Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - June 28, 2012

by: Carol~ June 28, 2012 10:26 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - June 28, 2012

by Carol~ Moderator - 6/28/12 10:26 AM

Mini-stream URL Hunter Playlist Buffer Overflow

Release Date : 2012-06-28

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: Mini-stream URL Hunter 3.x

Description:
A vulnerability has been discovered in Mini-stream URL Hunter, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing playlist files. This can be exploited to cause a stack-based buffer overflow via a specially crafted M3U playlist.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 3.1.2.1. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Ayrbyte

Original Advisory:
http://www.exploit-db.com/exploits/19323/

http://secunia.com/advisories/49512/


Reply
Report offensive post
Email to friend

Cisco WebEx Player ARF Processing Buffer Overflow

by Carol~ Moderator - 6/28/12 10:31 AM

In Reply to: VULNERABILITIES / FIXES - June 28, 2012 by Carol~ Moderator

Cisco WebEx Player ARF Processing Buffer Overflow Vulnerability

Release Date : 2012-06-28

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: WebEx Advanced Recording Format Player

Description:
A vulnerability has been reported in WebEx Advanced Recording Format Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error when processing ARF files. No further information is currently available.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in the following versions:
* Client builds 28.0.0 (T28 L10N).
* Client builds 27.32.1 (T27 LD SP32 CP1) and prior.
* Client builds 27.25.10 (T27 LC SP25 EP10) and prior.
* Client builds 27.21.10 (T27 LB SP21 EP10) and prior.
* Client builds 27.11.26 (T27 L SP11 EP26) and prior.

Solution:
Update to a fixed client build (please see the vendor's advisory for details).

Provided and/or discovered by:
The vendor credits iDefense and Microsoft Vulnerability Research (MSVR).

Original Advisory:
Cisco:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120627-webex

http://secunia.com/advisories/49751/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Cisco WebEx Player WRF Processing Multiple Vulnerabilities

by Carol~ Moderator - 6/28/12 10:31 AM

In Reply to: VULNERABILITIES / FIXES - June 28, 2012 by Carol~ Moderator

Release Date : 2012-06-28

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: WebEx Recording Format Player

Description:
Multiple vulnerabilities have been reported in WebEx Recording Format Player, which can be exploited by malicious people to compromise a user's system.

1) An unspecified error when processing WRF files can be exploited to cause a heap-based buffer overflow.

2) An error when processing the JPEG DHT chunk within a WRF file can be exploited to cause a stack-based buffer overflow.

3) An unspecified error when processing WRF files can be exploited to corrupt memory.

4) An error when processing the Audio size within a WRF file can be exploited to cause a heap-based buffer overflow.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in the following versions:
* Client builds 28.0.0 (T28 L10N).
* Client builds 27.32.1 (T27 LD SP32 CP1) and prior.
* Client builds 27.25.10 (T27 LC SP25 EP10) and prior.
* Client builds 27.21.10 (T27 LB SP21 EP10) and prior.
* Client builds 27.11.26 (T27 L SP11 EP26) and prior.

Solution:
Update to a fixed client build (please see the vendor's advisory for details).

Provided and/or discovered by:
The vendor credits iDefense and Microsoft Vulnerability Research (MSVR).

Original Advisory:
Cisco:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120627-webex

http://secunia.com/advisories/49750/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for php

by Carol~ Moderator - 6/28/12 10:31 AM

In Reply to: VULNERABILITIES / FIXES - June 28, 2012 by Carol~ Moderator

Release Date : 2012-06-28

Criticality level : Highly critical
Impact : Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Red Hat Enterprise Linux Server 5
RHEL Desktop Workstation 5

Description:
Red Hat has issued an update for php. This fixes two vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:1045-1:
https://rhn.redhat.com/errata/RHSA-2012-1045.html

http://secunia.com/advisories/49599/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for php (2)

by Carol~ Moderator - 6/28/12 10:31 AM

In Reply to: VULNERABILITIES / FIXES - June 28, 2012 by Carol~ Moderator

Release Date : 2012-06-28

Criticality level : Highly critical
Impact : Brute force
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6

Description:
Red Hat has issued an update for php. This fixes a weakness and multiple vulnerabilities in PHP, which can be exploited by malicious people to conduct brute force attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:1046-01:
https://rhn.redhat.com/errata/RHSA-2012-1046.html

http://secunia.com/advisories/49730/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for php53

by Carol~ Moderator - 6/28/12 10:31 AM

In Reply to: VULNERABILITIES / FIXES - June 28, 2012 by Carol~ Moderator

Release Date : 2012-06-28

Criticality level : Highly critical
Impact : Brute force
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Red Hat Enterprise Linux Server 5
RHEL Desktop Workstation 5

Description:
Red Hat has issued an update for php53. This fixes a weakn:ss and multiple vulnerabilities in PHP, which can be exploited by malicious people to conduct brute force attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:1047-01:
https://rhn.redhat.com/errata/RHSA-2012-1047.html

http://secunia.com/advisories/49731/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

bcfg2 Trigger Plugin Command Injection Vulnerability

by Carol~ Moderator - 6/28/12 10:35 AM

In Reply to: VULNERABILITIES / FIXES - June 28, 2012 by Carol~ Moderator

Release Date : 2012-06-28

Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Vendor Workaround

Software: bcfg2 1.x

Description:
A vulnerability has been reported in bcfg2, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an input sanitisation error in the Trigger plugin when using the UUID field received from a client. This can be exploited to inject and execute arbitrary shell commands with privileges of the server daemon (typically root).

Successful exploitation requires root access on a client system.

The vulnerability is reported in version 1.2.x

Solution:
Fixed in the GIT repository.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
bcfg2:
http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539

http://secunia.com/advisories/49629/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Drupal Hashcash Module Invalid Token Script Insertion

by Carol~ Moderator - 6/28/12 10:35 AM

In Reply to: VULNERABILITIES / FIXES - June 28, 2012 by Carol~ Moderator

Drupal Hashcash Module Invalid Token Script Insertion Vulnerability

Release Date : 2012-06-28

Criticality level : Moderately critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Drupal Hashcash Module 6.x
Drupal Hashcash Module 7.x

Description:
A vulnerability has been reported in the Hashcash module for Drupal, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via an invalid token is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

Successful exploitation requires that "Log failed hashcash" is enabled (disabled by default).

The vulnerability is reported in versions 6.x-2.x prior to 6.x-2.6 and 7.x-2.x prior to 7.x-2.2.

Solution:
Update to a patched version.

Provided and/or discovered by:
The vendor credits Heine Deelstra.

Original Advisory:
SA-CONTRIB-2012-105:
http://drupal.org/node/1663306

http://secunia.com/advisories/49683/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for kernel

by Carol~ Moderator - 6/28/12 10:35 AM

In Reply to: VULNERABILITIES / FIXES - June 28, 2012 by Carol~ Moderator

Release Date : 2012-06-28

Criticality level : Moderately critical
Impact : Manipulation of data
Exposure of sensitive information
Privilege escalation
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 11.4

Description:
SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, manipulate certain data, cause a DoS (Denial of Service), gain escalated privileges, by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0799-1:
https://hermes.opensuse.org/messages/15023693

http://secunia.com/advisories/49736/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

HP Photosmart Printers Denial of Service Vulnerability

by Carol~ Moderator - 6/28/12 10:35 AM

In Reply to: VULNERABILITIES / FIXES - June 28, 2012 by Carol~ Moderator

Release Date : 2012-06-28

Criticality level : Less critical
Impact : Dos
Where : From local network
Solution Status : Partial Fix

Operating System: HP Photosmart Plus Printer B210
HP Photosmart Printer B110
HP Photosmart Printer C410
HP Photosmart Printer C510
HP Photosmart Printer D110
HP Photosmart Printer K510

Description:
A vulnerability has been reported in multiple HP Photosmart printers, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error. No further information is currently available.

The vulnerability is reported in the following products:
* HP Photosmart Wireless e-All-in-One Printer series - B110
* HP Photosmart e-All-in-One Printer series - D110
* HP Photosmart Plus e-All-in-One Printer series - B210
* HP Photosmart eStation All-in-One Printer series - C510
* HP Photosmart Ink Advantage e-All-in-One Printer series - K510
* HP Photosmart Premium Fax e-All-in-One Printer series - C410

Solution:
Update to the latest firmware if available (please see the vendor's advisory for more information).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
HPSBPI02794 SSRT100542:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02931414

http://secunia.com/advisories/49739/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Rational ClearQuest Cross-Site Scripting and Information

by Carol~ Moderator - 6/28/12 11:55 AM

In Reply to: VULNERABILITIES / FIXES - June 28, 2012 by Carol~ Moderator

IBM Rational ClearQuest Cross-Site Scripting and Information Disclosure Vulnerabilities

Release Date : 2012-06-28

Criticality level : Less critical
Impact : Cross Site Scripting
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: IBM Rational ClearQuest 7.x
IBM Rational ClearQuest 8.x

Description:
Two vulnerabilities have been reported in IBM Rational ClearQuest, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) An error in the application can be exploited to disclose encrypted passwords. No further information is currently available.

The vulnerabilities are reported in versions prior to 7.1.2.7 and 8.0.0.3.

Solution:
Update to version 7.1.2.7 or 8.0.0.3.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (APAR PM61670, PM62740)
http://www.ibm.com/support/docview.wss?uid=swg1PM61670
http://www.ibm.com/support/docview.wss?uid=swg1PM62740

http://secunia.com/advisories/49681/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

web@all Cross-Site Request Forgery and Scripting

by Carol~ Moderator - 6/28/12 1:05 PM

In Reply to: VULNERABILITIES / FIXES - June 28, 2012 by Carol~ Moderator

web@all Cross-Site Request Forgery and Scripting Vulnerabilities

Release Date : 2012-06-28

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: web@all 2.x

Description:
High-Tech Bridge SA has reported two vulnerabilities in web@all, which can be exploited by malicious people to conduct cross-site request forgery and scripting attacks.

1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. upload arbitrary files by tricking a logged in administrator into visiting a malicious web site.

2) Input passed via the "_text[title]" parameter to /search.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 2.0 released before May 30th, 2012. Prior versions may also be affected.

Solution:
Update to version 2.0 released May 30th, 2012 or later.

Provided and/or discovered by:
High-Tech Bridge SA.

Original Advisory:
HTB23094:
https://www.htbridge.com/advisory/HTB23094

http://secunia.com/advisories/49529/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Multiple Vulnerabilities

by Carol~ Moderator - 6/28/12 2:34 PM

In Reply to: VULNERABILITIES / FIXES - June 28, 2012 by Carol~ Moderator

Release Date : 2012-06-28

Criticality level : Less critical
Impact : Security Bypass
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: WordPress 3.x

Description:
Multiple vulnerabilities have been reported in WordPress, which can potentially be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose sensitive information.

1) An unspecified error in the application can be exploited to potentially disclose sensitive information. No further information is currently available.

2) An error in checking user capabilities when handling XMLRPC requests can potentially be exploited to edit posts by users which don't have this capability.

The vulnerabilities are reported in versions prior to 3.4.1.

Solution:
Update to version 3.4.1.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://wordpress.org/news/2012/06/wordpress-3-4-1/

http://secunia.com/advisories/49726/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Integrated Information Core Multiple Vulnerabilities

by Carol~ Moderator - 6/28/12 3:09 PM

In Reply to: VULNERABILITIES / FIXES - June 28, 2012 by Carol~ Moderator

Release Date : 2012-06-28

Criticality level : Moderately critical
Impact : Cross Site Scripting
Unknown
Where : From remote
Solution Status : Vendor Patch

Software: IBM Integrated Information Core 1.x

Description:
Multiple vulnerabilities have been reported in IBM Integrated Information Core, where some have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks.

The vulnerabilities are reported in version 1.5.

Solution:
Apply APAR JR43170.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (APAR JR43170):
http://www.ibm.com/support/docview.wss?uid=swg24032950

http://secunia.com/advisories/49668/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

PHP-Fusion Advanced MP3 Player Module Arbitrary File

by Carol~ Moderator - 6/28/12 4:05 PM

In Reply to: VULNERABILITIES / FIXES - June 28, 2012 by Carol~ Moderator

PHP-Fusion Advanced MP3 Player Module Arbitrary File Upload Vulnerability

Release Date : 2012-06-28

Criticality level : Less critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: Advanced MP3 Player 2.x (module for PHP-Fusion)

Description:
Sammy Forgit has discovered a vulnerability in the Advanced MP3 Player module for PHP-Fusion, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the infusions/mp3player_panel/upload.php script improperly validating uploaded files, which can be exploited to execute arbitrary PHP code by uploading a PHP file with an appended ".mp3" file extension.

Successful exploitation requires that Apache is not configured to handle the mime-type for media files with an ".mp3" extension (Configured to handle by default).

The vulnerability is confirmed in version 2.01. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:Sammy Forgit, OpenSysCom

Original Advisory:
http://www.opensyscom.fr/Actualites/php-fusion-addons-advanced-mp3-player-arbitrary-file-upload-vulnerability.html

http://secunia.com/advisories/49735/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Job Manager Plugin Multiple Cross-Site Scripting

by Carol~ Moderator - 6/28/12 4:08 PM

In Reply to: VULNERABILITIES / FIXES - June 28, 2012 by Carol~ Moderator

WordPress Job Manager Plugin Multiple Cross-Site Scripting Vulnerabilities

Release Date : 2012-06-28

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Job Manager Plugin 0.x

Description:
Multiple vulnerabilities have been reported in the Job Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised in wp-content/plugins/job-manager/admin-applications.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 0.7.18. Prior versions may also be affected.

Solution:
Update to version 0.7.19.

Provided and/or discovered by:
The vendor credits devbliss.

Original Advisory:
http://wordpress.org/extend/plugins/job-manager/changelog/

http://secunia.com/advisories/49756/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close