Spyware, viruses, & security forum: VULNERABILITIES / FIXES - March 01, 2012

Release Date : 2012-03-01

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Fork CMS 3.x

Description:
Two vulnerabilities have been reported in Fork CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "querystring" and "type" parameters when an error is displayed is not properly sanitised in the "parse()" function in backend/modules/error/actions/index.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions prior to 3.2.7.

Solution:
Update to version 3.2.7.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.fork-cms.com/blog/detail/fork-cms-3-2-7-released

http://secunia.com/advisories/48183/

Cisco Wireless LAN Controllers Security Bypass and Denial of Service Vulnerabilities

Release Date : 2012-03-01

Criticality level : Less critical
Impact : Security Bypass
DoS
Where : From local network
Solution Status : Vendor Patch

Operating System: Cisco 2000 Series Wireless LAN Controller
Cisco 2100 Series Wireless LAN Controller
Cisco 2500 Series Wireless Controllers
Cisco 4400 Series Wireless LAN Controller
Cisco 5500 Series Wireless Controllers
Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers
Cisco Flex 7500 Series Cloud Controllers
Cisco Wireless LAN Controller Module

Description:
Multiple vulnerabilities have been reported in multiple Cisco Wireless Lan Controllers, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

1) An error in the administrative management interface can be exploited to cause a crash via a specially crafted URL.

2) An error when processing IPv6 packets can be exploited to cause a reload.

3) An error when processing HTTP or HTTPS packets can be exploited to cause a reload.

Successful exploitation of this vulnerability requires the controller to be configured for WebAuth.

4) An error when using CPU based access control lists can be exploited to view and modify the configuration by connecting to the device on TCP port 1023.

Please see the vendor's advisory for a list of affected products and versions.

Solution:
Apply update (please see the vendor's advisory for details).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc

http://secunia.com/advisories/48232/

Release Date : 2012-03-01

Criticality level : Highly critical
Impact : System access
DoS
Where : From remote
Solution Status : Vendor Patch

Operating System: Gentoo Linux

Description:
Gentoo has issued an update for stunnel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Solution:
Update to version "net-misc/stunnel-4.44" or later.

Original Advisory:
GLSA 201202-08:
http://www.gentoo.org/security/en/glsa/glsa-201202-08.xml

http://secunia.com/advisories/48222/

Release Date : 2012-03-01

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Drupal Submenu Tree Module 6.x

Description:
A vulnerability has been reported in the Submenu Tree module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

Certain input when editing a menu is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

Successful exploitation requires permissions to edit Drupal menus.

The vulnerability is reported in versions prior to 6.x-1.5.

Solution:
Update to version 6.x-1.5.

Provided and/or discovered by:
The vendor credits Kyle Small.

Original Advisory:
SA-CONTRIB-2012-027:
http://drupal.org/node/1461470

http://secunia.com/advisories/48202/

Drupal Hierarchical Select Module Script Insertion Vulnerability
Release Date : 2012-03-01

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Drupal Hierarchical Select Module 6.x

Description:
A vulnerability has been reported in the Hierarchical Select module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

Certain unspecified input related to help text of vocabularies is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

Successful exploitation requires "administer taxonomy" permissions.

The vulnerability is reported in versions 6.x-3.x prior to 6.x-3.8.

Solution:
Update to version 6.x-3.8.

Provided and/or discovered by:
Reported by the vendor.

The vendor also credits Sam Oldak.

Original Advisory:
SA-CONTRIB-2012-028:
http://drupal.org/node/1461724

http://secunia.com/advisories/48235/

Cisco Unified Communications Manager Denial of Service and SQL Injection Vulnerabilities

Release Date : 2012-03-01

Criticality level : Moderately critical
Impact : Manipulation of data
DoS
Where : From remote
Solution Status : Unpatched

Software: Cisco Unified Communications Manager 6.x

Description:
Two vulnerabilities have been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) and conduct SQL injection attacks.

The vulnerabilities are reported in version 6.x.

Solution:
Upgrade to version 7.1(5b)su5 or later

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm

http://secunia.com/advisories/48218/

Cisco Unity Connection Security Bypass and Denial of Service Vulnerabilities

Release Date : 2012-03-01

Criticality level : Moderately critical
Impact : Security Bypass
DoS
Where : From remote
Solution Status : Vendor Patch

Software: Cisco Unity Connection 7.x

Description:
Two vulnerabilities have been reported in Cisco Unity Connection, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service).

1) An error due to incorrect privilege assignment and validation can be exploited to e.g. change the password of the administrative user.

Successful exploitation of this vulnerability requires "Help Desk Administrator" privileges.

2) An error when handling TCP segments can be exploited to terminate system services by sending specially crafted segments.

Please see the vendor's advisory for a list of affected versions.

Solution:
Update to version 7.1.5b(Su5) when available.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Cisco:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cuc

http://secunia.com/advisories/48004/

IBM WebSphere Application Server for z/OS Unspecified JAX-WS Vulnerability

Release Date : 2012-03-01

Criticality level : Moderately critical
Impact : Unknown
Where : From remote
Solution Status : Vendor Patch

Software: IBM WebSphere Application Server 6.1.x
IBM WebSphere Application Server 6.x

Description:
A vulnerability with an unknown impact has been reported in IBM WebSphere Application Server for z/OS.

The vulnerability is caused due to an unspecified error in a WS-Security policy enabled Java API for XML Web Services (JAX-WS) application. No further information is currently available.

The vulnerability is reported in versions 6.1.0.41 and prior.

Solution:
Apply APAR PM59115.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (PM45181):
http://www.ibm.com/support/docview.wss?uid=swg1PM59115

http://secunia.com/advisories/48214/

Release Date : 2012-03-01

Criticality level : Highly critical
Impact : Exposure of sensitive information
System access
Where : From remote
Solution Status : Unpatched

Software: TeamPass 2.x

Description:
Two vulnerabilities have been discovered in TeamPass, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system.

1) Input passed to the "path" parameter in sources/downloadFile.php is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks.

2) The includes/libraries/uploadify/uploadify.php script allows upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.

The vulnerabilities are confirmed in version 2.1.4. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified. Restrict access to the includes/libraries/uploadify/uploadify.php script (e.g. via .htaccess).

Provided and/or discovered by:
1) Kaan Kivilcim, Sense of Security.
2) 1s.

Original Advisory:
SOS-11-004:
http://www.senseofsecurity.com.au/advisories/SOS-11-004

Exploit-DB:
http://www.exploit-db.com/exploits/18522/

http://secunia.com/advisories/48159/

Cisco TelePresence Video Communication Server SIP Packet Handling Denial of Service Vulnerabilities

Release Date : 2012-03-01

Criticality level : Moderately critical
Impact : Dos
Where : From remote
Solution Status : Vendor Patch

Software: Cisco TelePresence Video Communication Server (VCS)

Description:
Two vulnerabilities have been reported in Cisco TelePresence Video Communication Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An error when handling SIP packets can be exploited to cause a crash by sending a specially crafted packet to the TCP and UDP ports 5060 or 5061.

2) An error when handling SIP packets related to SIP INVITE can be exploited to cause a crash by sending a specially crafted packet to the TCP and UDP ports 5060 or 5061.

The vulnerabilities are reported in versions prior to X7.0.1.

Solution:
Update to version X7.0.1.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Cisco:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-vcs

http://secunia.com/advisories/48234/

Kingsoft Antivirus 2011 Unspecified Denial of Service Vulnerability

Release Date : 2012-03-01

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Software: Kingsoft Antivirus 2011

Description:
A vulnerability has been reported in Kingsoft Antivirus 2011, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in a certain device driver and can be exploited to crash the system.

The vulnerability is reported in version 2011 prior to the 2012/02/20 update.

Solution:
Apply the online update released after 2012/02/20.

Provided and/or discovered by:
JVN credits Satoshi TANDA, Fourteenforty Research Institute Inc.

Original Advisory:
Kingsoft:
http://www.kingsoft.jp/support/security/support_news/supportnews_20120229

JVN:
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000019.html
http://jvn.jp/en/jp/JVN31517714/index.html
http://jvn.jp/jp/JVN31517714/index.html

http://secunia.com/advisories/48219/

Release Date : 2012-03-01

Criticality level : Moderately critical
Impact : Security Bypass
Cross Site Scripting
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for moodle. This fixes a weakness, a security issue, and two vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive data and by malicious people to conduct HTTP header injection attacks and bypass certain security restrictions.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2421-1:
http://www.debian.org/security/2012/dsa-2421

http://secunia.com/advisories/48172/

Release Date : 2012-02-29

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Sysax Multi Server 5.x

Description:
Craig Freyman has reported two vulnerabilities in Sysax Multi Server, which can be exploited by malicious users and malicious people to compromise a vulnerable system.

1) A boundary error in the SSH component when handling authentication requests can be exploited to cause a stack-based buffer overflow by sending an authentication request with an overly long username.

2) A boundary error in the SFTP component when handling requests to retrieve files can be exploited by an authenticated user to cause a stack-based buffer overflow by sending a request with an overly long filename.

Successful exploitation of the vulnerabilities allows execution of arbitrary code with SYSTEM privileges.

The vulnerabilities are reported in version 5.53. Prior versions may also be affected.

Solution:
Update to version 5.55.

Provided and/or discovered by:
Craig Freyman

Original Advisory:
Craig Freyman:
http://www.pwnag3.com/2012/02/sysax-multi-server-ssh-username-exploit.html
http://www.pwnag3.com/2012/02/sysax-multi-server-553-sftp-exploit.html

http://secunia.com/advisories/48188/