Spyware, viruses, & security forum: VULNERABILITIES / FIXES - April 02, 2012

Release Date : 2012-04-02

Criticality level : Highly critical
Impact : Unknown
Spoofing
System access
Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Operating System: Gentoo Linux

Description:
Gentoo has issued an update for chromium and v8. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting and spoofing attacks and compromise a user's system.

Solution:
Update to "www-client/chromium-18.0.1025.142" or later and "dev-lang/v8-3.8.9.16" or later.

Original Advisory:
GLSA 201203-24:
http://www.gentoo.org/security/en/glsa/glsa-201203-24.xml

http://secunia.com/advisories/48691/

Release Date : 2012-04-02

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: PHP Agenda 2.x

Description:
Ivano Binetti has discovered a vulnerability in PHP Agenda, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add an administrator by tricking a logged in user into visiting a malicious web site.

The vulnerability is confirmed in version 2.2.8. Other versions may also be affected.

Solution:
Do not browse untrusted websites or follow untrusted links while logged in to the application.

Provided and/or discovered by:
Ivano Binetti.

Original Advisory:
Ivano Binetti:
http://www.webapp-security.com/2012/03/simple-php-agenda/

http://secunia.com/advisories/48685/

Check Point Multiple Products Hash Collision Denial of Service Vulnerability

Release Date : 2012-04-02

Criticality level : Less critical
Impact : Dos
Where : From remote
Solution Status : Vendor Patch

Operating System: Check Point Connectra Appliances
Check Point Security Gateways

Software: Check Point Endpoint Security 7.x
Check Point Endpoint Security 8.x
Check Point Integrity 5.x
Check Point Integrity 6.x
Check Point Integrity 7.x

Description:
Check Point has acknowledged a vulnerability in multiple products, which can be exploited by malicious people to cause a DoS (Denial of Service).

Please see the vendor's advisory for a list of affected products and versions.

Solution:
Apply hotfix (please see the vendor's advisory for details).

Original Advisory:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk66350

http://secunia.com/advisories/48662/

Release Date : 2012-04-02

Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: LandShop 0.x

Description:
the_storm has discovered multiple vulnerabilities in LandShop, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site request forgery attacks.

1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change an administrative user's password when a logged-in administrative user visits a specially crafted web page.

2) Input passed via the "OTR_HEADS[]" parameter to admin/action/objects.php (when "action" is set to "edit") is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

3) Input passed via the "OB_ID" parameter to admin/action/objects.php (when "action" is set to "single") and the "AREA_ID" parameter to admin/action/areas.php (when "action" is set to "show") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.

4) Input passed via the "start" parameter to admin/action/pdf.php (when "action" is set to "show") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of the vulnerabilities #2 through #4 requires e.g. "Operator" access rights.

The vulnerabilities are confirmed in version 0.9.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
the_storm, Vulnerability Research Laboratory.

Original Advisory:
http://vulnerability-lab.com/get_content.php?id=485

http://secunia.com/advisories/48661/

Release Date : 2012-04-02

Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch

Software: IBM Cognos TM1 9.x

Description:
A vulnerability has been reported in IBM Cognos TM1, which can be exploited by malicious people to potentially compromise a vulnerable system.

The vulnerability is caused due to an error in the Admin Server component when handling requests and can be exploited to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions 9.4.1, 9.5.1, and 9.5.2.

Solution:
Apply interim fixes.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM:
http://www-01.ibm.com/support/docview.wss?uid=swg24032164
http://www-01.ibm.com/support/docview.wss?uid=swg24032165
http://www-01.ibm.com/support/docview.wss?uid=swg24032166

http://secunia.com/advisories/48568/