Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - April 20, 2012

by: Carol~ April 20, 2012 6:19 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - April 20, 2012

by Carol~ Moderator - 4/20/12 6:19 AM

Ubuntu update for openssl

Release Date : 2012-04-20

Criticality level : Highly critical
Impact : DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 10.04
Ubuntu Linux 11.04
Ubuntu Linux 11.10
Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for openssl. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
USN-1424-1:
http://www.ubuntu.com/usn/usn-1424-1/

http://secunia.com/advisories/48899/


Reply
Report offensive post
Email to friend

Debian update for openssl

by Carol~ Moderator - 4/20/12 6:24 AM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

Release Date : 2012-04-20

Criticality level : Highly critical
Impact : Security Bypass
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for openssl. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise an application using the library.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2454-1:
http://www.us.debian.org/security/2012/dsa-2454

http://secunia.com/advisories/48895/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Comodo Internet Security PE File Processing Denial of

by Carol~ Moderator - 4/20/12 6:25 AM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

Comodo Internet Security PE File Processing Denial of Service Vulnerability

Release Date : 2012-04-20

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Software: Comodo Internet Security 5.x

Description:
Ange Albertini has reported a vulnerability in Comodo Internet Security, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when processing certain Portable Executable (PE) files and can be exploited to cause a crash via e.g. a specially crafted PE file having the "ImageBase" address of the kernel.

The vulnerability is reported in versions prior to 5.10.

Solution:
Update to version 5.10.

Provided and/or discovered by:
Ange Albertini

Original Advisory:
Comodo:
http://www.comodo.com/home/download/release-notes.php?p=anti-malware

Ange Albertini:
http://seclists.org/bugtraq/2012/Apr/138

http://secunia.com/advisories/48928/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Rational ClearQuest ActiveX Control Buffer Overflow

by Carol~ Moderator - 4/20/12 6:25 AM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

IBM Rational ClearQuest ActiveX Control Buffer Overflow Vulnerability

Release Date : 2012-04-20

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: IBM Rational ClearQuest 7.x
IBM Rational ClearQuest 8.x
IBM Rational ClearQuest ActiveX Control 7.x
IBM Rational ClearQuest ActiveX Control 8.x

Description:
A vulnerability has been reported in IBM Rational ClearQuest, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a function prototype mismatch in the "RegisterSchemaRepoFromFileByDbSet()" function in the IBM Rational ClearQuest ActiveX control (cqole.dll). This can be exploited to cause a heap-based buffer overflow by tricking a user into visiting a malicious website.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions 7.1.1 through 7.1.2.5, 8.0, and 8.0.0.1.

Solution:
Update to a fixed version.

Provided and/or discovered by:
The vendor credits Andrea Micalizzi via ZDI.

Original Advisory:
IBM:
http://www.ibm.com/support/docview.wss?uid=swg21591705

X-Force:
http://xforce.iss.net/xforce/xfdb/73492

http://secunia.com/advisories/48933/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

RubyGems Remote Repository SSL Certificate Verification

by Carol~ Moderator - 4/20/12 6:25 AM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

RubyGems Remote Repository SSL Certificate Verification Security Issue

Release Date : 2012-04-20

Criticality level : Less critical
Impact : Spoofing
Where : From remote
Solution Status : Vendor Patch

Software: RubyGems 1.x

Description:
A security issue has been reported in RubyGems, which can be exploited by malicious people to conduct spoofing attacks.

The security issue is caused due to an error when verifying SSL certificates and may allow spoofing a remote repository via e.g. Man-in-the-Middle (MitM) attacks.

The security issue is reported in versions prior to 1.9.3-p194.

Solution:
Update to version 1.9.3-p194.

Provided and/or discovered by:
The vendor credits John Firebaugh.

Original Advisory:
http://www.ruby-lang.org/en/news/2012/04/20/ruby-1-9-3-p194-is-released/

http://secunia.com/advisories/48807/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Hitachi JP1/IT Desktop Management Cross-Site Scripting

by Carol~ Moderator - 4/20/12 6:25 AM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

Hitachi JP1/IT Desktop Management Cross-Site Scripting and Denial of Service Vulnerabilities

Release Date : 2012-04-20

Criticality level : Less critical
Impact : Cross Site Scripting
DoS
Where : From remote
Solution Status : Vendor Patch

Software: Hitachi JP1/IT Desktop Management

Description:
Two vulnerabilities have been reported in Hitachi JP1/IT Desktop Management, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) An unspecified error can be exploited to cause a crash. No further information is currently available.

The vulnerabilities are reported in versions 09-50 and 09-50-01.

Solution:
Update to version 09-50-02.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Hitachi (Japanese):
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-011/index.html

http://secunia.com/advisories/48843/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

TwitRocker2 for Android WebView Class Security Bypass

by Carol~ Moderator - 4/20/12 8:32 AM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

TwitRocker2 for Android WebView Class Security Bypass Security Issue

Release Date : 2012-04-20

Criticality level : Not critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: TwitRocker2 for Android 1.x

Description:
A security issue has been reported in TwitRocker2 for Android, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to an error within the WebView class and can be exploited to disclose certain information managed by the application.

Successful exploitation requires that a malicious application is installed.

The security issue is reported in versions prior to 1.0.23.

Solution:
Update to version 1.0.23.

Provided and/or discovered by:
JVN credits Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.

Original Advisory:
JVN:
http://jvn.jp/en/jp/JVN00000601/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000033

http://secunia.com/advisories/48894/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Zingiri Web Shop Plugin Multiple Unspecified

by Carol~ Moderator - 4/20/12 8:32 AM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

WordPress Zingiri Web Shop Plugin Multiple Unspecified Vulnerabilities

Release Date : 2012-04-20

Criticality level : Moderately critical
Impact : Unknown
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Zingiri Web Shop Plugin 2.x

Description:
Some vulnerabilities with an unknown impact have been reported in the Zingiri Web Shop plugin for WordPress.

The vulnerabilities are caused due to an unspecified error. No further information is currently available.

The vulnerabilities are reported in versions prior to 2.4.0.

Solution:
Update to version 2.4.0.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/
http://forums.zingiri.com/announcements.php?aid=2

http://secunia.com/advisories/48909/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Java 5 Multiple Vulnerabilities

by Carol~ Moderator - 4/20/12 8:32 AM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

Release Date : 2012-04-20

Criticality level : Highly critical
Impact : Manipulation of data
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Software: IBM Java 5.x

Description:
IBM has acknowledged multiple vulnerabilities in IBM Java, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Update to version 5.0 SR13-FP1.

Original Advisory:
http://www.ibm.com/developerworks/java/jdk/alerts/

http://secunia.com/advisories/48915/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Java 6 Multiple Vulnerabilities

by Carol~ Moderator - 4/20/12 8:32 AM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

Release Date : 2012-04-20

Criticality level : Highly critical
Impact : Manipulation of data
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Software: IBM Java 6.x

Description:
IBM has acknowledged multiple vulnerabilities in IBM Java, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Update to version 6 SR10-FP1.

Original Advisory:
http://www.ibm.com/developerworks/java/jdk/alerts/

http://secunia.com/advisories/48913/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Download Manager Plugin "cid" Cross-Site Scripting

by Carol~ Moderator - 4/20/12 8:32 AM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

WordPress Download Manager Plugin "cid" Cross-Site Scripting Vulnerability

Release Date : 2012-04-20

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Download Manager 2.x (plugin for WordPress)

Description:
A vulnerability has been discovered in the Download Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "cid" parameter to wp-admin/admin.php (when "page" is set to "file-manager/categories") is not properly sanitised in wpdm-categories.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions prior to 2.2.3 and confirmed in version 2.1.3.

Solution:
Update to version 2.2.3.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
WordPress Download Manager:
http://wordpress.org/extend/plugins/download-manager/changelog/

http://secunia.com/advisories/48927/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ChatBlazer Enterprise Server Client "user" Cross-Site

by Carol~ Moderator - 4/20/12 8:34 AM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

ChatBlazer Enterprise Server Client "user" Cross-Site Scripting Vulnerability

Release Date : 2012-04-20

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: ChatBlazer Enterprise Server 8.x

Description:
Sony has discovered a vulnerability in ChatBlazer Enterprise Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "user" parameter to client/client.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 8.5 (Evaluation). Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Sony

Original Advisory:
Sony:
http://st2tea.blogspot.com/2012/04/chatblazer-flash-chat-cross-site.html

http://secunia.com/advisories/48905/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Shibboleth Service Provider OpenSSL DER Format Data

by Carol~ Moderator - 4/20/12 8:46 AM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

Shibboleth Service Provider OpenSSL DER Format Data Processing Vulnerability

Release Date : 2012-04-20

Criticality level : Highly critical
Impact :System access
DoS
Where : From remote
Solution Status : Vendor Patch

Software: Shibboleth 2.x

Description:
A vulnerability has been reported in Shibboleth Service Provider, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a bundled vulnerable version of OpenSSL.

The vulnerability is reported in version 2.4.3 for Windows issued prior to 19th April 2012. Prior versions for Windows may also be affected.

Solution:
Update to version 2.4.3 issued on 19th April 2012.

Original Advisory:
http://shibboleth.internet2.edu/secadv/secadv_20120419.txt

http://secunia.com/advisories/48896/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Shibboleth Identity Provider LDAPS Hostname Verification

by Carol~ Moderator - 4/20/12 8:47 AM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

Shibboleth Identity Provider LDAPS Hostname Verification Security Issue

Release Date : 2012-04-20

Criticality level : Less critical
Impact :Spoofing
Where : From remote
Solution Status : Vendor Patch

Software: Shibboleth 1.x
Shibboleth 2.x

Description:
A security issue has been reported in the Shibboleth Identity Provider, which can be exploited by malicious people to conduct spoofing attacks.

The security issue is caused due to the Identity Provider not verifying the hostname of a LDAP server when using LDAPS and can be exploited to spoof a LDAP server via Man-in-the-Middle (MitM) attacks.

The security issue is reported in Shibboleth Identity Provider versions prior to 2.3.6.

Solution:
Update to Shibboleth Identity Provider version 2.3.6.

Provided and/or discovered by:
The vendor credits Scott Cantor, The Ohio State University.

Original Advisory:
http://shibboleth.internet2.edu/secadv/secadv_20120227.txt

http://secunia.com/advisories/48910/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for libtiff

by Carol~ Moderator - 4/20/12 9:57 AM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

Release Date : 2012-04-20

Criticality level : Highly critical
Impact :System access
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0539-1:
https://hermes.opensuse.org/messages/14302713

http://secunia.com/advisories/48893/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ownCloud Password Reset Vulnerability

by Carol~ Moderator - 4/20/12 1:09 PM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

Release Date : 2012-04-20

Criticality level : Moderately critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: ownCloud 3.x

Description:
luks has discovered a vulnerability in ownCloud, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the core/lostpassword/index.php script generating predictable tokens for password resets and can be exploited to change the passwords of arbitrary users.

The vulnerability is confirmed in version 3.0.1. Prior versions may also be affected.

Solution:
Update to version 3.0.2.

Provided and/or discovered by:
luks

Original Advisory:
luks:
http://seclists.org/fulldisclosure/2012/Apr/223

ownCloud:
http://gitorious.org/owncloud/owncloud/commit/85f9869f6925ef52c1015916bbc28e13c15abc73

http://secunia.com/advisories/48856/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ReadyDesk Multiple Script Insertion Vulnerabilities

by Carol~ Moderator - 4/20/12 1:45 PM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

Release Date : 2012-04-20

Criticality level : Moderately critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: ReadyDesk 7.x

Description:
Multiple vulnerabilities have been reported in ReadyDesk, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via the parameters "txtCONTACT", "txtPHONE", "txtEMAIL", "mnuTYPE", "UD1", and "UD2" to customer/ticketproc.aspx when creating a new ticket is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

The vulnerabilities are reported in version 7.0.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Sony.

Original Advisory:
http://st2tea.blogspot.com/2012/04/readydesk-cross-site-scripting.html

http://secunia.com/advisories/48904/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Oracle Enterprise Manager Grid Control Multiple

by Carol~ Moderator - 4/20/12 2:00 PM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

Oracle Enterprise Manager Grid Control Multiple Vulnerabilities

Release Date: 2012-04-18
Last Update : 2012-04-20

Criticality level : Moderately critical
Impact : Hijacking
Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: Oracle Enterprise Manager 10.x
Oracle Enterprise Manager 11.x

Description:
Multiple vulnerabilities have been reported in Oracle Enterprise Manager Grid Control, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to manipulate certain data, conduct session fixation attacks and HTTP response splitting attacks.

1) An error when handling sessions within the Security Framework subcomponent of the Enterprise Manager Base Platform component can be exploited to hijack a user's session.

2) Input passed via the "fConfigGuid" parameter to /em/console/ecm/config/compareWizard/compareWizFirstConfig is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

3) Input passed via the "SCPLBL_INSTALLED_DATE0DI" parameter to /em/console/ecm/search/searchPage is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

4) Input passed via the "prevPage" parameter to /em/console/database/schema/table is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user. This allows arbitrary HTML and script code to be executed in a user's browser session in context of an affected site.

5) Input passed via the "pageName" parameter to /em/console/database/schema/grantObjPrivs is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user. This allows arbitrary HTML and script code to be executed in a user's browser session in context of an affected site.

6) An unspecified error within the Security Framework subcomponent of the Enterprise Manager Base Platform component can be exploited to manipulate certain Base Platform accessible data.

Please see the vendor's advisory for a list of affected versions.

Solution:
Apply updates (please see the vendor's advisory for details).

Provided and/or discovered by:
1-5) Esteban Martinez Fayo, Application Security Inc.
6) It is currently unclear who reported this vulnerability as the Oracle Critical Patch Update for April 2012 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.

Original Advisory:
Oracle:
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixEM

Team SHATTER:
https://www.teamshatter.com/topics/general/team-shatter-exclusive/advisory-oem-vulnerable-to-session-fixation/
https://www.teamshatter.com/topics/general/team-shatter-exclusive/advisory-sqli-oem-comparewizfirstconfig/
https://www.teamshatter.com/topics/general/team-shatter-exclusive/advisory-sql-injection-in-oracle-enterprise-manager-searchpage-web-page/
https://www.teamshatter.com/topics/general/team-shatter-exclusive/advisory-http-response-splitting-in-oem-prevpage/
https://www.teamshatter.com/topics/general/team-shatter-exclusive/advisory-sql-injection-in-oracle-enterprise-manager-searchpage-web-page-2/

http://secunia.com/advisories/48870


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Oracle GlassFish Enterprise Server Cross-Site Scripting

by Carol~ Moderator - 4/20/12 2:08 PM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

Oracle GlassFish Enterprise Server Cross-Site Scripting and Request Forgery

Release Date: 2012-04-18
Last Update : 2012-04-20

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Oracle GlassFish Server 3.x

Description:
Security-Assessment.com has reported some vulnerabilities in Oracle GlassFish Enterprise Server, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.

1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. uploading an arbitrary WAR archive by tricking a logged-in administrator into visiting a specially crafted web page.

2) Input passed via multiple parameters to various scripts is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 3.1.1 (build 12). Other versions may also be affected.

Solution:
Apply patch (please see the vendor's advisory for details).

Provided and/or discovered by:
Roberto Suggi Liverani, Security-Assessment.com.

Original Advisory:
Oracle:
https://blogs.oracle.com/security/entry/april_2012_critical_patch_update
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixSUNS

Security-Assessment.com:
http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_REST_CSRF.pdf
http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_Multiple_XSS.pdf

http://secunia.com/advisories/48798


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ownCloud Multiple Vulnerabilities

by Carol~ Moderator - 4/20/12 2:10 PM

In Reply to: VULNERABILITIES / FIXES - April 20, 2012 by Carol~ Moderator

Release Date: 2012-04-18
Last Update : 2012-04-20

Criticality level : Moderately critical
Impact : Spoofing
Cross Site Scripting
System access
Where : From remote
Solution Status : Partial Fix

Software: ownCloud 3.x

Description:
A weakness and multiple vulnerabilities have been discovered in ownCloud, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct spoofing, cross-site scripting, and cross-site request forgery attacks.

1) Input passed via the "redirect_url" parameter to index.php is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

2) Input passed via the "redirect_url" parameter to index.php and the "files" parameter to files/ajax/download.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. conduct script insertion attacks via editing contacts when a logged-in user visits a specially crafted web page.

4) An error due to the files/ajax/upload.php script not verifying the extension of an uploaded file can be exploited to e.g. upload an .htaccess file, which will allow uploaded PHP files to be executed.

The weakness and vulnerabilities are confirmed in version 3.0.2. Other versions may also be affected.

Solution:
Vulnerability #4 is fixed in the GIT repository. Edit the source code to ensure that input is properly sanitised and verified. Do not browse untrusted sites or follow untrusted links while being logged-in to the application.

Provided and/or discovered by:
1-3) Tobias Glemser, Tele-Consulting.
4) luks

Original Advisory:
ownCloud:
http://gitorious.org/owncloud/owncloud/commit/acdce2b1e01f7c0a77b7e7949540e1b0ba94efd1

Tele-Consulting:
http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt

luks:
http://seclists.org/fulldisclosure/2012/Apr/223

http://secunia.com/advisories/48850


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close