Spyware, viruses, & security forum: VUNLERABILITIES / FIXES - March 09, 2012

Release Date : 2012-03-09

Criticality level : Highly critical
Impact : Security Bypass
Cross Site Scripting
Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Apple iOS 5.x for iPhone 3GS and later
Apple iOS for iPad 5.x
Apple iOS for iPod touch 5.x

Description:
A weakness and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to disclose sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's device.

1) An error within the CFNetwork component when handling URLs can be exploited to disclose sensitive information by tricking the user into visiting a malicious website.

2) An integer underflow error within the HFS component when handling HFS catalog files can be exploited by mounting a maliciously crafted disk image.

3) A logic error within the kernel does not properly handle debug system calls and can be exploited to bypass the sandbox restrictions.

4) An integer overflow error within the libresolv library when handling DNS resource records can be exploited to corrupt heap memory.

5) A race condition error in the Passcode Lock component when handling slide to dial gestures can be exploited to bypass the Passcode Lock screen.

6) The weakness is caused due to the Private Browsing mode in Safari not properly preventing recording of visits to certain sites using the pushState or replaceState JavaScript methods.

7) An error within the Siri component when handling voice commands can be exploited to bypass the screen lock and forward an open mail message to an arbitrary recipient.

8) A format string error in the VPN component when handling racoon configuration files can be exploited to execute arbitrary code via a specially crafted racoon configuration file.

9) A cross-origin error in the WebKit component can be exploited to bypass the same-origin policy and disclose a cookie by tricking the user into visiting a malicious website.

10) An error within the WebKit component when handling drag-and-drop actions can be exploited to conduct cross-site scripting attacks.

11) Multiple unspecified errors within the WebKit component can be exploited to conduct cross-site scripting attacks.

12) Some vulnerabilities are caused due to a bundled vulnerable version of WebKit.

Successful exploitation of vulnerabilities #2, #4, #8, and #12 may allow execution of arbitrary code.

Solution:
Apply iOS 5.1 Software Update.

Provided and/or discovered by:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan Austin of polyvore.com.

Original Advisory:
Apple:
http://support.apple.com/kb/HT5192

http://secunia.com/advisories/48288/

Release Date : 2012-03-09

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Operating System: Apple TV 4.x

Description:
A vulnerability has been reported in Apple TV, which can be exploited by malicious people to potentially compromise a vulnerable system.

Solution:
Upgrade to version 5.0.

Provided and/or discovered by:
The vendor credits Ilja van Sprundel, IOActive.

Original Advisory:
Apple:
http://support.apple.com/kb/HT5193

http://secunia.com/advisories/48289/

Release Date : 2012-03-09

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 10.04
Ubuntu Linux 10.10
Ubuntu Linux 11.04
Ubuntu Linux 11.10

Description:
Ubuntu has issued an update for python-pam. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a double free error in the "PyPAM_conv()" function (PAMmodule.c) when processing authentication requests and can be exploited by providing a password containing a NULL-byte.

Solution:
Apply updated packages.

Provided and/or discovered by:
Markus Vervier, LSE Leading Security Experts.

Original Advisory:
USN-1395-1:
http://www.ubuntu.com/usn/usn-1395-1/

LSE Leading Security Experts:
http://www.lsexperts.de/advisories/lse-2012-03-01.txt

http://secunia.com/advisories/48332/

Release Date : 2012-03-09

Criticality level : Less critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: DBD::Pg 2.x (module for Perl)

Description:
Two vulnerabilities have been reported in the DBD::Pg module for Perl, which can be exploited by malicious people to compromise an application using the module.

1) A format string error exists within the "pg_warn()" function (dbdimp.c) when handling database notices.

2) A format string error exists within the "dbd_st_prepare()" function (dbdimp.c) when preparing DBD statements.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code but requires connecting to a malicious database server.

The vulnerabilities are reported in version 2.18.1. Other versions may also be affected.

Solution:
Do not connect to untrusted database servers.

Provided and/or discovered by:
Dominic Hargreaves in a Debian bug report.

Original Advisory:
Debain:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536

https://rt.cpan.org/Public/Bug/Display.html?id=75642

http://secunia.com/advisories/48319/

Release Date : 2012-03-09

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for freetype. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2428-1:
http://www.us.debian.org/security/2012/dsa-2428

http://secunia.com/advisories/48300/

Release Date : 2012-03-09

Criticality level : HIghly critical
Impact : Hijacking
Spoofing
Manipulation of data
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: VMware ESX Server 3.x

Software: VMware VirtualCenter 2.x

Description:
VMware has acknowledged multiple vulnerabilities in ESX Server and VirtualCenter, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

The vulnerabilities are reported in the following products and versions:
* VMware VirtualCenter 2.5 prior to "Update 6b"
* VMware ESX 3.5

Solution:
Apply patch or update.

Original Advisory:
VMSA-2012-0003:
http://www.vmware.com/security/advisories/VMSA-2012-0003.html

http://secunia.com/advisories/48335/

TIBCO ActiveMatrix Products Cross-Site Scripting and Information Disclosure Vulnerabilities

Release Date : 2012-03-09

Criticality level : Moderately critical
Impact : Exposure of sensitive information
Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: TIBCO ActiveMatrix BPM 1.x
TIBCO ActiveMatrix BusinessWorks Service Engine 5.x
TIBCO ActiveMatrix Service Bus 3.x
TIBCO ActiveMatrix Service Grid 3.x

Description:
Multiple vulnerabilities have been reported in TIBCO ActiveMatrix products, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

1) An unspecified error can be exploited to disclose sensitive information by tricking a user into visiting a malicious website.

2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) An unspecified error can be exploited to disclose credentials. No further information is currently available.

The vulnerabilities affect the TIBCO ActiveMatrix Platform component.

The vulnerabilities are reported in the following products:
TIBCO ActiveMatrix Service Grid versions prior to 3.1.5.
TIBCO ActiveMatrix Service Bus versions prior to 3.1.5.
TIBCO ActiveMatrix BusinessWorks Service Engine versions 5.9.x prior to 5.9.3.
TIBCO ActiveMatrix BPM versions prior to 1.3.0.

Solution:
Update to a fixed version.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt
http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp

http://secunia.com/advisories/48342/

Release Date : 2012-03-09

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 11.4

Description:
SUSE has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0342-1:
http://lists.opensuse.org/opensuse-updates/2012-03/msg00008.html

http://secunia.com/advisories/48230/

Release Date : 2012-03-09

Criticality level : Moderately critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 11.4

Description:
SUSE has issued an update for gnutls. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0344-1:
http://lists.opensuse.org/opensuse-updates/2012-03/msg00010.html

http://secunia.com/advisories/46237/

Release Date : 2012-03-09

Criticality level : Highly critical
Impact : Manipulation of data
System access
Where : From remote
Solution Status : Vendor Patch

Software: OSClass 2.x

Description:
A vulnerability has been discovered in OSClass, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to manipulate certain data.

The vulnerability is caused due to the oc-content/themes/modern/combine.php script not verifying file names before creating cache files. This can be exploited to e.g. overwrite arbitrary files or copy certain files to an arbitrary path via directory traversal sequences.

Note: This can further be exploited to download certain files or execute arbitrary PHP code by renaming an uploaded file.

The vulnerability is confirmed in version 2.3.5. Prior versions may also be affected.

Solution:
Update to version 2.3.6.

Provided and/or discovered by:
Filippo Cavallarin, CodSeq.

Original Advisory:
CSA-12004:
http://www.codseq.it/advisories/osclass_directory_traversal_vulnerability

OSClass:
http://osclass.org/2012/03/05/osclass-2-3-6/

http://secunia.com/advisories/48284/

VMware vCenter Chargeback Manager XML API Handling Vulnerability

Release Date : 2012-03-09

Criticality level : Less critical
Impact : Exposure of sensitive information
DoS
Where : From local network
Solution Status : Unpatched

Software: VMware vCenter Chargeback Manager 1.x

Description:
A vulnerability has been reported in VMware vCenter Chargeback Manager, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling XML API requests.

The vulnerability is reported in version 1.6.2. Other versions may also be affected.

Solution:
Upgrade to version 2.0.1.

Original Advisory:
VMSA-2012-0002:
http://www.vmware.com/security/advisories/VMSA-2012-0002.html

http://secunia.com/advisories/48301/