Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - May 11, 2012

by: Carol~ May 11, 2012 6:18 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - May 11, 2012

by Carol~ Moderator - 5/11/12 6:18 AM

Drupal Contact Forms Module Security Bypass Security Issue

Release Date : 2012-05-11

Criticality level : Less critical
Ipact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: Drupal Contact Forms Module 7.x

Description:
A security issue has been reported in the Contact Forms module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.

The security issue is caused due to the module not properly restricting access to the Contact Form settings and can be exploited to edit the settings.

Successful exploitation requires the "access the site-wide contact form" permission.

The security issue is reported in 7.x-1.x versions prior to 7.x-1.2.

Solution:
Update to version 7.x-1.3.

Provided and/or discovered by:
The vendor credits Vlad D.

Original Advisory:
SA-CONTRIB-2012-074:
http://drupal.org/node/1569508

http://secunia.com/advisories/49070/


Reply
Report offensive post
Email to friend

URL Parsing Code Execution Vulnerability

by Carol~ Moderator - 5/11/12 6:21 AM

In Reply to: VULNERABILITIES / FIXES - May 11, 2012 by Carol~ Moderator

Release Date : 2012-05-11

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Opera 11.x

Description:
A vulnerability has been reported in Opera, which can be exploited by malicious people to compromise a user's system.

An out-of-bounds write error when parsing the URL can be exploited to corrupt memory via a specially crafted URL.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 11.64.

Solution:
Update to version 11.64.

Provided and/or discovered by:
The vendor credits Andrey Stroganov.

Original Advisory:
http://www.opera.com/support/kb/view/1016/

http://secunia.com/advisories/49081/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

OpenSSL TLS Packet Parsing Integer Underflow Denial

by Carol~ Moderator - 5/11/12 6:21 AM

In Reply to: VULNERABILITIES / FIXES - May 11, 2012 by Carol~ Moderator

OpenSSL TLS Packet Parsing Integer Underflow Denial of Service Vulnerability

Release Date : 2012-05-11

Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Software: OpenSSL 0.x
OpenSSL 1.x

Description:
A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.

The vulnerability is caused due to an integer underflow error within the parsing of TLS record length of Datagram Transport Layer Security (DTLS) packets using CBC encryption mode, which can be exploited to cause a crash.

The vulnerability is reported in versions prior to 1.0.1c, 1.0.0j, and 0.9.8x.

Solution:
Update to version 1.0.1c, 1.0.0j, or 0.9.8x.

Provided and/or discovered by:
The vendor credits Codenomicon.

Original Advisory:
http://www.openssl.org/news/secadv_20120510.txt

http://secunia.com/advisories/49116/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for puppet

by Carol~ Moderator - 5/11/12 6:22 AM

In Reply to: VULNERABILITIES / FIXES - May 11, 2012 by Carol~ Moderator

Release Date : 2012-05-11

Criticality level : Less critical
Impact : Exposure of sensitive information
Privilege escalation
DoS
Where : From local network
Solution Status : Vendor Patch

Operating System: openSUSE 12.1

Description:
SUSE has issued an update for puppet. This fixes two security issues and two vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges and by malicious users to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0608-1:
http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html

http://secunia.com/advisories/49136/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for epiphany

by Carol~ Moderator - 5/11/12 6:22 AM

In Reply to: VULNERABILITIES / FIXES - May 11, 2012 by Carol~ Moderator

Release Date : 2012-05-11

Criticality level : Less critical
Impact : Spoofing
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 11.4

Description:
SUSE has issued an update for epiphany. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

The security issue is caused due to the application improperly using libsoup to verify the validity of the SSL certificates and can be exploited to spoof a valid server and e.g. conduct Man-in-the-Middle (MitM) attacks.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0609-1:
http://lists.opensuse.org/opensuse-updates/2012-05/msg00013.html

http://secunia.com/advisories/49134/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for opera

by Carol~ Moderator - 5/11/12 7:03 AM

In Reply to: VULNERABILITIES / FIXES - May 11, 2012 by Carol~ Moderator

Release Date : 2012-05-11

Criticality level : Highly critical
Impact : Spoofing
Manipulation of data
Security Bypass
Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issued an update for opera. This fixes two security issues and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and manipulate certain data and by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user's system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0610-1:
http://lists.opensuse.org/opensuse-updates/2012-05/msg00014.html

http://secunia.com/advisories/49123/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for linux-2.6

by Carol~ Moderator - 5/11/12 7:41 AM

In Reply to: VULNERABILITIES / FIXES - May 11, 2012 by Carol~ Moderator

Release Date : 2012-05-11

Criticality level : Less critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for linux-2.6. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2469-1:
http://www.debian.org/security/2012/dsa-2469

http://secunia.com/advisories/49098/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Movicon OPC Server HTTP Post Denial of Service Vulnerability

by Carol~ Moderator - 5/11/12 7:41 AM

In Reply to: VULNERABILITIES / FIXES - May 11, 2012 by Carol~ Moderator

Release Date : 2012-05-11

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Software: Movicon 11.x

Description:
A vulnerability has been reported in Movicon, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the OPC server, which can be exploited to cause an out-of-bounds read by sending a specially crafted HTTP Post request to TCP port 9090.

The vulnerability is reported in versions prior to 11.3.

Solution:
Update to version 11.3.

Provided and/or discovered by:
ICS-CERT credits Dillon Beresford of IXIA.

Original Advisory:
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-01.pdf

http://secunia.com/advisories/49092/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Rational ClearQuest SQL Injection Vulnerability

by Carol~ Moderator - 5/11/12 10:44 AM

In Reply to: VULNERABILITIES / FIXES - May 11, 2012 by Carol~ Moderator

Release Date : 2012-05-11

Criticality level : Less critical
Impact : Manipulation of data
Where : From local network
Solution Status : Vendor Patch

Software: IBM Rational ClearQuest 7.x
IBM Rational ClearQuest 8.x

Description:
A vulnerability has been reported in IBM Rational ClearQuest, which can be exploited by malicious users to conduct SQL injection attacks.

Certain input when upgrading the user database is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in versions 7.1.1 through 7.1.2.5, 8.0, and 8.0.0.1.

Solution:
Update to a fixed version.

Provided and/or discovered by:
The vendor credits Jan Kaestle, Siemens AG.

Original Advisory:
IBM:
http://www.ibm.com/support/docview.wss?uid=swg21594717

X-Force:
http://xforce.iss.net/xforce/xfdb/71802

http://secunia.com/advisories/49093/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Galette "id_adh" SQL Injection Vulnerability

by Carol~ Moderator - 5/11/12 10:44 AM

In Reply to: VULNERABILITIES / FIXES - May 11, 2012 by Carol~ Moderator

Release Date : 2012-05-11

Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: Galette 0.x

Description:
A vulnerability has been discovered in Galette, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "id_adh" parameter to picture.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 0.63.3. Other versions may also be affected.

Solution:
Update to version 0.7.0.

Provided and/or discovered by:
Sofian Brabez via a bug report.

Original Advisory:
http://redmine.ulysses.fr/issues/250

http://secunia.com/advisories/49106/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Drupal Path Disclosure Weakness

by Carol~ Moderator - 5/11/12 12:25 PM

In Reply to: VULNERABILITIES / FIXES - May 11, 2012 by Carol~ Moderator

Release Date : 2012-05-11

Criticality level : Not critical
Impact : Exposure of system information
Where : From remote
Solution Status : Unpatched

Software: Drupal 7.x

Description:
A weakness has been discovered in Drupal, which can be exploited by malicious people to disclose certain system information.

The weakness is caused due to the application displaying the full installation path in an error message e.g. when the "q[]" parameter passed to index.php is set to an arbitrary value.

The weakness is confirmed in version 7.14. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
Jean Pascal Pereira

Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/2012-05/0052.html

http://secunia.com/advisories/49131/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

QNX Phindows Buffer Overflow Vulnerability

by Carol~ Moderator - 5/11/12 12:25 PM

In Reply to: VULNERABILITIES / FIXES - May 11, 2012 by Carol~ Moderator

Release Date : 2012-05-11

Criticality level : Less critical
Impact : System access
Where : From local network
Solution Status : Unpatched

Software: QNX Momentics 6.x
QNX Phindows 3.x
QNX Software Development Platform 6.x

Description:
Luigi Auriemma has discovered a vulnerability in QNX Phindows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in phindows.exe when processing server replies. This can be exploited to cause a stack-based buffer overflow via a specially crafted TCP response packet.

Successful exploitation allows execution of arbitrary code, but requires tricking a user into connecting to a malicious Photon session server.

The vulnerability is confirmed in Phindows version 3.0.44. Other versions may also be affected.

Solution:
Do not connect to untrusted servers.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/qnxph_1-adv.txt

http://secunia.com/advisories/49090/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

OpenJPEG Gray16 TIFF Image Tile Decoding Vulnerability

by Carol~ Moderator - 5/11/12 12:26 PM

In Reply to: VULNERABILITIES / FIXES - May 11, 2012 by Carol~ Moderator

Release Date: 2012-04-13
Last Update: 2012-05-11

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status: Unpatched

Software: OpenJPEG 1.x

Description:
A vulnerability has been reported in OpenJPEG, which can be exploited by malicious people to compromise an application using the library.

The vulnerability is caused due to an error within the "tcd_free_encode()" function (tcd.c) when decoding tile information from Gray16 TIFF images and can be exploited to corrupt heap memory.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 1.5.0. Other versions may also be affected.

Solution:
Do not process files from untrusted sources.

Provided and/or discovered by:
Mathieu Malaterre in a bug report.

Original Advisory:
http://code.google.com/p/openjpeg/issues/detail?id=5

http://secunia.com/advisories/48781


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

PHP QUERY_STRING Parameters and Buffer Overflow

by Carol~ Moderator - 5/11/12 12:27 PM

In Reply to: VULNERABILITIES / FIXES - May 11, 2012 by Carol~ Moderator

PHP QUERY_STRING Parameters and Buffer Overflow Vulnerabilities

Release Date: 2012-05-04
Last Update: 2012-05-11

Criticality level : Highly critical
Impact : Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Software: PHP 5.3.x
PHP 5.4.x

Description:
Two vulnerabilities have been reported in PHP, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system.

1) An error when parsing certain QUERY_STRING parameters can be exploited to e.g. disclose the PHP source code or execute arbitrary code.

This vulnerability is reported in versions 5.3.12 and prior and versions 5.4.2 and prior.

2) An error in the "apache_request_headers()" function can be exploited to cause a buffer overflow.

NOTE: This vulnerability affects version 5.4 only.

Solution:
Update to versions 5.4.3 and 5.3.13.

Provided and/or discovered by:
1) De Eindbazen
2) Reported in PHP bug report.

Original Advisory:
PHP:
https://bugs.php.net/bug.php?id=61910
https://bugs.php.net/bug.php?id=61807
http://www.php.net/archive/2012.php#id2012-05-08-1

De Eindbazen:
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

US-CERT VU#520827:
http://www.kb.cert.org/vuls/id/520827

http://secunia.com/advisories/49014


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Reg. DTLS Client/Server implementation in Java/J2EE

by narasimhabn99 - 7/5/12 11:10 AM

In Reply to: PHP QUERY_STRING Parameters and Buffer Overflow by Carol~ Moderator

I have a client requirement for DTLS Client/Server implementation using Java/J2EE. Also I don't see much help on the google. Does any DTLS Client/Server tools already available in the market?

Can anybody point me in the right direction. I really appreciate your help.


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Re: DTLS and Java

by Kees_B Moderator - 7/6/12 6:03 AM

In Reply to: Reg. DTLS Client/Server implementation in Java/J2EE by narasimhabn99

If I read http://stackoverflow.com/questions/2474802/is-there-a-recommended-dtls-library?rq=1 correctly, it's a rather bad idea, especially since it's not available.

There are implementations in other languages. So you might be able to run a service written in another language and call that from your Java program. Or use some other wrapper to make it Java-callable.

Kees


Was this reply helpful? (1)   (0)

Staff pick

Reply
Report offensive post
Email to friend

See Kees reply.

by R. Proffitt Moderator - 7/6/12 6:21 AM

In Reply to: Reg. DTLS Client/Server implementation in Java/J2EE by narasimhabn99

If you are into "Design Patterns" you would indeed adapt such into Java. It may not be in native Java today so you have to use your old school adapter, shim or call to bring such into Java.

Some newer software authors may be challenged. But from a quick glance it will take a seasoned mufti-lingual software author to pull this off.

But what interests me is something I'm seeing more and more. I'm seeing folk ask for something they need to create. Good to ask if there is something ready to use, but at times there is not so you get to create it and write it.
Bob


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close