Spyware, viruses, & security forum: VULNERABILITIES / FIXES - March 07, 2012

Release Date : 2012-03-07

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for gimp. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2426-1:
http://www.debian.org/security/2012/dsa-2426

http://secunia.com/advisories/48236/

Release Date : 2012-03-07

Criticality level : Moderately critical
Impact : DoS
System access
Where : From remote
Solution Status : Vendor Workaround

Software: libxslt 1.x

Description:
A vulnerability has been reported in libxslt, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.

The vulnerability is caused due to an error in the "xsltCompilePatternInternal()" function (libxslt/pattern.c) when parsing XSLT patterns. This can be exploited to cause an out-of-bounds read resulting in an access violation via a specially crafted file.

The vulnerability is reported in version 1.1.26. Other versions may also be affected.

Solution:
Fixed in the GIT repository.

Provided and/or discovered by:
Originally reported by Aki Helin in Google Chrome.

http://secunia.com/advisories/48212/

Release Date : 2012-03-07

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Splunk 4.x

Description:
A vulnerability has been reported in Splunk, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions 4.0 through 4.3.

Solution:
Update to version 4.3.1.

Provided and/or discovered by:
The vendor credits Soroush Dalili.

Original Advisory:
SPL-38585:
http://www.splunk.com/view/SP-CAAAGTK

http://secunia.com/advisories/48283/

Release Date : 2012-03-07

Criticality level : Highly critical
Impact : Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Software: Red Hat Enterprise Linux Desktop Supplementary (v. 6)
Red Hat Enterprise Linux Server Supplementary (v. 6)
Red Hat Enterprise Linux Workstation Supplementary (v. 6)
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)

Description:
Red Hat has issued an update for flash-plugin. This fixes some vulnerabilities, which can be exploited by malicious people to gain knowledge of potentially sensitive information or compromise a user's system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:0359-01:
https://rhn.redhat.com/errata/RHSA-2012-0359.html

http://secunia.com/advisories/48295/

Release Date : 2012-03-07

Crriticality level : Less critical
Ipact : Security Bypass
Manipulation of data
Privilege escalation
DoS
Where : From local network
Solution Status : Vendor Patch

Software: IBM DB2 9.x

Description:
Multiple vulnerabilities have been reported in IBM DB2, which can be exploited by malicious, local users to manipulate certain data and gain escalated privileges, by malicious users to bypass certain security restrictions, gain escalated privileges, and cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service).

1) A security issue exists within the Common Code Infrastructure due to the nodes.reg file having insecure world-writeable permissions.

2) An unspecified error within the Server component can be exploited to cause a DoS.

3) An error within the Install component may allow local users to escalate their privileges.

4) An unspecified error within the DAS component may allow authenticated users to escalate their privileges.

5) An unspecified error within the XML feature can be exploited to cause a DoS.

Successful exploitation of this vulnerability requires CONNECT privileges.

6) An unspecified error within some authorization checks can be exploited to gain access to certain tables.

Successful exploitation of this vulnerability requires CONNECT and CREATEIN privileges.

The vulnerabilities are reported in versions prior to 9.5 Fix Pack 9.

Solution:
Update to version 9.5 Fix Pack 9.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (IC76899, IC79970, IC80728, IC81379, IC81387):
http://www.ibm.com/support/docview.wss?uid=swg21586193
http://www.ibm.com/support/docview.wss?uid=swg1IC79518
http://www.ibm.com/support/docview.wss?uid=swg1IC81379
http://www.ibm.com/support/docview.wss?uid=swg1IC81387

http://secunia.com/advisories/48279/

Release Date : 2012-03-07

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: Apple Safari 5.x

Description:
Krystian Kloskowski has discovered a vulnerability in Safari, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to plug-ins being unloaded when navigating to a new page while the user interacts with the plug-in (e.g. displays the context menu). If the plug-in has called a blocking function (e.g. TrackPopupMenu) before Safari navigates to another page, the API call may block until after Safari unloaded the plug-in, which can lead to the API call returning to freed memory.

The vulnerability is confirmed in version 5.1.2 (7534.52.7) on Windows using the RealPlayer and Adobe Flash plug-ins. Other versions may also be affected.

Solution:
No effective workaround is currently available.

Provided and/or discovered by:
Krystian Kloskowski (h07) via Secunia

http://secunia.com/advisories/45758/

Release Date : 2012-03-07

Criticality level : Highly critical
Impact : DoS
System access
Where : From remote
Solution Status : Vendor Workaround

Software: FreeType 2.x

Description:
Multiple vulnerabilities have been reported in FreeType, which can be exploited by malicious people to potentially compromise an application using the library.

1) An error in src/type1/t1parse.c when processing dictionaries can be exploited to cause heap-based memory corruption via a specially crafted Type1 font file.

2) An error in src/bdf/bdflib.c when processing the encoding field can be exploited to cause heap-based memory corruption via a specially crafted Bitmap Distribution Format (BDF) font file.

3) An error in src/winfonts/winfnt.c when processing the number of glyphs can be exploited to cause heap-based memory corruption via a specially crafted TrueType font file.

4) An error in src/truetype/ttgload.c when handling the zone2 pointer point can be exploited to cause heap-based memory corruption via a specially crafted TrueType font file.

5) An error in src/bdf/bdflib.c when processing negative encoding values can be exploited to cause heap-based memory corruption via a specially crafted Bitmap Distribution Format (BDF) font file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

NOTE: Additionally, some errors exist when processing various font files, which may result in an access violation and crash the application.

Solution:
Fixed in the GIT repository.

Provided and/or discovered by:
Reported by Mateusz Jurczyk (j00ru), Google Security Team.

Original Advisory:
https://savannah.nongnu.org/bugs/?35608
https://savannah.nongnu.org/bugs/?35641
https://savannah.nongnu.org/bugs/?35659
https://savannah.nongnu.org/bugs/?35689
https://savannah.nongnu.org/bugs/?35607

http://secunia.com/advisories/48268/

Release Date : 2012-03-07

Criticality level : Less critical
Impact : Privilege escalation
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 10.04

Description:
Ubuntu has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
USN-1389-1:
http://www.ubuntu.com/usn/usn-1389-1/

http://secunia.com/advisories/48287/

Release Date : 2012-03-07

Criticality level : Less critical
Impact : Privilege escalation
DoS
System access
Where : From local network
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 10.04

Description:
Ubuntu has issued an update for linux-lts-backport-oneiric. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), and gain escalated privileges, by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and gain escalated privileges, and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
USN-1384-1:
http://www.ubuntu.com/usn/usn-1384-1/

http://secunia.com/advisories/48292/

Release Date : 2012-03-07

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Software: Touhou Hisouten 1.x

Description:
A vulnerability has been reported in Touhou Hisouten, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error and can be exploited to crash the application via specially crafted network traffic.

The vulnerability is reported in versions 1.06 and prior.

Solution:
Apply patch (please contact vendor for more information).

Provided and/or discovered by:
JVN credits Yuma Kurogome.

Original Advisory:
JVN:
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000089.html
http://jvn.jp/en/jp/JVN50227837/index.html

http://secunia.com/advisories/48271/

Release Date : 2012-03-07

Criticality level : Less critical
Impact : Privilege escalation
DoS
System access
Where : From local network
Solution Status : Vendor Patch

Operating System: Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6

Description:
Red Hat has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

1) Two errors in the "__sys_sendmsg()" function (net/socket.c) due to not validating user defined pointers can potentially be exploited to cause a crash.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:0350-1:
https://rhn.redhat.com/errata/RHSA-2012-0350.html

https://bugzilla.redhat.com/show_bug.cgi?id=761646

http://secunia.com/advisories/48294/

Release Date : 2012-03-07

Criticality level : Less critical
Impact : Privilege escalation
DoS
System access
Where : From local network
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges, by malicious, local users in a guest virtual machine to gain escalated privileges and by malicious people with physical access to potentially compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
USN-1390-1:
http://www.ubuntu.com/usn/usn-1390-1/

http://secunia.com/advisories/48278/

Release Date : 2012-03-07

Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: Exponent CMS 2.x

Description:
Rob Miller has discovered a vulnerability in Exponent CMS, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "src" parameter to cron/send_reminders.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 2.0.4. Other versions may also be affected.

Solution:
Update to version 2.0.5.

Provided and/or discovered by:
Rob Miller, MWR InfoSecurity

Original Advisory:
MWR InfoSecurity:
http://labs.mwrinfosecurity.com/assets/240/mwri_advisory-exponent-cms_2012-02-16.pdf

Exponent CMS:
https://github.com/exponentcms/exponent-cms/commit/f47cd477f2a96d05fbbd209f03daeb1f4d2b2eb3

http://secunia.com/advisories/48237/

Release Date : 2012-03-07

Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Exposure of sensitive information
DoS
Where : From remote
Solution Status : Vendor Patch

Software: IBM Tivoli Asset Management for IT 6.x
IBM Tivoli Asset Management for IT 7.x
IBM Tivoli Change and Configuration Management Database 6.x
IBM Tivoli Change and Configuration Management Database 7.x
IBM Tivoli Service Desk 6.x
IBM Tivoli Service Request Manager 7.x

Description:
A weakness and multiple vulnerabilities have been reported in IBM Tivoli products, which can be exploited by malicious users to disclose sensitive information and conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

Please see the vendor's advisory for a list of affected products.

Solution:
Apply APAR or interim fix (please see the vendor's advisory for details).

Original Advisory:
IBM (IV09157, IV09193, IV09194, IV09197, IV09198):
http://www.ibm.com/support/docview.wss?uid=swg21584666
http://xforce.iss.net/xforce/xfdb/71985
http://xforce.iss.net/xforce/xfdb/72000
http://xforce.iss.net/xforce/xfdb/72001
http://xforce.iss.net/xforce/xfdb/72004

http://secunia.com/advisories/48305/

Release Date : 2012-03-07

Criticality level : Less critical
Impact : Spoofing
Where : From remote
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 11.04
Ubuntu Linux 11.10

Description:
Ubuntu has issued an update for apt. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

The security issue is caused due to the application incorrectly verifying repositories with a pre-existing "InRelease" file and can potentially be exploited to install altered packages via Man-in-the-Middle (MitM) attacks.

Solution:
Apply updated packages.

Provided and/or discovered by:
The vendor credits Simon Ruderich.

Original Advisory:
USN-1385-1:
http://www.ubuntu.com/usn/usn-1385-1/

https://bugs.launchpad.net/ubuntu/+source/apt/+bug/947108

http://secunia.com/advisories/48286/