Spyware, viruses, & security forum: VULNERABILITIES / FIXES - April 05, 2012

Release Date : 2012-04-05

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Drupal Print Module 6.x (Printer, e-mail and PDF versions)
Drupal Print Module 7.x (Printer, e-mail and PDF versions)

Description:
A vulnerability has been reported in the Print module for Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions 6.x-1.x prior to 6.x-1.15 and versions 7.x-1.x prior to 7.x-1.0.

Solution:
Update to version 6.x-1.15 or 7.x-1.0.

Provided and/or discovered by:
The vendor credits Shlomi Zadok and Ivan Bueno.

Original Advisory:
http://drupal.org/node/1515722

http://secunia.com/advisories/48625/

Ticket Support Script Cross-Site Request Forgery Vulnerability

Release Date : 2012-04-05

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Ticket Support Script 1.x

Description:
A vulnerability has been reported in Ticket Support Script, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create an arbitrary user with administrative privileges if a logged-in administrative user visits a malicious web site.

Solution:
Do not browse untrusted sites or follow untrusted links while being logged-in to the application.

Provided and/or discovered by:
DoSs-Dz

Original Advisory:
http://packetstormsecurity.org/files/111565/Ticket-Support-Script-Cross-Site-Request-Forgery.html

http://secunia.com/advisories/48710/

Juniper IVE OS Network Connect/Pulse Cross-Site Scripting Vulnerability

Release Date : 2012-04-05

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Operating System: Juniper IVE OS Software 6.x

Description:
A vulnerability has been reported in Juniper IVE OS, which can be exploited by malicious people to conduct cross-site scripting attacks.

The vulnerability is reported in versions 6.x.

Solution:
Upgrade to version 7.0R9 or 7.1R6.

Provided and/or discovered by:
Reported by the vendor

Original Advisory:
http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2012-02-513

http://secunia.com/advisories/48720/

Release Date : 2012-04-05

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Hosting Directory 1.x

Description:
A vulnerability has been reported in Hosting Directory, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change an administrator's email by tricking a logged in administrator into visiting a malicious web site.

The vulnerability is reported in version 1.0. Other versions may also be affected.

Solution:
Do not browse untrusted sites or follow untrusted links while being logged-in to the application.

Provided and/or discovered by:
Jonturk75

Original Advisory:
http://packetstormsecurity.org/files/111562/Hosting-Directory-Cross-Site-Request-Forgery.html

http://secunia.com/advisories/48706/

Release Date : 2012-04-05

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Software: ImageMagick 6.x

Description:
Multiple vulnerabilities have been reported in ImageMagick, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An error in the "GetEXIFProperty()" function (magick/property.c) when parsing JPEG EXIF tags with a components count of 0 can be exploited to access uninitialised or invalid memory via a specially crafted JPEG image.

The vulnerability is reported in version 6.7.6-2 and prior.

2) Insufficient validation in the "JPEGWarningHandler()" function (coders/jpeg.c) when handling JPEG restart markers may exhaust resources via a specially crafted JPEG image.

The vulnerability is reported in version 6.7.6-2 and prior.

3) An error in the "TIFFGetEXIFProperties()" function (coders/tiff.c) when parsing TIFF EXIF IFD may cause invalid memory to be read via a specially crafted TIFF image.

The vulnerability is reported in version 6.7.6-2 and prior.

4) An integer overflow error in the "GetEXIFProperty()" function (magick/property.c) when parsing JPEG EXIF tags with an overly large components count may result in invalid heap memory being read. A similar error exists in the "SyncImageProfiles()" function (magick/profile.c).

The vulnerability is reported in versions prior to 6.7.6-4.

Solution:
Update to version 6.7.6-4 or apply patches.

Provided and/or discovered by:
1-3) Aleksis Kauppinen, Joonas Kuorilehto, and Tuomas Parttimaa of Codenomicon CROSS Project
4) Red Hat Security Response

Original Advisory:
ImageMagick:
http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629

CERT-FI:
http://www.cert.fi/en/reports/2012/vulnerability635606.html

Red Hat Security Response:
http://seclists.org/oss-sec/2012/q2/19

http://secunia.com/advisories/48679/

Sourcefire Defense Center / 3D Sensor Multiple Vulnerabilities

Release Date : 2012-04-05

Criticality level : Less critical
Impact : Security Bypass
Cross Site Scripting
Exposure of sensitive information
Where : From local network
Solution Status : Unpatched

Operating System: Sourcefire 3D Sensor
Sourcefire Defense Center

Description:
Filip Palian has reported two security issues and two vulnerabilities in Sourcefire Defense Center and Sourcefire 3D Sensor, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions and by malicious people to disclose potentially sensitive information.

1) Certain input passed to the "file" parameter in ComparisonViewer/report.cgi is not properly verified before being used to display files. This can be exploited to disclose arbitrary files via directory traversal sequences.

2) An error due to the appliance not restricting access to certain files within the webroot can be exploited to download and disclose the contents of e.g. configuration files.

3) An error related to the database permissions given to RUA agents can be exploited to gain privileged access to the database.

Note: This security issue doesn't affect versions 4.9.x and prior.

4) Certain input passed to the dashboard when renaming new tabs is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

The security issues and vulnerabilities are reported in versions prior to 4.9.1.9, 4.10.2.3, and 5.0.1.1.

Solution:
Update to version 4.9.1.9, 4.10.2.3, or 5.0.1.1.

Provided and/or discovered by:
Filip Palian

Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/2012-04/0030.html

http://secunia.com/advisories/48667/

Release Date : 2012-04-05

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 10.04
Ubuntu Linux 10.10
Ubuntu Linux 11.04
Ubuntu Linux 11.10
Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for tiff. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
USN-1416-1:
http://www.ubuntu.com/usn/usn-1416-1

http://secunia.com/advisories/48722/

Release Date : 2012-04-05

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: WebEx Recording Format Player

Description:
Three vulnerabilities have been reported in Cisco WebEx Player, which can be exploited by malicious people to compromise a user's system.

1) An error in atdl2006.dll when decompressing certain content can be exploited to cause a heap-based buffer overflow via a specially crafted WRF file.

2) An integer overflow error in atas32.dll when decompressing certain content can be exploited to cause a heap-based buffer overflow via a specially crafted WRF file.

3) An unspecified error can be exploited to cause a buffer overflow via a specialy crafted WRF file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The following versions are affected by one or more of the vulnerabilities:
* Client builds 27.32.0 (T27 LD SP32) and prior
* Client builds 27.25.9 (T27 LC SP25 EP9) and prior
* Client builds 27.21.10 (T27 LB SP21 EP10) and prior
* Client builds 27.11.26 (T27 L SP11 EP26) and prior

Solution:
Update to Client builds 27.25.10 (T27 LC SP25 EP10) or 27.32.1 (T27 LD SP32 CP1).

Provided and/or discovered by:
1, 2) Damian Put via Secunia.
3) The vendor credits iDefense.

Original Advisory:
Cisco:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex

http://secunia.com/advisories/47023/