Spyware, viruses, & security forum: VULNERABILITIES / FIXES - May 02, 2012

Release Date : 2012-05-02

Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: OSSIM (AlienVault Open Source SIM) 3.x

Description:
Stefan Schurtz has discovered two vulnerabilities in OSSIM, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

1) Input passed via the "url" parameter to top.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed via the "time[0][0]" parameter to forensics/base_qry_main.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires access rights to the forensics section.

NOTE: This can further be exploited to conduct cross-site scripting attacks via a SQL error message.

The vulnerabilities are confirmed in version 3.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Stefan Schurtz

Original Advisory:
http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt

http://secunia.com/advisories/49005/

Release Date: 2010-12-13
Last Update: 2012-05-02

Criticality level : Moderately critical
Impact : Cross Site Scripting
Manipulation of data
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: SilverStripe 2.x

Description:
Two weaknesses and some vulnerabilities have been discovered in SilverStripe, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and conduct SQL injection attacks

1) Input appended to the URL after e.g. Security/ is not properly sanitised in the "httpError()" function in sapphire/core/control/RequestHandler.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) A weakness is caused due to the application storing the version information in the "silverstripe_version" file under the "sapphire" directory with insecure permissions. This can be exploited to view version information.

3) Input passed via the "locale" parameter to e.g. index.php is not properly sanitised in the "augmentSQL()" function in sapphire/trunk/core/model/Translatable.php when using the "Translatable" extension. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

NOTE: Other weaknesses related to the "changepassword" functionality due to insecure HTTP referrer logs, and a disclosure of SQL statements have also been reported.

The weaknesses and the vulnerabilities are confirmed in version 2.4.3 and reported in version 2.3.9. Prior versions may also be affected.

Solution:
Update to version 2.4.4 and 2.3.10.

Provided and/or discovered by:
The vendor credits:
1) Tim Suter
2) Robert Mac Neil
3) Pavol Ondras

Original Advisory:
http://silverstripe.org/security-releases
http://silverstripe.org/releases-and-announcements/show/15131
http://silverstripe.org/releases-and-announcements/show/15132
http://open.silverstripe.org/changeset/114782
http://open.silverstripe.org/changeset/114444
http://open.silverstripe.org/changeset/114773
http://open.silverstripe.org/changeset/114515
http://open.silverstripe.org/changeset/114758

http://secunia.com/advisories/42346

Release Date : 2012-05-02

Criticality level : Moderately critical
Impact : DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 10.04
Ubuntu Linux 11.04
Ubuntu Linux 11.10
Ubuntu Linux 12.04

Description:
Ubuntu has issued an update for imagemagick. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
USN-1435-1:
http://www.ubuntu.com/usn/usn-1435-1/

http://secunia.com/advisories/49043/

Release Date : 2012-05-02

Criticality level : Less critical
Impact : Cross Site Scripting
Spoofing
Manipulation of data
DoS
Where : From local network
Solution Status : Vendor Patch

Software: HP / Compaq Insight Management Agents

Description:
Multiple vulnerabilities have been reported in HP Insight Management Agents, which can be exploited by malicious users to manipulate certain data and cause a DoS (Denial of Service) and by malicious people to conduct spoofing, cross-site scripting, and cross-site request forgery attacks.

1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions by tricking a logged in administrator into visiting a malicious web site.

2) Certain unspecified input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

3) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

4) An unspecified error can be exploited to modify or remove certain data. No further information is currently available.

The vulnerabilities are reported on versions prior to 9.0.0 running on Windows.

Solution:
Update to HP ProLiant Support Pack (PSP) v9.0 or apply updates.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
HPSBMU02770 SSRT100848:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03301267

http://secunia.com/advisories/49054/

Oracle iPlanet Web Server Multiple Cross-Site Scripting Vulnerabilities

Release Date: 2012-04-18
Last Update: 2012-05-02

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Oracle iPlanet Web Server 7.x

Description:
Sow Ching Shiong has discovered multiple vulnerabilities in Oracle iPlanet Web Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

1) Input passed via the "helpLogoWidth" and "helpLogoHeight" parameters to admingui/cchelp2/Masthead.jsp (when "mastheadTitle" is set) and the "productNameSrc", "productNameHeight", and "productNameWidth" parameters to admingui/version/Masthead.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed via the "appName" and "pathPrefix" parameters to admingui/cchelp2/Navigator.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

NOTE: This vulnerability can also be exploited to conduct script insertion attacks.

The vulnerabilities are confirmed in version 7.0.9 B07/04/2010 02:06. Other versions may also be affected.

Solution:
Apply patches available via the support site.

Provided and/or discovered by:
Sow Ching Shiong via Secunia.

Original Advisory:
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixSUNS

http://secunia.com/advisories/43942

HP System Health Application and Command Line Utilities for Linux Unspecified Vulnerabilities

Release Date : 2012-05-02

Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status :Unpatched

Software: HP System Health Application and Command Line Utilities for Linux 8.x

Description:
Some vulnerabilities have been reported in HP System Health Application and Command Line Utilities for Linux, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerabilities are caused due to unspecified errors. No further information is currently available.

The vulnerabilities are reported in versions of HP System Health Application and Command Line Utilities for Linux prior to 9.0.0.

Solution:
Upgrade to HP ProLiant Support Pack v9.0 or apply updates.

Provided and/or discovered by:
The vendor credits Filip Palian.

Original Advisory:
HPSBMU02772 SSRT100603:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03301871

http://secunia.com/advisories/49051/

Release Date: 2010-11-10
Last Update: 2012-05-02

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: SilverStripe 2.x

Description:
Russ McRee has discovered a vulnerability in SilverStripe, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. delete an administrative user or delete an image by tricking a logged in administrative user into visiting a malicious web site.

The vulnerability is confirmed in version 2.4.2. Other versions may also be affected.

Solution:
Update to version 2.4.3.

Provided and/or discovered by:
Russ McRee via Secunia.

Original Advisory:
SilverStripe:
http://groups.google.com/group/silverstripe-announce/t/8a94260b00c1177a
http://groups.google.com/group/silverstripe-announce/t/87467554676d6d49

Russ McRee:
http://holisticinfosec.org/content/view/157/45/

http://secunia.com/advisories/41717