Spyware, viruses, & security : VULNERABILITIES \ FIXES - June 19, 2009
- 6/19/09 6:49 AM
VULNERABILITIES \ FIXES - June 19, 2009
by Marianna Schmudlach - 6/19/09 6:49 AM
Sun Solaris TCP/IP Networking Stack Denial of Service
Release Date: 2009-06-19
Critical:
Less critical
Impact: DoS
Where: From local network
Solution Status: Vendor Patch
OS: Sun Solaris 10
Description:
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the TCP/IP networking stack related to the Cassini Gigabit-Ethernet Device Driver when handling jumbo frames and can be exploited to crash the system.
Successful exploitation requires that a system uses a GigaSwift Ethernet Adapter interface configured to accept jumbo frames with hardware check-summing enabled.
http://secunia.com/advisories/35507/
PukiWikiMod Cross-Site Scripting Vulnerability
by Marianna Schmudlach - 6/19/09 6:50 AM
In reply to: VULNERABILITIES \ FIXES - June 19, 2009 by Marianna Schmudlach
Release Date: 2009-06-19
Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: PukiWikiMod 1.x
Description:
A vulnerability has been reported in PukiWikiMod, which can be exploited by malicious people to conduct cross-site scripting attacks.
Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is reported in version 1.6.6.2 and prior.
http://secunia.com/advisories/35504/
Red Hat update for cyrus-imapd
by Marianna Schmudlach - 6/19/09 6:51 AM
In reply to: VULNERABILITIES \ FIXES - June 19, 2009 by Marianna Schmudlach
Release Date: 2009-06-19
Critical:
Moderately critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch
OS: Red Hat Enterprise Linux 5 (Server)
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux Desktop Workstation 5
Red Hat Enterprise Linux ES 4
Red Hat Enterprise Linux WS 4
Description:
Red Hat has issued an update for cyrus-imapd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
http://secunia.com/advisories/35497/
WebNMS "type" Cross-Site Scripting Vulnerability
by Marianna Schmudlach - 6/19/09 6:52 AM
In reply to: VULNERABILITIES \ FIXES - June 19, 2009 by Marianna Schmudlach
Release Date: 2009-06-19
Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched
Software: WebNMS 5.x
Description:
Yogesh Kulkarni has discovered a vulnerability in WebNMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "type" parameter in report/ReportViewAction.do is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is confirmed in WebNMS Free Edition 5. Other versions may also be affected.
http://secunia.com/advisories/35495/
Debian update for vlc
by Marianna Schmudlach - 6/19/09 6:53 AM
In reply to: VULNERABILITIES \ FIXES - June 19, 2009 by Marianna Schmudlach
Release Date: 2009-06-19
Critical:
Highly critical
Impact: Privilege escalation
DoS
System access
Where: From remote
Solution Status: Vendor Patch
OS: Debian GNU/Linux 4.0
Description:
Debian has issued an update for vlc. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to compromise a user's system.
http://secunia.com/advisories/35460/
Debian update for gforge
by Marianna Schmudlach - 6/19/09 6:54 AM
In reply to: VULNERABILITIES \ FIXES - June 19, 2009 by Marianna Schmudlach
Release Date: 2009-06-19
Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data
Where: From remote
Solution Status: Vendor Patch
OS: Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Description:
Debian has issued an update for gforge. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
http://secunia.com/advisories/35458/
Debian update for xulrunner
by Marianna Schmudlach - 6/19/09 6:55 AM
In reply to: VULNERABILITIES \ FIXES - June 19, 2009 by Marianna Schmudlach
Release Date: 2009-06-19
Critical:
Highly critical
Impact: Security Bypass
Spoofing
Exposure of sensitive information
DoS
System access
Where: From remote
Solution Status: Vendor Patch
OS: Debian GNU/Linux 5.0
Description:
Debian has issued an update for xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or to compromise a vulnerable system.
http://secunia.com/advisories/35446/
PHP "exif_read_data()" Denial of Service
by Marianna Schmudlach - 6/19/09 6:56 AM
In reply to: VULNERABILITIES \ FIXES - June 19, 2009 by Marianna Schmudlach
Release Date: 2009-06-19
Critical:
Less critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: PHP 5.2.x
Description:
A vulnerability has been reported in PHP, which can potentially be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an input validation error in the "exif_read_data()" function, which can be exploited to cause a crash when a specially crafted jpg image is being processed.
The vulnerability is reported in versions prior to 5.2.10.
http://secunia.com/advisories/35441/
Sun Solaris Ultra-SPARC T2 Crypto Provider Device Driver Vul
by Marianna Schmudlach - 6/19/09 6:56 AM
In reply to: VULNERABILITIES \ FIXES - June 19, 2009 by Marianna Schmudlach
Release Date: 2009-06-19
Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
OS: Sun Solaris 10
Description:
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users and potentially malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a memory leak in the Solaris Ultra-SPARC T2 crypto provider device driver.
http://secunia.com/advisories/35403/
xcftools "flattenIncrementally()" Buffer Overflow Vulnerabil
by Marianna Schmudlach - 6/19/09 6:57 AM
In reply to: VULNERABILITIES \ FIXES - June 19, 2009 by Marianna Schmudlach
Release Date: 2009-06-19
Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: xcftools 1.x
Description:
A vulnerability has been reported in xcftools, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to a boundary error within the "flattenIncrementally()" function in flatten.c. This can be exploited to cause a stack-based buffer overflow by tricking a user into e.g. running the xcf2pnm utility with the "-C" or "-O" options against a specially crafted image.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 1.0.4. Other versions may also be affected.
http://secunia.com/advisories/35397/
Sun Solaris Event Port API Race Condition Vulnerabilities
by Marianna Schmudlach - 6/19/09 6:58 AM
In reply to: VULNERABILITIES \ FIXES - June 19, 2009 by Marianna Schmudlach
Release Date: 2009-06-19
Critical:
Not critical
Impact: DoS
Where: Local system
Solution Status: Vendor Patch
OS: Sun Solaris 10
Description:
Two vulnerabilities have been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerabilities are caused due to race conditions in the Solaris Event Port API and can be exploited to crash the system.
http://secunia.com/advisories/35279/
PHP 5.2.10 released
by Marianna Schmudlach - 6/19/09 7:06 AM
In reply to: VULNERABILITIES \ FIXES - June 19, 2009 by Marianna Schmudlach
19 June 2009
Less than one week after the second release candidate was made available, the PHP developers have announced the final release of version of PHP 5.2.10. Version 5.2.10 of the open source scripting language is a maintenance release for the 5.2 development branch and features over 100 bug fixes, including a fix for a security issue that affected exif_read_data () segfaults on certain corrupted .jpeg files.
The developers also announced the availability of the fourth release candidate (RC4) of PHP 5.3.0, a newly developed version of PHP that includes several fundamental extensions, as well as a number of new features. New features include namespaces, late static binding, lambda functions and closure classes. A final release is expected to be available soon.
http://www.h-online.com/security/PHP-5-2-10-released--/news/113568
Fedora update for openssl
by Marianna Schmudlach - 6/19/09 1:40 PM
In reply to: VULNERABILITIES \ FIXES - June 19, 2009 by Marianna Schmudlach
Release Date: 2009-06-19
Popularity: 93 views
Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
OS: Fedora 10
Fedora 11
Fedora 9
Fedora update for openssl
Secunia Advisory: SA35461
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2009-06-19
Popularity: 93 views
Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
OS: Fedora 10
Fedora 11
Fedora 9
Subscribe: Instant alerts on relevant vulnerabilities
Advisory Content (Page 1 of 3) [ 1 ] [ 2 ] [ 3 ]
Secunia is hiring, read about the open positions here!
Description:
Fedora has issued an update for openssl. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
More: http://secunia.com/advisories/35461/
PCSC-Lite Insecure Directory Permissions
by Marianna Schmudlach - 6/19/09 1:41 PM
In reply to: VULNERABILITIES \ FIXES - June 19, 2009 by Marianna Schmudlach
Release Date: 2009-06-19
Critical:
Not critical
Impact: DoS
Where: Local system
Solution Status: Vendor Workaround
Software: PCSC-Lite 1.x
Description:
A security issue has been reported in PCSC-Lite, which can potentially be exploited by malicious, local users to cause a DoS (Denial of Service).
The security issue is caused due to pcscd creating the directory "/var/run/pcscd.events/" with insecure permissions, which can e.g. be exploited to cause a DoS.
More: http://secunia.com/advisories/35500/
UAC in Windows 7 still porous
by Marianna Schmudlach - 6/19/09 6:25 PM
In reply to: VULNERABILITIES \ FIXES - June 19, 2009 by Marianna Schmudlach
19 June 2009
Microsoft is again having to focus its attention on the vulnerability in user account control (UAC) in the beta version of Windows 7, supposedly fixed back in February. A revised exploit means that it is still possible to obtain administrator privileges on a system, without a UAC prompt requiring user confirmation being displayed. Attackers could exploit this to embed malware deep within a system – exactly what UAC is actually supposed to prevent.
Microsoft has made efforts to substantially reduce the number of UAC security queries in Windows 7 compared to Vista. To achieve this, the company has introduced a number of interim levels in which Windows automatically waves through system changes made by programs. In the beta version of Windows 7, however, security experts demonstrated that a malicious script could exploit this to deactivate UAC with no user interaction. Swiftly followed by a demonstration of how a program could obtain unlimited administrator privileges for its own activities.
More: http://www.h-online.com/security/UAC-in-Windows-7-still-porous--/news/113573
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
