Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - August 08, 2012

by: Carol~ August 8, 2012 8:06 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - August 08, 2012

by Carol~ Moderator - 8/8/12 8:06 AM

Sleipnir Mobile for Android Arbitrary Java Method Execution Vulnerability

Release Date : 2012-08-08

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Sleipnir Mobile for Android 2.x

Description:
A vulnerability has been reported in Sleipnir Mobile for Android, which can be exploited by malicious people to compromise a user's device.

The vulnerability is caused due to an error when handling certain web pages and can be exploited to execute an arbitrary Java method.

Successful exploitation allows execution of arbitrary code via a specially crafted web page.

The vulnerability is reported in Sleipnir Mobile for Android and Sleipnir Mobile Black Edition for Android versions 2.2.0 and prior.

Solution:
Update to version 2.2.2.

Provided and/or discovered by:
JVN credits Gaku Mochizuki, Mitsui Bussan Secure Directions, Inc.

Original Advisory:
Sleipnir:
https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir
JVN:
http://jvn.jp/en/jp/JVN99730704/index.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000076.html

http://secunia.com/advisories/50094/


Reply
Report offensive post
Email to friend

Hitachi JP1/Integrated Management Cross-Site Scripting

by Carol~ Moderator - 8/8/12 8:12 AM

In Reply to: VULNERABILITIES / FIXES - August 08, 2012 by Carol~ Moderator

Hitachi JP1/Integrated Management Cross-Site Scripting Vulnerability

Release Date : 2012-08-08

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Partial Fix

Software: Hitachi JP1/Integrated Management (IM)

Description:
A vulnerability has been reported in Hitachi JP1/Integrated Management, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input related to Service Support is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions 08-11 through 08-11-04, 08-50 through 08-50-07, 08-51 through 08-51-09, 09-00 through 09-00-06, and 09-50 through 09-50-03.

Solution:
Update to a fixed version.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Hitachi (English):
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-021/index.html

Hitachi (Japanese):
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-021/index.html

http://secunia.com/advisories/50163/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Sauerbraten Game Engine Map Import Vulnerability

by Carol~ Moderator - 8/8/12 8:12 AM

In Reply to: VULNERABILITIES / FIXES - August 08, 2012 by Carol~ Moderator

Release Date : 2012-08-08

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Workaround

Software: Sauerbraten Game Engine

Description:
A vulnerability has been reported in Sauerbraten Game Engine, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an input validation error within the "TEXTCOMMAND()" macro (src/engine/textedit.h) when parsing map files and can be exploited to manipulate arbitrary files via a malicious map.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into importing a malicious map or connecting to a malicious server.

The vulnerability is reported in version 2010_07_28. Other versions may also be affected.

Solution:
Fixed in the SVN repository.

Provided and/or discovered by:
Martin Erik Werner in a Debian bug.

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684144

http://secunia.com/advisories/50144/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for sudo

by Carol~ Moderator - 8/8/12 8:12 AM

In Reply to: VULNERABILITIES / FIXES - August 08, 2012 by Carol~ Moderator

Release Date : 2012-08-08

Criticality level : Less critical
Impact : Manipulation of data
Where : Local system
Solution Status : Vendor Patch

Operating System: Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Server 5

Description:
Red Hat has issued an update for sudo. This fixes a security issue, which can be exploited by malicious, local users to manipulate certain data.

The security issue is caused due to a race condition error within the %postun (post-uninstall) script when performing an upgrade or the removal of the sudo package. This can be exploited to overwrite an arbitrary file via a symbolic link attack or modify the contents of the /etc/nsswitch.conf file.

Solution:
Updated packages are available via Red Hat Network.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
RHSA-2012:1149-1:
https://rhn.redhat.com/errata/RHSA-2012-1149.html

Red Hat Bug#844442:
https://bugzilla.redhat.com/show_bug.cgi?id=844442

http://secunia.com/advisories/50178/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ConcourseSuite Script Insertion and Cross-Site Request

by Carol~ Moderator - 8/8/12 8:25 AM

In Reply to: VULNERABILITIES / FIXES - August 08, 2012 by Carol~ Moderator

ConcourseSuite Script Insertion and Cross-Site Request Forgery Vulnerabilities

Release Date : 2012-08-08

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: ConcourseSuite 6.x

Description:
Matthew Joyce has discovered some vulnerabilities in ConcourseSuite, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.

1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change access roles of a user when a logged-in administrative user visits a specially crafted web page.

2) Input passed via multiple parameters and multiple scripts is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

List of affected scripts and parameters:
http://<host>/crm/Sales.do?nameFirst&nameLast
http://<host>/crm/ExternalContacts.do?nameFirst&nameLast&company
http://<host>/crm/Accounts.do?name
http://<host>/crm/MyCFSProfile.do?address1state

The vulnerabilities are confirmed in version 6.1 (20120209). Prior versions may also be affected.

Solution:
Update to version 6.2 (20120806).

Provided and/or discovered by:
Matthew Joyce via Secunia.

Original Advisory:
ConcourseSuite:
https://www.concursive.com/show/concoursesuite-support/wiki/SA-CORE-2012-001

http://secunia.com/advisories/49999/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Oracle Database CTXSYS.CONTEXT Index Privilege Escalation

by Carol~ Moderator - 8/8/12 8:25 AM

In Reply to: VULNERABILITIES / FIXES - August 08, 2012 by Carol~ Moderator

Oracle Database CTXSYS.CONTEXT Index Privilege Escalation Vulnerability

Release Date : 2012-08-08

Criticality level : Less critical
Impact : Privilege escalation
Where : From local network
Solution Status : Partial Fix

Software: Oracle Database 10.x
Oracle Database 11.x

Description:
David Litchfield has reported a vulnerability in Oracle Database, which can be exploited by malicious users to gain escalated privileges.

The vulnerability is caused due to an unspecified error related to the CTXSYS.CONTEXT index. No further information is currently available.

Successful exploitation allows user to gain SYSDBA privileges, but requires CREATE TABLE and CREATE PROCEDURE privileges and EXECUTE privileges on DBMS_STATS.

Solution:
Reportedly, patches are available for some 11gR2 versions (please contact the vendor for more information).

Provided and/or discovered by:
David Litchfield

Original Advisory:
http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/

http://secunia.com/advisories/50143/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Inout Webmail Email Receiver Script Insertion

by Carol~ Moderator - 8/8/12 8:25 AM

In Reply to: VULNERABILITIES / FIXES - August 08, 2012 by Carol~ Moderator

Inout Webmail Email Receiver Script Insertion Vulnerabilities

Release Date : 2012-08-08

Criticality level : Moderately critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Inout Webmail

Description:
Vulnerability Lab has reported multiple vulnerabilities in Inout Webmail, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via e.g. the "to" email header when receiving an email is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

Solution:
No official solution is currently available.

Provided and/or discovered by:
snup, Vulnerability Lab

Original Advisory:
http://www.vulnerability-lab.com/get_content.php?id=609
http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0082.html

http://secunia.com/advisories/50155/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Baby Gekko URL Cross-Site Scripting Vulnerability

by Carol~ Moderator - 8/8/12 8:26 AM

In Reply to: VULNERABILITIES / FIXES - August 08, 2012 by Carol~ Moderator

Release Date : 2012-08-08

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Baby Gekko 1.x

Description:
Secunia Research has discovered a vulnerability in Baby Gekko, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the URL to e.g. index.php or includes/errors/404.php is not properly sanitised in includes/errors/404.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that the victim uses a browser that does not URL-encode the request (e.g. Internet Explorer 6).

The vulnerability is confirmed in version 1.2.2a. Other versions may also be affected.

Solution:
Update to version 1.2.2d.

Provided and/or discovered by:
Secunia Research.

Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2012-28/

http://secunia.com/advisories/49142/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for krb5

by Carol~ Moderator - 8/8/12 9:59 AM

In Reply to: VULNERABILITIES / FIXES - August 08, 2012 by Carol~ Moderator

Release Date : 2012-08-08

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issued an update for krb5. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0967-1:
http://lists.opensuse.org/opensuse-updates/2012-08/msg00016.html

http://secunia.com/advisories/50145/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for python-django

by Carol~ Moderator - 8/8/12 10:57 AM

In Reply to: VULNERABILITIES / FIXES - August 08, 2012 by Carol~ Moderator

Release Date : 2012-08-08

Criticality level : Moderately critical
Impact : DoS
Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 12.1

Description:
SUSE has issued an update for python-django. This fixes two security issues and a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0970-1:
http://lists.opensuse.org/opensuse-updates/2012-08/msg00014.html

http://secunia.com/advisories/50167/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for bind

by Carol~ Moderator - 8/8/12 10:58 AM

In Reply to: VULNERABILITIES / FIXES - August 08, 2012 by Carol~ Moderator

Release Date : 2012-08-08

Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0969-1:
http://lists.opensuse.org/opensuse-updates/2012-08/msg00013.html

openSUSE-SU-2012:0971-1:
http://lists.opensuse.org/opensuse-updates/2012-08/msg00015.html

http://secunia.com/advisories/50165/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

PBBoard Multiple Vulnerabilities

by Carol~ Moderator - 8/8/12 10:59 AM

In Reply to: VULNERABILITIES / FIXES - August 08, 2012 by Carol~ Moderator

Release Date : 2012-08-08

Criticality level : Moderately critical
Impact : Security Bypass
Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: PBBoard 2.x

Description:
High-Tech Bridge has discovered multiple vulnerabilities in PBBoard, which can be exploited by malicious people to conduct cross-site request forgery and SQL injection attacks and bypass certain security restrictions.

1) Input passed via the "username" POST parameter (when "page" is set to "send"), "email" POST parameter (when "page" is set to "forget"), "password" POST parameter (when "page" is set to "forum_archive"), "section" POST parameter (when "page" is set to "management"), "section_id" POST parameter (when "page" is set to "managementreply"), "member_id" POST parameter (when "page" is set to "new_password", and "subjectid" POST parameter (when "page" is set to "tags") to index.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) An error due to the application not validating the "member_id" parameter can be exploited to change the password of other users.

3) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. inject and execute arbitrary PHP code if a logged-in administrator visits a malicious web site.

The vulnerabilities are confirmed in version 2.1.4. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
High-Tech Bridge

Original Advisory:
HTB23101:
https://www.htbridge.com/advisory/HTB23101

http://secunia.com/advisories/50153/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

phplist "unconfirmed" Cross-Site Scripting Vulnerability

by Carol~ Moderator - 8/8/12 12:45 PM

In Reply to: VULNERABILITIES / FIXES - August 08, 2012 by Carol~ Moderator

Release Date : 2012-08-08

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: phplist 2.x

Description:
High-Tech Bridge SA has discovered a vulnerability in phplist, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "unconfirmed" parameter to admin/index.php (when "page" is set to "user") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 2.10.18. Prior versions may also be affected.

Solution:
Update to version 2.10.19.

Provided and/or discovered by:
High-Tech Bridge SA.

Original Advisory:
phplist:
http://www.phplist.com/?lid=579

High-Tech Bridge SA:
https://www.htbridge.com/advisory/HTB23100

http://secunia.com/advisories/50150/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close