Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - June 05, 2012

by: Carol~ June 5, 2012 9:44 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - June 05, 2012

by Carol~ Moderator - 6/5/12 9:44 AM

Kerberos "check_1_6_dummy()" Denial of Service Weakness

Release Date : 2012-06-05

Criticality level : Not critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Software: Kerberos 5.x

Description:
A weakness has been reported in Kerberos, which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL pointer dereference error in the "check_1_6_dummy()" function in src/lib/kadm5/srv/svr_principal.c. This can be exploited to cause a crash via a create-principal request containing no password but the KRB5_KDB_DISALLOW_ALL_TIX flag.

Successful exploitation requires an administrator account with "create" privileges.

The weakness is reported in versions prior to 1.10.2.

Solution:
Update to version 1.10.2.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://web.mit.edu/kerberos/krb5-1.10/

http://secunia.com/advisories/49346/


Reply
Report offensive post
Email to friend

Red Hat update for openoffice.org

by Carol~ Moderator - 6/5/12 9:48 AM

In Reply to: VULNERABILITIES / FIXES - June 05, 2012 by Carol~ Moderator

Release Date : 2012-06-05

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6
RHEL Desktop Workstation 5

Software: RHEL Optional Productivity Applications (v. 5 server)

Description:
Red Hat has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:0705-01:
https://rhn.redhat.com/errata/RHSA-2012-0705.html

http://secunia.com/advisories/49392/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

@WEB ShoppingCart Unspecified Cross-Site Scripting

by Carol~ Moderator - 6/5/12 9:48 AM

In Reply to: VULNERABILITIES / FIXES - June 05, 2012 by Carol~ Moderator

@WEB ShoppingCart Unspecified Cross-Site Scripting Vulnerability

Release Date : 2012-06-05

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: @WEB ShoppingCart 1.x

Description:
A vulnerability has been reported in @WEB ShoppingCart, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions 1.5.1.0 and prior.

Solution:
Update to version 1.5.2.0.

Provided and/or discovered by:
JVN credits Yoshinori Matsumoto, Kobe Digital Lab., Inc.

Original Advisory:
JVN:
http://jvn.jp/en/jp/JVN78305073/index.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000055.html

http://secunia.com/advisories/49385/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for php5

by Carol~ Moderator - 6/5/12 9:48 AM

In Reply to: VULNERABILITIES / FIXES - June 05, 2012 by Carol~ Moderator

Release Date : 2012-06-05

Criticality level : Less critical
Impact : DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issued an update for php5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0695-1:
http://lists.opensuse.org/opensuse-updates/2012-06/msg00002.html

http://secunia.com/advisories/49350/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Theme My Login Plugin "instance" Cross-Site

by Carol~ Moderator - 6/5/12 9:48 AM

In Reply to: VULNERABILITIES / FIXES - June 05, 2012 by Carol~ Moderator

WordPress Theme My Login Plugin "instance" Cross-Site Scripting Vulnerability

Release Date : 2012-06-05

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Theme My Login Plugin 6.x

Description:
A vulnerability has been discovered in the Theme My Login plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "instance" parameter to index.php (when "action" is set to "lostpassword", "retrievepassword", or "register") is not properly sanitised in wp-content/plugins/theme-my-login/includes/class-theme-my-login.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 6.1.4. Prior versions may also be affected.

Solution:
Update to version 6.2.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Theme My Login:
http://wordpress.org/extend/plugins/theme-my-login/changelog/
http://plugins.trac.wordpress.org/changeset/455063/theme-my-login

http://secunia.com/advisories/49399/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress CodeStyling Localization Plugin Multiple Cross

by Carol~ Moderator - 6/5/12 9:51 AM

In Reply to: VULNERABILITIES / FIXES - June 05, 2012 by Carol~ Moderator

WordPress CodeStyling Localization Plugin Multiple Cross-Site Scripting Vulnerability

Release Date: 2012-05-15
Last Update: 2012-06-05

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress CodeStyling Localization 1.x

Description:
Some vulnerabilities have been reported in the CodeStyling Localization plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

1) Input passed via the "name" parameter to wp-admin/admin-ajax.php is not properly sanitised in wp-content/plugins/codestyling-localization/codestyling-localization.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

This vulnerability is confirmed in version 1.99.17. Other versions may also be affected.

2) Certain input passed to the plugin is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

This vulnerability is reported in versions prior to 1.99.20.

Solution:
Update to version 1.99.20.

Provided and/or discovered by:
1) Heine Pedersen and Torben Jensen.
2) Reported by the vendor.

Original Advisory:
Codestyling Localization:
http://wordpress.org/extend/plugins/codestyling-localization/changelog/

Heine Pedersen and Torben Jensen:
http://packetstormsecurity.org/files/112709/WordPress-CodeStyling-Localization-1.99.16-Cross-Site-Scripting.html

http://secunia.com/advisories/49037


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Adobe Illustrator Multiple Vulnerabilities

by Carol~ Moderator - 6/5/12 11:10 AM

In Reply to: VULNERABILITIES / FIXES - June 05, 2012 by Carol~ Moderator

Release Date: 2012-05-09
Last Update: 2012-06-05

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Adobe Illustrator CS5 15.x

Description:
Multiple vulnerabilities have been reported in Adobe Illustrator, which can be exploited by malicious people to compromise a user's system.

1) An unspecified error can be exploited to corrupt memory.

2) Another unspecified error can be exploited to corrupt memory.

3) Another unspecified error can be exploited to corrupt memory.

4) Another unspecified error can be exploited to corrupt memory.

5) An integer overflow error in JPEGFormat.aip when calculating the size of a buffer to allocate based on the image dimensions and colour depth can be exploited to cause a heap-based buffer overflow via a specially crafted JPEG image file.

NOTE: This vulnerability is confirmed in CS5 bundling JPEGFormat.aip version 15.0.128.0.

6) Another unspecified error can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in Adobe Illustrator version CS5.5 (15.1) and prior for Windows and Macintosh. Other versions may also be affected.

Solution:
Update to version CS5 (15.0.3) or CS5.5 (15.1.1) or upgrade to version CS6 (16.0.0).

Provided and/or discovered by:
5) Tielei Wang, Georgia Tech Information Security Center via Secunia

The vendor credits:
1, 4, 6) Felipe Andres Manzano via iSIGHT Partners Global Vulnerability Partnership
2, 3) Justin Kim, Microsoft

http://secunia.com/advisories/47118


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Check Point IPSO DES Encryption Input Handling Weakness

by Carol~ Moderator - 6/5/12 5:28 PM

In Reply to: VULNERABILITIES / FIXES - June 05, 2012 by Carol~ Moderator

Release Date : 2012-06-05

Criticality level : Not critical
Impact : Brute Force
Where : From remote
Solution Status : Vendor Workaround

Operating System: Check Point IPSO 6.x

Description:
Check Point has acknowledged a weakness in Check Point IPSO, which can be exploited by malicious people to conduct brute force attacks.

The weakness is reported in version 6.2.

Solution:
Apply hotfix (please see the vendor's advisory for details).

Original Advisory:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk75640

http://secunia.com/advisories/49342/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Hexamail Server Webmail Email Body Script Insertion

by Carol~ Moderator - 6/5/12 5:29 PM

In Reply to: VULNERABILITIES / FIXES - June 05, 2012 by Carol~ Moderator

Hexamail Server Webmail Email Body Script Insertion Vulnerability

Release Date : 2012-06-05

Criticality level : Moderately critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Hexamail Server 4.x

Description:
Spentera has discovered a vulnerability in Hexamail Server, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via the email body is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed in the webmail interface.

The vulnerability is confirmed in version 4.4.5.002. Other versions may also be affected.

Solution:
No effective workaround is currently available.

Provided and/or discovered by:
modpr0be, Spentera

Original Advisory:
http://www.spentera.com/2012/06/hexamail-server-4-4-5-persistent-xss-vulnerability/

http://secunia.com/advisories/49357/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

cPanel Arbitrary File Overwrite and Code Execution

by Carol~ Moderator - 6/5/12 5:45 PM

In Reply to: VULNERABILITIES / FIXES - June 05, 2012 by Carol~ Moderator

cPanel Arbitrary File Overwrite and Code Execution Vulnerabilities

Release Date: 2012-06-01
Last Update: 2012-06-05

Criticality level : Moderately critical
Impact : Manipulation of data
System access
Where : From remote
Solution Status : Vendor Patch

Software: cPanel 11.x

Description:
Two vulnerabilities have been reported in cPanel, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to manipulate certain data.

1) An error in the splitlogs binary when handling log messages can be exploited to write to arbitrary files on the system via specially crafted log messages containing directory traversal sequences.

Successful exploitation of this vulnerability requires that the Apache Piped Log Configuration is used (disabled by default).

2) An error due to the cPanel WebDAV (cPDAVd) not properly sanitising filenames can be exploited to execute arbitrary code.

The vulnerabilities are reported in versions prior to 11.30.6.8, 11.32.2.28, and 11.32.3.19.

Solution:
Update to version 11.30.6.8, 11.32.2.28, or 11.32.3.19.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.cpanel.net/2012/05/targeted-security-release-20120531-announcement.html
http://www.cpanel.net/2012/06/targeted-security-release-2012-05-31-disclosure.html

http://secunia.com/advisories/49363


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Linux Kernel 64bit ABI System Call Parameter Sign Extension

by Carol~ Moderator - 6/5/12 5:46 PM

In Reply to: VULNERABILITIES / FIXES - June 05, 2012 by Carol~ Moderator

Linux Kernel 64bit ABI System Call Parameter Sign Extension Security Issue

Release Date: 2009-01-14
Last Update: 2012-06-05

Criticality level : Less critical
Impact: Privilege escalation
DoS
Where: Local system
Solution: Vendor Patch

Operating System: Linux Kernel 2.6.x
Linux Kernel 3.0.x
Linux Kernel 3.2.x
Linux Kernel 3.3.x

Description:
A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to potentially cause a DoS (Denial of Service) or gain escalated privileges.

The security issue is caused due to the kernel accepting certain 32bit parameters passed in a 64bit register from userspace without ensuring that the value is correctly sign extended. This may be exploited to crash a system or potentially gain escalated privileges by passing specially crafted parameters to affected system calls.

Reportedly, the following architectures use a vulnerable ABI system when running a 64bit kernel and a 64bit userspace:
* S390
* PowerPC
* SPARC64
* MIPS
* TILE-Gx

Solution:
Update to version 2.6.27.12 or 2.6.28.1 for the s390 and PowerPC (64bit) architectures, version 2.6.28.6 for the SPARC64 architecture, and version 2.6.29 for the MIPS architecture. Update to version 3.0.33, 3.2.19, or 3.3.8 for the TILE-Gx architecture.

Provided and/or discovered by:
Red Hat credits Christian Borntraeger.

Original Advisory
Red Hat::
https://bugzilla.redhat.com/show_bug.cgi?id=479969

Kernel.org:
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.33
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.19
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.3.8

http://secunia.com/advisories/33477


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close