Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - November 06, 2012

by: Carol~ November 6, 2012 1:42 PM PST

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - November 06, 2012

by Carol~ Moderator - 11/6/12 1:42 PM

Sysax FTP Automation Task Scheduling Privilege Escalation Security Issue

Release Date: 2012-11-06

Criticality level : Less critical
Impact: Privilege escalation
Where : Local System
Solution Status : Vendor Patch

Software: Sysax FTP Automation 5.x

Description:
Craig Freyman has discovered a security issue in Sysax FTP Automation, which can be exploited by malicious, local users to gain escalated privileges.

The security issue is caused due to the application's scheduling service executing tasks with SYSTEM privileges without prior authorization and can be exploited by unprivileged users to schedule arbitrary tasks.

The security issue is confirmed in version 5.31. Other versions may also be affected.

Solution:
Update to version 5.34.

Provided and/or discovered by:
Craig Freyman (cd1zz).

Original Advisory:
Craig Freyman:
http://www.pwnag3.com/2012/11/sysax-ftp-automation-server-privilege.html

http://secunia.com/advisories/51173/


Reply
Report offensive post
Email to friend

Apache Tomcat Security Bypass and Denial of Service

by Carol~ Moderator - 11/6/12 1:46 PM

In Reply to: VULNERABILITIES / FIXES - November 06, 2012 by Carol~ Moderator

Apache Tomcat Security Bypass and Denial of Service Vulnerabilities

Release Date: 2012-11-06

Criticality level : Moderately critical
Impact: Security Bypass
DoS
Where : From remote
Solution Status : Vendor Patch

Software: Apache Tomcat 5.x
Apache Tomcat 6.x
Apache Tomcat 7.x

Description:
A weakness and a vulnerability have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

1) An error within the "parseHeaders()" function (InternalNioInputBuffer.java) when parsing request headers does not properly verify the permitted size and can be exploited to trigger an OutOfMemoryError exception via specially crafted headers.

This vulnerability is reported in versions 6.0.0-6.0.35 and 7.0.0-7.0.27.

2) An error within DIGEST authentication mechanism does not properly check server nonces.

This weakness is reported in versions 5.5.0-5.5.35, 6.0.0-6.0.35, and 7.0.0-7.0.29.

Solution:
Update to version 5.5.36, 6.0.36, or 7.0.30.

Provided and/or discovered by:
1) The vendor credits Josh Spiewak.
2) The vendor credits Tilmann Kuhn.

Original Advisory:
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.30
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36
http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.36

http://secunia.com/advisories/51138/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ubuntu update for munin

by Carol~ Moderator - 11/6/12 1:46 PM

In Reply to: VULNERABILITIES / FIXES - November 06, 2012 by Carol~ Moderator

Release Date: 2012-11-06

Criticality level : Not critical
Impact: Manipulation of data
Where : Local System
Solution Status : Vendor Patch

Operating System : Ubuntu Linux 10.04
Ubuntu Linux 11.10
Ubuntu Linux 12.04

Description:
Ubuntu has issued an update for munin. This fixes a security issue, which can be exploited by malicious, local users to manipulate certain data.

Solution:
Apply updated packages.

Original Advisory:
USN-1622-1:
http://www.ubuntu.com/usn/usn-1622-1/

http://secunia.com/advisories/51218/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ubuntu update for mesa

by Carol~ Moderator - 11/6/12 1:46 PM

In Reply to: VULNERABILITIES / FIXES - November 06, 2012 by Carol~ Moderator

Release Date: 2012-11-06

Criticality level : Moderately critical
Impact: System access
Where : From remote
Solution Status : Vendor Patch

Operating System : Ubuntu Linux 12.04

Description:
Ubuntu has issued an update for mesa. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
USN-1623-1:
http://www.ubuntu.com/usn/usn-1623-1/

http://secunia.com/advisories/51215/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

GEGL PPM Image Processing Integer Overflow Vulnerability

by Carol~ Moderator - 11/6/12 1:46 PM

In Reply to: VULNERABILITIES / FIXES - November 06, 2012 by Carol~ Moderator

Release Date: 2012-11-06

Criticality level : Moderately critical
Impact: System access
Where : From remote
Solution Status : Vendor Workaround

Software: GEGL 0.x

Description:
A vulnerability has been reported in GEGL, which can be exploited by malicious people to compromise an application using the library.

The vulnerability is caused due to an integer overflow error in PPM image handler (operations/external/ppm-load.c) and can be exploited to cause a heap-based buffer overflow via specially crafted image dimensions.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 0.2.0. Other versions may also be affected.

Solution:
Fixed in the source code repository.

Provided and/or discovered by:
Murray McAllister, Red Hat Security Response Team

Original Advisory:
Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=856300

http://secunia.com/advisories/51114/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Apache Axis SSL Certificate Verification Security Issue

by Carol~ Moderator - 11/6/12 1:46 PM

In Reply to: VULNERABILITIES / FIXES - November 06, 2012 by Carol~ Moderator

Release Date: 2012-11-06

Criticality level : Less critical
Impact: Spoofing
Where : From remote
Solution Status : Unpatched

Software: Apache Axis 1.x
Apache Axis2/Java 1.x

Description:
A security issue has been reported in Apache Axis, which can be exploited by malicious people to conduct spoofing attacks.

The security issue is caused due to the server hostname not being validated against the domain name in the subject's Common Name (CN) or subjectAltName fields of X.509 certificates. This can be exploited to spoof a SSL server via e.g. Man-in-the-Middle (MitM) attacks.

The security issue is reported in the following products:
* Apache Axis version 1.4.
* Apache Axis2/Java version 1.6.2.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Reported at the ACM CCS 2012 conference.

Original Advisory:
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

http://secunia.com/advisories/51219/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Opera Multiple Vulnerabilities

by Carol~ Moderator - 11/6/12 1:47 PM

In Reply to: VULNERABILITIES / FIXES - November 06, 2012 by Carol~ Moderator

Release Date: 2012-11-06

Criticality level : Highly critical
Impact: Unknown
Security Bypass
Cross Site Scripting
System access
Where : From remote
Solution Status : Vendor Patch

Software: Opera 12.x

Description:
Multiple vulnerabilities have been reported in Opera, where some have unknown impacts and other can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

1) An unspecified error when handling CORS (Cross-Origin Resource Sharing) requests can be exploited to bypass the same origin policy and e.g. disclose sensitive information from another domain.

2) An error when handling Data URIs can be exploited to conduct cross-site scripting attacks.

3) An unspecified error exists. No further information if currently available.

4) An error when handling SVG images can be exploited to execute arbitrary code.

5) Another unspecified error exists. No further information if currently available.

The vulnerabilities are reported in versions prior to 12.10.

Solution:
Update to version 12.10.

Provided and/or discovered by:
1) Reported by the vendor.
2) The vendor credits multiple people.
3) The vendor credits Gareth Heyes.
4) The vendor credits Attila Suszter.
5) The vendor credits the Google Security Group.

Original Advisory:
http://www.opera.com/docs/changelogs/unified/1210/
http://www.opera.com/support/kb/view/1030/
http://www.opera.com/support/kb/view/1031/
http://www.opera.com/support/kb/view/1033/

http://secunia.com/advisories/51183/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Python tweepy Module SSL Certificate Verification Security

by Carol~ Moderator - 11/6/12 1:48 PM

In Reply to: VULNERABILITIES / FIXES - November 06, 2012 by Carol~ Moderator

Release Date: 2012-11-06

Criticality level : Less critical
Impact: Spoofing
Where : From remote
Solution Status : Unpatched

Software: Python tweepy Module 1.x

Description:
A security issue has been reported in Python tweepy Module, which can be exploited by malicious people to conduct spoofing attacks.

The security issue is reported version 1.11. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Reported at the ACM CCS 2012 conference.

Original Advisory:
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

http://secunia.com/advisories/51223/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ZPanel Cross-Site Request Forgery and SQL Injection

by Carol~ Moderator - 11/6/12 1:48 PM

In Reply to: VULNERABILITIES / FIXES - November 06, 2012 by Carol~ Moderator

ZPanel Cross-Site Request Forgery and SQL Injection Vulnerabilities

Release Date: 2012-11-06

Criticality level : Moderately critical
Impact: Manipulation of data
Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: ZPanel 10.x

Description:
Multiple vulnerabilities have been discovered in ZPanel, which can be exploited by malicious people to conduct cross-site request forgery and SQL injection attacks.

1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add an FTP user if a logged-in administrator visits a malicious web site.

Note: This further can be exploited to conduct script insertion attacks.

2) Input passed via the "resetkey" GET and "inConfEmail" POST parameters to index.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are confirmed in version 10.0.1. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
#1) pcsjj.
#2) HTP.

Original Advisory:
pcsjj:
http://www.exploit-db.com/exploits/22490/

HTP:
http://empathy.hardchats.org/htp4/HTP-4.txt

http://secunia.com/advisories/51172/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

VeriCentre Web Console Multiple SQL Injection

by Carol~ Moderator - 11/6/12 1:49 PM

In Reply to: VULNERABILITIES / FIXES - November 06, 2012 by Carol~ Moderator

VeriCentre Web Console Multiple SQL Injection Vulnerabilities

Release Date: 2012-11-06

Criticality level : Less critical
Impact: Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: VeriCentre Web Console 2.x

Description:
Multiple vulnerabilities have been reported in VeriCentre Web Console, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed via the "TerminalId", "ModelName", and "ApplicationName" parameters to WebConsole/terminal/paramedit.aspx is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are reported in versions prior to 2.2 build 36.

Solution:
Update to version 2.2 build 36 or higher.

Provided and/or discovered by:
Cory Eubanks, Clear Skies Security LLC.

Original Advisory:
US-CERT:
http://www.kb.cert.org/vuls/id/180091

Clear Skies Security:
http://www.clearskies.net/documents/css-advisory-css1211-vericentre.pdf

http://secunia.com/advisories/51122/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close