Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - September 20, 2012

by: Carol~ September 20, 2012 6:07 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - September 20, 2012

by Carol~ Moderator - 9/20/12 6:07 AM

Ubuntu update for kernel

Release Date: 2012-09-20

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Operating System : Ubuntu Linux 10.04

Description:
Ubuntu has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
USN-1575-1:
http://www.ubuntu.com/usn/usn-1575-1/

http://secunia.com/advisories/50652/


Reply
Report offensive post
Email to friend

Ubuntu update for kernel (2)

by Carol~ Moderator - 9/20/12 6:12 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Release Date: 2012-09-20

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Operating System : Ubuntu Linux 10.04

Description:
Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
USN-1574-1:
http://www.ubuntu.com/usn/usn-1574-1

http://secunia.com/advisories/50633/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Webify Multiple Products File Deletion Vulnerability

by Carol~ Moderator - 9/20/12 6:12 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Release Date: 2012-09-20

Criticality level : Less critical
Impact : Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: Webify Blog
Webify Business Directory
Webify eDownloads Cart
Webify Photo Gallery

Description:
A vulnerability has been reported in multiple Webify products, which can be exploited by malicious people to manipulate certain data.

The vulnerability is caused due to the application not restricting access to an administrative interface and can be exploited to delete files.

The vulnerability is reported in the following products:
* Webify Blog
* Webify Photo Gallery
* Webify eDownloads Cart
* Webify Business Directory

Solution:
Apply fixed version. Contact the vendor for more information.

Provided and/or discovered by:
JIKO(JAWAD).

Original Advisory:
JIKO(JAWAD):
http://www.exploit-db.com/exploits/21250/
http://www.exploit-db.com/exploits/21269/
http://www.exploit-db.com/exploits/21270/
http://www.exploit-db.com/exploits/21271/

http://secunia.com/advisories/50524/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Apple Mac OS X Multiple Vulnerabilities

by Carol~ Moderator - 9/20/12 6:12 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Release Date: 2012-09-20

Criticality level : Highly critical
Impact : Security Bypass
Exposure of sensitive information
Privilege escalation
System access
Where : From remote
Solution Status : Vendor Patch

Operating System : Apple Macintosh OS X

Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) Various vulnerabilities exist in the bundled version of Apache.

2) An assertion error in BIND when handling DNS records can be exploited to cause a DoS (Denial of Service).

3) An error in BIND can be exploited to disclose potentially sensitive information or cause a DoS.

4) An error in the CoreText component when handling text glyphs can be exploited to cause a buffer overflow and potentially compromise an application using the component.

5) An error in the DirectoryService Proxy can be exploited to cause a buffer overflow.

6) Errors in the ImageIO component when parsing PNG images can be exploited to corrupt memory.

7) An integer overflow error in the ImageIO component when parsing TIFF images can be exploited to cause a buffer overflow.

8) A previous fix did not properly address an error in the Installer component that allowed users to obtain account information. The original fix ensured that passwords were not recorded to the system log, but did not remove the old system log entries containing passwords.

9) An error in International Components for Unicode (ICU) when handling ICU locale IDs can be exploited to cause a stack-based buffer overflow.

10) A logic error in the kernel when handling debug system calls can be exploited by a malicious program to bypass sandbox restrictions.

11) An error in the LoginWindow component can be exploited by local users to obtain other users' login passwords.

12) An input validation error in Mail can be exploited to execute web plugins when viewing an e-mail message.

13) An error in Mobile Accounts can be exploited by a user with access to the contents of a mobile account to obtain the account password.

14) Multiple errors exist in the bundled version of PHP.

15) An authentication error in Profile Manager Device Management private interface can be exploited to enumerate managed devices.

16) Various errors exist in the bundled versions of QuickLook and QuickTime.

17) An uninitialised memory access error exists in QuickTime when viewing Sorenson-encoded movie files.

18) An error in Ruby may allow decryption of SSL-protected data when a cipher suite uses a block cipher in CBC mode.

19) An error in the USB component can be exploited to corrupt memory by attaching a malicious USB device.

Solution:
Update to version 10.8.2 or 10.7.5 or apply Security Update 2012-004.

Provided and/or discovered by
The vendor credits:
4) Jesse Ruderman, Mozilla Corporation
5) aazubel via ZDI
11) An anonymous person
12, 17) Will Dormann, CERT/CC
13) Harald Wagener, Google
15) Derick Cassidy, XEquals Corporation
19) Andy Davis, NGS Secure

Original Advisory:
Apple:
http://support.apple.com/kb/HT5501

http://secunia.com/advisories/50628/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Apple iOS Multiple Vulnerabilities

by Carol~ Moderator - 9/20/12 6:13 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Release Date: 2012-09-20

Criticality level : Highly critical
Impact : Security Bypass
Cross Site Scripting
Spoofing
Exposure of system information
Exposure of sensitive information
Privilege escalation
System access
Where : From remote
Solution Status : Unpatched

Operating System : Apple iOS 5.x for iPhone 3GS and later
Apple iOS for iPad 5.x
Apple iOS for iPod touch 5.x

Description:
Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious, local users to disclose system information and gain escalated privileges, by malicious people to disclose potentially sensitive information, conducts spoofing attacks, and compromise a user's device, and by malicious people with physical access to disclose potentially sensitive information and bypass certain security restrictions.

1) An error in CFNetwork when handling certain URLs can be exploited to submit data to an incorrect hostname.

2) Some vulnerabilities exist in the bundled version of FreeType.

3) An error in CoreMedia when processing Sorenson encoded movies can be exploited to dereference uninitialized memory.

4) An error in DHCP when connection to WiFi networks may disclose a MAC address of previously accessed networks via DNAv4 protocol.

5) ImageIO bundles a vulnerable version of LibTIFF library.

6) ImageIO bundles a vulnerable version of libpng library.

7) An double-free error exists in ImageIO when processing JPEG images.

8) An error in International Components for Unicode when handling locale IDs can be exploited to cause a stack-based buffer overflow.

9) A boundary error in IPSec when loading racoon configuration files can be exploited to cause a buffer overflow.

10) An error in the kernel when handling packet filter IOCTLs can be exploited to dereference an invalid pointer.

11) An error in the kernel when related to BPF interpreter can be exploited to disclose certain memory content.

12) Some vulnerabilities exist in the bundled version of libxml library.

13) An error in Mail when handling attachments can be exploited to disclose a unintended attachments via the "Content-ID" field.

14) An error in Mail within Data Protection on attachments can be exploited to access an attachment without a passcode.

15) An error in Mail when processing S/MIME signed messages does not display the correct identity of a signer and can be exploited to spoof an identity via the "From" field.

16) An error in Messages when multiple email addresses are used may result in replies being sent using the wrong address.

17) An error in Office Viewer when processing document files may result in data being stored in temporary files in a decrypted state even when data protection / encryption is enabled.

18) An error in OpenGL when performing GLSL compilation can be exploited to corrupt memory.

19) An error in Passcode Lock related to "Slide to Power Off" slider may disclose the last used third party application.

20) An error in Passcode Lock related to termination of FaceTime calls may allow bypassing the screen lock.

21) An error in Passcode Lock related to lock screen photos may disclose all photos accessible at the lock screen.

22) An error in Passcode Lock related to Emergency Dialer screen may allow making FaceTime calls and disclose user's contacts.

23) An error in Passcode Lock related to the camera usage may allow bypassing the screen lock.

24) An error in Passcode Lock related lock state management may allow bypassing the screen lock.

25) An error in Restrictions during purchase transactions may result in transaction being made without the Appled ID credentials.

26) An error in Safari when handling certain Unicode characters may allow spoofing the lock icon in the page title.

27) An error in Safari when handling password input elements with a disabled "autocomplete" attribute allowed the input to be autocompleted.

28) An error in System Logs due to weak restrictions on the "/var/log" directory can be exploited by sandboxed applications to disclose log details.

29) An error in Telephony did not properly display the return address of SMS messages.

30) An off-by-one error in Telephony when handling SMS data headers can be exploited to disable cellular activity.

31) An error in UIKit within UIWebView may result in unencrypted files being stored even when a passcode is enabled.

32) Multiple vulnerabilities exist in WebKit.

Solution:
Upgrade to iOS 6 via Software Update.

Provided and/or discovered by:
8, 28) Reported by the vendor.

The vendor also credits:
1) Erling Ellingsen, Facebook
3) Will Dormann, CERT/CC
4) Mark Wuergler, Immunity, Inc.
7) Phil, PKJE Consulting
9, 10) iOS Jailbreak Dream Team
11) Dan Rosenberg
13) Angelo Prado, salesforce.com Product Security Team
14) Stephen Prairie, Travelers Insurance, Erich Stuntebeck of AirWatch
15) Anonymous person
16) Rodney S. Foley, Gnomesoft, LLC
17) Salvatore Cataudella, Open Systems Technologies
19) Chris Lawrence, DBB
20, 24) Ian Vitek, 2Secure AB
21, 22) Ade Barkah, BlueWax Inc.
23) Sebastian Spanninger, Austrian Federal Computing Centre (BRZ)
25) Kevin Makens, Redwood High School
26) Boku Kihara, Lepidum
27) Dan Poltawski, Moodle
29, 30) pod2g
31) Ben Smith, Box

Original Advisory:
Apple:
http://support.apple.com/kb/HT5503

http://secunia.com/advisories/50586/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Apple Safari for Mac OS X Multiple Vulnerabilities

by Carol~ Moderator - 9/20/12 6:13 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Release Date: 2012-09-20

Criticality level : Highly critical
Impact : Security Bypass
Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Software: Apple Safari 6.x

Description:
Multiple vulnerabilities have been reported in Safari, which can be exploited by malicious people to bypass certain security restrictions, gain knowledge of sensitive information, or compromise a user's system.

1) A logic error in the handling of the Quarantine attribute when opening HTML documents in safe mode can be exploited to cause the document to not be opened in safe mode and disclose the contents of arbitrary files.

2) An error in the handling of Form Autofill may lead to Address Book "Me" card details being disclosed when using Form Autofill on a specially crafted web page.

3) A logic error when handling HTTPS URLs in the address bar may cause a request to be unexpectedly sent over HTTP if part of the request in the address bar was edited by pasting text.

4) A use-after-free error in the Webkit Cascading Style Sheets (CSS) implementation when handling the :first-letter pseudo-element can be exploited to dereference already freed memory.

5) A use-after-free error in Webkit when handling tables with sections can be exploited to dereference already freed memory.

6) A use-after-free error in Webkit when handling the layout of documents using the Cascading Style Sheets (CSS) counters feature can be exploited to dereference already freed memory.

7) A use-after-free error in the Webkit Cascading Style Sheets (CSS) implementation when handling the :first-letter pseudo-element can be exploited to dereference already freed memory.

8) A use-after-free error in Webkit when handling SVG references can be exploited to dereference already freed memory.

9) A use-after-free error in Webkit when handling counters can be exploited to dereference already freed memory.

10) A use-after-free error in Webkit when handling layout height tracking can be exploited to dereference already freed memory.

11) An unspecified error in Webkit can be exploited to corrupt memory.

12) An unspecified error in Webkit can be exploited to corrupt memory.

13) An unspecified error in Webkit can be exploited to corrupt memory.

14) An unspecified error in Webkit can be exploited to corrupt memory.

15) An unspecified error in Webkit can be exploited to corrupt memory.

16) An unspecified error in Webkit can be exploited to corrupt memory.

17) An unspecified error in Webkit can be exploited to corrupt memory.

18) An unspecified error in Webkit can be exploited to corrupt memory.

19) An unspecified error in Webkit can be exploited to corrupt memory.

20) An unspecified error in Webkit can be exploited to corrupt memory.

21) An unspecified error in Webkit can be exploited to corrupt memory.

22) An unspecified error in Webkit can be exploited to corrupt memory.

23) An unspecified error in Webkit can be exploited to corrupt memory.

24) An unspecified error in Webkit can be exploited to corrupt memory.

25) An unspecified error in Webkit can be exploited to corrupt memory.

26) An unspecified error in Webkit can be exploited to corrupt memory.

27) An unspecified error in Webkit can be exploited to corrupt memory.

28) An unspecified error in Webkit can be exploited to corrupt memory.

29) An unspecified error in Webkit can be exploited to corrupt memory.

30) An unspecified error in Webkit can be exploited to corrupt memory.

31) An unspecified error in Webkit can be exploited to corrupt memory.

32) An unspecified error in Webkit can be exploited to corrupt memory.

33) An unspecified error in Webkit can be exploited to corrupt memory.

34) An unspecified error in Webkit can be exploited to corrupt memory.

35) An unspecified error in Webkit can be exploited to corrupt memory.

36) An unspecified error in Webkit can be exploited to corrupt memory.

37) An unspecified error in Webkit can be exploited to corrupt memory.

38) An unspecified error in Webkit can be exploited to corrupt memory.

39) An unspecified error in Webkit can be exploited to corrupt memory.

40) An unspecified error in Webkit can be exploited to corrupt memory.

41) An unspecified error in Webkit can be exploited to corrupt memory.

42) An unspecified error in Webkit can be exploited to corrupt memory.

43) An unspecified error in Webkit can be exploited to corrupt memory.

44) An unspecified error in Webkit can be exploited to corrupt memory.

45) An unspecified error in Webkit can be exploited to corrupt memory.

46) An unspecified error in Webkit can be exploited to corrupt memory.

47) An unspecified error in Webkit can be exploited to corrupt memory.

48) An unspecified error in Webkit can be exploited to corrupt memory.

49) An unspecified error in Webkit can be exploited to corrupt memory.

50) An unspecified error in Webkit can be exploited to corrupt memory.

51) An unspecified error in Webkit can be exploited to corrupt memory.

52) An unspecified error in Webkit can be exploited to corrupt memory.

53) An unspecified error in Webkit can be exploited to corrupt memory.

54) An unspecified error in Webkit can be exploited to corrupt memory.

55) An unspecified error in Webkit can be exploited to corrupt memory.

56) An unspecified error in Webkit can be exploited to corrupt memory.

57) An unspecified error in Webkit can be exploited to corrupt memory.

58) An unspecified error in Webkit can be exploited to corrupt memory.

59) An unspecified error in Webkit can be exploited to corrupt memory.

60) An unspecified error in Webkit can be exploited to corrupt memory.

61) An unspecified error in Webkit can be exploited to corrupt memory.

Solution:
Update to version 6.0.1.

Provided and/or discovered by:
The vendor credits:
1) Aaron Sigel, vtty.com and Masahiro Yamada
2) Jonathan Hogervorst, Buzzera
3) Aaron Rhoads, East Watch Services LLC and Pepi Zawodsky
4-10, 13) miaubiz
11, 20, 34, 42, 44, 47, 49, 52, 55, 57, 58) Apple Product Security
12) Martin Barbella, Google Chrome Security Team
14, 15, 17, 19, 22, 25, 28, 33, 36, 38-40, 46, 48, 50, 51, 54, 56, 61) Abhishek Arya (Inferno), Google Chrome Security Team
16, 21, 23, 24, 26, 27, 32, 47, 53, 60) Skylined, Google Chrome Security Team
18) Yong Li, Research In Motion
29) Dominic Cooney, Google and Martin Barbella, Google Chrome Security Team
30) Abhishek Arya and Martin Barbella, Google Chrome Security Team
31) Martin Barbella, Google Chrome Security Team
35) Mario Gomes, netfuzzer.blogspot.com and Abhishek Arya (Inferno), Google Chrome Security Team
37) Skylined and Martin Barbella, Google Chrome Security Team
41) Julien Chaffraix, Chromium development community
43, 45) kuzzcc
59) James Robinson of Google

Original Advisory:
Apple:
http://support.apple.com/kb/HT5502

http://secunia.com/advisories/50577/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Cisco Secure Desktop WebLaunch Vulnerability

by Carol~ Moderator - 9/20/12 7:51 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Release Date : 2012-09-20

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status :Vendor Patch

Software: Cisco Secure Desktop 3.x

Description:
A vulnerability has been reported in Cisco Secure Desktop, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the WebLaunch functionality not properly authenticating the validity of downloaded executables and can be exploited to download and execute an arbitrary program.

The vulnerability is reported in versions prior to 3.6.6020.

Solution:
Update to version 3.6.6020.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Cisco (CSCtz76128, CSCtz78204):
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

http://secunia.com/advisories/50669/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for ghostscript

by Carol~ Moderator - 9/20/12 7:56 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Release Date : 2012-09-20

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status :Vendor Patch

Operating System : SUSE Linux Enterprise Server (SLES) 10
SUSE Linux Enterprise Server (SLES) 11

Description:
SUSE has issued an update for ghostscript. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to an integer underflow error in icclib (icc.c) when handling ICC profiles and can be exploited to cause a heap-based buffer overflow by a specially crafted ICC profile for images embedded in e.g. a postscript or PDF file.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.

Solution:
Apply updated packages via the zypper package manager.

Provided and/or discovered by:
Red Hat credits Marc Schonefeld.

Original Advisory:
SUSE-SU-2012:1222-1:
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html

Red hat Bug#854227:
https://bugzilla.redhat.com/show_bug.cgi?id=854227

http://secunia.com/advisories/50662/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Apache Qpid Incomplete Client Connection Handling Broker

by Carol~ Moderator - 9/20/12 7:56 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Apache Qpid Incomplete Client Connection Handling Broker Denial of Service Vulnerability

Release Date : 2012-09-20

Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Unpatched

Software: Apache Qpid 0.x

Description:
A vulnerability has been reported in Apache Qpid, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling incoming client connections and can be exploited to stop the broker from responding by sending a large amount of incomplete connections via e.g. a malicious client application.

The vulnerability is reported in version 0.17. Other versions may also be affected.

Solution:
No official solution is currently available.

Original Advisory:
https://issues.apache.org/jira/browse/QPID-4021

http://secunia.com/advisories/50573/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Drupal FileField Sources Module Filename Script Insertion

by Carol~ Moderator - 9/20/12 7:56 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Drupal FileField Sources Module Filename Script Insertion Vulnerability

Release Date : 2012-09-20

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Drupal FileField Sources Module 6.x
Drupal FileField Sources Module 7.x

Description:
Justin C. Klein Keane has reported a vulnerability in the FileField Sources module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

Certain input related to a filename is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

Successful exploitation requires the ability to upload files on a field that has the "Reference existing" source enabled.

The vulnerability is reported in 6.x-1.x versions prior to 6.x-1.6 and 7.x-1.x versions prior to 7.x-1.6.

Solution:
Update to a fixed version.

Provided and/or discovered by:
Justin C. Klein Keane.

Original Advisory:
SA-CONTRIB-2012-147:
http://drupal.org/node/1789306

Justin:
http://www.madirish.net/539

http://secunia.com/advisories/50688/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for Red Hat Enterprise MRG

by Carol~ Moderator - 9/20/12 7:56 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Release Date : 2012-09-20

Criticality level : Less critical
Impact : Security Bypass
Where : From local network
Solution Status : Vendor Patch

Software: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

Description:
Red Hat has issued an update for Red Hat Enterprise MRG. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:1279-1:
https://rhn.redhat.com/errata/RHSA-2012-1279.html

http://secunia.com/advisories/50602/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for rubygem-actionpack and rubygem-activesupport

by Carol~ Moderator - 9/20/12 7:56 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Release Date : 2012-09-20

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Operating System : openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issue an update for rubygem-actionpack and rubygem-activesupport. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:1218-1:
http://lists.opensuse.org/opensuse-updates/2012-09/msg00083.html

http://secunia.com/advisories/50694/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for Red Hat Enterprise MRG

by Carol~ Moderator - 9/20/12 8:10 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Release Date : 2012-09-20

Criticality level : Moderately critical
Impact : Security Bypass
DoS
Where : From remote
Solution Status : Vendor Patch

Software: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 5)

Description:
Red Hat has issued an update for Red Hat Enterprise MRG. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:1277-1:
https://rhn.redhat.com/errata/RHSA-2012-1277.html

http://secunia.com/advisories/50698/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Drupal PRH Search Module Script Insertion Vulnerability

by Carol~ Moderator - 9/20/12 8:10 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Release Date : 2012-09-20

Criticality level : Moderately critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Drupal PRH Search Module 7.x

Description:
A vulnerability has been reported in the PRH Search module for Drupal, which can be exploited by malicious people to conduct script insertion attacks.

Certain input passed via the PRH (Patentti- ja Rekisterihallitus) database is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

The vulnerability is reported in versions prior to 7.x-1.1.

Solution:
Update to version 7.x-1.1.

Provided and/or discovered by:
The vendor credits Klaus Purer, Drupal Security Team.

Original Advisory:
SA-CONTRIB-2012-143:
http://drupal.org/node/1789252

http://secunia.com/advisories/50672/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Drupal Spambot Module stopforumspam.com API Script Insertion

by Carol~ Moderator - 9/20/12 8:10 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Drupal Spambot Module stopforumspam.com API Script Insertion Vulnerability

Release Date : 2012-09-20

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Drupal Spambot Module 6.x
Drupal Spambot Module 7.x

Description:
A vulnerability has been reported in the Spambot module for Drupal, which can be exploited by malicious people to conduct script insertion attacks.

Certain input passed via stopforumspam.com API responses is not properly sanitised before being logged to the watchdog. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

The vulnerability is reported in versions prior to 6.x-3.2 and prior to 7.x-1.1.

Solution:
Update to version 6.x-3.2 or 7.x-1.1.

Provided and/or discovered by:
The vendor credits Jimmy Axenhus.

Original Advisory:
SA-CONTRIB-2012-142:
http://drupal.org/node/1789242

http://secunia.com/advisories/50670/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Drupal Imagemenu Module Image Filename Script Insertion

by Carol~ Moderator - 9/20/12 8:10 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Drupal Imagemenu Module Image Filename Script Insertion Vulnerability

Release Date : 2012-09-20

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Drupal Imagemenu Module 6.x

Description:
A vulnerability has been reported in the Imagemenu module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

Certain input related to image filenames is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

Successful exploitation requires the "administer imagemenu" permission.

The vulnerability is reported in 6.x-1.x versions prior to 6.x-1.4.

Solution:
Update to version 6.x-1.4.

Provided and/or discovered by:
The vendor credits David Houlder

Original Advisory:
SA-CONTRIB-2012-145:
http://drupal.org/node/1789260

http://secunia.com/advisories/50683/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for qpid

by Carol~ Moderator - 9/20/12 10:14 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Release Date : 2012-09-20

Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System : Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6

Description:
Red Hat has issued an update for qpid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:1269-1:
https://rhn.redhat.com/errata/RHSA-2012-1269.html

http://secunia.com/advisories/50699/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for kernel-rt

by Carol~ Moderator - 9/20/12 10:15 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Release Date : 2012-09-20

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Software: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

Description:
Red Hat has issued an update for kernel-rt. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:1282-1:
https://rhn.redhat.com/errata/RHSA-2012-1282.html

http://secunia.com/advisories/50696/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Condor Multiple Vulnerabilities

by Carol~ Moderator - 9/20/12 10:17 AM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Release Date : 2012-09-20

Criticality level :Modertaely critical
Impact : Security Bypass
Exposure of sensitive information
Privilege escalation
System access
Where : From remote
Solution Status : Vendor Patch

Software: Condor 7.x

Description:
Multiple vulnerabilities have been reported in Condor, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to bypass certain security restrictions, and by malicious people to disclose sensitive information and potentially compromise a vulnerable system.

1) An error when handling certain parameters within HTTP POST requests can be exploited to submit a job attribute change (e.g. Owner attribute).

2) An error within the filesystem authentication mechanism may result in accepting directories with insecure permissions (e.g. chmod 777) subsequently allowing job creation with different privileges.

3) An error in startd related to the GIVE_REQUEST_AD handler can be exploited to disclose the ClaimId and control or start jobs.

Successful exploitation of this vulnerability requires knowing the PID of a process.

4) An error when handling job abort requests due to permissions validation relying on WRITE authorization only can be exploited to abort an idle job.

The vulnerabilities are reported in versions prior to 7.8.4.

Solution:
Update to version 7.8.4.

Provided and/or discovered by:
Florian Weimer, the Red Hat Product Security Team

Original Advisory:
Condor:
http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html

Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=846501
https://bugzilla.redhat.com/show_bug.cgi?id=848218
https://bugzilla.redhat.com/show_bug.cgi?id=848222
https://bugzilla.redhat.com/show_bug.cgi?id=848214

http://secunia.com/advisories/50666/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress WP-TopBar Plugin Cross-Site Request Forgery

by Carol~ Moderator - 9/20/12 1:02 PM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

WordPress WP-TopBar Plugin Cross-Site Request Forgery Vulnerability

Release Date : 2012-09-20

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Wordpress WP-TopBar Plugin 4.x

Description:
Blake Entrekin has discovered a vulnerability in the WP-TopBar plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the message of the TopBar if a logged-in administrative user visits a malicious web site.

Note: This can further be exploited to conduct script insertion attacks.

The vulnerability is reported in version 4.02. Prior versions may also be affected.

Solution:
Update to version 4.03.

Provided and/or discovered by:
Blake Entrekin

Original Advisory:
Blake Entrekin:
http://entresec.blogspot.com/2012/09/wp-topbar-402-csrf-and-stored-xss.html

http://secunia.com/advisories/50693/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Apache CXF SOAP Action Validation Vulnerability

by Carol~ Moderator - 9/20/12 1:18 PM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

Release Date : 2012-09-20

Criticality level : Less critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: Apache CXF 2.x

Description:
A vulnerability has been reported in Apache CXF, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due SOAP requests with a SOAP Action string in the header being insufficiently validated with body's data and can be exploited to perform an otherwise restricted action.

Successful exploitation requires the target action to accept same parameter types as the header action and pass WS-Policy validation.

The vulnerability is reported in all versions.

Solution:
Update to version 2.4.9, 2.5.5, or 2.6.2.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Apache:
http://cxf.apache.org/cve-2012-3451.html

http://secunia.com/advisories/50664/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress MF Gig Calendar Plugin URL Cross-Site

by Carol~ Moderator - 9/20/12 1:18 PM

In Reply to: VULNERABILITIES / FIXES - September 20, 2012 by Carol~ Moderator

WordPress MF Gig Calendar Plugin URL Cross-Site Scripting Vulnerability

Release Date : 2012-09-20

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: WordPress MF Gig Calendar Plugin 0.x

Description:
Reaction Information Security has discovered a vulnerability in the MF Gig Calendar plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via URL (when "page_id" set to the Event Calendar page) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 0.9.4.1. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Chris Cooper and Joseph Sheridan, Reaction Information Security.

Original Advisory:
Reaction Information Security:
http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html

http://secunia.com/advisories/50571/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close