Spyware, viruses, & security : VULNERABILITIES \ FIXES - October 30, 2009
- 10/30/09 4:53 AM
VULNERABILITIES \ FIXES - October 30, 2009
by Carol~ - 10/30/09 4:53 AM
Red Hat update for pidgin
Release Date: 2009-10-30
Critical: Not critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
OS:Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux ES 3
Red Hat Enterprise Linux WS 3
Description:
Red Hat has issued an update for pidgin. This fixes some weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com
http://secunia.com/advisories/37208/
Drupal CCK Comment Reference Module Security Bypass
by Carol~ - 10/30/09 4:54 AM
In reply to: VULNERABILITIES \ FIXES - October 30, 2009 by Carol~
Release Date: 2009-10-30
Critical: Less critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software:Drupal CCK Comment Reference Module 5.x
Drupal CCK Comment Reference Module 6.x
Description:
A vulnerability has been reported in the CCK Comment Reference module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
An error in the handling of access permissions can be exploited to access otherwise restricted comments via the autocomplete path.
The vulnerability is reported in versions prior to 6.x-1.3 and 5.x-1.2.
Solution:
CCK Comment Reference 6.x:
Update to 6.x-1.3.
http://drupal.org/node/615988
CCK Comment Reference 5.x:
Update to 5.x-1.2.
http://drupal.org/node/616824
http://secunia.com/advisories/37206/
Red Hat update for pidgin
by Carol~ - 10/30/09 4:55 AM
In reply to: VULNERABILITIES \ FIXES - October 30, 2009 by Carol~
Release Date: 2009-10-30
Critical: Not critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
OS:Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux ES 4
Red Hat Enterprise Linux WS 4
RHEL Desktop Workstation 5
Description:
Red Hat has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com
http://secunia.com/advisories/37168/
Mura CMS Multiple Vulnerabilities
by Carol~ - 10/30/09 5:43 AM
In reply to: VULNERABILITIES \ FIXES - October 30, 2009 by Carol~
Release Date: 2009-10-30
Critical: Less critical
Impact: Cross Site Scripting
Exposure of system information
Exposure of sensitive information
Where: From remote
Solution Status: Unpatched
Software:Mura CMS 5.x
Description:
Vladimir Vorontsov has discovered some vulnerabilities in Mura CMS, which can be exploited by malicious people to disclose sensitive information, and conduct cross-site scripting and script insertion attacks.
1) Input passed to the "txtName" parameter in the comment section of blog entries e.g. go/default/blog/blog-post-with-flash-video/ is not properly sanitised before being used. This can be exploited to display e.g. SQL statements, database structure, installation path by entering values longer than 50 characters.
2) Input passed to the the "txtName" and "txtUrl" parameters in the comment section of blog entries e.g. go/default/blog/blog-post-with-flash-video/ is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
3) Input passed to the "link" parameter in default/includes/display_objects/sendtofriend/index.cfm is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
4) Input passed to the "returnURL" parameter in various pages including go/default/blog/index.cfm is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are confirmed in version 5.1.937. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly sanitised.
http://secunia.com/advisories/37194/
Debian update for libhtml-parser-perl
by Carol~ - 10/30/09 8:37 AM
In reply to: VULNERABILITIES \ FIXES - October 30, 2009 by Carol~
Release Date: 2009-10-30
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
OS:Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Description:
Debian has issued an update for libhtml-parser-perl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
Apply updated packages.
http://secunia.com/advisories/37209/
Internet Explorer X.509 Certificate Common Name Encoding
by Carol~ - 10/30/09 8:39 AM
In reply to: VULNERABILITIES \ FIXES - October 30, 2009 by Carol~
Internet Explorer X.509 Certificate Common Name Encoding Multiple Security Bypass Vulnerabilities
Bugtraq ID: 36577
Class: Boundary Condition Error
CVE: CVE-2009-2511
Remote: Yes
Local: No
Published: Aug 05 2009 12:00AM
Updated: Oct 30 2009 11:47AM
Microsoft Internet Explorer is a browser available for Microsoft Windows.
Internet Explorer is prone to multiple security-bypass vulnerabilities because it fails to properly handle encoded values in X.509 certificates. Specifically, it fails to properly distinguish integer sequences that are then recognized as CN (common name) elements.
Successful exploits allow attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
Solution:
The vendor released an update. Please see the references for details.
Update (October 30, 2009): The updates released by Microsoft as part of this security bulletin may cause service malfunctions on some systems including Live Communications Server 2005, Office Communications Server 2007 and the evaluation release of Office Communicator 2007. Microsoft has released an application 'ocsasnfix.exe' that addresses this bug. Please see the updated knowledge base article 974571 in the references for more information. http://www.securityfocus.com/bid/36577/references
http://www.securityfocus.com/bid/36577/discuss
Microsoft Internet Explorer NULL Byte CA SSL Certificate
by Carol~ - 10/30/09 8:40 AM
In reply to: VULNERABILITIES \ FIXES - October 30, 2009 by Carol~
Microsoft Internet Explorer NULL Byte CA SSL Certificate Validation Security Bypass Vulnerability
Bugtraq ID: 36475
Class: Design Error
CVE: CVE-2009-2510
Remote: Yes
Local: No
Published: Jul 30 2009 12:00AM
Updated: Oct 30 2009 11:47AM
Microsoft Internet Explorer is prone to a security-bypass vulnerability because it fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.
Successful exploits allow attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Update (October 30, 2009): The updates released by Microsoft as part of this security bulletin may cause service malfunctions on some systems including Live Communications Server 2005, Office Communications Server 2007 and the evaluation release of Office Communicator 2007. Microsoft has released an application 'ocsasnfix.exe' that addresses this bug. Please see the updated knowledge base article 974571 in the references for more information. http://www.securityfocus.com/bid/36475/references
http://www.securityfocus.com/bid/36475/discuss
Microsoft releases fix for crypto patch
by Carol~ - 10/30/09 9:25 AM
In reply to: Microsoft Internet Explorer NULL Byte CA SSL Certificate by Carol~
October 30, 2009
Microsoft has released a workaround for the MS09-056 Crypto API update for Windows that was deployed on the latest Patch Day. Designed to prevent the processing of spoofed SSL certificates, the patch also caused an important service to malfunction on some systems. As a result, Live Communications Server 2005, Office Communications Server 2007 and the evaluation release of Office Communicator 2007 also became inaccessible. Users are no longer able to connect to the servers.
The ocsasnfix.exe (direct download) program is to fix the glitch both in the client and in the server. In a knowledgebase article, Microsoft describes how to run the program and what other actions may need to be taken.
http://www.h-online.com/security/news/item/Microsoft-releases-fix-for-crypto-patch-846346.html
Oracle Network Authentication CVE-2009-1979 Security Vulnera
by Carol~ - 10/30/09 8:42 AM
In reply to: VULNERABILITIES \ FIXES - October 30, 2009 by Carol~
Oracle Network Authentication CVE-2009-1979 Security Vulnerability
Bugtraq ID: 36747
Class: Unknown
CVE: CVE-2009-1979
Remote: Yes
Local: No
Published: Oct 20 2009 12:00AM
Updated: Oct 30 2009 01:47PM
Oracle Network Authentication is prone to a remote security vulnerability.
The vulnerability can be exploited over the 'Oracle Net' protocol. An attacker doesn't need specific privileges to exploit this vulnerability.
Oracle Database 10g versions 10.1.0.5 and 10.2.0.4.
Solution:
Vendor updates are available.
http://www.securityfocus.com/bid/36747/references
http://www.securityfocus.com/bid/36747/discuss
Mozilla Firefox Download Manager World Writable File Local
by Carol~ - 10/30/09 8:49 AM
In reply to: VULNERABILITIES \ FIXES - October 30, 2009 by Carol~
Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
Bugtraq ID: 36852
Class: Design Error
CVE: CVE-2009-3274
Remote: No
Local: Yes
Published: Oct 27 2009 12:00AM
Updated: Oct 30 2009 08:17AM
Mozilla Firefox is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Successful exploits will compromise the affected application and possibly the computer.
NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.
Solution:
Updates are available.
http://www.securityfocus.com/bid/36852/references
http://www.securityfocus.com/bid/36852/discuss
Microsoft .NET Framework Type Verification Remote Code
by Carol~ - 10/30/09 8:50 AM
In reply to: VULNERABILITIES \ FIXES - October 30, 2009 by Carol~
Microsoft .NET Framework Type Verification Remote Code Execution Vulnerability
Bugtraq ID: 36617
Class: Input Validation Error
CVE: CVE-2009-0091
Remote: Yes
Local: No
Published: Oct 13 2009 12:00AM
Updated: Oct 30 2009 02:07PM
The .NET Framework is prone to a remote code-execution vulnerability because it fails to properly verify .NET applications before running them.
Successful exploits may allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions.
In a web hosting environment, attacker-supplied code will run with the privileges of the service account associated with the identity of the application pool that the malicious .NET application is running under.
Solution:
The vendor has released updates and an advisory.
http://www.securityfocus.com/bid/36617/references
http://www.securityfocus.com/bid/36617/discuss
HTML-Parser Invalid HTML Entity Remote Denial of Service
by Carol~ - 10/30/09 8:51 AM
In reply to: VULNERABILITIES \ FIXES - October 30, 2009 by Carol~
HTML-Parser Invalid HTML Entity Remote Denial of Service Vulnerability
Bugtraq ID: 36807
Class: Design Error
CVE: CVE-2009-3627
Remote: Yes
Local: No
Published: Oct 23 2009 12:00AM
Updated: Oct 30 2009 02:07PM
HTML-Parser is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause an affected application that uses the module to fall into an infinite loop, denying service to legitimate users.
Versions prior to HTML-Parser 3.63 are vulnerable
Solution:
Updates are available.
http://www.securityfocus.com/bid/36807/references
http://www.securityfocus.com/bid/36807/discuss
Microsoft Windows Media Player ASF File Processing Remote
by Carol~ - 10/30/09 9:26 AM
In reply to: VULNERABILITIES \ FIXES - October 30, 2009 by Carol~
Microsoft Windows Media Player ASF File Processing Remote Code Execution Vulnerability
Bugtraq ID: 36644
Class: Boundary Condition Error
CVE: CVE-2009-2527
Remote: Yes
Local: No
Published: Oct 13 2009 12:00AM
Updated: Oct 30 2009 02:27PM
Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted Advanced Systems Format (ASF) files.
An attacker can exploit this issue by enticing an unsuspecting user into opening a malicious file with the vulnerable application. A successful exploit will allow arbitrary code to run in the context of the currently logged-in user.
Solution:
The vendor has released an advisory and updates.
http://www.securityfocus.com/bid/36644/references
http://www.securityfocus.com/bid/36644/discuss
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
