Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - May 01, 2012

by: Carol~ May 1, 2012 7:02 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - May 01, 2012

by Carol~ Moderator - 5/1/12 7:02 AM

Google Chrome Multiple Vulnerabilities

Release Date : 2012-05-01

Criticality level : Highly critical
Impact : System access
Unknown
Where : From remote
Solution Status : Vendor Patch

Software: Google Chrome 18.x

Description:
Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system.

1) A use-after-free error exists in floats handling.

2) A use-after-free error exists within the xml parser.

3) An error exists within the IPC validation.

4) A race condition exists within the sandbox IPC.

5) A second use-after-free error exists in floats handling.

The vulnerabilities are reported in versions prior to 18.0.1025.168.

Solution:
Update to version 18.0.1025.168.

Provided and/or discovered by:
The vendor credits:
1) Marty Barbella, Google Chrome Security Team and miaubiz
2) SkyLined, Google Chrome Security Team and wushi, team509 via iDefense
3) PinkiePie
4) Willem Pinckaers, Matasano.
5) miaubiz

Original Advisory:
http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html

http://secunia.com/advisories/48992/


Reply
Report offensive post
Email to friend

Samba LSA RPC "take ownership" Privilege Security Bypass

by Carol~ Moderator - 5/1/12 7:32 AM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

Samba LSA RPC "take ownership" Privilege Security Bypass Security Issue

Release Date : 2012-05-01

Criticality level : Less critical
Ipact : Security Bypass
Where : From local network
Solution Status : Vendor Patch

Software: Samba 3.x

Description:
A security issue has been reported in Samba, which can be exploited by malicious users to bypass certain security restrictions.

The security issue is caused due to improper application of security checks in the CreateAccount, OpenAccount, AddAccountRights, and RemoveAccountRights remote procedure calls (RPC) within the Local Security Authoriy (LSA). This can be exploited to gain "take ownership" privileges and e.g. change the ownership of arbitrary files and directories on the smdb file server.

The security issue is reported in versions 3.4.x through 3.6.4.

Solution:
Apply patch or update to version 3.4.17, 3.5.15, and 3.6.5.

Provided and/or discovered by:
The vendor credits Ivano Cristofolini.

Original Advisory:
http://www.samba.org/samba/security/CVE-2012-2111

http://secunia.com/advisories/48976/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Remote-Anything Player Movie Processing Code Execution

by Carol~ Moderator - 5/1/12 7:32 AM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

Remote-Anything Player Movie Processing Code Execution Vulnerability

Release Date : 2012-05-01

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: Remote-Anything 5.x

Description:
A vulnerability has been discovered in Remote-Anything, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error within the Player utility when viewing a movie file and can be exploited to cause a buffer overflow via a specially crafted ".flm" file.

Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious movie file.

The vulnerability is confirmed in version 5.60.15. Other versions may also be affected.

Solution:
Do not open files from untrusted sources.

Provided and/or discovered by:
Saint Patrick

http://secunia.com/advisories/49008/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ubuntu update for kernel

by Carol~ Moderator - 5/1/12 7:33 AM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

Release Date : 2012-05-01

Criticality level : Less critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 11.10

Description:
Ubuntu has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

Solution:
Apply updated packages

Original Advisory:
USN-1431-1:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-May/001671.html

http://secunia.com/advisories/49027/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ManageEngine SupportCenter Plus Multiple Vulnerabilities

by Carol~ Moderator - 5/1/12 7:36 AM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

Release Date : 2012-05-01

Criticality level : Moderately critical
Impact : Security Bypass
Cross Site Scripting
Manipulation of data
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: ManageEngine SupportCenter Plus 7.x

Description:
Multiple vulnerabilities have been reported in ManageEngine SupportCenter Plus, which can be exploited by malicious users to disclose potentially sensitive information, bypass certain security restrictions, and conduct script insertion and SQL injection attacks and by malicious people to conduct script insertion attacks.

1) Input passed via the "countSql" POST parameter to servlet/AJaxServlet (when "action" is set to "getWorkOrderCount") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed via the "userName", "description", and "emailID" POST parameters to sd/Request.sd when submitting a ticket is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

3) Input passed via the "fullName", "twitterId", and "jobTitle" parameters to RequesterDef.do when editing a contact is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

4) Input passed via the "description" POST parameter to WorkOrder.do when creating a request is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

5) Input passed to the "backup_ids" parameter in BackupSchedule.do (when "module" is set to "delete_backup") is not properly verified before being used. This can be exploited to delete backup files.

6) The application allows database backup requests via BackupSchedule.do without checking credentials. This can be exploited to create a backup in a publicly accessible folder and disclose sensitive information.

The vulnerabilities are reported in version 7.9 build 7903. Other versions may also be affected.

Solution:
Update to version 7.9 build 7905.

Provided and/or discovered by:
Robert van Hamburg

Original Advisory:
ManageEngine:
https://supportcenter.wiki.zoho.com/ReadMe-V2.html#7905

Robert van Hamburg:
http://www.exploit-db.com/exploits/18745/

http://secunia.com/advisories/48839/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for samba and samba3x

by Carol~ Moderator - 5/1/12 7:37 AM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

Release Date : 2012-05-01

Criticality level : Less critical
Ipact : Security Bypass
Where : From local network
Solution Status : Vendor Patch

Operating System: Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 5
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6
RHEL Desktop Workstation 5

Description:
Red Hat has issued an update for samba and samba3x. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:0533-01:
https://rhn.redhat.com/errata/RHSA-2012-0533.html

http://secunia.com/advisories/48996/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Pale Moon Multiple Vulnerabilities

by Carol~ Moderator - 5/1/12 7:37 AM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

Release Date : 2012-05-01

Criticality level : Highly critical
Impact : Security Bypass
Cross Site Scripting
Spoofing
Exposure of system information
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status : Unpatched

Software: Pale Moon 11.x

Description:
Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose certain system and sensitive information, bypass certain security restrictions, and compromise a user's system.

Solution:
Upgrade to version 12.0.

Original Advisory:
http://www.palemoon.org/releasenotes-ng.shtml

http://secunia.com/advisories/48995/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ubuntu update for linux-lts-backport-oneiric

by Carol~ Moderator - 5/1/12 7:37 AM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

Release Date : 2012-05-01

Criticality level : Less critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 10.04

Description:
Ubuntu has issued an update for linux-lts-backport-oneiric. This fixes multiple vulnerabilities, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
USN-1433-1:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-May/001672.html

http://secunia.com/advisories/48987/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

HP Systems Insight Manager Multiple Vulnerabilities

by Carol~ Moderator - 5/1/12 7:38 AM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

Release Date : 2012-05-01

Criticality level : Highly critical
Impact : Security Bypass
Cross Site Scripting
Manipulation of data
Exposure of system information
Exposure of sensitive information
Privilege escalation
DoS
System access
Where : From remote
Solution Status : Unpatched

Software: HP Systems Insight Manager 6.x

Description:
A weakness, a security issue, and multiple vulnerabilities have been reported in HP Systems Insight Manager, which can be exploited by malicious, local users to potentially gain escalated privileges and by malicious people to disclose sensitive information, conduct cross-site scripting and cross-site request forgery attacks, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

1) The application bundles vulnerable versions of OpenSSL, Apache Tomcat, Java, Adobe Flash Player, Adobe LiveCycle, Adobe BlazeDS, and Adobe Flex.

2) An unspecified error can be exploited to gain unauthorized access. No further information is currently available.

3) Unspecified errors can potentially be exploited to gain escalated privileges. No further information is currently available.

4) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions by tricking a logged in administrator into visiting a malicious web site.

5) Certain unspecified input is not properly verified before being used to redirect users. No further information is currently available.

The vulnerabilities are reported in versions prior to 7.0.

Solution:
Upgrade to version 7.0.

Provided and/or discovered by:
2-5) Reported by the vendor.

Original Advisory:
HPSBMU02769 SSRT100846:
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c0329815

http://secunia.com/advisories/49035/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

McAfee Virtual Technician MVTControl ActiveX Control Code

by Carol~ Moderator - 5/1/12 7:52 AM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

McAfee Virtual Technician MVTControl ActiveX Control Code Execution Vulnerability

Release Date : 2012-05-01

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: McAfee Virtual Technician 6.x
McAfee Virtual Technician MVTControl ActiveX Control 6.x

Description:
Andrea Micalizzi has discovered a vulnerability in McAfee Virtual Technician MVTControl ActiveX Control, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the "GetObject()" method (mvt.dll) allowing to instantiate arbitrary COM objects. This can be exploited to e.g. use the "WScript.Shell" component and execute arbitrary commands via the "Exec()" method.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 6.3.0.1911. Other versions may also be affected.

Solution:
Set the kill-bit for the affected ActiveX control.

Provided and/or discovered by:
Andrea Micalizzi (rgod)

Original Advisory:
http://retrogod.altervista.org/9sg_mcafee_vt_adv.htm

http://secunia.com/advisories/49007/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ubuntu update for samba

by Carol~ Moderator - 5/1/12 8:19 AM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

Release Date : 2012-05-01

Criticality level : Less critical
Ipact : Security Bypass
Where : From local network
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 10.04
Ubuntu Linux 11.04
Ubuntu Linux 11.10
Ubuntu Linux 12.04

Description:
Ubuntu has issued an update for samba. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.

Solution:
Apply updated packages.

Original Advisory:
USN-1434-1:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-May/001673.html

http://secunia.com/advisories/48984/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

MyClientBase Script Insertion and SQL Injection

by Carol~ Moderator - 5/1/12 9:00 AM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

MyClientBase Script Insertion and SQL Injection Vulnerabilities

Release Date : 2012-05-01

Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: MyClientBase 0.x

Description:
Multiple vulnerabilities have been discovered in MyClientBase, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.

1) Input passed via the "first_name" and "last_name" POST parameters to index.php/users/profile when editing a user's profile is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

2) Input passed via the "invoice_number" POST parameter to index.php/invoice_search (when "output_type" is set to "index") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are confirmed in version 0.12. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Benjamin Kunz Mejri (Rem0ve) via Vulnerability Research Laboratory.

Original Advisory:
http://www.vulnerability-lab.com/get_content.php?id=511

http://secunia.com/advisories/48961/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for samba

by Carol~ Moderator - 5/1/12 11:00 AM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

Release Date : 2012-05-01

Criticality level : Less critical
Ipact : Security Bypass
Where : From local network
Solution Status : Vendor Patch

Operating System: SUSE Linux Enterprise Server (SLES) 11

Description:
SUSE has issued an update for samba. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
SUSE-SU-2012:0573-1:
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html

SUSE-SU-2012:0575-1:
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html

http://secunia.com/advisories/49030/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Apache Qpid Cluster Broker Authentication Security Bypass

by Carol~ Moderator - 5/1/12 11:02 AM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

Apache Qpid Cluster Broker Authentication Security Bypass Security Issue

Release Date : 2012-05-01

Criticality level : Moderately critical
Ipact : Security Bypass
Where : From local network
Solution Status : Vendor Workaround

Software: Apache Qpid 0.x

Description:
A security issue has been reported in Apache Qpid, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to the application not verifying the password or SASL credentials when joining a cluster using a cluster-username, which can be exploited to gain unauthorised access to the cluster via a malicious broker.

Successful exploitation requires the knowledge of a valid cluster-username.

The security issue is reported in version 0.12. Other versions may also be affected.

Solution:
Fixed in the SVN repository.

Provided and/or discovered by:
Reported in a Red Hat bug report.

Original Advisory:
Qpid:
https://issues.apache.org/jira/browse/QPID-3652
https://reviews.apache.org/r/2988/diff/

Red Hat Bug#747078:
https://bugzilla.redhat.com/show_bug.cgi?id=747078

http://secunia.com/advisories/49000/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for Red Hat Enterprise MRG

by Carol~ Moderator - 5/1/12 1:32 PM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

Release Date : 2012-05-01

Criticality level : Moderately critical
Ipact : Security Bypass
Where : From local network
Solution Status : Vendor Patch

Software: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 5)
Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

Description:
Red Hat has issued an update for Red Hat Enterprise MRG. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:0528-1:
https://rhn.redhat.com/errata/RHSA-2012-0528.html

RHSA-2012:0529-1:
https://rhn.redhat.com/errata/RHSA-2012-0529.html

http://secunia.com/advisories/49001/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

GENU Multiple SQL Injection Vulnerabilities

by Carol~ Moderator - 5/1/12 1:35 PM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

Release Date: 2012-04-06
Last Update : 2012-05-01

Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: GENU

Description:
Multiple vulnerabilities have been discovered in GENU, which can be exploited by malicious people to conduct SQL injection attacks.

1) Input passed via the "article_id" parameter to articles/read.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed via the "match" parameter to comments/search.php, news/search.php, and posts/search.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are confirmed in version 2012.3. Prior versions may also be affected.

Solution:
Update to version 2012.4.

Provided and/or discovered by:
1) hordcode security
2) snup via Vulnerability Research Laboratory

Original Advisory:
GENU:
http://www.gnew.fr/news/index.php?news_id=12

hordcode:
http://www.exploit-db.com/exploits/18708/

snup:
http://www.vulnerability-lab.com/get_content.php?id=538

http://secunia.com/advisories/48701


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

CGIProxy Multiple Unspecified Vulnerabilities

by Carol~ Moderator - 5/1/12 2:02 PM

In Reply to: VULNERABILITIES / FIXES - May 01, 2012 by Carol~ Moderator

Release Date: 2012-04-12
Last Update : 2012-05-01

Criticality level : Moderately critical
Impact : Unknown
Where : From remote
Solution Status : Vendor Patch

Software: CGIProxy 2.x

Description:
Some vulnerabilities with unknown impacts have been reported in CGIProxy.

The vulnerabilities are caused due to unspecified errors. No further information is currently available.

NOTE: The vendor disputes these vulnerabilities and states that the fixes are not security-related.

The vulnerabilities are reported in versions prior to 2.1.2.

Solution:
Update to version 2.1.2.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.jmarshall.com/tools/cgiproxy/CHANGES.txt

http://secunia.com/advisories/48768


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close