Spyware, viruses, & security forum: VULNERABILITIES / FIXES - September 11, 2012

F5 BIG-IP ASM Traffic Overview Page Cross-Site Scripting Vulnerability

Release Date : 2012-09-11

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Operating System : F5 TMOS 10.x
F5 TMOS 11.x

Description:
A vulnerability has been reported in F5 BIG-IP ASM, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain input passed to the traffic overview page is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions 10.0.0 through 11.2.0 HF2.

Solution:
Update to a fixed version. See the vendor's advisory for more information.

Provided and/or discovered by:
The vendor credits Roger Webyss, Dell SecureWorks.

Original Advisory:
https://support.f5.com/kb/en-us/solutions/public/13000/800/sol13838.html

http://secunia.com/advisories/50561/

Siemens SIMATIC WinCC Cross-Site Request Forgery Vulnerability

Release Date : 2012-09-11

Criticality level : Moderately critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Siemens SIMATIC PCS 7 7.x
Siemens SIMATIC WinCC 7.x

Description:
A vulnerability has been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions when a logged-in administrative user visits a specially crafted web page.

The vulnerability is reported in versions 7.0 SP3 and prior.

Solution:
No official solution is currently available.

Provided and/or discovered by:
The vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive Technologies.

Original Advisory:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf

http://secunia.com/advisories/50581/

Release Date 2011-12-02
Last Update 2012-09-11

Criticality level : Highly critical
Impact : Cross Site Scripting
Manipulation of data
Exposure of sensitive information
System access
Where : From remote
Solution Status :Vendor Patch

Software: WikkaWiki 1.x

Description:
A weakness and multiple vulnerabilities have been discovered in WikkaWiki, which can be exploited by malicious users to manipulate certain data, conduct SQL injection attacks, and compromise a vulnerable system and by malicious people to disclose potentially sensitive information, conduct cross-site request forgery attacks, and compromise a vulnerable system.

1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. delete a user when a logged-in administrative user visits a specially crafted web page.

2) Input passed via the "file" POST parameter to wikka.php (when "wakka" is set to a wiki page with "{{files}}" directive and "action" is set to "delete") is not properly verified before being used to delete files. This can be exploited to delete arbitrary files via directory traversal attacks.

Successful exploitation requires administrative rights.

3) Input passed via the "file" parameter to wikka.php (when "wakka" is set to a page with "{{files}}" directive and "action" is set to "download") is not properly verified before being used to download files. This can be exploited to download arbitrary files via directory traversal attacks.

4) Input passed via the "default_comment_display" parameter to wikka.php (when "wakka" is set to "UserSettings" and "action" is set to "update") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

5) Input passed via the "file" POST parameter to wikka.php (when "wakka" is set to a wiki page with "{{files}}" directive and "upload" is set to "Upload") is not properly verified before being used to upload files. This can be exploited to e.g. upload and execute arbitrary PHP files with an e.g. ".php.mm" extension.

Successful exploitation requires administrative rights or "INTRANET_MODE" to be enabled (disabled by default) and that Apache is not configured to handle the mime-type for files with e.g. a ".mm" extension.

6) Input passed via the "User-Agent" header to wikka.php (when "wakka" is set to a wiki page and appended "/addcomment") is not properly sanitised before being written to a certain file. This can be exploited to inject and potentially execute arbitrary commands.

Successful exploitation requires access rights to post comments, "spam_logging" to be enabled (disabled by default), and "spamlog_path" to be set to a file name suitable for PHP execution by the web server ("spamlog.txt.php" by default).

The vulnerabilities are confirmed in version 1.3.2. Other versions may also be affected.

Solution:
Update to version 1.3.2-p7.

Provided and/or discovered by:
Egidio Romano aka EgiX

Original Advisory:
Exploit-DB:
http://www.exploit-db.com/exploits/18177/

WikkaWiki:
http://blog.wikkawiki.org/2011/12/04/security-updates-for-1-3-11-3-2/

http://secunia.com/advisories/47034

Release Date : 2012-09-11

Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System : Ubuntu Linux 10.04
Ubuntu Linux 11.04
Ubuntu Linux 11.10
Ubuntu Linux 12.04

Description:
Ubuntu has issued an update for xmlrpc. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.

Solution:
Apply updated packages.

Original Advisory:
USN-1527-2:
http://www.ubuntu.com/usn/usn-1527-2/

http://secunia.com/advisories/50559/

Release Date : 2012-09-11

Criticality level : Moderately critical
Impact : Cross Site Scripting
DoS
Where : From remote
Solution Status : Vendor Patch

Operating System : Ubuntu Linux 10.04
Ubuntu Linux 11.04
Ubuntu Linux 11.10
Ubuntu Linux 12.04

Description:
Ubuntu has issued an update for python-django. This fixes two security issues and a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
USN-1560-1:
http://www.ubuntu.com/usn/usn-1560-1/

http://secunia.com/advisories/50567/

WordPress Download Monitor Plugin "dlsearch" Cross-Site Scripting Vulnerability

Release Date : 2012-09-11

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Download Monitor Plugin 3.x

Description:
Reaction Information Security has discovered a vulnerability in the Download Monitor plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "dlsearch" parameter to index.php (when "page_id" is set to the id of the download page) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 3.3.5.7. Other versions may also be affected.

Solution:
Update to version 3.3.5.9.

Provided and/or discovered by:
Chris Cooper and Joseph Sheridan, Reaction Information Security

Original Advisory:
Reaction Information Security:
http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html

http://secunia.com/advisories/50511/

Visual Studio Team Foundation Server Cross-Site Scripting Vulnerability

Release Date : 2012-09-11

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft Visual Studio Team Foundation Server 2010

Description:
A vulnerability has been reported in Visual Studio Team Foundation Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

Unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Apply patch.

Provided and/or discovered by:
The vendor credits Sunil Yadav

Original Advisory:
MS12-061 (KB2719584):
http://technet.microsoft.com/en-us/security/bulletin/ms12-061

http://secunia.com/advisories/50463/