Spyware, viruses, & security forum: VULNERABILITIES / FIXES - December 10, 2012

Rockwell Automation Controllers Denial of Service Vulnerability

Release Date : 2012-12-10

Criticality level: Less critical
Impact : DoS
Where : From local network
Solution Status : Unpatched

Operating System : Rockwell Automation 1762 MicroLogix 1200 Controllers
Rockwell Automation 1763 MicroLogix 1100 Controllers
Rockwell Automation 1764 MicroLogix 1500 Controllers
Rockwell Automation 1766 MicroLogix 1400 Controllers
Rockwell Automation PLC-5 Controller
Rockwell Automation SLC 500 Controller

Description:
A vulnerability has been reported in some Rockwell Automation controllers, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when processing certain messages and can be exploited to cause a device fault via requests sent to TCP and UDP ports 2222 or 44818.

The vulnerability is reported in the following products:
* MicroLogix 1100 controller
* MicroLogix 1200 controller
* MicroLogix 1400 controller
* MicroLogix 1500 controller
* SLC 500 controller platform
* PLC-5 controller platform

Solution:
No official solution is currently available.

Provided and/or discovered by:
ICS-CERT credits Matthew Luallen, CYBATI.

Original Advisory:
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-342-01.pdf

http://secunia.com/advisories/51534/

IBM eDiscovery Manager Unspecified Cross-Site Scripting Vulnerabilities

Release Date : 2012-12-10

Criticality level: Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: IBM eDiscovery Manager 2.x

Description:
Some vulnerabilities have been reported in IBM eDiscovery Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 2.x.

Solution:
Apply APAR HE11605.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM:
http://www.ibm.com/support/docview.wss?uid=swg1HE11605

http://secunia.com/advisories/51530/

Release Date : 2012-12-10

Criticality level: Less critical
Impact : Privilege escalation
DoS
Where : Local system
Solution Status : Vendor Patch

Operating System : Debian GNU/Linux 6.0

Description:
Debian has issued an update for xen. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2582-1:
http://www.debian.org/security/2012/dsa-2582

http://secunia.com/advisories/51468/

Release Date : 2012-12-10

Criticality level : Highly critical
Impact : Security Bypass
Cross Site Scripting
System access
Where : From remote
Solution Status : Vendor Patch

Operating System : Debian GNU/Linux 6.0

Description:
Debian has issued an update for iceweasel. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2583-1:
http://www.debian.org/security/2012/dsa-2583

http://secunia.com/advisories/51353/

Release Date : 2012-12-10

Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: ClipBucket 2.x

Description:
High-Tech Bridge has discovered multiple vulnerabilities in ClipBucket, which can be exploited by malicious users and malicious people to conduct SQL injection attacks.

Input passed via multiple parameters to multiple scripts is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

List of affected scripts and parameters:
http://[host]/user_contacts.php?user
http://[host]/view_channel.php?user
http://[host]/view_page.php?pid
http://[host]/view_topic.php?tid
http://[host]/watch_video.php?v
http://[host]/ajax.php?mode=add_friend&uid (POST)
http://[host]/ajax.php?mode=share_object&type=video&id (POST)
http://[host]/ajax.php?mode=share_object&type=photo&id (POST)
http://[host]/ajax.php?mode=share_object&type=collection&id (POST)
http://[host]/ajax.php?mode=flag_object&type=video&id (POST)
http://[host]/ajax.php?mode=flag_object&type=photo&id (POST)
http://[host]/ajax.php?mode=flag_object&type=collection&id (POST)
http://[host]/ajax.php?mode=flag_object&type=user&id (POST)
http://[host]/ajax.php?mode=load_more_items&type=videos&cid (POST)
http://[host]/ajax.php?mode=load_more_items&type=photos&cid (POST)

The vulnerabilities are confirmed in version 2.6-r738. Prior versions may also be affected.

Solution:
Update to version 2.6-r738-security-fixed-p2.

Provided and/or discovered by:
High-Tech Bridge

Original Advisory:
HTB23125:
https://www.htbridge.com/advisory/HTB23125

http://secunia.com/advisories/51460/