Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - August 20, 2012

by: Carol~ August 20, 2012 8:41 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - August 20, 2012

by Carol~ Moderator - 8/20/12 8:41 AM

Debian update for xen

Release Date: 2012-08-20

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for xen. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2531-1:
http://www.debian.org/security/2012/dsa-2531

http://secunia.com/advisories/50291/


Reply
Report offensive post
Email to friend

McAfee SmartFilter Administration RMI Missing Authentication

by Carol~ Moderator - 8/20/12 8:45 AM

In Reply to: VULNERABILITIES / FIXES - August 20, 2012 by Carol~ Moderator

Release Date : 2012-08-20

Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch

Software: McAfee SmartFilter Administration 4.x

Description:
A vulnerability has been reported in McAfee SmartFilter Administration, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to missing authentication to the JBoss RMI (Remote Method Invocation) component exposed by SFAdminSrv.exe. This can be exploited to instantiate arbitrary classes or upload and execute arbitrary WAR files with SYSTEM privileges via a specially crafted request to TCP port 1098, 1099, or 4444.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in versions 4.2.1 and prior.

Solution:
Update to version 4.2.1.01.

Provided and/or discovered by:
Andrea Micalizzi via ZDI.

Original Advisory:
McAfee:
https://kc.mcafee.com/corporate/index?page=content&id=SB10029

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-12-140/

http://secunia.com/advisories/50304/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

McAfee Security for Microsoft SharePoint / Microsoft

by Carol~ Moderator - 8/20/12 8:45 AM

In Reply to: VULNERABILITIES / FIXES - August 20, 2012 by Carol~ Moderator

McAfee Security for Microsoft SharePoint / Microsoft Exchange Outside In Vulnerabilities

Release Date : 2012-08-20

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: McAfee Security for Microsoft Exchange 7.x
McAfee Security for Microsoft SharePoint 2.x

Description:
Multiple vulnerabilities have been reported in McAfee Security for Microsoft SharePoint and McAfee Security for Microsoft Exchange, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to the software bundling a vulnerable Outside In library.

The vulnerabilities are reported in McAfee Security for Microsoft SharePoint version 2.5 and McAfee Security for Microsoft Exchange version 7.6. Other versions may also be affected.

Solution:
Apply Patch 1 and Hotfix HF788523.

Provided and/or discovered by:
Will Dormann, CERT/CC.

Original Advisory:
McAfee::
https://kc.mcafee.com/corporate/index?page=content&id=PD23939
https://kc.mcafee.com/corporate/index?page=content&id=KB75998

US-CERT:
http://www.kb.cert.org/vuls/id/118913

http://secunia.com/advisories/50275/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

LISTSERV "SHOWTPL" Cross-Site Scripting Vulnerability

by Carol~ Moderator - 8/20/12 8:46 AM

In Reply to: VULNERABILITIES / FIXES - August 20, 2012 by Carol~ Moderator

Release Date : 2012-08-20

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: LISTSERV 16.x

Description:
Foreground Security has discovered a vulnerability in LISTSERV, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "SHOWTPL" parameter to WA.exe is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 16.0 (Build date: 8 Nov 2011). Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Jose Carlos de Arriba, Foreground Security

Original Advisory:
http://foregroundsecurity.com/component/content/article/1/127-lsoft-listserv-v16-wa-revision-r4241-showtpl-parameter-xss-cross-site-scripting

http://secunia.com/advisories/50098/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Hastymail2 Email "subject" Field Two Script Insertion

by Carol~ Moderator - 8/20/12 8:46 AM

In Reply to: VULNERABILITIES / FIXES - August 20, 2012 by Carol~ Moderator

Hastymail2 Email "subject" Field Two Script Insertion Vulnerabilities

Release Date : 2012-08-20

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Workaround

Software: Hastymail2 1.x

Description:
Two vulnerabilities have been reported in Hastymail2, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via the "subject" field of an email message is not properly sanitised before being used in the "Tread View" when using the clean and clean2 templates. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

The vulnerabilities are reported in version 1.1 RC2. Other versions may also be affected.

Solution:
Fixed in the SCM repository.

Provided and/or discovered by:
Shai rod (@NightRang3r)

Original Advisory:
Shai rod:
http://www.exploit-db.com/exploits/20578/

Hastymail2 Repository:
http://hastymail.svn.sourceforge.net/viewvc/hastymail?view=revision&revision=2078

http://secunia.com/advisories/50322/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Lotus Domino HTTP Response Splitting and Cross-Site

by Carol~ Moderator - 8/20/12 8:47 AM

In Reply to: VULNERABILITIES / FIXES - August 20, 2012 by Carol~ Moderator

IBM Lotus Domino HTTP Response Splitting and Cross-Site Scripting Vulnerabilities

Release Date : 2012-08-20

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: IBM Lotus Domino 8.x

Description:
Multiple vulnerabilities have been reported in IBM Lotus Domino, which can be exploited by malicious people to conduct HTTP response splitting and cross-site scripting attacks.

1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user. This allows arbitrary HTML and script code to be executed in a user's browser session in context of an affected site.

2) Certain unspecified input related to help and webmail is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions prior to 8.5.4.

Solution:
Update to version 8.5.4 when available (scheduled for release in February, 2013).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM:
http://www.ibm.com/support/docview.wss?uid=swg21608160

http://secunia.com/advisories/50330/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SRWare Iron Multiple Vulnerabilities

by Carol~ Moderator - 8/20/12 8:47 AM

In Reply to: VULNERABILITIES / FIXES - August 20, 2012 by Carol~ Moderator

Release Date : 2012-08-20

Criticality level : Highly critical
Impact : Unknown
Security Bypass
System access
Where : From remote
Solution Status : Unpatched

Software: SRWare Iron 20.x

Description:
Multiple vulnerabilities have been reported in SRWare Iron, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

Solution:
Upgrade to version 21.0.1200.0.

Original Advisory:
http://www.srware.net/forum/viewtopic.php?f=18&t=4269

http://secunia.com/advisories/50337/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Adobe Flash Player Font Parsing Code Execution Vulnerability

by Carol~ Moderator - 8/20/12 9:06 AM

In Reply to: VULNERABILITIES / FIXES - August 20, 2012 by Carol~ Moderator

Release Date: 2012-08-14
Last Update: 2012-08-20

Criticality level : Extremely critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Adobe Flash Player 11.x

Description:
A vulnerability has been reported in Flash Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when parsing font files.

The vulnerability is reported in the following versions:
* Flash Player 11.3.300.270 and earlier for Windows and Macintosh
* Flash Player 11.2.202.236 and earlier for Linux
* Flash Player 11.3.300.270 and earlier for Chrome users

Successful exploitation allows execution of arbitrary code.

NOTE: The vulnerability is currently being actively exploited in targeted attacks via Word documents against the Windows version.

Solution:
Update to version 11.3.300.271 for Windows, Mac, and Chrome or version 11.2.202.238 for Linux.

Provided and/or discovered by:
Reported as a 0-day.

The vendor also credits Alexander Gavrun via iDefense VCP.

Original Advisory:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb12-18.html

Metasploit:
http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/adobe_flash_otf_font.rb

http://secunia.com/advisories/50285


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft Internet Explorer Multiple Vulnerabilities

by Carol~ Moderator - 8/20/12 9:06 AM

In Reply to: VULNERABILITIES / FIXES - August 20, 2012 by Carol~ Moderator

Release Date: 2012-08-14
Last Update: 2012-08-20

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
Microsoft Internet Explorer 9.x

Description:
Four vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

1) An error in the layout handling when accessing an improperly initialised or deleted object can be exploited to corrupt memory.

2) A use-after-free error can be exploited during a page rendering event to dereference an already freed object by triggering download of an embedded font where an overly long "mailto:" URI is specified for the font's "src" property.

3) An error may cause a corrupted virtual function table that has already been deleted to be accessed.

4) An integer overflow error in the JavaScript parsing when calculating the size of an object in memory during a copy operation can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

Solution:
Apply patches

Provided and/or discovered by:
2) Derek Soeder via SecuriTeam Secure Disclosure.

The vendor credits:
1) GWSlabs via iDefense VCP.
3) Sing-ting Tsai and Ming-Chieh Pan, Trend Micro.
4) Cris Neckar, Google Chrome Security Team.

Original Advisory:
MS12-052 (KB2722913):
http://technet.microsoft.com/en-us/security/bulletin/MS12-052

Derek Soeder:
http://archives.neohapsis.com/archives/bugtraq/2012-08/0114.html

http://secunia.com/advisories/50237


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ManageEngine OpStor SQL Injection and Cross-Site Scripting

by Carol~ Moderator - 8/20/12 10:34 AM

In Reply to: VULNERABILITIES / FIXES - August 20, 2012 by Carol~ Moderator

ManageEngine OpStor SQL Injection and Cross-Site Scripting Vulnerabilities

Release Date : 2012-08-20

Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: ManageEngine OpStor 7.x

Description:
Ibrahim El-Sayed has reported some vulnerabilities in ManageEngine OpStor, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

1) Input passed via the "days" and "name" parameters to availability730.do is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed via the "name" parameter to raidMaps.do is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are reported in version 7.0 build 7002. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Ibrahim El-Sayed (the_storm), Vulnerability Lab

Original Advisory:
Vulnerability Lab:
http://www.vulnerability-lab.com/get_content.php?id=667

http://secunia.com/advisories/50301/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Zingiri Web Shop Plugin Cookie SQL Injection

by Carol~ Moderator - 8/20/12 11:17 AM

In Reply to: VULNERABILITIES / FIXES - August 20, 2012 by Carol~ Moderator

WordPress Zingiri Web Shop Plugin Cookie SQL Injection Vulnerability

Release Date : 2012-08-20

Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Zingiri Web Shop Plugin 2.x

Description:
Charlie Eriksen has discovered a vulnerability in the Zingiri Web Shop plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "fws_cust" or "fws_guest" cookie parameters to e.g. index.php is not properly verified before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 2.4.7. Prior versions may also be affected.

Solution:
Update to version 2.4.8.

Provided and/or discovered by:
Charlie Eriksen via Secunia.

Original Advisory:
Zingiri Web Shop:
http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/
http://plugins.trac.wordpress.org/changeset/585860/zingiri-web-shop

http://secunia.com/advisories/49398/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Tinyproxy Multiple Header Hashmap Processing Denial

by Carol~ Moderator - 8/20/12 2:12 PM

In Reply to: VULNERABILITIES / FIXES - August 20, 2012 by Carol~ Moderator

Tinyproxy Multiple Header Hashmap Processing Denial of Service Vulnerability

Release Date : 2012-08-20

Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Workaround

Software: tinyproxy 1.x

Description:
A vulnerability has been reported in Tinyproxy, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to the hashmaps of header responses not being randomized, which can be exploited to consume memory resources.

The vulnerability is reported in version 1.8.3. Other versions may also be affected.

Solution:
Apply patch.

Provided and/or discovered by:
gpernot in a bug report.

Original Advisory:
https://banu.com/bugzilla/show_bug.cgi?id=110

http://secunia.com/advisories/50278/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

OTRS Email Body Script Insertion Vulnerability

by Carol~ Moderator - 8/20/12 2:12 PM

In Reply to: VULNERABILITIES / FIXES - August 20, 2012 by Carol~ Moderator

Release Date : 2012-08-20

Criticality level : Moderately critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: OTRS 3.x

Description:
A vulnerability has been reported in OTRS, which can be exploited by malicious people to conduct script insertion attacks.

Input passed within HTML e-mail messages is not properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

The vulnerability is reported in version 3.1.4. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
loneferret, Offensive Security

Original Advisory:
http://www.exploit-db.com/exploits/20359/

http://secunia.com/advisories/50193/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

HP ServiceGuard Unspecified Denial of Service Vulnerability

by Carol~ Moderator - 8/20/12 2:12 PM

In Reply to: VULNERABILITIES / FIXES - August 20, 2012 by Carol~ Moderator

Release Date : 2012-08-20

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Software: HP Serviceguard 11.x

Description:
A vulnerability has been reported in HP ServiceGuard, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error. No further information is currently available.

The vulnerability is reported in versions A.11.19 and A.11.20 running on HP-UX.

Solution:
Apply fix.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
HPSBUX02806 SSRT100789:
https://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03457976

http://secunia.com/advisories/50342/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

GIMP CEL Plug-In Multiple Buffer Overflow Vulnerabilities

by Carol~ Moderator - 8/20/12 2:29 PM

In Reply to: VULNERABILITIES / FIXES - August 20, 2012 by Carol~ Moderator

Release Date : 2012-08-20

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Workaround

Software: GIMP 2.x

Description:
Some vulnerabilities have been reported in GIMP, which can be exploited by malicious people to compromise a user's system.

1) An error exists within the parsing of KiSS palette files and can be exploited to cause a heap-based buffer overflow via a specially crafted palette file.

2) An integer overflow error within the "ReadImage()" function (plug-ins/common/file-gif-load.c) when parsing the "height" and "len" properties of an image file can be exploited to cause a heap-based buffer overflow via a specially crafted GIF file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in all 2.8.x and prior versions.

Solution:
Fixed in the GIT repository.

Provided and/or discovered by:
1) Murray McAllister, Red Hat
2) Matthias Weckbecker, Suse

Original Advisory:
Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=839020

Suse:
http://www.openwall.com/lists/oss-security/2012/08/20/8

http://secunia.com/advisories/50296/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close