Ad: Manage updates with the Download App
ie8 fix
Click Here

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - September 10, 2012

by: Carol~ September 10, 2012 6:30 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - September 10, 2012

by Carol~ Moderator - 9/10/12 6:30 AM

SUSE update for xen

Release Date : 2012-09-10

Criticality level : Less critical
Impact : Privilege escalation
DoS
Where : Local system
Solution Status : Vendor Patch

Operating System SUSE Linux Enterprise Server (SLES) 11

Description:
SUSE has issued an update for xen. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
SUSE-SU-2012:1132-1:
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html

http://secunia.com/advisories/50576/


Reply
Report offensive post
Email to friend

RealPlayer Multiple Vulnerabilities

by Carol~ Moderator - 9/10/12 6:53 AM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

Release Date : 2012-09-10

Criticality level : Highly critical
System access
Where : From remote
Solution Status : Vendor Patch

Software: RealPlayer 15.x

Description:
Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system.

1) An error when unpacking AAC stream data can be exploited to cause a buffer overflow.

2) An error when decoding AAC SDK can be exploited to corrupt heap memory.

3) An error when handling RealMedia files can be exploited to cause a buffer overflow.

4) Another error when handling RealMedia files can be exploited to cause a buffer overflow.

The vulnerabilities are reported in versions 15.0.2.72 and prior.

NOTE: Additionally, a weakness exists when parsing codec frame size, which can lead to a crash.

Solution:
Update to version 15.0.3.37 or later.

Provided and/or discovered by:
The vendor credits Andrzej Dyjak.

Original Advisory:
http://service.real.com/realplayer/security/09072012_player/en/

http://secunia.com/advisories/50566/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Mac RealPlayer Multiple Vulnerabilities

by Carol~ Moderator - 9/10/12 6:53 AM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

Release Date : 2012-09-10

Criticality level : Highly critical
System access
Where : From remote
Solution Status : Vendor Patch

Software: RealPlayer for Mac 12.x

Description:
Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are reported in versions 12.0.0.1701 and prior.

Solution:
Update to version 12.0.1.1750.

Original Advisory:
http://service.real.com/realplayer/security/09072012_player/en/

http://secunia.com/advisories/50580/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for qemu and qemu-kvm

by Carol~ Moderator - 9/10/12 6:53 AM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

Release Date : 2012-09-10

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Operating System : Debian GNU/Linux 6.0

Description:
Debian has issued an update for qemu and qemu-kvm. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to potentially gain escalated privileges and by malicious, local users to perform certain actions with escalated privileges.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2542-1:
http://www.debian.org/security/2012/dsa-2542

DSA-2545-1:
http://www.debian.org/security/2012/dsa-2545

http://secunia.com/advisories/50514/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for xen

by Carol~ Moderator - 9/10/12 6:53 AM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

Release Date : 2012-09-10

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Operating System : Debian GNU/Linux 6.0

Description:
Debian has issued an update for xen. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2544-1:
http://www.debian.org/security/2012/dsa-2544

http://secunia.com/advisories/50516/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for xen-qemu-dm-4.0

by Carol~ Moderator - 9/10/12 6:53 AM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

Release Date : 2012-09-10

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Operating System : Debian GNU/Linux 6.0

Description:
Debian has issued an update for xen-qemu-dm-4.0. This fixes two vulnerabilities, which can be exploited by malicious, local users to potentially gain escalated privileges.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2543-1:
http://www.debian.org/security/2012/dsa-2543

http://secunia.com/advisories/50517/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Honeywell HMIWeb Browser ActiveX Control Buffer Overflow

by Carol~ Moderator - 9/10/12 6:55 AM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

Honeywell HMIWeb Browser ActiveX Control Buffer Overflow Vulnerability

Release Date : 2012-09-10

Criticality level : Highly critical
System access
Where : From remote
Solution Status : Vendor Patch

Software: Honeywell Building Solutions (HBS)
Honeywell Environmental Combustion and Control (ECC) SymmetrE
Honeywell HMIWeb Browser HSCDSPRenderDLL ActiveX Control
Honeywell Process Solutions (HPS)

Description:
A vulnerability has been reported in Honeywell HMIWeb Browser ActiveX Control, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the HSCDSPRenderDLL ActiveX control and can be exploited to cause a stack-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in the following products:

* Honeywell Process Solutions (HPS) Experion Releases R400.x, R31x, R30x, and R2xx.
* Honeywell Building Solutions (HBS) Enterprise Building Manager Releases.
* Honeywell Environmental Combustion and Control (ECC) SymmetrE R400, R410.1, and R410.1 releases.

Solution:
Apply fixes. Contact the vendor for further information.

Provided and/or discovered by:
ICS-CERT credits an anonymous person via ZDI.

Original Advisory:
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-150-01.pdf

http://secunia.com/advisories/50572/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for java-1.5.0-ibm

by Carol~ Moderator - 9/10/12 6:55 AM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

Release Date : 2012-09-10

Criticality level : Highly critical
Impact : Manipulation of data
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Software: Red Hat Enterprise Linux Desktop Supplementary (v. 6)
Red Hat Enterprise Linux HPC Node Supplementary (v. 6)
Red Hat Enterprise Linux Server Supplementary (v. 6)
Red Hat Enterprise Linux Workstation Supplementary (v. 6)
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)

Description:
Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive data and by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:1245-01:
https://rhn.redhat.com/errata/RHSA-2012-1245.html

http://secunia.com/advisories/50548/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Oracle VirtualBox Missing VT-x / AMD-V Extension Interrupt

by Carol~ Moderator - 9/10/12 6:55 AM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

Oracle VirtualBox Missing VT-x / AMD-V Extension Interrupt Handling Vulnerability

Release Date : 2012-09-10

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Software: Oracle VirtualBox 4.x

Description:
halfdog has reported a vulnerability in Oracle VirtualBox, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL-pointer dereference error when calling the task-gate via IDT (software interrupt) with insufficient privileges in a processor missing VT-x / AMD-V extensions and can be exploited to cause a crash.

The vulnerability is reported in versions prior to 4.1.22.

Solution:
Update to version 4.1.22.

Provided and/or discovered by:
halfdog

Original Advisory:
http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8GuestCrash/
https://www.virtualbox.org/wiki/Changelog

http://secunia.com/advisories/50519/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

vBulletin vBShout Module "from" and "end" Cross-Site

by Carol~ Moderator - 9/10/12 7:28 AM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

vBulletin vBShout Module "from" and "end" Cross-Site Scripting Vulnerabilities

Release Date : 2012-09-10

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: vBShout (module for vBulletin) 6.x

Description:
Two vulnerabilities has been reported in the vBShout module for vBulletin, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "from" and "to" parameters to dbtech/vbshout/actions/archive.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 6.0.8. Prior versions may also be affected.

Solution:
Apply hotfix (please see the vendor's advisory for details).

Provided and/or discovered by:
The vendor credits InterNot.

Original Advisory:
http://www.dragonbyte-tech.com/f4/security-hotfix-vbshout-v6-0-8-a-9023/

http://secunia.com/advisories/50565/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

fwknop Access Request Handling Buffer Overflow Vulnerability

by Carol~ Moderator - 9/10/12 7:28 AM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

Release Date : 2012-09-10

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: fwknop 2.x

Description:
A vulnerability has been reported in fwknop, which can be exploited by malicious users to potentially compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the "expand_acc_string_list()" function (server/access.c) when handling certain access requests and can be exploited to cause a stack-based buffer overflow.

Successful exploitation may allow execution of arbitrary code, but requires the attacker to have a valid encryption key.

The vulnerability is reported in versions prior to 2.0.3.

Solution:
Update to version 2.0.3.

Provided and/or discovered by:
The vendor credits Fernando Arnaboldi, IOActive.

Original Advisory:
http://www.cipherdyne.org/blog/categories/software-releases.html

http://secunia.com/advisories/50522/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

XnView TIFF Image Processing Buffer Overflow Vulnerability

by Carol~ Moderator - 9/10/12 7:28 AM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

Release Date : 2012-09-10

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: XnView 1.x

Description:
FuzzMyApp has reported a vulnerability in XnView, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when processing a TIFF image with JPEG compression. This can be exploited to cause heap-based buffer overflow via specially crafted "ImageLength" and "ImageWidth" header values.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.

The vulnerability is reported in version 1.98 and 1.99. Other versions may also be affected.

Solution:
Update to version 1.99.1.

Provided and/or discovered by:
FuzzMyApp

Original Advisory:
http://www.fuzzmyapp.com/advisories/FMA-2011-016/FMA-2011-016-EN.xml

http://secunia.com/advisories/50547/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ektron CMS XML External Entity References and ASPX Upload

by Carol~ Moderator - 9/10/12 7:28 AM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

Ektron CMS XML External Entity References and ASPX Upload Vulnerabilities

Release Date : 2012-09-10

Criticality level : Highly critical
Impact : Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Software: Ektron CMS 8.x

Description:
Sense of Security has reported two vulnerabilities in Ektron CMS, which can be exploited by malicious people to disclose potentially sensitive information and compromise a vulnerable system.

1) An error within the XML parser (WorkArea/Blogs/xmlrpc.aspx) can be exploited to disclose the content of arbitrary local files by sending specially crafted XML data including external entity references.

2) The script WorkArea/Upload.aspx script improperly verifies uploaded files and can be exploited to execute arbitrary ASPX code by uploading a JPEG image file with ASPX extension and embedded ASPX code in the comment section.

The vulnerabilities are reported in version 8.5.0. Prior versions may also be affected.

Solution:
Reportedly fixed in version 8.6.

Provided and/or discovered by:
Phil Taylor and Nadeem Salim, Sense of Security.

Original Advisory:
http://www.senseofsecurity.com.au/advisories/SOS-12-009

http://secunia.com/advisories/50394/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Pinboarding Pro Script Insertion and Cross-Site Request

by Carol~ Moderator - 9/10/12 9:35 AM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

Pinboarding Pro Script Insertion and Cross-Site Request Forgery Vulnerabilities

Release Date : 2012-09-10

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Pinboarding Pro

Description:
Two vulnerabilities have been reported in Pinboarding Pro, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.

1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change the password of the administrative user when a logged-in administrative user visits a specially crafted web page.

2) Input passed via the "board_desc" parameter to uploadpin.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

Solution:
No official solution is currently available.

Provided and/or discovered by:
DaOne

Original Advisory:
http://www.exploit-db.com/exploits/21148

http://secunia.com/advisories/50525/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for java-1.4.2-ibm

by Carol~ Moderator - 9/10/12 9:37 AM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

Release Date : 2012-09-10

Criticality level : Highly critical
Impact : Manipulation of data
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Software: RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)

Description:
Red Hat has issued an update for java-1.4.2-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:1243-1:
https://rhn.redhat.com/errata/RHSA-2012-1243.html

http://secunia.com/advisories/50554/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for mahara

by Carol~ Moderator - 9/10/12 1:06 PM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

Release Date : 2012-09-140

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Operating System : Debian GNU/Linux 6.0

Description:
Debian has issued an update for mahara. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2540-1:
http://www.debian.org/security/2012/dsa-2540

http://secunia.com/advisories/50521/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for beaker

by Carol~ Moderator - 9/10/12 1:07 PM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

Release Date : 2012-09-10

Criticality level : Not critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Operating System : Debian GNU/Linux 6.0

Description:
Debian has issued an update for beaker. This fixes a weakness, which can be exploited by malicious people to disclose certain sensitive information.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2541-1:
http://www.debian.org/security/2012/dsa-2541

http://secunia.com/advisories/50520/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Mac Photo Gallery Plugin Two Security Bypass

by Carol~ Moderator - 9/10/12 1:08 PM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

WordPress Mac Photo Gallery Plugin Two Security Bypass Security Issues

Release Date : 2012-09-10

Criticality level : Moderately critical
Impact : Security Bypass
Where : From remote
Solution Status : Unpatched

Software: WordPress Mac Photo Gallery Plugin 2.x

Description:
Charlie Eriksen has discovered two security issues in the Mac Photo Gallery plugin for WordPress, which can be exploited by malicious people to bypass certain security restrictions.

The security issues are caused due to missing authentication and authorisation checks in the wp-content/plugins/mac-dock-gallery/macalbajax.php and wp-content/plugins/mac-dock-gallery/macphtajax.php scripts and can be exploited to access otherwise restricted functionality (e.g. edit image and album descriptions).

The security issues are confirmed in version 2.10. Other versions may also be affected.

Solution:
Upgrade to a fixed version (please contact the vendor for details).

Provided and/or discovered by:
Charlie Eriksen via Secunia.

http://secunia.com/advisories/49923/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Mac Photo Gallery Plugin Two Security Bypass

by Carol~ Moderator - 9/10/12 2:07 PM

In Reply to: VULNERABILITIES / FIXES - September 10, 2012 by Carol~ Moderator

WordPress Mac Photo Gallery Plugin Two Security Bypass Security Issues

Release Date : 2012-09-10

Criticality level : Less critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Mac Photo Gallery Plugin 3.x

Description:
Charlie Eriksen has discovered two security issues in the Mac Photo Gallery plugin for WordPress, which can be exploited by malicious people to bypass certain security restrictions.

Successful exploitation requires that a submitted, static token is known.

The security issues are confirmed in version 3.0.

Solution:
Update to a fixed version (please contact the vendor for details).

Provided and/or discovered by:
Charlie Eriksen via Secunia.

http://secunia.com/advisories/50481/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close