Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - May 03, 2012

by: Carol~ May 3, 2012 8:03 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - May 03, 2012

by Carol~ Moderator - 5/3/12 8:03 AM

Perl Config::IniFiles Module Insecure Temporary File Security Issue

Release Date : 2012-05-03

Criticality level : Not critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Software: Config::IniFiles 2.x (module for Perl)

Description:
A security issue has been reported in the Config::IniFiles module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to the application using a temporary file in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks.

The security issue is reported in versions prior to 2.71.

Solution:
Update to version 2.71.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59

http://secunia.com/advisories/48990/


Reply
Report offensive post
Email to friend

Debian update for samba

by Carol~ Moderator - 5/3/12 8:06 AM

In Reply to: VULNERABILITIES / FIXES - May 03, 2012 by Carol~ Moderator

Release Date : 2012-05-03

Criticality level : Less critical
Impact : Security Bypass
Where : From local network
Solution Status : Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for samba. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2463-1:
http://www.debian.org/security/2012/dsa-2463

http://secunia.com/advisories/49017/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Baby Gekko URL Cross-Site Scripting Vulnerability

by Carol~ Moderator - 5/3/12 8:07 AM

In Reply to: VULNERABILITIES / FIXES - May 03, 2012 by Carol~ Moderator

Release Date : 2012-05-03

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Baby Gekko 1.x

Description:
Gjoko Krstic has discovered a vulnerability in Baby Gekko, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input appended to the URL after admin/index.php is not properly sanitised in admin/login.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 1.1.5c. Other versions may also be affected.

Solution:
Update to version 1.2.0.

Provided and/or discovered by:
Gjoko Krstic.

Original Advisory:
ZSL-2012-5086:
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php

Baby Gekko:
http://www.babygekko.com/site/news/general/baby-gekko-v1-2-0-released-with-3rd-party-independent-security-testing-performed-by-zero-science-lab.html

http://secunia.com/advisories/49023/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Baby Gekko Multiple Cross-Site Scripting Vulnerabilities

by Carol~ Moderator - 5/3/12 8:07 AM

In Reply to: VULNERABILITIES / FIXES - May 03, 2012 by Carol~ Moderator

Release Date : 2012-05-03

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Baby Gekko 1.x

Description:
Gjoko Krstic has discovered multiple vulnerabilities in Baby Gekko, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "username", "email_address", "password", "password_verify", "firstname", "lastname", and "verification_code" parameters to users/action/register is not properly sanitised in apps/users/registration.template.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are confirmed in version 1.2.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Gjoko Krstic.

Original Advisory:
ZSL-2012-5086:
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php

http://secunia.com/advisories/49052/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for MozillaFirefox

by Carol~ Moderator - 5/3/12 8:07 AM

In Reply to: VULNERABILITIES / FIXES - May 03, 2012 by Carol~ Moderator

Release Date : 2012-05-03

Criticality level : Highly critical
Impact : Cross Site Scripting
Spoofing
Exposure of system information
Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: SUSE Linux Enterprise Server (SLES) 11

Description:
SUSE has issued an update for MozillaFirefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose certain system and sensitive information, and compromise a user's system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
SUSE-SU-2012:0580-1:
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00000.html

http://secunia.com/advisories/49061/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

PluXml File Inclusion and Cross-Site Scripting

by Carol~ Moderator - 5/3/12 9:06 AM

In Reply to: VULNERABILITIES / FIXES - May 03, 2012 by Carol~ Moderator

PluXml File Inclusion and Cross-Site Scripting Vulnerabilities

Release Date : 2012-05-03

Criticality level : Moderately critical
Impact : Cross Site Scripting
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: PluXml 5.x

Description:
Two vulnerabilities have been reported in PluXml, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information.

1) Input passed via the "default_lang" POST parameter to update/index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources via directory traversal attacks.

2) Certain input related to file update is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions prior to 5.1.6.

Solution:
Update to version 5.1.6.

Provided and/or discovered by:
1) High-Tech Bridge SA
2) The vendor credits gwae

Original Advisory:
PluXml:
http://telechargements.pluxml.org/changelog

High-Tech Bridge SA:
https://www.htbridge.com/advisory/HTB23086

http://secunia.com/advisories/49026/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Drupal cctags Module Unspecified Script Insertion

by Carol~ Moderator - 5/3/12 10:26 AM

In Reply to: VULNERABILITIES / FIXES - May 03, 2012 by Carol~ Moderator

Drupal cctags Module Unspecified Script Insertion Vulnerability

Release Date : 2012-05-03

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Drupal cctags Module 6.x
Drupal cctags Module 7.x

Description:
A vulnerability has been reported in the cctags module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

Certain unspecified input related to tag clouds when creating or editing vocabularies or terms is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

Successful exploitation of this vulnerability requires the permissions to create or edit vocabularies or terms.

The vulnerability is reported in version prior to 6.x-1.10 and 7.x-1.10.

Solution:
Update to version 6.x-1.10 or 7.x-1.10.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
DRUPAL-SA-CONTRIB-2012-072:
http://drupal.org/node/1558248

http://secunia.com/advisories/49018/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft Windows win32k.sys Denial of Service Vulnerability

by Carol~ Moderator - 5/3/12 11:07 AM

In Reply to: VULNERABILITIES / FIXES - May 03, 2012 by Carol~ Moderator

Release Date : 2012-05-03

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Unpatched

Operating System: Microsoft Windows XP Professional

Description:
A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the "xxxCreateWindowEx()" function and can be exploited to access an invalid memory location resulting in a system crash.

The vulnerability is confirmed on a fully patched Windows XP SP3 (win32k.sys version 5.1.2600.6189). Other versions may also be affected.

Solution:
Restrict access to trusted users only.

Provided and/or discovered by:
Lufeng Li, Neusoft Corporation

Original Advisory:
http://www.exploit-db.com/exploits/18819/

http://secunia.com/advisories/49021/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft May 2012 Advance Notification Multiple

by Carol~ Moderator - 5/3/12 11:48 AM

In Reply to: VULNERABILITIES / FIXES - May 03, 2012 by Carol~ Moderator

Microsoft May 2012 Advance Notification Multiple Vulnerabilities

Bugtraq ID: 53372
Class: Unknown
Remote: Yes
Local: Yes
Published: May 03 2012 12:00AM
Updated: May 03 2012 12:00AM

Description:
Microsoft has released advance notification that on May 8, 2012, they will be releasing seven security bulletins addressing 23 vulnerabilities.

The bulletins and their affected components are as follows:

Three bulletins rated 'Critical' affecting Office, Windows, .NET Framework, and Silverlight
Four bulletins rated 'Important' affecting Office and Windows.

Individual records will be created to better document these issues when the bulletins are released.

Solution:
Microsoft plans to release fixes to address these issues on May 8, 2012.
http://www.securityfocus.com/bid/53372/references

http://www.securityfocus.com/bid/53372/discuss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Drupal Multiple Vulnerabilities

by Carol~ Moderator - 5/3/12 11:48 AM

In Reply to: VULNERABILITIES / FIXES - May 03, 2012 by Carol~ Moderator

Release Date : 2012-05-03

Criticality level : Less critical
Impact : Security Bypass
Exposure of sensitive information
DoS
Where : From remote
Solution Status : Vendor Patch

Software: Drupal 7.x

Description:
A weakness, a security issue, and multiple vulnerabilities have been reported in Drupal, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

1) A weakness is caused due to inefficient text matching pattern and can be exploited to exhaust memory or cause a high CPU load via specially crafted strings passed to the filter system e.g. when posting comments or forum topics.

2) An error due to the application not properly validating the destination for submitted forms can be exploited to redirect submission of sensitive data (e.g. login credentials) to a malicious website.

3) An error due to the application not properly validating user permissions when displaying the forum overview page can be exploited to expose certain metadata of unpublished forum posts.

4) An error due to the application not properly validating user access to cached derivatives of users' private images can be exploited to gain access to derivatives of otherwise restricted images.

5) An error due to the application not properly validating user access to each node in the list of nodes can be exploited to gain access to otherwise restricted nodes.

Successful exploitation of this vulnerability requires the "view content overview" permission and a contributed node access module.

The vulnerabilities are reported in 7.x versions prior to 7.13.

Solution:
Update to version 7.13.

Provided and/or discovered by:
2) Reported by the vendor.

The vendor credits:
1) Jay Wineinger and Lin Clark
3) Glen W
4) frega, Andreas Gonell, Jeremy Meier, and Xenza
5) Jennifer Hodgdon

Original Advisory:
DRUPAL-SA-CORE-2012-002:
http://drupal.org/node/1557938

http://secunia.com/advisories/49012/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

KingView NetGenius Buffer Overflow and Touchvew Directory

by Carol~ Moderator - 5/3/12 3:34 PM

In Reply to: VULNERABILITIES / FIXES - May 03, 2012 by Carol~ Moderator

KingView NetGenius Buffer Overflow and Touchvew Directory Traversal Vulnerabilities

Release Date : 2012-05-03

Criticality level : Less critical
Impact : Exposure of sensitive information
DoS
Where : From local network
Solution Status : Vendor Patch

Software: KingView 6.x

Description:
Two vulnerabilities have been reported in KingView, which can be exploited by malicious people to cause a DoS (Denial of Service) and disclose potentially sensitive information.

1) An error within NetGenius.exe can be exploited to read an invalid pointer and cause a buffer overflow and crash the service via a specially crafted packet.

2) Input passed via the URL to Touchvew.exe is not properly verified before being used to access files. This can be exploited to access arbitrary local files via directory traversal attacks.

The vulnerabilities are reported in versions prior to 65.30.17249 (TouchExplorer version 65.30.2003.17249 and Touchvew version 65.30.2003.17376).

Solution:
Apply patch.

Provided and/or discovered by:
The vendor credits an anonymous person via ICS-CERT.

Original Advisory:
WellinTech KingView:
http://en.wellintech.com/news/detail.aspx?contentid=168

http://secunia.com/advisories/49058/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Decoda "[video]" Tag Script Insertion Vulnerability

by Carol~ Moderator - 5/3/12 3:41 PM

In Reply to: VULNERABILITIES / FIXES - May 03, 2012 by Carol~ Moderator

Release Date : 2012-05-03

Criticality level : Moderately critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Decoda 3.x

Description:
RedTeam Pentesting has discovered a vulnerability in Decoda, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via "[video]" tags to the markup parser is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

The vulnerability is confirmed in version 3.3.1. Prior versions may also be affected.

Solution:
Update to version 3.3.2.

Provided and/or discovered by:
RedTeam Pentesting

Original Advisory:
RedTeam Pentesting:
http://www.redteam-pentesting.de/en/advisories/rt-sa-2012-002/-php-decoda-cross-site-scripting-in-video-tags

Decoda:
https://github.com/milesj/php-decoda/commits/master

http://secunia.com/advisories/48931/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close