Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - April 09, 2012

by: Carol~ April 9, 2012 8:30 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - April 09, 2012

by Carol~ Moderator - 4/9/12 8:30 AM

RealNetworks Helix Server Multiple Vulnerabilities

Release Date : 2012-04-09

Criticality level : Highly critical
Impact : Cross Site Scripting
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Software: Helix Mobile Server 14.x
Helix Server 14.x

Description:
Multiple vulnerabilities have been reported in RealNetworks Helix Server, which can be exploited by malicious, local users to disclose sensitive information and by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or compromise a vulnerable system.

1) The administrative and user credentials are insecurely stored in the flat file database (\Program Files\Real\Helix Server\adm_b_db\users\), which can be exploited by local users to disclose the clear text passwords.

2) An error in the SNMP Master Agent process (master.exe) can be exploited to terminate the service by establishing and immediately closing a TCP connection on port 705.

3) An input validation error when processing the "DisplayString" of SNMP object idenfiers can be exploited to cause an unhandled exception and terminate the SNMP Master Agent service (master.exe) via a specially crafted "Open-PDU" request sent to TCP port 705.

4) An unspecified error during rn5auth credential parsing can be exploited to cause a buffer overflow.

Successful exploitation of this vulnerability may allow execution of arbitrary code.

5) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

6) An error when handling certain malformed URLs can be exploited to crash the server process, but requires conducting a successful CSRF (cross-site request forgery) attack against an administrative user.

The vulnerabilities are reported in version 14.2.0.212. Other versions may also be affected.

Solution:
Update to version 14.3.x.

Provided and/or discovered by:
1-3) Dmitriy Pletnev, Secunia Research.
5, 6) The vendor credits Tom Gallagher, Microsoft Vulnerability Research (MSVR).

The vendor also credits Derek Brown via ZDI.

Original Advisory:
RealNetworks:
http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf

Secunia Research:
http://secunia.com/secunia_research/2012-8/
http://secunia.com/secunia_research/2012-9/

http://secunia.com/advisories/45414/


Reply
Report offensive post
Email to friend

Oracle MySQL Server Two Unspecified Vulnerabilities

by Carol~ Moderator - 4/9/12 8:34 AM

In Reply to: VULNERABILITIES / FIXES - April 09, 2012 by Carol~ Moderator

Release Date : 2012-04-09

Criticality level : Less critical
Impact : Unknown
Where : From local network
Solution Status : Vendor Patch

Software: MySQL 5.x

Description:
Two vulnerabilities with unknown impacts have been reported in Oracle MySQL Server.

The vulnerabilities are caused due to unspecified errors. No further information is currently available.

The vulnerabilities are reported in versions prior to 5.5.22.

Solution:
Update to version 5.5.22.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html

http://secunia.com/advisories/48744/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

FFmpeg Multiple Vulnerabilities

by Carol~ Moderator - 4/9/12 8:35 AM

In Reply to: VULNERABILITIES / FIXES - April 09, 2012 by Carol~ Moderator

Release Date : 2012-04-09

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: FFmpeg 0.x

Description:
Multiple vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to compromise an application using the library.

1) A format string error exists within the "srt_to_ass()" function (libavcodec/srtdec.c) when parsing certain parameters.

2) An integer overflow error exists within the "dirac_unpack_block_motion_data()" function (libavcodec/diracdec.c) when handling certain motion data.

3) An integer overflow error exists within the "sws_init_context()" function (libswscale/utils.c) when decoding certain scale data.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 0.10.1.

Solution:
Update to version 0.10.1 or later.

Provided and/or discovered by:
1) Reported by the vendor.
2, 3) The vendor credits Mateusz "j00ru" Jurczyk and Gynvael Coldwind.

Original Advisory:
http://ffmpeg.org/index.html#pr0101

http://secunia.com/advisories/48770/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Apache Hadoop User Impersonation Vulnerability

by Carol~ Moderator - 4/9/12 8:35 AM

In Reply to: VULNERABILITIES / FIXES - April 09, 2012 by Carol~ Moderator

Release Date : 2012-04-09

Criticality level : Less critical
Impact : Spoofing
Where : From remote
Solution Status : Vendor Patch

Software: Apache Hadoop 1.x

Description:
A vulnerability has been reported in Apache Hadoop, which can be exploited by malicious users to impersonate other users.

The vulnerability is caused due to an unspecified error. No further information is currently available.

Successful exploitation requires that the victims use Kerberos / MapReduce security features.

The vulnerability is reported in versions prior to 1.0.2.

Solution:
Update to version 1.0.2.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0069.html
https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin

http://secunia.com/advisories/48715/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Apache Hadoop User Impersonation Vulnerability (2)

by Carol~ Moderator - 4/9/12 8:35 AM

In Reply to: VULNERABILITIES / FIXES - April 09, 2012 by Carol~ Moderator

Release Date : 2012-04-09

Criticality level : Less critical
Impact : Spoofing
Where : From remote
Solution Status : Unpatched

Software: Apache Hadoop 0.20.x

Description:
A vulnerability has been reported in Apache Hadoop, which can be exploited by malicious users to impersonate other users.

Solution:
Upgrade to version 1.0.2.

http://secunia.com/advisories/48775/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Cloudera Manager Hadoop User Impersonation Vulnerability

by Carol~ Moderator - 4/9/12 8:36 AM

In Reply to: VULNERABILITIES / FIXES - April 09, 2012 by Carol~ Moderator

Release Date : 2012-04-09

Criticality level : Less critical
Impact : Spoofing
Where : From remote
Solution Status : Vendor Patch

Software: Cloudera Manager 3.x

Description:
Cloudera has acknowledged a vulnerability in Cloudera Manager, which can be exploited by malicious users to impersonate other users.

The vulnerability is reported in versions prior to 3.7.5.

Solution:
Update to version 3.7.5.

Original Advisory:
https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin

http://secunia.com/advisories/48776/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

idev-GameSite "id" SQL Injection Vulnerability

by Carol~ Moderator - 4/9/12 8:37 AM

In Reply to: VULNERABILITIES / FIXES - April 09, 2012 by Carol~ Moderator

Release Date : 2012-04-09

Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: idev-GameSite 1.x

Description:
the_storm has discovered a vulnerability in idev-GameSite, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "id" parameter to index.php (when "page" is set to "pages") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.

The vulnerability is confirmed in version 1.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
the_storm, Vulnerability Research Laboratory

Original Advisory:
http://www.vulnerability-lab.com/get_content.php?id=494

http://secunia.com/advisories/48725/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SPConfig Webdav User Permission Change Security Bypass

by Carol~ Moderator - 4/9/12 10:25 AM

In Reply to: VULNERABILITIES / FIXES - April 09, 2012 by Carol~ Moderator

Release Date : 2012-04-09

Criticality level : Less critical
Impact : Security Bypass
Where : Local system
Solution Status : Vendor Workaround

Software: ISPConfig 3.x

Description:
A vulnerability has been reported in ISPConfig, which can be exploited by malicious users to bypass certain security restrictions.

The vulnerability is caused due to the webdav_user_edit.php script not properly verifying the path before allowing users to change ownership and permissions of files.

Successful exploitation requires that ISPConfig is configured to use WebDAV.

The vulnerability is reported in version 3.0.4.3. Other versions may also be affected.

Solution:
Fixed in the SVN repository.

Provided and/or discovered by:
hakong in a bug report.

Original Advisory:
http://bugtracker.ispconfig.org/index.php?do=details&task_id=2157

http://secunia.com/advisories/48709/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

OpenCart Two Vulnerabilities

by Carol~ Moderator - 4/9/12 10:27 AM

In Reply to: VULNERABILITIES / FIXES - April 09, 2012 by Carol~ Moderator

Release Date : 2012-04-09

Criticality level : Moderately critical
Impact : Exposure of system information
Exposure of sensitive information
System access
Where : From remote
Solution Status : Unpatched

Software: OpenCart 1.x

Description:
Janek Vind has discovered two vulnerabilities in OpenCart, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose sensitive information.

1) Input passed via the "route" parameter to index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.

2) The admin/controller/catalog/download.php script does not properly validate uploaded files, which can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an appended ".jpg" file extension.

Successful exploitation requires catalog/download access permissions.

The vulnerabilities are confirmed in version 1.5.2.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified. Restrict access to the download folder (e.g. via .htaccess).

Provided and/or discovered by:
Janek Vind "waraxe"

Original Advisory:
http://www.waraxe.us/advisory-84.html

http://secunia.com/advisories/48762/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Gajim SQL and Command Injection Vulnerabilities

by Carol~ Moderator - 4/9/12 10:39 AM

In Reply to: VULNERABILITIES / FIXES - April 09, 2012 by Carol~ Moderator

Release Date : 2012-04-09

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Gajim 0.x

Description:
Two vulnerabilities have been reported in Gajim, which can be exploited by malicious people to conduct SQL injection attacks and compromise a user's system.

1) An input sanitisation error in the "get_last_conversation_lines()" function in common/logger.py can be exploited to inject arbitrary SQL queries via a specially crafted jid (Jabber ID).

2) An input sanitisation error in the "exec_command()" function in common/helpers.py can be exploited to inject arbitrary commands via specially crafted messages.

The vulnerability is reported in versions prior to 0.15.

Solution:
Update to version 0.15.

Provided and/or discovered by:
1) Reported by the vendor.
2) The vendor credits userr.

Original Advisory:
https://trac.gajim.org/ticket/7031
https://trac.gajim.org/ticket/7034

http://secunia.com/advisories/48708/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

KVM qemu-kvm "ext4_fill_flex_info()" Denial of Service

by Carol~ Moderator - 4/9/12 10:40 AM

In Reply to: VULNERABILITIES / FIXES - April 09, 2012 by Carol~ Moderator

KVM qemu-kvm "ext4_fill_flex_info()" Denial of Service Vulnerability

Release Date : 2012-04-09

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Workaround

Software: KVM (Kernel-based Virtual Machine)

Description:
A vulnerability has been reported in KVM qemu-kvm, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "ext4_fill_flex_info()" function in fs/ext4/super.c when mounting a file system and can be exploited to cause a division by zero.

Solution:
Fixed in the GIT repository.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://git.kernel.org/?p=virt/kvm/kvm.git;a=commit;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b

http://secunia.com/advisories/48645/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Newscoop Multiple Vulnerabilities

by Carol~ Moderator - 4/9/12 3:21 PM

In Reply to: VULNERABILITIES / FIXES - April 09, 2012 by Carol~ Moderator

Release Date : 2012-04-09

Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: Newscoop 3.x

Description:
Some vulnerabilities have been discovered in Newscoop, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

1) Input passed via the "Back" parameter to admin/ad.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed via the "token" and "f_email" parameters to admin/password_check_token.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) Input passed via the "f_user_name" parameter to admin/login.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

4) Input passed via the "f_country_code" parameter to admin/country/edit.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires access rights to edit countries.

The vulnerabilities are confirmed in version 3.5.4. Prior versions may also be affected.

Solution:
Update to version 3.5.5.

Provided and/or discovered by:
The vendor credits High-Tech Bridge SA.

Original Advisory:
Newscoop:
http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm
http://dev.sourcefabric.org/browse/CS-4181
http://dev.sourcefabric.org/browse/CS-4182
http://dev.sourcefabric.org/browse/CS-4183
http://dev.sourcefabric.org/browse/CS-4184

http://secunia.com/advisories/48769/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

osCMax "customers_group_name" Script Insertion and SQL

by Carol~ Moderator - 4/9/12 4:25 PM

In Reply to: VULNERABILITIES / FIXES - April 09, 2012 by Carol~ Moderator

osCMax "customers_group_name" Script Insertion and SQL Injection Vulnerabilities

Release Date : 2012-04-09

Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: osCMax 2.x

Description:
Two vulnerabilities have been discovered in osCMax, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.

1) Input passed via the "customers_group_name" parameter to admin/customers_groups.php (when "action" is set "update" and "page" and "cID" are set to valid values) is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

2) Input passed via the "customers_group_name" parameter to admin/customers_groups.php (when "action" is set "update" and "page" and "cID" are set to valid values) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.

Successful exploitation of the vulnerabilities requires access rights to edit customer groups.

The vulnerabilities are confirmed in version 2.5.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
1) Vulnerability Research Laboratory
2) Adora Belle Dearheart

Original Advisory:
http://www.vulnerability-lab.com/get_content.php?id=497

http://secunia.com/advisories/48731/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close