adv/realwin_5-adv.txt http://aluigi.altervista.org/adv/realwin_6-adv.txt http://aluigi.altervista.org/adv/realwin_7-adv.txt http://aluigi.altervista.org/adv/realwin_8-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 16:17:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 00:17:06 +0100 Subject: [SEC] [SA43814] Apple Mac OS X Multiple Vulnerabilities Message-ID: <201103222317.p2MNH6mY032522@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43814 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43814/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43814 RELEASE DATE: 2011-03-22 DISCUSS ADVISORY: http://secunia.com/advisories/43814/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43814/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43814 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) A divide-by-zero error in AirPort when handling Wi-Fi frames can be exploited to cause a system reset. 2) Multiple vulnerabilities in Apache can be exploited by malicious people to disclose potentially sensitive information and by malicious users and malicious people to cause a DoS (Denial of Service). For more information: SA40206 3) A format string error within AppleScript Studio when handling certain commands via dialogs can be exploited to potentially execute arbitrary code. 4) An unspecified error in the handling of embedded OpenType fonts in Apple Type Services (ATS) can be exploited to cause a heap-based buffer overflow when a specially crafted document is viewed or downloaded. 5) Multiple unspecified errors in the handling of embedded TrueType fonts in Apple Type Services (ATS) can be exploited to cause a buffer overflow when a specially crafted document is viewed or downloaded. 6) Multiple unspecified errors in the handling of embedded Type 1 fonts in Apple Type Services (ATS) can be exploited to cause a buffer overflow when a specially crafted document is viewed or downloaded. 7) Multiple unspecified errors in the handling of SFNT tables in embedded fonts in Apple Type Services (ATS) can be exploited to cause a buffer overflow when a specially crafted document is viewed or downloaded. 8) An integer overflow error in bzip2 can be exploited to terminate an application using the library or execute arbitrary code via a specially crafted archive. For more information: SA41452 9) An error within the "FSFindFolder()" API in CarbonCore when used with the "kTemporaryFolderType" flag can be exploited to disclose the contents of arbitrary directories. 10) Multiple errors in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA41503 SA42426 11) An unspecified error in the handling of embedded fonts in CoreText can be exploited to corrupt memory when a specially crafted document is viewed or downloaded. 12) An integer overflow error within the handling of the F_READBOOTSTRAP ioctl in HFS, HFS+, and HFS+J filesystems can be exploited to read arbitrary files. 13) An error in ImageIO within the handling of JPEG files can be exploited to cause a heap-based buffer overflow. 14) An integer overflow error in ImageIO within the handling of XBM files can be exploited to potentially execute arbitrary code. 15) An error in libTIFF within the handling of JPEG encoded TIFF files can be exploited to cause a buffer overflow. 16) An error in libTIFF within the handling of CCITT Group 4 encoded TIFF files can be exploited to cause a buffer overflow. 17) An integer overflow error in ImageIO within the handling of JPEG encoded TIFF files can be exploited to potentially execute arbitrary code. 18) Multiple errors in Image RAW when handling Canon RAW image files can be exploited to cause buffer overflows. 19) An error in the Install Helper when handling URLs can be exploited to install an arbitrary agent by tricking the user into visiting a malicious website. 20) Multiple errors in Kerberos can be exploited by malicious users and malicious people to conduct spoofing attacks and bypass certain security features. For more information: SA37977 SA42396 21) An error within the "i386_set_ldt()" system call can be exploited by malicious, local users to execute arbitrary code with system privileges. 22) An integer truncation error within Libinfo when handling NFS RPC packets can be exploited to cause NFS RPC services to become unresponsive. 23) An error exists in the libxml library when traversing the XPath. For more information: SA42175 24) A double free error exists in the libxml library when handling XPath expressions. For more information: SA42721 25) Two errors in Mailman can be exploited by malicious users to conduct script insertion attacks. For more information: SA41265 26) Multiple errors in PHP can be exploited by malicious users and malicious people to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA39573 SA41724 27) Multiple errors in PHP can be exploited by malicious users and malicious people to bypass certain security restrictions. For more information: SA41724 28) An error in the OfficeImport framework when processing records containing formulas shared between multiple cells can be exploited to corrupt memory and potentially execute arbitrary code. 29) An error in QuickLook when handling certain Microsoft Office files can be exploited to corrupt memory when a specially crafted document is downloaded. 30) Multiple unspecified errors in QuickTime when handling JPEG2000, FlashPix, and panorama atoms in QTVR (QuickTime Virtual Reality) movie files can be exploited to corrupt memory via specially crafted files. 31) An integer overflow error in QuickTime when handling certain movie files can be exploited to potentially execute arbitrary code when a specially crafted file is viewed. 32) An error within QuickTime plug-in when handling cross-site redirects can be exploited to disclose video data. 33) An integer truncation error within the Ruby BigDecimal class can be exploited to potentially execute arbitrary code. This vulnerability only affects 64-bit Ruby processes. 34) A boundary error in Samba can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA41354 35) A security issue in Subversion can be exploited by malicious people to bypass certain security restrictions. For more information: SA41652 36) A weakness in Terminal uses SSH version 1 as the default protocol version when using ssh via the "New Remote Connection" dialog. 37) Some vulnerabilities in FreeType can be exploited to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information: SA41738 SOLUTION: Update to version 10.6.7 or apply Security Update 2011-001. PROVIDED AND/OR DISCOVERED BY: 15, 16, 33) Reported by the vendor. The vendor credits: 3) Alexander Strange. 5) Christoph Diehl of Mozilla, Felix Grobert of the Google Security Team, Marc Schoenefeld of Red Hat Security Response Team, and Tavis Ormandy and Will Drewry of Google Security Team. 6) Felix Grobert, Google Security Team and geekable via ZDI. 7) Marc Schoenefeld, Red Hat Security Response Team. 11) Christoph Diehl, Mozilla. 12) Dan Rosenberg, Virtual Security Research. 13) Andrzej Dyjak via iDefense. 14) Harry Sintonen. 17) Dominic Chell, NGS Secure. 18) Paul Harrington, NGS Secure. 19) Aaron Sigel, vtty.com. 21) Jeff Mears. 22) Peter Schwenk, University of Delaware. 28) Tobias Klein via iDefense. 29) Charlie Miller and Dion Blazakis via ZDI. 30) Will Dormann of CERT/CC, Damian Put and an anonymous researcher via ZDI, and Rodrigo Rubira Branco of Check Point Vulnerability Discovery Team. 31) Honggang Ren, Fortinet's FortiGuard Labs. 32) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR). 36) Matt Warren, HNW Inc. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4581 iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=898 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 16:47:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 00:47:51 +0100 Subject: [SEC] [SA43742] OpenSLP Extension Parsing Denial of Service Vulnerability Message-ID: <201103222347.p2MNlpgk021672@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: OpenSLP Extension Parsing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43742 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43742/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43742 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43742/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43742/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43742 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in OpenSLP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the parsing of SLP extensions, which can be exploited to trigger an infinite loop by sending specially crafted SLP packets. The vulnerability is reported in version 1.2.1. Other versions may also be affected. SOLUTION: Fixed in the SVN repository for version 2.x. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: US-CERT credits Nicolas Gregoire, Agarri. ORIGINAL ADVISORY: OpenSLP: http://openslp.svn.sourceforge.net/viewvc/openslp?view=revision&revision=1647 US-CERT VU#393783: http://www.kb.cert.org/vuls/id/393783 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 17:11:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 01:11:59 +0100 Subject: [SEC] [SA43820] Symantec LiveUpdate Administrator Cross-Site Request Forgery Vulnerability Message-ID: <201103230011.p2N0BxIP010532@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Symantec LiveUpdate Administrator Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA43820 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43820/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43820 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43820/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43820/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43820 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Symantec LiveUpdate Administrator, which can be exploited by malicious people to conduct cross-site request forgery attacks. The management interface of the application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. execute arbitrary commands by tricking an administrator into visiting a malicious web site while being logged-in to the application. The vulnerability is reported in versions 2.2.2.9 and prior. SOLUTION: Update to version 2.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits Nikolas Sotiriu, nikolas sotiriu - it services. ORIGINAL ADVISORY: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 17:45:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 01:45:53 +0100 Subject: [SEC] [SA43499] Debian update for quagga Message-ID: <201103230045.p2N0jrCR032213@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Debian update for quagga SECUNIA ADVISORY ID: SA43499 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43499/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43499 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43499/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43499/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43499 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for quagga. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43770 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2197-1: http://www.debian.org/security/2011/dsa-2197 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 18:14:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 02:14:02 +0100 Subject: [SEC] [SA43823] Xpdf Linux Binaries t1lib Vulnerability Message-ID: <201103230114.p2N1E2vu021251@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Xpdf Linux Binaries t1lib Vulnerability SECUNIA ADVISORY ID: SA43823 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43823/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43823 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43823/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43823/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43823 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Xpdf, which can be exploited by malicious people to cause a DoS and potentially compromise a user's system. The vulnerability is caused due to the Xpdf binaries for Linux being linked against a vulnerable version of t1lib. The vulnerability is reported in the Xpdf binaries for Linux prior to version 3.02pl6. SOLUTION: Update to version 3.02pl6 of the Linux binaries. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: US-CERT credits Jonathan Brossard. ORIGINAL ADVISORY: Xpdf: http://www.foolabs.com/xpdf/download.html US-CERT VU#376500: http://www.kb.cert.org/vuls/id/376500 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 18:46:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 02:46:04 +0100 Subject: [SEC] [SA43791] PaX Heap / Stack Gap Denial of Service Vulnerability Message-ID: <201103230146.p2N1k4wO010442@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: PaX Heap / Stack Gap Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43791 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43791/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43791 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43791/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43791/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43791 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in PaX, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the heap / stack gap functionality, which can be exploited to trigger an infinite loop via certain mmap operations. SOLUTION: Update to version 2.2.1-2.6.32.33. PROVIDED AND/OR DISCOVERED BY: Francisco Blas Izquierdo Riera ORIGINAL ADVISORY: grsecurity: http://grsecurity.net/changelog-stable.txt Francisco Blas Izquierdo Riera: http://www.openwall.com/lists/oss-security/2011/03/21/15 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 19:11:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 03:11:24 +0100 Subject: [SEC] [SA43829] Fedora update for mailman Message-ID: <201103230211.p2N2BOc3031743@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for mailman SECUNIA ADVISORY ID: SA43829 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43829/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43829 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43829/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43829/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43829 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for mailman. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA43389 SOLUTION: Apply updated packages via the yum utility ("yum update mailman"). ORIGINAL ADVISORY: FEDORA-2011-2102: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056387.html FEDORA-2011-2125: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056363.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 19:45:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 03:45:57 +0100 Subject: [SEC] [SA43847] RealPlayer IVR File Processing Buffer Overflow Vulnerability Message-ID: <201103230245.p2N2jvO9021065@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: RealPlayer IVR File Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43847 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43847/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43847 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43847/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43847/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43847 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in rvrender.dll when processing Internet Video Recording (IVR) files and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 14.0.2.633. Other versions may also be affected. SOLUTION: Do not open IVR files from untrusted sources. Disable the browser plugin. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/real_5-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 20:22:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 04:22:08 +0100 Subject: [SEC] [SA43770] Quagga Two Denial of Service Vulnerabilities Message-ID: <201103230322.p2N3M8ba010903@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Quagga Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA43770 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43770/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43770 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43770/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43770/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43770 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Quagga, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A NULL-pointer dereference error when parsing certain extended community attributes can be exploited to crash the "bgpd" daemon via specially crafted extended community attributes. Note: Successful exploitation may require that the attacker is a directly configured peer. 2) An error within the AS path limit/TTL functionality when parsing certain AS_PATHLIMIT attributes can be exploited to reset BGP sessions by sending specially crafted AS_PATHLIMIT attributes. The vulnerabilities are reported in versions prior to 0.99.18. SOLUTION: Update to version 0.99.18. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Quagga: http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200 DSA-2197-1: http://lists.debian.org/debian-security-announce/2011/msg00065.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 20:45:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 04:45:19 +0100 Subject: [SEC] [SA43813] SUSE update for java-1_6_0-ibm Message-ID: <201103230345.p2N3jJGW032106@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SUSE update for java-1_6_0-ibm SECUNIA ADVISORY ID: SA43813 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43813/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43813 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43813/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43813/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43813 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for java-1_6_0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA43262 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0206-1: https://hermes.opensuse.org/messages/7707692 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 21:10:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 05:10:29 +0100 Subject: [SEC] [SA43549] Red Hat update for mailman Message-ID: <201103230410.p2N4ATWV021003@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for mailman SECUNIA ADVISORY ID: SA43549 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43549/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43549 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43549/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43549/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43549 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for mailman. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA28794 SA41265 SA43389 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0307-1: http://rhn.redhat.com/errata/RHSA-2011-0307.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 21:24:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 05:24:18 +0100 Subject: [SEC] [SA43605] SUSE update for avahi Message-ID: <201103230424.p2N4OIlw009393@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SUSE update for avahi SECUNIA ADVISORY ID: SA43605 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43605/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43605 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43605/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43605/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43605 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43361 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0149-1: https://hermes.opensuse.org/messages/7511998 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 21:46:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 05:46:09 +0100 Subject: [SEC] [SA43508] WordPress BackWPup Plugin "wpabs" Two Local File Inclusion Vulnerabilities Message-ID: <201103230446.p2N4k94k030525@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: WordPress BackWPup Plugin "wpabs" Two Local File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA43508 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43508/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43508 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43508/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43508/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43508 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in the BackWPup plugin for WordPress, which can be exploited by malicious people to disclose potentially sensitive information. Input passed via the "wpabs" parameter to wp-content/plugins/backwpup/app/options-view_log-iframe.php (when "logfile" is set to an existing file) and to wp-content/plugins/backwpup/app/options-runnow-iframe.php (when "jobid" is set to a numeric value) is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 1.3.6 and reported in version 1.4.0. Prior versions may also be affected. SOLUTION: Update to version 1.4.1 or later. PROVIDED AND/OR DISCOVERED BY: Danilo Massa ORIGINAL ADVISORY: WordPress BackWPup: http://wordpress.org/extend/plugins/backwpup/changelog/ Danilo Massa: http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0663.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 22:11:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 06:11:11 +0100 Subject: [SEC] [SA43529] Magic Music Editor CD Audio Track File Processing Buffer Overflow Message-ID: <201103230511.p2N5BBKM019420@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Magic Music Editor CD Audio Track File Processing Buffer Overflow SECUNIA ADVISORY ID: SA43529 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43529/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43529 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43529/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43529/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43529 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Magic Music Editor, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when processing CD Audio Track (CDA) files and can be exploited to cause a stack-based buffer overflow via a malformed file stored in a specially crafted folder. Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a CDA file from a malicious folder e.g. extracted from an archive file. The vulnerability is confirmed in version 8.12.1.2220. Other versions may also be affected. SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: C4SS!0 G0M3S OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 22:46:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 06:46:11 +0100 Subject: [SEC] [SA43572] Red Hat update for pango Message-ID: <201103230546.p2N5kBNZ008749@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for pango SECUNIA ADVISORY ID: SA43572 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43572/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43572 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43572/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43572/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43572 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for pango. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA43578 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0309-01: https://rhn.redhat.com/errata/RHSA-2011-0309.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 22 23:10:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 07:10:58 +0100 Subject: [SEC] [SA43593] LibTIFF Two Buffer Overflow Vulnerabilities Message-ID: <201103230610.p2N6AwsG030024@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: LibTIFF Two Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA43593 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43593/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43593 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43593/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43593/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43593 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in LibTIFF, which can be exploited by malicious people to potentially compromise an application using the library. 1) A boundary error within the "EXPAND2D()" macro in libtiff/tif_fax3.h when decoding CCITT Group 4 compressed TIFF images can be exploited to cause a heap-based buffer overflow via specially crafted TIFF images. Successful exploitation may allow execution of arbitrary code. 2) A boundary error within the ThunderScan decoder when processing images with an incorrect number of bitspersample can be exploited to cause a heap-based buffer overflow via specially crafted ThunderScan encoded files. The vulnerabilities are reported in version 3.9.4. Other versions may also be affected. SOLUTION: Fixed in the CVS repository. PROVIDED AND/OR DISCOVERED BY: 1) Apple Product Security 2) Martin Barbella via ZDI. ORIGINAL ADVISORY: APPLE-SA-2011-03-02-1: http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html LibTIFF: http://bugzilla.maptools.org/show_bug.cgi?id=2300 ZDI-11-107: http://www.zerodayinitiative.com/advisories/ZDI-11-107/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 11:31:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 19:31:59 +0100 Subject: [SEC] [SA43849] 7-Technologies Interactive Graphical SCADA System Multiple Vulnerabilities Message-ID: <201103231831.p2NIVx1W018713@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: 7-Technologies Interactive Graphical SCADA System Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43849 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43849/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43849 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43849/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43849/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43849 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in 7-Technologies Interactive Graphical SCADA System, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) An input validation error in IGSSdataServer.exe when processing certain commands can be exploited to read and write arbitrary files via a specially crafted packet containing directory traversal specifiers sent to TCP port 12401. 2) A boundary error in IGSSdataServer.exe when processing the "ListAll" command can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 12401. 3) A boundary error in IGSSdataServer.exe when processing the "Write file" command can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 12401. 4) A boundary error in IGSSdataServer.exe when processing the "ReadFile" command can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 12401. 5) A boundary error in IGSSdataServer.exe when processing the "Delete" command can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 12401. 6) A boundary error in IGSSdataServer.exe when processing the "RenameFile" command can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 12401. 7) A boundary error in IGSSdataServer.exe when processing the "FileInfo" command can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 12401. 8) A boundary error in IGSSdataServer.exe when processing the RMS Reports "Add" command can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 12401. 9) A boundary error in IGSSdataServer.exe when processing the RMS Reports "ReadFile" and "Write file" commands can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 12401. 10) A boundary error in IGSSdataServer.exe when processing the RMS Reports "Rename" command can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 12401. 11) A format string error in IGSSdataServer.exe when creating a log message using the "logText()" function (shmemmgr9.dll) can be exploited to cause the process to crash via e.g. a specially crafted RMS Reports "Delete" command sent to TCP port 12401. 12) A boundary error in IGSSdataServer.exe when creating a SQL query string to process the STDREP update request can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 12401. Successful exploitation of this vulnerability may allow execution of arbitrary code. 13) An input validation error in dc.exe when processing certain commands can be exploited to execute any program on the system via a specially crafted packet containing directory traversal specifiers sent to TCP port 12397. Successful exploitation of vulnerabilities #2 through #10 and #13 allows execution of arbitrary code. The vulnerabilities are confirmed in version 9.0-11074. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/igss_1-adv.txt http://aluigi.altervista.org/adv/igss_2-adv.txt http://aluigi.altervista.org/adv/igss_3-adv.txt http://aluigi.altervista.org/adv/igss_4-adv.txt http://aluigi.altervista.org/adv/igss_5-adv.txt http://aluigi.altervista.org/adv/igss_6-adv.txt http://aluigi.altervista.org/adv/igss_7-adv.txt http://aluigi.altervista.org/adv/igss_8-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 12:31:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 20:31:08 +0100 Subject: [SEC] [SA43815] Pligg CMS Multiple Unspecified Vulnerabilities Message-ID: <201103231931.p2NJV8T3009125@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Pligg CMS Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA43815 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43815/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43815 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43815/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43815/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43815 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities with an unknown impact have been reported in Pligg CMS. The vulnerabilities are caused due to unspecified errors. No further information is currently available. The vulnerabilities are reported in versions prior to 1.1.4. SOLUTION: Update to version 1.1.4. PROVIDED AND/OR DISCOVERED BY: The vendor credits sitewat.ch and other unspecified third-party researchers. ORIGINAL ADVISORY: http://forums.pligg.com/current-version/23041-pligg-content-management-system-1-1-4-a.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 13:35:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 21:35:28 +0100 Subject: [SEC] [SA43856] Red Hat update for flash-plugin Message-ID: <201103232035.p2NKZSv1032173@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for flash-plugin SECUNIA ADVISORY ID: SA43856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43856 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for flash-plugin. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA43751 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0372-1: https://rhn.redhat.com/errata/RHSA-2011-0372.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 14:31:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 22:31:20 +0100 Subject: [SEC] [SA43857] Immunity Debugger HTTP Response Processing Buffer Overflow Vulnerability Message-ID: <201103232131.p2NLVKF7022444@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Immunity Debugger HTTP Response Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43857 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43857/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43857 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43857/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43857/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43857 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: NGS Secure Research has reported a vulnerability in Immunity Debugger, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error when processing certain HTTP responses from a vendor's server. This can be exploited to cause a heap-based buffer overflow via a specially crafted response containing an overly long string. Successful exploitation may allow execution of arbitrary code, but requires manipulating response traffic via a Man-in-the-Middle (MitM) attack. The vulnerability is reported in version 1.73. Other versions may also be affected. SOLUTION: Update to version 1.82. PROVIDED AND/OR DISCOVERED BY: Paul Harrington, NGS Secure Research ORIGINAL ADVISORY: NGS Secure Research: http://archives.neohapsis.com/archives/bugtraq/2011-03/0207.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 15:25:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 23:25:16 +0100 Subject: [SEC] [SA43816] Debian update for tex-common Message-ID: <201103232225.p2NMPGwF012631@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Debian update for tex-common SECUNIA ADVISORY ID: SA43816 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43816/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43816 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43816/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43816/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43816 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for tex-common. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly escaping shell commands while processing tex files. This can be exploited to execute arbitrary commands by tricking a user into opening a maliciously crafted tex file. SOLUTION: Apply updated packages via the apt-get package manager. PROVIDED AND/OR DISCOVERED BY: The vendor credits Mathias Svensson. ORIGINAL ADVISORY: DSA-2198-1: http://www.debian.org/security/2011/dsa-2198 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 15:46:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Mar 2011 23:46:25 +0100 Subject: [SEC] [SA43852] SUSE update for clamav Message-ID: <201103232246.p2NMkPUk001276@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SUSE update for clamav SECUNIA ADVISORY ID: SA43852 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43852/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43852 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43852/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43852/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43852 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA43392 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0208-1: https://hermes.opensuse.org/messages/7713666 SUSE-SU-2011:0209-1 https://hermes.opensuse.org/messages/7713669 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 16:11:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 00:11:29 +0100 Subject: [SEC] [SA43839] Red Hat update for dbus Message-ID: <201103232311.p2NNBT7X022612@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for dbus SECUNIA ADVISORY ID: SA43839 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43839/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43839 RELEASE DATE: 2011-03-23 DISCUSS ADVISORY: http://secunia.com/advisories/43839/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43839/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43839 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for dbus. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA42580 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0376-1: https://rhn.redhat.com/errata/RHSA-2011-0376.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 16:46:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 00:46:54 +0100 Subject: [SEC] [SA42254] Achievo Multiple Vulnerabilities Message-ID: <201103232346.p2NNksTq011976@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Achievo Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42254 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42254/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42254 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/42254/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42254/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42254 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered multiple vulnerabilities in Achievo, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "searchstring" parameter to dispatch.php (when "atknodetype" is set to "search.search" and "atkaction" is set to "search") is not properly sanitised in modules/search/class.search.inc before being returned to the user. 2) Input passed via the "field" and "usercol" parameters to include.php (when "file" is set to "atk/popups/colorpicker.inc") is not properly sanitised in atk/popups/colorpicker.inc before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) An error exists due to the application not properly verifying the "owner" parameter while adding schedules in the "Scheduler" module. This can be exploited to add schedules to another user's calendar. Successful exploitation of this vulnerability requires "Add" permissions for "Scheduler". 4) Input passed via the "node" parameter to include.php (when "file" is set to "atk/popups/help.inc") is not properly verified in atk/popups/help.inc before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 5) Input passed via e.g. the "plotter" parameter to graph.php is not properly verified in the "atkuse()" function in atk/atktools.inc before being used to include files. This can be exploited to include arbitrary file from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 6) Input passed via the "viewstart" and "viewend" parameters to graph.php (when "atknodetype" is set to "project.project", "plotter" is set to "graph.dataGraphAttribute", "callback" is set to "timeline", and "projectid" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 7) Input passed via the "atkselector" parameter to dispatch.php (when e.g. "atknodetype" is set to "project.project" and "atkaction" is set to "view") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires "Access" permissions for "Project" under "Project management". 8) Input passed via the "viewuser" parameter to dispatch.php (when "atknodetype" is seto to "timereg.hours" and "atkaction" is set to "admin") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires "Access" permission for "Hours" under "Time registration". 9) Input passed via the "startdate" and "enddate" parameters to dispatch.php (when "atknodetype" is set to "reports.hoursurvey" and "atkaction" is set to "report") is not properly sanitised before being used in SQL queries. This can be exploited by manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires "Access" permissions for "Time Survey" under "Reports". The vulnerabilities are confirmed in version 1.4.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-23/ http://secunia.com/secunia_research/2011-24/ http://secunia.com/secunia_research/2011-25/ http://secunia.com/secunia_research/2011-26/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 17:11:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 01:11:49 +0100 Subject: [SEC] [SA43546] SUSE update for tomcat6 Message-ID: <201103240011.p2O0Bn1s000791@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SUSE update for tomcat6 SECUNIA ADVISORY ID: SA43546 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43546/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43546 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43546/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43546/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43546 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for tomcat6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). For more information: SA43194 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0146-1: https://hermes.opensuse.org/messages/7510320 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 17:46:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 01:46:15 +0100 Subject: [SEC] [SA43559] Debian update for pango1.0 Message-ID: <201103240046.p2O0kFtD022557@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Debian update for pango1.0 SECUNIA ADVISORY ID: SA43559 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43559/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43559 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43559/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43559/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43559 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for pango1.0. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA43578 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2178-1: http://www.debian.org/security/2011/dsa-2178 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 18:14:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 02:14:26 +0100 Subject: [SEC] [SA43522] Linux Kernel epoll Denial of Service Vulnerability Message-ID: <201103240114.p2O1EQCe011591@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Linux Kernel epoll Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43522 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43522/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43522 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43522/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43522/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43522 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the epoll implementation, which can be exploited to cause a high CPU consumption via nested epoll structures. The vulnerability is confirmed in version 2.6.37. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Nelson Elhage ORIGINAL ADVISORY: http://thread.gmane.org/gmane.linux.kernel/1105744 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 18:46:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 02:46:10 +0100 Subject: [SEC] [SA43588] Alcatel-Lucent OmniPCX Enterprise Buffer Overflow Vulnerability Message-ID: <201103240146.p2O1kAr1000715@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Alcatel-Lucent OmniPCX Enterprise Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43588 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43588/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43588 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43588/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43588/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43588 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Alcatel-Lucent OmniPCX Enterprise, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the Unified Maintenance Tool web interface when parsing HTTP headers. This can be exploited to cause a stack-based buffer overflow via a specially crafted request. Successful exploitation may allow execution of arbitrary code with the privileges of the "mtcl" user. SOLUTION: Upgrade to version 9.1 or apply patch H1.301.50. PROVIDED AND/OR DISCOVERED BY: An anonymous person via iDefense. ORIGINAL ADVISORY: Alcatel-Lucent: http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011001.pdf iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=896 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 19:11:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 03:11:31 +0100 Subject: [SEC] [SA43570] Moodle Multiple Vulnerabilities Message-ID: <201103240211.p2O2BVg3022069@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Moodle Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43570 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43570/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43570 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43570/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43570/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43570 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Moodle, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions and by malicious people to disclose certain sensitive information and conduct cross-site scripting or cross-site request forgery attacks. 1) Input passed via the "query" parameter to tag/tag_autocomplete.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An error due to the application insecurely storing the IMS enterprise enrol file (imsenterprise-enrol.xml) can be exploited to disclose certain sensitive information. 3) Certain input is not properly sanitised by the media filter before being used. This can be exploited to insert arbitrary HTML and script code which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of this vulnerability requires authentication. These vulnerabilities are reported in versions prior to 1.9.11 and 2.0.2. 4) An error due to the "$CFG->forceloginforprofiles" option not being enforced can be exploited to disclose information about course profiles via search engine indexes or guest user access. 5) Input passed via course tags is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 6) An error within the My Profile block when placed on pages in the user context can be exploited to disclose private information. 7) An error due to insecure default permissions of the "teacher" role providing delete capability can be exploited to delete courses. These vulnerabilities are reported in versions prior to 2.0.2 8) The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to manipulate RSS feeds or mark courses and activities as completed by tricking a user into visiting a malicious web site while being logged in to the application. SOLUTION: Update to version 1.9.11 and 2.0.2. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits gose 2, 3, 5, 6) Reported by the vendor 4) The vendor credits Amr Hourani 7) The vendor credits Patrick Pollet. 8) Reported by the vendor and Dan Poltawski ORIGINAL ADVISORY: MSA-11-0002: http://moodle.org/mod/forum/discuss.php?d=170002 MSA-11-0003: http://moodle.org/mod/forum/discuss.php?d=170003 MSA-11-0004: http://moodle.org/mod/forum/discuss.php?d=170004 MSA-11-0006: http://moodle.org/mod/forum/discuss.php?d=170006 MSA-11-0007: http://moodle.org/mod/forum/discuss.php?d=170008 MSA-11-0008: http://moodle.org/mod/forum/discuss.php?d=170009 MSA-11-0009: http://moodle.org/mod/forum/discuss.php?d=170010 MSA-11-0010: http://moodle.org/mod/forum/discuss.php?d=170011 MSA-11-0011: http://moodle.org/mod/forum/discuss.php?d=170012 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 19:46:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 03:46:14 +0100 Subject: [SEC] [SA43579] Red Hat update for thunderbird Message-ID: <201103240246.p2O2kEbV011393@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for thunderbird SECUNIA ADVISORY ID: SA43579 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43579/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43579 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43579/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43579/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43579 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA43586 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0311-01: https://rhn.redhat.com/errata/RHSA-2011-0311.html RHSA-2011:0374-1: https://rhn.redhat.com/errata/RHSA-2011-0374.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 20:18:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 04:18:53 +0100 Subject: [SEC] [SA43561] Red Hat update for thunderbird Message-ID: <201103240318.p2O3Ir20001022@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for thunderbird SECUNIA ADVISORY ID: SA43561 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43561/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43561 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43561/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43561/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43561 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA43550 SA43586 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0312-01: https://rhn.redhat.com/errata/RHSA-2011-0312.html RHSA-2011:0374-1: https://rhn.redhat.com/errata/RHSA-2011-0374.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 20:45:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 04:45:51 +0100 Subject: [SEC] [SA43435] Ubuntu update for linux and linux-ec2 Message-ID: <201103240345.p2O3jpWP022443@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux and linux-ec2 SECUNIA ADVISORY ID: SA43435 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43435/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43435 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43435/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43435/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43435 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux and linux-ec2. This fixes multiple weaknesses, a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose certain system and potentially sensitive information, bypass certain security restrictions, and gain escalated privileges and by malicious people to cause a DoS. For more information: SA40205 SA42061 SA42126 SA42173 SA42176 SA42570 SA42765 SA43477 1) The vulnerability is caused due to an error within the "sctp_icmp_proto_unreachable()" function in net/sctp/input.c and can be exploited to cause a crash. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1080-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001265.html USN-1080-2: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001268.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 21:11:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 05:11:15 +0100 Subject: [SEC] [SA43568] Red Hat update for kernel Message-ID: <201103240411.p2O4BFao011361@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA43568 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43568/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43568 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43568/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43568/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43568 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and to disclose system information and by malicious people to cause a DoS. For more information: SA39080 SA42035 SA42354 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0303-1: https://rhn.redhat.com/errata/RHSA-2011-0303.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 21:46:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 05:46:14 +0100 Subject: [SEC] [SA43567] Red Hat update for seamonkey Message-ID: <201103240446.p2O4kEo7000627@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for seamonkey SECUNIA ADVISORY ID: SA43567 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43567/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43567 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43567/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43567/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43567 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks and compromise a user's system. For more information: SA43550 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0313-01: https://rhn.redhat.com/errata/RHSA-2011-0313.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 22:11:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 06:11:54 +0100 Subject: [SEC] [SA43569] Ubuntu update for linux Message-ID: <201103240511.p2O5Bs9H021998@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux SECUNIA ADVISORY ID: SA43569 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43569/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43569 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43569/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43569/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43569 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose certain system and potentially sensitive information, bypass certain security restrictions, and gain escalated privileges and by malicious people to cause a DoS. For more information: SA41440 SA41693 SA42061 SA42126 SA42173 SA42176 SA42570 SA42765 SA43477 1) An error within the Econet protocol implementation can be exploited to cause a crash by sending Acorn Universal Networking packets over UDP. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1081-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001266.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 22:46:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 06:46:24 +0100 Subject: [SEC] [SA43615] phpWebSite "local" Cross-Site Scripting Vulnerability Message-ID: <201103240546.p2O5kOho011308@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: phpWebSite "local" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43615 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43615/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43615 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43615/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43615/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43615 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered a vulnerability in phpWebSite, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "local" parameter to javascript/editors/fckeditor/editor/custom.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.7.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/phpWebSite.1.7.1_Reflected.Cross-site.Scripting_131.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 23 23:11:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 07:11:12 +0100 Subject: [SEC] [SA43587] syslog-ng Premium Edition Multiple Vulnerabilities Message-ID: <201103240611.p2O6BCT3032592@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: syslog-ng Premium Edition Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43587 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43587/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43587 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43587/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43587/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43587 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: BalaBit has acknowledged multiple vulnerabilities in syslog-ng Premium Edition, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, and potentially compromise a vulnerable system. For more information: SA34267 SA37291 SA42473 The vulnerabilities are reported in versions prior to 3.0.7a and 3.2.1b. CVE-2008-4316 only affects versions prior to 3.0.7a. SOLUTION: Update to version 3.0.7a or 3.2.1b. ORIGINAL ADVISORY: https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-February/000107.html https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-February/000111.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 11:33:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 19:33:24 +0100 Subject: [SEC] [SA43860] IBM Lotus Domino Server Controller Authentication Bypass Vulnerability Message-ID: <201103241833.p2OIXOwK015629@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: IBM Lotus Domino Server Controller Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA43860 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43860/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43860 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43860/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43860/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43860 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Lotus Domino, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the Server Controller authentication mechanism, which does not properly verify the COOKIEFILE path before using it to retrieve a user's credentials. This can be exploited to bypass the authentication mechanism by providing a malicious UNC path to COOKIEFILE. Successful exploitation may allow execution of arbitrary code. SOLUTION: Restrict access to the affected service to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Patrik Karlsson via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-110/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 12:31:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 20:31:19 +0100 Subject: [SEC] [SA43877] Advantech WebAccess Network Service Component Code Execution Vulnerability Message-ID: <201103241931.p2OJVJfU005989@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Advantech WebAccess Network Service Component Code Execution Vulnerability SECUNIA ADVISORY ID: SA43877 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43877/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43877 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43877/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43877/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43877 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ruben Santamarta has discovered a vulnerability in Advantech WebAccess, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the WebAccess Network Service (webvrpcs.exe) when processing certain RPC calls. This can be exploited to manipulate certain function pointers and execute arbitrary code by sending specially crafted RPC requests to TCP port 4592. The vulnerability is confirmed in version 7.0-2010.05.06. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: Ruben Santamarta ORIGINAL ADVISORY: http://www.reversemode.com/index.php?option=com_content&task=view&id=72&Itemid=1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 13:31:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 21:31:23 +0100 Subject: [SEC] [SA43827] Nokia E75 Lock Code Bypass Vulnerability Message-ID: <201103242031.p2OKVNlf028856@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Nokia E75 Lock Code Bypass Vulnerability SECUNIA ADVISORY ID: SA43827 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43827/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43827 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43827/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43827/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43827 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Nokia E75, which can be exploited by malicious people with physical access to bypass certain security restrictions. The vulnerability is caused due to an unspecified error, which can be exploited to bypass the lock code feature and allow access to the device by pressing a certain key sequence during the boot process. The vulnerability is reported in firmware prior to 211.12.01. SOLUTION: Update to firmware 211.12.01 or later. PROVIDED AND/OR DISCOVERED BY: Markus Heikkil?, Nixu Oy via CERT-FI. ORIGINAL ADVISORY: http://www.cert.fi/en/reports/2011/vulnerability410355.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 14:31:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 22:31:11 +0100 Subject: [SEC] [SA43826] VLC Media Player Large Video Dimension Vulnerability Message-ID: <201103242131.p2OLVBtR019305@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: VLC Media Player Large Video Dimension Vulnerability SECUNIA ADVISORY ID: SA43826 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43826/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43826 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43826/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43826/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43826 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when processing video files with large dimensions and can be exploited by e.g. tricking a user into opening specially crafted AMV or NSV files. Successful exploitation may allow the execution of arbitrary code. The vulnerability is reported in versions prior to 1.1.8. SOLUTION: Update to version 1.1.8. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Ricardo Narvaja, Core Security Technologies ORIGINAL ADVISORY: VLC 1.1.8 Release Notes: http://www.videolan.org/vlc/releases/1.1.8.html CORE Security Technologies: http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 15:25:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 23:25:00 +0100 Subject: [SEC] [SA43875] Fedora update for mhonarc Message-ID: <201103242225.p2OMP0id009501@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for mhonarc SECUNIA ADVISORY ID: SA43875 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43875/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43875 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43875/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43875/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43875 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for mhonarc. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). For more information: SA42694 SOLUTION: Apply updated packages via the yum utility ("yum update mhonarc"). ORIGINAL ADVISORY: FEDORA-2011-3357: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056523.html FEDORA-2011-3390: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056561.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 15:46:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Mar 2011 23:46:40 +0100 Subject: [SEC] [SA43874] Fedora update for postfix Message-ID: <201103242246.p2OMke4m030642@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for postfix SECUNIA ADVISORY ID: SA43874 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43874/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43874 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43874/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43874/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43874 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for postfix. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data. For more information: SA43646 SOLUTION: Apply updated packages via the yum utility ("yum update postfix"). ORIGINAL ADVISORY: FEDORA-2011-3355: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html FEDORA-2011-3394: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 16:10:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 00:10:55 +0100 Subject: [SEC] [SA43793] MediaScripts Social Media "view" File Inclusion Vulnerability Message-ID: <201103242310.p2ONAtrw019494@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: MediaScripts Social Media "view" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA43793 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43793/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43793 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43793/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43793/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43793 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in MediaScripts Social Media, which can be exploited by malicious people to disclose sensitive information. Input passed via the "view" parameter to index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences. The vulnerability is reported in version 2.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Harri Johansson OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 16:46:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 00:46:25 +0100 Subject: [SEC] [SA43838] Drupal Webform Block Module Script Insertion Vulnerability Message-ID: <201103242346.p2ONkP5d008854@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Drupal Webform Block Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43838 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43838/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43838 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43838/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43838/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43838 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dylan Wilder-Tack has reported a vulnerability in the Webform Block module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input related to the title of a webform block is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires privileges to create or edit webforms. The vulnerability is reported in versions prior to 6.x-1.2. SOLUTION: Update to version 6.x-1.2. PROVIDED AND/OR DISCOVERED BY: Dylan Wilder-Tack (grendzy), Drupal Security Team. ORIGINAL ADVISORY: SA-CONTRIB-2011-014: http://drupal.org/node/1103122 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 17:11:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 01:11:52 +0100 Subject: [SEC] [SA43795] Debian update for wireshark Message-ID: <201103250011.p2P0BqmI030178@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Debian update for wireshark SECUNIA ADVISORY ID: SA43795 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43795/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43795 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43795/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43795/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43795 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for wireshark. This fixes several vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA43554 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2201-1: http://www.debian.org/security/2011/dsa-2201 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 17:46:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 01:46:16 +0100 Subject: [SEC] [SA43862] XMB Cross-Site Request Forgery Vulnerability Message-ID: <201103250046.p2P0kGOr019478@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: XMB Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA43862 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43862/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43862 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43862/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43862/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43862 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in XMB, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change an administrator's email address by tricking a logged in administrative user into visiting a malicious web site. The vulnerability is confirmed in version 1.9.11.11. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: Thomas Silverfish OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 18:13:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 02:13:58 +0100 Subject: [SEC] [SA43876] HP StorageWorks P4000 Virtual SAN Appliance Software Buffer Overflow Message-ID: <201103250113.p2P1Dwrp008506@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: HP StorageWorks P4000 Virtual SAN Appliance Software Buffer Overflow SECUNIA ADVISORY ID: SA43876 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43876/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43876 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43876/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43876/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43876 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP StorageWorks P4000 Virtual SAN Appliance Software, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within hydra.exe when parsing a login request. This can be exploited to cause a stack-based buffer overflow via an overly long string sent to TCP port 13838. Successful exploitation may allow execution of arbitrary code. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Nicolas Gregoire, Agarri via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-111/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 18:46:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 02:46:28 +0100 Subject: [SEC] [SA43864] SUSE update for flash-player Message-ID: <201103250146.p2P1kSRe030122@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SUSE update for flash-player SECUNIA ADVISORY ID: SA43864 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43864/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43864 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43864/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43864/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43864 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for flash-player. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA43751 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0215-1: https://hermes.opensuse.org/messages/7722692 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 19:11:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 03:11:07 +0100 Subject: [SEC] [SA43873] SUSE update for pango Message-ID: <201103250211.p2P2B716018994@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SUSE update for pango SECUNIA ADVISORY ID: SA43873 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43873/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43873 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43873/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43873/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43873 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for pango. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA42934 SA43578 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0216-1: https://hermes.opensuse.org/messages/7723091 openSUSE-SU-2011:0221-1: http://lists.opensuse.org/opensuse-updates/2011-03/msg00019.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 19:46:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 03:46:03 +0100 Subject: [SEC] [SA43832] Apple iPhone iOS "OfficeArtMetafileHeader" Parsing Vulnerability Message-ID: <201103250246.p2P2k3eY008328@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Apple iPhone iOS "OfficeArtMetafileHeader" Parsing Vulnerability SECUNIA ADVISORY ID: SA43832 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43832/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43832 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43832/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43832/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43832 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apple iPhone iOS, which can be exploited by malicious people to compromise a vulnerable device. For more information see vulnerability #29 in: SA43814 The vulnerability is reported in iOS 4.3 running on iPhone 4. Other versions may also be affected. SOLUTION: Do not browse untrusted websites. PROVIDED AND/OR DISCOVERED BY: Charlie Miller and Dion Blazakis via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-109/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 20:18:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 04:18:33 +0100 Subject: [SEC] [SA43454] Ubuntu update for linux-lts-backport-maverick Message-ID: <201103250318.p2P3IXP1030453@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-lts-backport-maverick SECUNIA ADVISORY ID: SA43454 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43454/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43454 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43454/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43454/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43454 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-lts-backport-maverick. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), expose system and potentially sensitive information, bypass certain security restrictions, gain escalated privileges, and conduct DNS cache poisoning attacks and by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA37590 SA38499 SA39490 SA39982 SA40205 SA40691 SA40965 SA41002 SA41234 SA41245 SA41263 SA41284 SA41378 SA41440 SA41462 SA41493 SA41650 SA41693 SA41881 SA42148 SA42172 SA42354 SA42758 SA43541 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1083-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001269.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 20:46:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 04:46:13 +0100 Subject: [SEC] [SA43620] syslog-ng Premium Edition Multiple Vulnerabilities Message-ID: <201103250346.p2P3kDFL019439@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: syslog-ng Premium Edition Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43620 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43620/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43620 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43620/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43620/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43620 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: BalaBit has acknowledged multiple vulnerabilities in syslog-ng Premium Edition, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. For more information: SA37291 SA42473 SOLUTION: Update to version 4.0.1a. ORIGINAL ADVISORY: https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-February/000108.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 21:11:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 05:11:44 +0100 Subject: [SEC] [SA43584] xtcModified eCommerce Shopsoftware Multiple Vulnerabilities Message-ID: <201103250411.p2P4Bi30008366@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: xtcModified eCommerce Shopsoftware Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43584 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43584/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43584 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43584/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43584/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43584 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in xtcModified eCommerce Shopsoftware, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via the URL to admin/categories.php and to admin/orders.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session. 2) The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. add an administrative user by tricking an administrator into visiting a malicious web site while being logged-in to the application. NOTE: This can also be exploited to conduct script insertion attacks. The vulnerabilities are confirmed in version 1.05. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge (HTB22863): http://www.htbridge.ch/advisory/xss_vulnerability_in_xtcmodified.html High-Tech Bridge (HTB22864): http://www.htbridge.ch/advisory/xss_vulnerability_in_xtcmodified_1.html High-Tech Bridge (HTB22865): http://www.htbridge.ch/advisory/xss_vulnerability_in_xtcmodified_2.html High-Tech Bridge (HTB22866): http://www.htbridge.ch/advisory/xss_vulnerability_in_xtcmodified_3.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 21:47:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 05:47:02 +0100 Subject: [SEC] [SA43600] HP-UX update for OpenSSL Message-ID: <201103250447.p2P4l2HX030116@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: HP-UX update for OpenSSL SECUNIA ADVISORY ID: SA43600 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43600/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43600 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43600/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43600/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43600 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has issued an update for OpenSSL in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise an application using the library. For more information: SA42243 SA42473 The vulnerabilities are reported in HP-UX versions B.11.11, B.11.23, and B.11.31 running OpenSSL versions prior to vA.00.09.08q. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: HPSBUX02638 SSRT100339: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02737002 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 22:11:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 06:11:34 +0100 Subject: [SEC] [SA43612] Support Incident Tracker Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201103250511.p2P5BYdg018991@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Support Incident Tracker Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43612 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43612/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43612 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43612/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43612/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43612 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered multiple vulnerabilities in Support Incident Tracker, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "url" parameter to lib/magpierss/scripts/magpie_debug.php and lib/magpierss/scripts/magpie_simple.php, "rss_url" parameter to lib/magpierss/scripts/magpie_slashbox.php, and "ax" parameter to feedback.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 3.62. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/Support.Incident.Tracker.3.62_Reflected.Cross-site.Scripting_132.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 22:46:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 06:46:03 +0100 Subject: [SEC] [SA43608] Drupal Spaces Module Security Bypass Security Issue Message-ID: <201103250546.p2P5k3Eo008303@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Drupal Spaces Module Security Bypass Security Issue SECUNIA ADVISORY ID: SA43608 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43608/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43608 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43608/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43608/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43608 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in the Spaces module for Drupal, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an error when checking permissions in the access plugin for the Views module and can be exploited to access certain restricted pages. NOTE: Drupal's node access system implements additional permission checks and may prevent the page's content from being disclosed. The security issue is reported in versions prior to 6.x-3.1. SOLUTION: Update to version 6.x-3.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Matthew Radcliffe ORIGINAL ADVISORY: SA-CONTRIB-2011-012: http://drupal.org/node/1078936 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 24 23:11:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 07:11:16 +0100 Subject: [SEC] [SA43571] Debian update for pywebdav Message-ID: <201103250611.p2P6BGfE029601@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Debian update for pywebdav SECUNIA ADVISORY ID: SA43571 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43571/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43571 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43571/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43571/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43571 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for pywebdav. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks. For more information: SA43602 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2177-1: http://www.us.debian.org/security/2011/dsa-2177 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 11:31:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 19:31:32 +0100 Subject: [SEC] [SA43866] openC "FORM[profilbild]" Script Insertion Vulnerability Message-ID: <201103251831.p2PIVWSk018254@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: openC "FORM[profilbild]" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43866 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43866/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43866 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43866/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43866/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43866 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered a vulnerability in openC, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "FORM[profilbild]" parameter to index.php is not properly sanitised in templates/profil/tpl.form_persoenlich.php before being displayed to the user. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of the affected site when the malicious profile is viewed. The vulnerability is confirmed in version 1.5.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/OpenCollab.1.4.3_Persistent.Cross-site.Scripting_141.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 12:31:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 20:31:16 +0100 Subject: [SEC] [SA43865] openC Multiple Script Insertion Vulnerabilities Message-ID: <201103251931.p2PJVG4e008715@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: openC Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA43865 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43865/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43865 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43865/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43865/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43865 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered multiple vulnerabilities in openC, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "FORM[anrede]", "FORM[titel]", "FORM[vorname]", "FORM[nachname]", "FORM[nickname]", and "FORM[geburtstag]" parameters to index.php is not properly sanitised in templates/profil/tpl.form_persoenlich.php before being displayed to the user. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of the affected site when the malicious profile is viewed. Note: Other scripts in the "profile" section are also affected. The vulnerabilities are confirmed in version 1.5.0. Prior versions may also be affected. SOLUTION: Update to version 1.5.1. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/OpenCollab.1.4.3_Persistent.Cross-site.Scripting_141.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 13:31:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 21:31:36 +0100 Subject: [SEC] [SA43869] Group-Office Cross-Site Request Forgery Vulnerability Message-ID: <201103252031.p2PKVaca031575@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Group-Office Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA43869 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43869/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43869 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43869/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43869/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43869 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered a vulnerability in Group-Office, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create an administrator account by tricking a logged in user into visiting a malicious web site. The vulnerability is confirmed in version 3.6.31. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged-in to the application with administrator privileges. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools. ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/GroupOffice.3.6.22_Cross-site.Request.Forgery_136.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 14:30:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 22:30:55 +0100 Subject: [SEC] [SA43858] Mahara Cross-Site Request Forgery and Script Insertion Vulnerabilities Message-ID: <201103252130.p2PLUtmh022005@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Mahara Cross-Site Request Forgery and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA43858 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43858/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43858 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43858/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43858/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43858 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Mahara, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks. 1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. delete blog posts by tricking a logged in administrative user into visiting a malicious web site. 2) Certain input passed via Pieform select box options is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are reported in versions prior to 1.2.7 and 1.3.4. SOLUTION: Update to version 1.2.7 or 1.3.4. PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. 2) The vendor credits nSense. ORIGINAL ADVISORY: http://mahara.org/interaction/forum/topic.php?id=3208 http://mahara.org/interaction/forum/topic.php?id=3206 http://mahara.org/interaction/forum/topic.php?id=3205 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 15:25:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 23:25:11 +0100 Subject: [SEC] [SA43868] netjukebox "skin" Cross-Site Scripting Vulnerability Message-ID: <201103252225.p2PMPBD6012220@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: netjukebox "skin" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43868 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43868/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43868 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43868/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43868/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43868 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered a vulnerability in netjukebox, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "skin" parameter in message.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 5.25.4. Prior versions may also be affected. SOLUTION: Update to version 5.26. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/netjukebox.5.25_Reflected.Cross-site.Scripting_140.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 15:46:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Mar 2011 23:46:39 +0100 Subject: [SEC] [SA43881] Fedora update for krb5 Message-ID: <201103252246.p2PMkdwk000875@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for krb5 SECUNIA ADVISORY ID: SA43881 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43881/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43881 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43881/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43881/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43881 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA43783 SOLUTION: Apply updated packages via the yum utility ("yum update krb5"). ORIGINAL ADVISORY: FEDORA-2011-3464: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056573.html FEDORA-2011-3462: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056579.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 16:11:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Mar 2011 00:11:02 +0100 Subject: [SEC] [SA43822] Loggerhead Filename Script Insertion Vulnerability Message-ID: <201103252311.p2PNB2Kw022205@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Loggerhead Filename Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43822 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43822/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43822 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43822/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43822/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43822 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: daveb has reported a vulnerability in loggerhead, which can be exploited by malicious users to conduct script insertion attacks. Input related to the filename is not properly sanitised in loggerhead/templatefunctions.py before being used to display a filename in a revision view. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability has been reported in version 1.18. Prior versions may also be affected. SOLUTION: Update to version 1.18.1. PROVIDED AND/OR DISCOVERED BY: Reported by daveb in a bug report. ORIGINAL ADVISORY: https://launchpad.net/loggerhead/1.18/1.18.1 https://bugs.launchpad.net/loggerhead/+bug/740142 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 16:46:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Mar 2011 00:46:50 +0100 Subject: [SEC] [SA43834] SyndeoCMS Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201103252346.p2PNko47011575@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SyndeoCMS Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43834 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43834/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43834 RELEASE DATE: 2011-03-26 DISCUSS ADVISORY: http://secunia.com/advisories/43834/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43834/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43834 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in SyndeoCMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed to the "speed" parameter in starnet/addons/scroll_page.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "loc_id" parameter in starnet/addons/page_slideshow.php and in starnet/addons/tv.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed to the "user_username" parameter in index.php (when "option" is set to "userlogin" or "save_new_password") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and e.g. log-in as an arbitrary user. The vulnerabilities are confirmed in version 2.9.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA. ORIGINAL ADVISORY: High-Tech Bridge SA: http://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_syndeocms.html http://www.htbridge.ch/advisory/sql_injection_in_syndeocms.html http://www.htbridge.ch/advisory/xss_in_syndeocms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 17:11:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Mar 2011 01:11:55 +0100 Subject: [SEC] [SA38748] Citrix Products ActiveSync Service Denial of Service Vulnerability Message-ID: <201103260011.p2Q0Bt1K000393@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Citrix Products ActiveSync Service Denial of Service Vulnerability SECUNIA ADVISORY ID: SA38748 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/38748/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=38748 RELEASE DATE: 2011-03-26 DISCUSS ADVISORY: http://secunia.com/advisories/38748/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/38748/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=38748 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AbdulAziz Hariri has discovered a vulnerability in various Citrix products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an input validation error in the processing of packets sent to the Citrix ActiveSync Service (ctxactivesync.exe) and can be exploited to cause the service to crash. The vulnerability is reported in the following products (confirmed in XenApp 5.0 ctxactivesync.exe 4.5.4200.1): * Citrix XenApp 5 * Citrix Presentation Server 4.5 * Citrix Access Essentials 2.0 SOLUTION: Apply hotfix (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: AbdulAziz Hariri via Secunia ORIGINAL ADVISORY: Citrix: http://support.citrix.com/article/CTX128366 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 17:46:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Mar 2011 01:46:32 +0100 Subject: [SEC] [SA43883] Python urllib.request "file://" Redirect Security Issue Message-ID: <201103260046.p2Q0kWP5022180@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Python urllib.request "file://" Redirect Security Issue SECUNIA ADVISORY ID: SA43883 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43883/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43883 RELEASE DATE: 2011-03-26 DISCUSS ADVISORY: http://secunia.com/advisories/43883/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43883/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43883 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Python, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). The security issue is caused due to the urllib.request redirect handling allowing "file://" URL schemes, which can be exploited to e.g. disclose potentially sensitive information or cause a high resource consumption by returning specially crafted HTTP redirect responses to a Python application using the urllib.request module. SOLUTION: Restrict "file://" URL schemes using a firewall with filtering capabilities. PROVIDED AND/OR DISCOVERED BY: Reported to the vendor by an unknown person. ORIGINAL ADVISORY: Python Bug #11662: http://bugs.python.org/issue11662 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 18:13:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Mar 2011 02:13:55 +0100 Subject: [SEC] [SA43831] Python urllib/urllib2 "file://" Redirect Security Issue Message-ID: <201103260113.p2Q1DtP4011182@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Python urllib/urllib2 "file://" Redirect Security Issue SECUNIA ADVISORY ID: SA43831 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43831/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43831 RELEASE DATE: 2011-03-26 DISCUSS ADVISORY: http://secunia.com/advisories/43831/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43831/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43831 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Python, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). The security issue is caused due to the urllib/urlib2 redirect handling allowing "file://" URL schemes, which can be exploited to e.g. disclose potentially sensitive information or cause a high resource consumption by returning specially crafted HTTP redirect responses to a Python application using the urllib or urllib2 module. SOLUTION: Restrict "file://" URL schemes using a firewall with filtering capabilities. PROVIDED AND/OR DISCOVERED BY: Reported to the vendor by an unknown person. ORIGINAL ADVISORY: Python Bug #11662: http://bugs.python.org/issue11662 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 18:46:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Mar 2011 02:46:11 +0100 Subject: [SEC] [SA43841] Linux Kernel "iriap_getvaluebyclass_indication()" Buffer Overflows Message-ID: <201103260146.p2Q1kBJk000323@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Linux Kernel "iriap_getvaluebyclass_indication()" Buffer Overflows SECUNIA ADVISORY ID: SA43841 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43841/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43841 RELEASE DATE: 2011-03-26 DISCUSS ADVISORY: http://secunia.com/advisories/43841/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43841/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43841 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerabilities are caused due to boundary errors within the "iriap_getvaluebyclass_indication()" function in net/irda/iriap.c, which can be exploited to cause stack-based buffer overflows via overly long names or attributes. SOLUTION: Do not use IrDA to interface with untrusted devices. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: http://permalink.gmane.org/gmane.linux.network/190145 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 19:10:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Mar 2011 03:10:55 +0100 Subject: [SEC] [SA43819] Avaya IP Office Manager TFTP Denial of Service Vulnerability Message-ID: <201103260210.p2Q2AtMq021656@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Avaya IP Office Manager TFTP Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43819 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43819/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43819 RELEASE DATE: 2011-03-26 DISCUSS ADVISORY: http://secunia.com/advisories/43819/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43819/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43819 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Avaya IP Office Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing TFTP requests and can be exploited to cause the service to terminate via a specially crafted packet. Successful exploitation requires the Manager application to be running. The vulnerability is confirmed in version 8.1 (5). Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only (e.g. via MAC-based network access control lists). PROVIDED AND/OR DISCOVERED BY: Craig Freyman OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 19:46:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Mar 2011 03:46:10 +0100 Subject: [SEC] [SA43859] Google Chrome Multiple Vulnerabilities Message-ID: <201103260246.p2Q2kAY3011010@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43859 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43859/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43859 RELEASE DATE: 2011-03-26 DISCUSS ADVISORY: http://secunia.com/advisories/43859/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43859/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43859 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. 1) An unspecified buffer error exists in the handling of base strings. 2) A use-after-free error exists within the frame loader. 3) A use-after-free error exists within HTMLCollection. 4) An error when handling CSS can lead to a stale pointer. 5) An error when handling broken node parentage can be exploited to corrupt the DOM tree. 6) An error within the handling of SVG text can lead to a stale pointer. The vulnerabilities are reported in versions prior to 10.0.648.204. SOLUTION: Update to version 10.0.648.204. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Alex Turpin. 2) Slawomir Blazek. 3-6) Sergey Glazunov. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 20:17:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Mar 2011 04:17:53 +0100 Subject: [SEC] [SA43871] ClanSphere CKEditor Cross-Site Scripting and File Upload Vulnerabilities Message-ID: <201103260317.p2Q3Hrjd000595@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: ClanSphere CKEditor Cross-Site Scripting and File Upload Vulnerabilities SECUNIA ADVISORY ID: SA43871 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43871/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43871 RELEASE DATE: 2011-03-26 DISCUSS ADVISORY: http://secunia.com/advisories/43871/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43871/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43871 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in ClanSphere, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. 1) Input passed to the "CKEditorFuncNum" parameter in the ClanSphere CKEditor component mods/ckeditor/filemanager/connectors/php/upload.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The ClanSphere CKEditor component mods/ckeditor/filemanager/connectors/php/upload.php allows the upload of files with arbitrary extensions, which can be exploited to upload arbitrary files and e.g. execute arbitrary PHP code. The vulnerabilities are confirmed in 2010.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and file upload is properly restricted. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/ClanSphere.2010.3.-.CKEditor_Arbitrary.Upload_145.html http://www.autosectools.com/Advisories/ClanSphere.2010.3.-.CKEditor_Reflected.Cross-site.Scripting_144.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 20:46:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Mar 2011 04:46:29 +0100 Subject: [SEC] [SA43853] Google Picasa Insecure Library Loading Vulnerability Message-ID: <201103260346.p2Q3kTDb022084@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Google Picasa Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA43853 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43853/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43853 RELEASE DATE: 2011-03-26 DISCUSS ADVISORY: http://secunia.com/advisories/43853/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43853/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43853 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Google Picasa, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening certain files located on a remote WebDAV or SMB share via the "Locate on Disk" functionality. Successful exploitation may allow the execution of arbitrary code. SOLUTION: Update to version 3.8. PROVIDED AND/OR DISCOVERED BY: Makoto Shiotsuki via JPCERT/CC. ORIGINAL ADVISORY: JVN#99977321: http://jvn.jp/en/jp/JVN99977321/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 21:11:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Mar 2011 05:11:18 +0100 Subject: [SEC] [SA43880] SUSE update for kernel Message-ID: <201103260411.p2Q4BI2a010981@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA43880 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43880/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43880 RELEASE DATE: 2011-03-26 DISCUSS ADVISORY: http://secunia.com/advisories/43880/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43880/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43880 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system and sensitive information and gain escalated privileges and by malicious, local users and malicious people to cause a DoS (Denial of Service). For more information: SA40418 SA42035 SA42061 SA42176 SA42684 SA42765 SA43009 SA43358 SA43477 SA43639 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SA:2011:015: http://lists.opensuse.org/opensuse-security-announce/2011-03/msg00005.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 21:46:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Mar 2011 05:46:07 +0100 Subject: [SEC] [SA43585] Red Hat update for libtiff Message-ID: <201103260446.p2Q4k7Y0032699@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for libtiff SECUNIA ADVISORY ID: SA43585 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43585/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43585 RELEASE DATE: 2011-03-26 DISCUSS ADVISORY: http://secunia.com/advisories/43585/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43585/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43585 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for libtiff. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA43593 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0318-01: http://rhn.redhat.com/errata/RHSA-2011-0318.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 25 22:11:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Mar 2011 06:11:29 +0100 Subject: [SEC] [SA43618] HP MFP Digital Sending Software Managed Devices Security Bypass Message-ID: <201103260511.p2Q5BTrJ021597@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: HP MFP Digital Sending Software Managed Devices Security Bypass SECUNIA ADVISORY ID: SA43618 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43618/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43618 RELEASE DATE: 2011-03-26 DISCUSS ADVISORY: http://secunia.com/advisories/43618/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43618/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43618 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP MFP Digital Sending Software, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to an unspecified error and can be exploited to disable authentication for managed devices. This can further be exploited to access the devices from the Digital Sending Software without authentication. The vulnerability is reported in version 4.91.00. SOLUTION: Apply the workaround (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBPI02640 SSRT100410: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02738104 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 28 10:30:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 28 Mar 2011 19:30:52 +0200 Subject: [SEC] [SA43904] SUSE update for openssl Message-ID: <201103281730.p2SHUqB4009513@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SUSE update for openssl SECUNIA ADVISORY ID: SA43904 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43904/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43904 RELEASE DATE: 2011-03-28 DISCUSS ADVISORY: http://secunia.com/advisories/43904/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43904/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43904 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people, to disclose potentially sensitive information or cause a DoS (Denial of Service). For more information: SA43227 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: https://hermes.opensuse.org/messages/7744270 https://hermes.opensuse.org/messages/7744274 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 28 11:30:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 28 Mar 2011 20:30:47 +0200 Subject: [SEC] [SA43912] Feng Office Community Edition Cross-Site Scripting and Arbitrary File Upload Message-ID: <201103281830.p2SIUlHG032377@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Feng Office Community Edition Cross-Site Scripting and Arbitrary File Upload SECUNIA ADVISORY ID: SA43912 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43912/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43912 RELEASE DATE: 2011-03-28 DISCUSS ADVISORY: http://secunia.com/advisories/43912/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43912/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43912 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered multiple vulnerabilities in Feng Office Community Edition, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. 1) Input passed via the "filename" and "slimContent" POST parameters to public/assets/javascript/slimey/save.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The public/assets/javascript/ckeditor/ck_upload_handler.php script does not properly validate uploaded files, which can be exploited to upload files with arbitrary extensions. Successful exploitation of this vulnerability allows the execution of arbitrary PHP code, but requires knowledge of the generated file name (e.g. via enabled directory listings). The vulnerabilities are confirmed in version 1.7.4 Community Edition. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Restrict access to the public/assets/javascript/ckeditor/ck_upload_handler.php (e.g. via .htaccess) or disable directory listings. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools. ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/FengOffice.1.7.4_Reflected.Cross-site.Scripting_148.html http://www.autosectools.com/Advisories/FengOffice.1.7.4_Arbitrary.Upload_149.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 28 12:30:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 28 Mar 2011 21:30:14 +0200 Subject: [SEC] [SA43899] HP Diagnostics Unspecified Cross-Site Scripting Vulnerability Message-ID: <201103281930.p2SJUEFs022812@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: HP Diagnostics Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43899 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43899/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43899 RELEASE DATE: 2011-03-28 DISCUSS ADVISORY: http://secunia.com/advisories/43899/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43899/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43899 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Diagnostics, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions 7.5x and 8.0x. SOLUTION: Apply patch (please see vendor advisory for more details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02649 SSRT100430: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02770512 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 28 13:31:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 28 Mar 2011 22:31:12 +0200 Subject: [SEC] [SA43926] SimplisCMS Multiple Vulnerabilities Message-ID: <201103282031.p2SKVC8L013321@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: SimplisCMS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43926 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43926/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43926 RELEASE DATE: 2011-03-28 DISCUSS ADVISORY: http://secunia.com/advisories/43926/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43926/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43926 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in SimplisCMS, which can be exploited by malicious people to disclose sensitive information and conduct cross-site scripting and SQL injection attacks. 1) Input passed to the "download_file" parameter in admin/index.php (when "action" is set to "do_download" and "section" is set to "pages") is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. 2) Input passed to the "f" parameter in admin/application/plugins/scaffold/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "username" parameter to admin/index.php (when "action" is set to "signin" and "section" is set to "auth") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities have been reported in version 1.0.3.0. Other version may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified and sanitised. PROVIDED AND/OR DISCOVERED BY: NassRawI OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 28 14:24:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 28 Mar 2011 23:24:16 +0200 Subject: [SEC] [SA43932] Doctrine ORM "modifyLimitQuery" SQL Injection Vulnerabilities Message-ID: <201103282124.p2SLOGYp003447@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Doctrine ORM "modifyLimitQuery" SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43932 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43932/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43932 RELEASE DATE: 2011-03-28 DISCUSS ADVISORY: http://secunia.com/advisories/43932/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43932/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43932 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Doctrine Object Relational Mapper (ORM), which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "Doctrine_Connection_Pgsql::modifyLimitQuery()" (Doctrine/Connection/Pgsql.php) and "Doctrine_Connection_Db2::modifyLimitQuery()" (Doctrine/Connection/Db2.php) methods is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in versions prior to 1.2.4. SOLUTION: Update to version 1.2.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.doctrine-project.org/blog/doctrine-security-fix OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 28 14:46:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 28 Mar 2011 23:46:03 +0200 Subject: [SEC] [SA43773] Doctrine DBAL "modifyLimitQuery" SQL Injection Vulnerability Message-ID: <201103282146.p2SLk3Ud024613@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Doctrine DBAL "modifyLimitQuery" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43773 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43773/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43773 RELEASE DATE: 2011-03-28 DISCUSS ADVISORY: http://secunia.com/advisories/43773/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43773/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43773 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in some Doctrine libraries, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "AbstractPlatform::modifyLimitQuery()" method within the DBAL component (Doctrine/DBAL/Platforms/AbstractPlatform.php) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in versions prior to 2.0.3 of the DBAL and ORM libraries. SOLUTION: Update to version 2.0.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.doctrine-project.org/blog/doctrine-security-fix OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 28 15:10:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Mar 2011 00:10:25 +0200 Subject: [SEC] [SA43907] HTML Purifier Multiple Vulnerabilities Message-ID: <201103282210.p2SMAPQP013476@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: HTML Purifier Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43907 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43907/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43907 RELEASE DATE: 2011-03-28 DISCUSS ADVISORY: http://secunia.com/advisories/43907/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43907/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43907 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in HTML Purifier, which can be exploited by malicious people to conduct script insertion attacks and potentially cause a DoS (Denial of Service). 1) Certain input passed e.g. via CDATA and cssText/innerHTML is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. 2) An error exists within the "tokenizeDOM()" function in HTMLPurifier/Lexer/DOMLex.php while handling nested DOM objects. This can be exploited to exhaust the stack space and e.g. cause a crash. The vulnerabilities are reported in versions prior to 4.3.0. SOLUTION: Update to version 4.3.0. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Neike Taika-Tessaro and Mario Heiderich. 2) Reported by the vendor. ORIGINAL ADVISORY: http://htmlpurifier.org/news/2011/0327-4.3.0-released OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 28 15:24:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Mar 2011 00:24:39 +0200 Subject: [SEC] [SA43835] Ubuntu update for linux-mvl-dove Message-ID: <201103282224.p2SMOdrX001843@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-mvl-dove SECUNIA ADVISORY ID: SA43835 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43835/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43835 RELEASE DATE: 2011-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/43835/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43835/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43835 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-mvl-dove. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive and system information, bypass certain security restrictions, and to gain escalated privileges and by malicious, local user and malicious people to cause a DoS (Denial of Service). For more information: SA41002 SA41245 SA41263 SA41284 SA41378 SA41440 SA41493 SA41650 SA41881 SA42035 SA42061 SA42094 SA42126 SA42172 SA42173 SA42176 SA42187 SA42354 SA42570 SA42765 SA42801 SA43435 SA43477 SA43541 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1093-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001285.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 28 15:45:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Mar 2011 00:45:34 +0200 Subject: [SEC] [SA43840] Ubuntu update for linux-source Message-ID: <201103282245.p2SMjYSV022992@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-source SECUNIA ADVISORY ID: SA43840 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43840/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43840 RELEASE DATE: 2011-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/43840/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43840/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43840 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-source. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information and to cause a DoS (Denial of Service). For more information: SA42061 SA42176 SA42187 SA42801 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1092-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-March/001284.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 28 16:11:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Mar 2011 01:11:17 +0200 Subject: [SEC] [SA43896] Debian update for imp4 Message-ID: <201103282311.p2SNBHv4011929@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Debian update for imp4 SECUNIA ADVISORY ID: SA43896 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43896/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43896 RELEASE DATE: 2011-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/43896/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43896/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43896 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for imp4. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA41627 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2204-1: http://lists.debian.org/debian-security-announce/2011/msg00072.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 28 16:45:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Mar 2011 01:45:28 +0200 Subject: [SEC] [SA43893] EMC Data Protection Advisor Collector Privilege Escalation Vulnerability Message-ID: <201103282345.p2SNjSpl001179@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: EMC Data Protection Advisor Collector Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA43893 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43893/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43893 RELEASE DATE: 2011-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/43893/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43893/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43893 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in EMC Data Protection Advisor, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The vulnerability is caused due to insecure permissions on certain files, which can be exploited to execute arbitrary code. The vulnerability is reported in versions prior to 5.7 Build 5833 and 5.7.1 Build 5833 running on Solaris SPARC. SOLUTION: Update to version 5.7 (Build 5833), 5.7.1 (Build 5833), 5.7 Patch DPA-8873, or 5.7.1 Patch DPA-8873. PROVIDED AND/OR DISCOVERED BY: The vendor credits Stefan Wuensch, Harvard University. ORIGINAL ADVISORY: ESA-2011-010: http://archives.neohapsis.com/archives/bugtraq/2011-03/att-0261/ESA-2011-010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 28 17:13:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Mar 2011 02:13:50 +0200 Subject: [SEC] [SA43891] Fedora update for libcgroup Message-ID: <201103290013.p2T0DoXW022679@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for libcgroup SECUNIA ADVISORY ID: SA43891 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43891/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43891 RELEASE DATE: 2011-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/43891/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43891/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43891 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for libcgroup. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges. For more information: SA43611 SOLUTION: Apply updated packages via the yum utility ("yum update libcgroup"). ORIGINAL ADVISORY: FEDORA-2011-2631: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 28 17:45:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Mar 2011 02:45:25 +0200 Subject: [SEC] [SA43903] Fedora update for gnash Message-ID: <201103290045.p2T0jPPA011874@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for gnash SECUNIA ADVISORY ID: SA43903 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43903/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43903 RELEASE DATE: 2011-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/43903/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43903/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43903 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for gnash. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA42416 SOLUTION: Apply updated packages via the yum utility ("yum update gnash"). ORIGINAL ADVISORY: FEDORA-2011-3658: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056780.html FEDORA-2011-3662: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056787.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 28 18:10:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Mar 2011 03:10:34 +0200 Subject: [SEC] [SA43887] Xerox WorkCentre Samba SMB1 Packet Chaining Vulnerability Message-ID: <201103290110.p2T1AYLc000701@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Xerox WorkCentre Samba SMB1 Packet Chaining Vulnerability SECUNIA ADVISORY ID: SA43887 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43887/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43887 RELEASE DATE: 2011-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/43887/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43887/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43887 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Xerox has acknowledged a vulnerability in Xerox WorkCentre, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA40145 The vulnerability is reported in versions 5735, 5740, 5745, 5755, 5765, 5775, and 5790. SOLUTION: Apply patch P47. ORIGINAL ADVISORY: XRX11-002: http://www.xerox.com/downloads/usa/en/c/cert_XRX11-002_v1.0.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 29 10:32:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Mar 2011 19:32:16 +0200 Subject: [SEC] [SA43895] Ays Blog "id" SQL Injection Vulnerability Message-ID: <201103291732.p2THWGJA000765@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Ays Blog "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43895 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43895/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43895 RELEASE DATE: 2011-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/43895/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43895/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43895 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Ays Blog, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to index.php (when "page" is set to "6") is not properly sanitised in sayfalar/blogger.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 1.6. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: kurdish hackers team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 29 11:30:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Mar 2011 20:30:57 +0200 Subject: [SEC] [SA43886] Easy File Sharing Web Server Authentication Bypass Vulnerability Message-ID: <201103291830.p2TIUvkH023617@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Easy File Sharing Web Server Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA43886 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43886/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43886 RELEASE DATE: 2011-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/43886/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43886/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43886 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in Easy File Sharing Web Server, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the authentication mechanism, which can be exploited to bypass the authentication mechanism by setting the "UserID" cookie to an arbitrary value. The vulnerability is confirmed in version 5.8. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools. ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/Easy.File.Sharing.Web.Server.Version.5.8_Authentication.Bypass_157.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 29 12:32:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Mar 2011 21:32:34 +0200 Subject: [SEC] [SA43850] ICONICS GENESIS32 / GENESIS64 Multiple Vulnerabilities Message-ID: <201103291932.p2TJWYJ1014149@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: ICONICS GENESIS32 / GENESIS64 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43850 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43850/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43850 RELEASE DATE: 2011-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/43850/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43850/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43850 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported multiple vulnerabilities in ICONICS GENESIS32 and GENESIS64, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) Some errors in the GenBroker service when processing certain commands can be exploited to reference an invalid pointer and potentially corrupt memory via specially crafted packets sent to TCP port 38080. 2) Some input validation errors in the GenBroker service due to trusting certain size values when processing various commands can be exploited to cause a heap-based buffer overflow via specially crafted packets sent to TCP port 38080. The vulnerabilities are reported in the following products: * GENESIS32 version 9.21. * GENESIS64 version 10.51. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/genesis_1-adv.txt http://aluigi.altervista.org/adv/genesis_2-adv.txt http://aluigi.altervista.org/adv/genesis_3-adv.txt http://aluigi.altervista.org/adv/genesis_4-adv.txt http://aluigi.altervista.org/adv/genesis_5-adv.txt http://aluigi.altervista.org/adv/genesis_6-adv.txt http://aluigi.altervista.org/adv/genesis_7-adv.txt http://aluigi.altervista.org/adv/genesis_8-adv.txt http://aluigi.altervista.org/adv/genesis_9-adv.txt http://aluigi.altervista.org/adv/genesis_10-adv.txt http://aluigi.altervista.org/adv/genesis_11-adv.txt http://aluigi.altervista.org/adv/genesis_12-adv.txt http://aluigi.altervista.org/adv/genesis_13-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 29 13:31:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Mar 2011 22:31:33 +0200 Subject: [SEC] [SA43910] PyroCMS "website" Script Insertion Vulnerability Message-ID: <201103292031.p2TKVXwp004553@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: PyroCMS "website" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43910 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43910/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43910 RELEASE DATE: 2011-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/43910/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43910/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43910 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in PyroCMS, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the "website" parameter to index.php when posting blog comments is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed. The vulnerability is confirmed in version 1.1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools. ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/PyroCMS.1.1.0_Persistent.Cross-site.Scripting_146.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 29 14:25:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Mar 2011 23:25:42 +0200 Subject: [SEC] [SA43917] Red Hat update for libvirt Message-ID: <201103292125.p2TLPglI027178@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for libvirt SECUNIA ADVISORY ID: SA43917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43917 RELEASE DATE: 2011-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/43917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for libvirt. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA43670 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0391-1: https://rhn.redhat.com/errata/RHSA-2011-0391.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 29 14:46:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Mar 2011 23:46:00 +0200 Subject: [SEC] [SA43916] Red Hat update for gdm Message-ID: <201103292146.p2TLk0fj015844@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for gdm SECUNIA ADVISORY ID: SA43916 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43916/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43916 RELEASE DATE: 2011-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/43916/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43916/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43916 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for gdm. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA43854 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0395-1: https://rhn.redhat.com/errata/RHSA-2011-0395.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 29 15:11:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 30 Mar 2011 00:11:45 +0200 Subject: [SEC] [SA43870] Froxlor Script Insertion and SQL Injection Vulnerabilities Message-ID: <201103292211.p2TMBj6q004758@CRON-IX-2.intnet> ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Froxlor Script Insertion and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43870 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43870/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43870 RELEASE DATE: 2011-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/43870/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43870/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43870 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Froxlor, which can be exploited by malicious users to conduct script insertion and SQL injection attacks. 1) Certain input passed to the ticket reply functionality is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Certain input passed to the ticket search functionality is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in versions prior to 0.9.19. SOLUTION: Update to version 0.9.19. PROVIDED AND/OR DISCOVERED BY: The vendor credits tomreyn. ORIGINAL ADVISORY: http://forum.froxlor.org/index.php?/topic/892-release-froxlor-0919/ http://redmine.froxlor.org/issues/674 http://git.froxlor.org/?p=froxlor.git;a=commit;h=5e0c641a022b80b5e7f3db921c834ba6ee5e7a35 http://git.froxlor.org/?p=froxlor.git;a=commit;h=0f4695a43f0b20e88c89db9230058872457fbbcd OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service