Spyware, viruses, & security forum: VULNERABILITIES / FIXES - April 11, 2012

Release Date : 2012-04-11

Criticality level : Highly critical
Impact : Security Bypass
Cross Site Scripting
Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Software: Adobe Acrobat 9.x
Adobe Acrobat X 10.x
Adobe Reader 9.x
Adobe Reader X 10.x

Description:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, gain knowledge of potentially sensitive information, and compromise a user's system.

1) An integer overflow error when handling True Type Font (TTF) can be exploited to corrupt memory.

2) An unspecified error when handling JavaScript can be exploited to corrupt memory.

3) The application loads executables (e.g. msiexec.exe) in an insecure manner. This can be exploited to run an arbitrary program by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share and repairing the installation.

4) An unspecified error within the JavaScript API can be exploited to corrupt memory.

NOTE: This vulnerability affects the Macintosh and Linux versions only.

5) The application bundles a vulnerable version of Adobe Flash Player.

NOTE: This vulnerability affects Adobe Reader X and Adobe Acrobat X only.

Successful exploitation of vulnerabilities #1 - #4 may allow execution of arbitrary code.

The vulnerabilities are reported in the following products:
* Adobe Reader X versions 10.1.2 and prior for Windows and Macintosh.
* Adobe Reader versions 9.5 and prior for Windows and Macintosh.
* Adobe Reader versions 9.4.6 and prior for Linux.
* Adobe Acrobat X versions 10.1.2 and prior for Windows and Macintosh.
* Adobe Acrobat versions 9.5 and prior for Windows and Macintosh.

Solution:
Apply updates.

Provided and/or discovered by:
3) Mitja Kolsek, ACROS Security

The vendor credits:
1) Peter Vreugdenhil, HP DVLabs
2) Soroush Dalili
4) James Quirk, Los Alamos

Original Advisory:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb12-08.html

ACROS Security:
http://blog.acrossecurity.com/2012/04/adobe-reader-x-1012-msiexecexe-planting.html

http://secunia.com/advisories/48733/

Release Date : 2012-04-11

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Pluck SiteLife 5.x

Description:
Multiple vulnerabilities have been reported in Pluck SiteLife, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "jsonRequest" parameter in Direct/Process, "r" and "cb" parameters in Direct/jsonp.htm, and "cb" parameter in sys/jsonp.app/.htm (when "widget_path" is valid) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions prior to 5.0.13.

Solution:
Update to version 5.0.13.

Provided and/or discovered by:
US-CERT credits Phil Purviance.

Original Advisory:
US-CERT VU#400619:
http://www.kb.cert.org/vuls/id/400619

http://secunia.com/advisories/48778/

Release Date : 2012-04-11

Criticality level : Highly critical
Impact : Unknown
Security Bypass
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Gentoo Linux

Description:
Gentoo has issued an update for chromium. This fixes multiple vulnerabilities, where some have unknown impacts while others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

Solution:
Update to "www-client/chromium-18.0.1025.151" or later.

Original Advisory:
GLSA 201204-03:
http://www.gentoo.org/security/en/glsa/glsa-201204-03.xml

http://secunia.com/advisories/48749/

Release Date : 2012-04-11

Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch

Operating System: Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Server 5
RHEL Desktop Workstation 5

Description:
Red Hat has issued an update for samba3x. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:0466-01:
https://rhn.redhat.com/errata/RHSA-2012-0466.html

http://secunia.com/advisories/48754/

Release Date : 2012-04-11

Criticality level : Highly critical
Impact : DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 5
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6
RHEL Desktop Workstation 5

Description:
Red Hat has issued an update for freetype. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:0467-01:
https://rhn.redhat.com/errata/RHSA-2012-0467.html

http://secunia.com/advisories/48758/

Fujitsu Interstage List Works Archived Forms Security Bypass Weakness

Release Date : 2012-04-11

Criticality level : Not critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Workaround

Software: Interstage List Works 10.x
Interstage List Works 7.x
Interstage List Works 8.x
Interstage List Works 9.x

Description:
A weakness has been reported in Interstage List Works, which can be exploited by malicious users to bypass certain security restrictions.

The weakness is caused due to the application not properly restricting access to the archive folder when a user is denied access, but is a member of a group with access to the folder. This can be exploited to disclose or delete archived forms.

Please see the vendor's advisory for a list of affected products and versions.

Solution:
Apply the vendor workaround (please see the vendor's advisory for details).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Fujitsu:
http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_lw_201201.html

JVN:
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-001932.html

http://secunia.com/advisories/48745/

Release Date : 2012-04-11

Crriticality level : Less critical
Ipact : Exposure of sensitive information
Privilege escalation
DoS
Where : From local network
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 10.04
Ubuntu Linux 11.04
Ubuntu Linux 11.10

Description:
Ubuntu has issued an update for puppet. This fixes multiple security issues and two vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges and by malicious users to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
USN-1419-1:
http://www.ubuntu.com/usn/usn-1419-1/

http://secunia.com/advisories/48748/

Release Date : 2012-04-11

Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: Horizon Quick CMS 3.x

Description:
vekt0r has discovered a vulnerability in Horizon Quick CMS, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "username" parameter to login2.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 3.5.1. Prior versions may also be affected.

Solution:
Update to version 3.5.2.

Provided and/or discovered by:
vekt0r

Original Advisory:
vekt0r:
http://forum.intern0t.org/exploits-vulnerabilities-pocs/4198-sql-injection-horizon-quick-cms-v3-5-1-a.html

http://secunia.com/advisories/48764/

FlightGear "Rotor::getValueforFGSet()" Buffer Overflow Vulnerability

Release Date : 2012-04-11

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: FlightGear 2.x

Description:
A vulnerability has been reported in FlightGear, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the "Rotor::getValueforFGSet()" function (src/FDM/YASim/Rotor.cpp) when parsing a rotor tag of an aircraft model and can be exploited to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 2.6. Other versions may also be affected.

Solution:
Do not use aircraft models from untrusted sources.

Provided and/or discovered by:
Andres Gomez

Original Advisory:
http://sourceforge.net/mailarchive/message.php?msg_id=28957051

http://secunia.com/advisories/48780/

WordPress Image News slider Plugin Unspecified Vulnerabilities

Release Date : 2012-04-11

Criticality level : Moderately critical
Impact : Unknown
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Image News slider Plugin 3.x

Description:
Some vulnerabilities with an unknown impact have been reported in the Image News slider plugin for WordPress.

The vulnerabilities are caused due to unspecified errors. No further information is currently available.

The vulnerabilities are reported in versions prior to 3.3.

Solution:
Update to version 3.3.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory
http://wordpress.org/extend/plugins/wp-image-news-slider/other_notes/

http://secunia.com/advisories/48747/