Simplify your laptop buying
Spyware, viruses, & security : VULNERABILITIES \ FIXES - November 13, 2009
- 11/13/09 7:56 AM
VULNERABILITIES \ FIXES - November 13, 2009
by Carol~ - 11/13/09 7:56 AM
IBM WebSphere Application Server Cross-Site Scripting Vulnerability
Release Date: 2009-11-13
Critical: Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
libexif "exif_entry_fix()" Buffer Overflow VulnerabilitySoftware:IBM WebSphere Application Server 6.1.x
Description:
A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
Solution:
Apply APAR PK92057 or update to version 6.1.0.29 when it becomes available.
Original Advisory:
IBM ISS X-Force:
http://xforce.iss.net/xforce/xfdb/54229
http://secunia.com/advisories/37379/
libexif "exif_entry_fix()" Buffer Overflow Vulnerability
by Carol~ - 11/13/09 7:57 AM
In reply to: VULNERABILITIES \ FIXES - November 13, 2009 by Carol~
Release Date: 2009-11-13
Critical: Moderately critical
Impact: System access
DoS
Where: From remote
Solution Status: Vendor Patch
Software:libexif 0.x
Description:
A vulnerability has been reported in libexif, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
The vulnerability is caused due to an error within the "exif_entry_fix()" function in libexif/libexif/exif-entry.c, which can be exploited to cause a heap-based buffer overflow via a specially crafted file.
Reportedly, this vulnerability affects version 0.6.18 only.
Solution:
Update to version 0.6.19.
https://sourceforge.net/projects/libexif/files/
Original Advisory:
http://libexif.cvs.sourceforge.net/vi...up&pathrev=libexif-0_6_19-release
http://secunia.com/advisories/37378/
SUSE update for kernel
by Carol~ - 11/13/09 7:58 AM
In reply to: VULNERABILITIES \ FIXES - November 13, 2009 by Carol~
Release Date: 2009-11-13
Critical: Less critical
Impact: Exposure of system information
Exposure of sensitive information
Privilege escalation
Where: Local system
Solution Status: Vendor Patch
OS:SUSE Linux Enterprise Server 10
Description:
SUSE has issued an update for the kernel. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and potentially gain escalated privileges.
Solution:
Apply updated packages via YaST Online Update or the SUSE FTP server.
Original Advisory:
SUSE-SA:2009:055:
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00006.html
http://secunia.com/advisories/37371/
Fedora update for texlive
by Carol~ - 11/13/09 7:58 AM
In reply to: VULNERABILITIES \ FIXES - November 13, 2009 by Carol~
Release Date: 2009-11-13
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
OS:Fedora 10
Fedora 11
Description:
Fedora has issued an update for texlive. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.
Solution:
Apply updated packages via the yum utility ("yum update texlive").
Original Advisory:
FEDORA-2009-10730:
https://www.redhat.com/archives/fedor...-announce/2009-November/msg00505.html
FEDORA-2009-10857:
https://www.redhat.com/archives/fedor...-announce/2009-November/msg00507.html
http://secunia.com/advisories/37367/
rPath update for apr-util
by Carol~ - 11/13/09 8:00 AM
In reply to: VULNERABILITIES \ FIXES - November 13, 2009 by Carol~
Release Date: 2009-11-13
Critical: Less critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
OS:rPath Linux 1.x
Description:
rPath has issued an update for apr-util. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
Update to:
apr-util=conary.rpath.com@rpl:1/0.9.7-1.4-1
apr-util=conary.rpath.com@rpl:2/1.2.12-2.4-1
Original Advisory:
rPSA-2009-0144:
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0144
http://secunia.com/advisories/37365/
WordPress File Upload and Script Insertion
by Carol~ - 11/13/09 8:01 AM
In reply to: VULNERABILITIES \ FIXES - November 13, 2009 by Carol~
Release Date: 2009-11-13
Critical: Less critical
Impact: Cross Site Scripting
System access
Where: From remote
Solution Status: Vendor Patch
Software:WordPress 2.x
Description:
A security issue and a vulnerability have been reported in WordPress, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system.
1) The security issue is caused due to the wp_check_filetype() function in /wp-includes/functions.php improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script with multiple extensions.
Successful exploitation of this vulnerability requires that Apache is not configured to handle the mime-type for media files with an e.g. "gif", "jpg", "png", "tif", "wmv" extension.
2) Input passed via certain parameters to press-this.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
The security issue and the vulnerability are reported in version 2.8.5. Other versions may also be affected.
Solution:
Update to version 2.8.6.
Original Advisory:
http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/
http://secunia.com/advisories/37332/
WordPress 2.8.6 prevents malicious code from being uploaded
by Carol~ - 11/13/09 8:03 AM
In reply to: WordPress File Upload and Script Insertion by Carol~
13 November 2009
The WordPress developers have releasedsecurity update 2.8.6 to fix two vulnerabilities. WordPress users are advised to install the update as soon as possible if untrusted authors can add content and upload images. At least one of the bugs allows attackers to inject and execute arbitrary PHP code on the server.
The vulnerability is based on a processing flaw that occurs when normalising the file names of blog post attachments. It allows attackers to disguise a PHP file as an image (for example vuln.php.jpg) and upload it without triggering the protective mechanism for blocking dangerous files in WordPress. Simply accessing the file in a browser (http://vulnerable-wp/wp-content/uploads/2009/11/test-vuln.php.jpg) subsequently allows the PHP code to be executed in the web server context.
However, not all server configurations seem to cooperate. In particular, the standard configuration of the Apache web server apparently refuses to execute the code when the file is accessed, displaying a corrupted image file in the browser instead.
Only after "Options+MultiViews" has been set in .htaccess or in the global configuration does Apache reportedly accept the file as an executable. According to the WordPress hacker mailing list, however, this setting is the default in web servers which run cPanel and WebHost Manager (WHM).
http://www.h-online.com/security/news/item/WordPress-2-8-6-prevents-malicious-code-from-being-uploaded-859597.html
Red Hat update for java-1.6.0-ibm
by Carol~ - 11/13/09 8:04 AM
In reply to: VULNERABILITIES \ FIXES - November 13, 2009 by Carol~
Release Date: 2009-11-13
Critical: Highly critical
Impact: Security Bypass
Exposure of sensitive information
DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software:Red Hat Enterprise Linux Extras v. 4
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)
Description:
Red Hat has issued an update for java-1.6.0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user's system.
Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com
Original Advisory:
RHSA-2009:1582-01:
https://rhn.redhat.com/errata/RHSA-2009-1582.html
http://secunia.com/advisories/37361/
Google Chrome Cross-Origin Resource Sharing Security Bypass
by Carol~ - 11/13/09 8:04 AM
In reply to: VULNERABILITIES \ FIXES - November 13, 2009 by Carol~
Release Date: 2009-11-13
Critical: Not critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software:Google Chrome 3.x
Description:
A security issue has been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions.
The security issue is caused due to Cross-Origin Resource Sharing OPTIONS requests including custom HTTP headers and can be exploited to facilitate cross-site request forgery attacks.
Solution:
Update to version 3.0.195.33.
Original Advisory:
http://googlechromereleases.blogspot....ble-update-fix-google-chrome-not.html
http://secunia.com/advisories/37358/
rPath update for samba
by Carol~ - 11/13/09 8:05 AM
In reply to: VULNERABILITIES \ FIXES - November 13, 2009 by Carol~
Release Date: 2009-11-13
Critical: Less critical
Impact: DoS
Security Bypass
Where: From local network
Solution Status: Vendor Patch
OS:rPath Linux 1.x
Description:
rPath has issued an update for samba. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and bypass certain security restrictions.
Solution:
Update to:
samba=conary.rpath.com@rpl:1/3.0.33-0.2-1
samba=conary.rpath.com@rpl:2/3.0.33-1.2-1
samba-client=conary.rpath.com@rpl:1/3.0.33-0.2-1
samba-client=conary.rpath.com@rpl:2/3.0.33-1.2-1
samba-server=conary.rpath.com@rpl:1/3.0.33-0.2-1
samba-server=conary.rpath.com@rpl:2/3.0.33-1.2-1
samba-swat=conary.rpath.com@rpl:1/3.0.33-0.2-1
samba-swat=conary.rpath.com@rpl:2/3.0.33-1.2-1
Original Advisory:
rPSA-2009-0145:
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0145
http://secunia.com/advisories/37356/
Microsoft Windows SMB Response Denial of Service Vulnerabili
by Carol~ - 11/13/09 8:08 AM
In reply to: VULNERABILITIES \ FIXES - November 13, 2009 by Carol~
Release Date: 2009-11-13
Critical: Less critical
Impact: DoS
Where: From remote
Solution Status: Unpatched
OS:Microsoft Windows 7
Microsoft Windows Server 2008
Description:
Laurent Gaffié has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing SMB packets received from an SMB server. This can be exploited to hang an affected system by tricking a user into connecting to a malicious SMB server via e.g. a specially crafted web site opened in Internet Explorer.
The vulnerability is confirmed on a fully patched Microsoft Windows 7 and reported in Microsoft Windows Server 2008 R2.
Solution:
Block outbound connections to untrusted SMB servers via a firewall.
Original Advisory:
http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html
http://secunia.com/advisories/37347/
DoS vulnerability in the SMB client of Windows 7 and Server
by Carol~ - 11/13/09 8:10 AM
In reply to: Microsoft Windows SMB Response Denial of Service Vulnerabili by Carol~
DoS vulnerability in the SMB client of Windows 7 and Server 2008 R2
A flaw in the implementation of the SMB clients in Windows 7 and Windows Server 2008 R2 can be exploited to crash entire systems remotely. Clients can fall victim to an attack simply by contacting a specially crafted SMB server. Flawed server responses containing insufficient NetBIOS headers can trigger an infinite loop in the SMB client and result in Windows becoming unresponsive. So far, however, the flaw has not been found capable of compromising a system.
To fall victim to a successful DoS attack, users don't necessarily need to manually contact a malicious server themselves. A connection can, for instance, be initiated when Internet Explorer processes a HTML page with a suitable link. Attacks are not confined to LANs if a firewall or packet filter allows SMB packets to pass.
Laurent Gaffié, who discovered the DoS vulnerability, has written a Python server exploit to demonstrate the problem. When tested by the The H's associates at heise Security, a Windows 7 machine froze abruptly after calling the server and could only be restarted after having its mains plug pulled.
More here: http://www.h-online.com/security/news/item/DoS-vulnerability-in-the-SMB-client-of-Windows-7-and-Server-2008-R2-857756.html
Ubuntu update for openldap
by Carol~ - 11/13/09 8:11 AM
In reply to: VULNERABILITIES \ FIXES - November 13, 2009 by Carol~
Release Date: 2009-11-13
Critical: Less critical
Impact: Spoofing
Where: From remote
Solution Status: Vendor Patch
OS:Ubuntu Linux 6.06
Description:
Ubuntu has issued an update for openldap. This fixes a vulnerability, which can potentially be exploited by malicious people to conduct spoofing attacks.
The vulnerability is caused due to an error when processing certificates containing NULL ('\0') characters in the subject's Common Name (CN) field. This can be exploited to e.g. conduct Man-in-the-Middle (MitM) attacks via specially crafted certificates.
Solution:
Apply updated packages.
Original Advisory:
USN-858-1:
http://www.ubuntu.com/usn/USN-858-1
http://secunia.com/advisories/37355/
phpMyFAQ Cross-Site Scripting Vulnerability
by Carol~ - 11/13/09 8:12 AM
In reply to: VULNERABILITIES \ FIXES - November 13, 2009 by Carol~
Release Date: 2009-11-13
Critical: Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software:phpMyFAQ 2.x
Description:
A vulnerability has been reported in phpMyFAQ, which can be exploited by malicious people to conduct cross-site scripting attacks.
Certain input passed to an unspecified parameter in the search page is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is reported in versions prior to 2.0.17 or 2.5.2.
Solution:
Update to version 2.0.17 or 2.5.2.
Original Advisory:
http://www.phpmyfaq.de/advisory_2009-09-01.php
http://secunia.com/advisories/37354/
Linksys WAP4400N Association Request Denial of Service
by Carol~ - 11/13/09 8:24 AM
In reply to: VULNERABILITIES \ FIXES - November 13, 2009 by Carol~
Release Date: 2009-11-13
Critical: Less critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
OS:Linksys WAP4400N
Description:
A vulnerability has been reported in Linksys WAP4400N, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error when parsing information elements included in association requests and can be exploited to reboot or hang an affected device.
The vulnerability is reported in firmware version 1.2.17.
Solution:
Reportedly fixed in firmware version 1.2.19.
Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/current/0074.html
http://secunia.com/advisories/37345/
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
