Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES \ FIXES - February 22, 2010

by: Carol~ February 22, 2010 3:27 AM PST

Like this

0 people like this thread

Staff pick

VULNERABILITIES \ FIXES - February 22, 2010

by Carol~ Moderator - 2/22/10 3:27 AM

Fedora update for konversation

Release Date : 2010-02-22

Criticality level : Not critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System : Fedora 11
Fedora 12

Description
Fedora has issued an update for konversation. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution
Apply updated packages using the yum utility ("yum update konversation").

Original Advisory
FEDORA-2010-1883:
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035406.html

FEDORA-2010-1935:
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035416.html

http://secunia.com/advisories/38722/


Reply
Report offensive post
Email to friend

Fedora update for pdfedit

by Carol~ Moderator - 2/22/10 3:28 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System : Fedora 11
Fedora 12

Description
Fedora has issued an update for pdfedit. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.

Solution
Apply updated packages using the yum utility ("yum update pdfedit").

Original Advisory
FEDORA-2010-1842:
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

FEDORA-2010-1377:
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

http://secunia.com/advisories/38721


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

PDFedit Xpdf Multiple Vulnerabilities

by Carol~ Moderator - 2/22/10 3:29 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Workaround

Software : PDFedit 0.x

Description
Some vulnerabilities have been reported in PDFedit, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerabilities are caused due to the use of vulnerable Xpdf code.

Solution
Fixed in the CVS repository.

Original Advisory
http://sourceforge.net/mailarchive/message.php?msg_name=20100217093719.GA4948%40tiehlicka.suse.cz
http://pdfedit.cvs.sourceforge.net/viewvc/pdfedit/pdfedit/Changelog?r1=1.138&r2=1.139

http://secunia.com/advisories/38713/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Konversation D-Bus Unicode Denial of Service Weakness

by Carol~ Moderator - 2/22/10 3:31 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Not critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Software : Konversation 1.x

Description
A weakness has been reported in Konversation, which can be exploited by malicious people to cause a DoS (Denial of Service).

The weakness is caused due to an error within the Konversation D-Bus interaction related to certain Unicode characters, which can be exploited to crash the application.

Solution
Update to version 1.2.3.

Original Advisory
KDE Bug #219985:
http://bugs.kde.org/show_bug.cgi?id=219985

http://secunia.com/advisories/38711/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

PowerDNS Administrator "lang" File Inclusion Vulnerability

by Carol~ Moderator - 2/22/10 3:32 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Moderately critical
Impact : Exposure of system information
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software : PowerDNS Administrator 1.x

Description
A vulnerability has been reported in PowerDNS Administrator, which can be exploited by malicious people to disclose sensitive information.

The vulnerability is caused due to the usage of vulnerable Quicksilver Forums code.

Solution
Update to version 1.1.8.

Original Advisory
http://pdnsadmin.iguanadons.net/index.php?a=newspost&t=85

http://secunia.com/advisories/38671/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

QSF Portal "lang" File Inclusion Vulnerability

by Carol~ Moderator - 2/22/10 3:33 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Moderately critical
Impact :Exposure of system information
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software : QSF Portal 1.x

Description
A vulnerability has been reported in QSF Portal, which can be exploited by malicious people to disclose sensitive information.

The vulnerability is caused due to the usage of vulnerable Quicksilver Forums code.

Solution
Update to version 1.4.5.

Original Advisory
http://www.qsfportal.com/index.php?a=newspost&t=191

http://secunia.com/advisories/38670/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

vBulletin Multiple Cross-Site Scripting Vulnerabilities

by Carol~ Moderator - 2/22/10 3:34 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software : vBulletin 4.x

Description
Multiple vulnerabilities have been reported in vBulletin, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the URL is not properly sanitised before being returned to the user within the search.php, sendmessage.php, showgroups.php, usercp.php, online.php, misc.php, memberlist.php, member.php, index.php, forumdisplay.php, inlinemod.php, newthread.php, private.php, profile.php, register.php, showthread.php, subscription.php, forum.php, faq.php, and calendar.php script. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 4.0.2. Other versions may also be affected.

Solution
Edit the source code to ensure that input is properly sanitised.

Original Advisory
http://packetstormsecurity.org/1002-exploits/vbulletin402-xss.txt

http://secunia.com/advisories/38702/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Fedora update for firefox and xulrunner

by Carol~ Moderator - 2/22/10 3:35 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level Highly critical
Impact : Cross Site Scripting
System access
Where : From remote
Solution Status : Vendor Patch

Operating System : Fedora 11
Fedora 12

Description
Fedora has issued an update for firefox and xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.

Solution
Apply updated packages using the yum utility ("yum update firefox xulrunner").

Original Advisory
FEDORA-2010-1936:
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035348.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035358.html

FEDORA-2010-1727:
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035423.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035422.html

http://secunia.com/advisories/38710/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for polipo

by Carol~ Moderator - 2/22/10 3:40 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Operating System : Debian GNU/Linux 5.0

Description
Debian has issued an update for polipo. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution
Apply updated packages.

Original Advisory
DSA-2002-1:
http://lists.debian.org/debian-security-announce/2010/msg00042.html

http://secunia.com/advisories/38647/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for php5

by Carol~ Moderator - 2/22/10 3:40 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Moderately critical
Impact : Unknown
Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Operating System : Debian GNU/Linux 5.0

Description
Debian has issued an update for php5. This fixes two vulnerabilities, where one has unknown impacts and the other can be exploited by malicious people to conduct cross-site scripting attacks.

Solution
Apply updated packages.

Original Advisory
DSA-2001-1:
http://lists.debian.org/debian-security-announce/2010/msg00041.html

http://secunia.com/advisories/38648/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

VideoSearchScript "q" Cross-Site Scripting Vulnerability

by Carol~ Moderator - 2/22/10 3:40 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software : VideoSearchScript 3.x

Description
A vulnerability has been reported in VideoSearchScript, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "q" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version Pro 3.5. Other versions may also be affected.

Solution
Edit the source code to ensure that input is properly sanitised.

http://secunia.com/advisories/38701/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Fedora update for seamonkey

by Carol~ Moderator - 2/22/10 3:40 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Highly critical
Impact : Cross Site Scripting
System access
Where : From remote
Solution Status : Vendor Patch

Operating System : Fedora 12

Description
Fedora has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.

Solution
Apply updated packages using the yum utility ("yum update seamonkey").

Original Advisory
FEDORA-2010-1932:
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html

http://secunia.com/advisories/38714/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Fedora update for moin

by Carol~ Moderator - 2/22/10 3:40 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Moderately critical
Impact : Unknown
Where : From remote
Solution Status : Vendor Patch

Operating System : Fedora 11
Fedora 12

Description
Fedora has issued an update for moin. This fixes some vulnerabilities, which have an unknown impact.

Solution
Apply updated packages via the yum utility ("yum update moin").

Original Advisory
FEDORA-2010-1712:
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035438.html

FEDORA-2010-1743:
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.html

http://secunia.com/advisories/38709/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Fedora update for pidgin

by Carol~ Moderator - 2/22/10 5:30 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Not critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System : Fedora 11
Fedora 12

Description
Fedora has issued an update for pidgin. This fixes some weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution
Apply updated packages via the yum utility ("yum update pidgin").
Original Advisory
FEDORA-2010-1383:
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html

FEDORA-2010-1279:
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html

http://secunia.com/advisories/38712/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Linux Kernel hda-intel Driver "azx_position_ok()" Denial of

by Carol~ Moderator - 2/22/10 5:30 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Linux Kernel hda-intel Driver "azx_position_ok()" Denial of Service

Release Date : 2010-02-22

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Workaround

Operating System : Linux Kernel 2.6.x

Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a division by zero within the "azx_position_ok()" function in sound/pci/hda/hda_intel.c, which can be exploited to crash the system.

Note: Successful exploitation may require that the hda-intel driver is used.

The vulnerability is reported in version 2.6.32.7 and 2.6.33-rc6 on a system using the AMD780V chipset. Other versions may also be affected.

Solution :
Fixed in the GIT repository.

Original Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fed08d036f2aabd8d0c684439de37f8ebec2bbc2
http://nctritech.net/bugreport.txt

http://secunia.com/advisories/38718/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WampServer "lang" Cross-Site Scripting Vulnerability

by Carol~ Moderator - 2/22/10 5:30 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software : WampServer 2.x

Description :
Gjoko Krstic has discovered a vulnerability in WampServer, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "lang" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected application.

The vulnerability is confirmed in version 2.0i. Other versions may also be affected

Solution :
Edit the source code to ensure that input is properly sanitised.

Original Advisory
http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php

http://secunia.com/advisories/38706/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Wsc Cms "Password" SQL Injection Vulnerability

by Carol~ Moderator - 2/22/10 5:31 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Moderately critical
Impact : Manipulation of data
Exposure of sensitive information
Where : From remote
Solution Status : Unpatched

Software : Wsc Cms 2.x

Description :
A vulnerability has been reported in Wsc Cms, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "Password" form field to backoffice/login.asp is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows bypassing the authentication mechanism.

The vulnerability is reported in version 2.2. Other versions may also be affected.

Solution :
Edit the source code to ensure that input is properly sanitised.

http://secunia.com/advisories/38698/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

InDefero Source Access Security Bypass

by Carol~ Moderator - 2/22/10 5:31 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Less critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software : InDefero 0.x

Description :
A security issue has been reported in InDefero, which can be exploited by malicious users to bypass certain security restrictions.

The security issue is caused due to an error in the git serving component, which can be exploited to gain access to private sources that are marked "read only" for certain users, if the short name of the project is known.

Successful exploitation requires user access to the forge and a valid SSH key.

The security issue is reported in versions prior to 0.8.10.

Solution :
Update to version 0.8.10 or apply the patch.

Original Advisory
http://www.ceondo.com/ecte/2010/02/indefero-security-vulnerability

http://secunia.com/advisories/38664/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Pulse CMS "f" Cross-Site Scripting Vulnerability

by Carol~ Moderator - 2/22/10 5:31 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software : Pulse CMS 1.x

Description :
A vulnerability has been discovered in Pulse CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "f" parameter in view.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected application.

The vulnerability is confirmed in version 1.2.2. Other versions may also be affected.

Solution :
Edit the source code to ensure that input is properly sanitised.

http://secunia.com/advisories/38650/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

PortWise SSL VPN "reloadFrame" Cross-Site Scripting

by Carol~ Moderator - 2/22/10 8:42 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

PortWise SSL VPN "reloadFrame" Cross-Site Scripting Vulnerability

Release Date : 2010-02-22

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Operating System : PortWise SSL VPN 4.x

Description :
George Christopoulos and Jan Fry have reported a vulnerability in PortWise SSL VPN, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "reloadFrame" parameter in wa/auth is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Update to version 4.6.2, 4.7.1, 4.8, and 4.9 or later.

Original Advisory
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-04

http://secunia.com/advisories/38627/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Linux Kernel TCP RTO Calculation Denial of Service

by Carol~ Moderator - 2/22/10 8:43 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Workaround

Operating System : Linux Kernel 2.6.x

Description :
A vulnerability has been reported in the Linux kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when calculating retransmission timeouts (RTO), which can be exploited to e.g. cause a high CPU and network load on an affected system.

Successful exploitation may require that TCP timestamps are disabled.

The vulnerability is reported in the 2.6.32.x kernel tree.

Solution :
Fixed in the GIT repository.

Original Advisory :
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=598856407d4e20ebb4de01a91a93d89325924d43

http://secunia.com/advisories/38594/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Employee Timeclock Software Cross-Site Request Forgery

by Carol~ Moderator - 2/22/10 8:43 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software : Employee Timeclock Software 0.x

Description :
A vulnerability has been discovered in Employee Timeclock Software, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add administrative users by tricking a logged-in administrative user into visiting a malicious web site.

The vulnerability is confirmed in version 0.99. Other versions may also be affected.

Solution :
Do not browse untrusted websites or follow untrusted links while being logged-in to the application.

http://secunia.com/advisories/38662/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Joomla Community Polls Component "controller" File Inclusion

by Carol~ Moderator - 2/22/10 8:43 AM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Joomla Community Polls Component "controller" File Inclusion Vulnerability

Release Date : 2010-02-22

Criticality level : Moderately critical
Impact : Exposure of system information
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software : Community Polls 1.x (component for Joomla)

Description :
A vulnerability has been reported in the Community Polls component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information.

Input passed to the "controller" parameter in index.php (when "option" is set to "com_communitypolls") is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.

The vulnerability is reported in versions prior to 1.5.3.

Solution :
Update to version 1.5.3 or later.

Original Advisory:
Community Polls:
http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html

http://secunia.com/advisories/38692/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Bournal ccrypt Information Disclosure Security Issue

by Carol~ Moderator - 2/22/10 12:51 PM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Not critical
Impact : Exposure of sensitive information
Where : Local system
Solution Status : Partial Fix

Software : Bournal 1.x

Description :
Secunia Research has discovered a security issue in Bournal, which can be exploited by malicious, local users to disclose sensitive information.

The script uses e.g. the insecure "-K" command line parameter to pass the key to the ccrypt utilities, which can be exploited to obtain the key from the list of running processes.

Note: This may not affect recent Linux versions, but is confirmed for FreeBSD 8.0. Other systems may also be affected.

Solution :
Fixed in version 1.4.1 by preventing the use of the script on FreeBSD systems. This may still affect other systems where users have access to the full command line of other user's processes, despite ccrypt disabling "echoing" on the terminal.


Original Advisory :
http://secunia.com/secunia_research/2010-7/

http://secunia.com/advisories/38723/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Bournal Insecure Temporary Files Security Issue

by Carol~ Moderator - 2/22/10 12:51 PM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Release Date : 2010-02-22

Criticality level : Not critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Software : Bournal 1.x

Description :
Secunia Research has discovered a security issue in Bournal, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The script uses temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks when running the update check via the "--hack_the_gibson" parameter.

Solution :
Update to version 1.4.1, which removes the vulnerable functionality.

Original Advisory :
http://secunia.com/secunia_research/2010-6/

http://secunia.com/advisories/38554/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Adobe BlazeDS XML and XML External Entity Injection

by Carol~ Moderator - 2/22/10 4:38 PM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities

Bugtraq ID: 38197
Class: Input Validation Error
CVE: CVE-2009-3960
Remote: Yes
Local: No
Published: Feb 11 2010 12:00AM
Updated: Feb 22 2010 05:41PM

Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities

Adobe BlazeDS is prone to an XML-injection vulnerability and an XML External Entity injection vulnerability.

Attackers can exploit these issues to obtain sensitive information and carry out other attacks.

The following applications are affected:

BlazeDS 3.2 and earlier versions
LiveCycle 9.0, 8.2.1, and 8.0.1
LiveCycle Data Services 3.0, 2.6.1, and 2.5.1
Flex Data Services 2.0.1
ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2

Solution:
The vendor has released an advisory and updates
http://www.securityfocus.com/bid/38197/solution

http://www.securityfocus.com/bid/38197/discuss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Total Video Player '.wav' File Remote Denial of Service

by Carol~ Moderator - 2/22/10 4:38 PM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Total Video Player '.wav' File Remote Denial of Service Vulnerability

Bugtraq ID: 38343
Class: Unknown
Remote: Yes
Local: No
Published: Feb 22 2010 12:00AM
Updated: Feb 22 2010 07:31PM

Total Video Player is prone to a remote denial-of-service vulnerability.

Attackers may leverage this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Total Video Player 1.3 is vulnerable; other versions may also be affected.

Solution:
Currently we are not aware of any vendor-supplied patches for this issue
http://www.securityfocus.com/bid/38343/references

http://www.securityfocus.com/bid/38343/discuss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Libpurple MSN-SLP Emoticon Directory Traversal Vulnerability

by Carol~ Moderator - 2/22/10 4:38 PM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Bugtraq ID: 37524
Class: Input Validation Error
CVE: CVE-2010-0013
Remote: Yes
Local: No
Published: Dec 29 2009 12:00AM
Updated: Feb 22 2010 08:41PM

Libpurple is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.

Versions prior to Libpurple 2.6.5 are vulnerable.

Solution:
Updates are available.
http://www.securityfocus.com/bid/37524/solution

http://www.securityfocus.com/bid/37524/discuss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Net-SNMP Remote Authentication Bypass Vulnerability

by Carol~ Moderator - 2/22/10 4:39 PM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Bugtraq ID: 29623
Class: Design Error
CVE: CVE-2008-0960
Remote: Yes
Local: No
Published: Jun 10 2008 12:00AM
Updated: Feb 22 2010 07:51PM

Net-SNMP is prone to a remote authentication-bypass vulnerability caused by a design error.

Successfully exploiting this issue will allow attackers to gain unauthorized access to the affected application.

Net-SNMP 5.4.1, 5.3.2, 5.2.4, and prior versions are vulnerable.

Solution:
Updates are available.
http://www.securityfocus.com/bid/29623/solution

http://www.securityfocus.com/bid/29623/discuss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Xerox WorkCentre Multiple Authentication Bypass

by Carol~ Moderator - 2/22/10 4:39 PM

In Reply to: VULNERABILITIES \ FIXES - February 22, 2010 by Carol~ Moderator

Xerox WorkCentre Multiple Authentication Bypass Vulnerabilities

Bugtraq ID: 37921
Class: Access Validation Error
Remote: Yes
Local: No
Published: Jan 22 2010 12:00AM
Updated: Feb 22 2010 04:21PM

Multiple Xerox WorkCentre devices are prone to multiple authentication-bypass vulnerabilities.

Attackers can exploit these issues to obtain sensitive information that may aid in further attacks.

The following are vulnerable:

WorkCentre 5632
WorkCentre 5638
WorkCentre 5645
WorkCentre 5655
WorkCentre 5665
WorkCentre 5675
WorkCentre 5687

Solution:
Updates are available.
http://www.securityfocus.com/bid/37921/solution

http://www.securityfocus.com/bid/37921/discuss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

More Discussions

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close