Spyware, viruses, & security forum: VULNERABILITIES / FIXES - December 13, 2012

Adobe Camera Raw Plug-in TIFF Image Processing Two Vulnerabilities

Release Date : 2012-12-12

Criticality level : Highly critical
Impact: System access
Where : From remote
Solution Status: Vendor Patch

Software: Adobe Bridge CS6 5.x
Adobe Photoshop CS6 13.x

Description:
Two vulnerabilities have been discovered in Adobe Camera Raw Plug-in, which can be exploited by malicious people to compromise a user's system.

1) An error in the "Camera Raw.8bi" plug-in when processing a LZW compressed TIFF image can be exploited to cause a heap-based buffer underflow via a specially crafted LZW code within an image row strip.

2) An integer overflow error in the "Camera Raw.8bi" plug-in when allocating memory during TIFF image processing can be exploited to cause a heap-based buffer overflow via specially crafted image dimensions.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires tricking a user into opening or previewing a malicious file.

The vulnerabilities are reported in the plug-in version 7.2 and prior, confirmed in:
* Adobe Bridge CS6 version 5.0.0.399.
* Adobe Photoshop CS6 version 13.0 20120315.r.428.

Solution:
Update the plug-in to version 7.3 via the application's update mechanism.

Provided and/or discovered by
1) Francis Provencher via Secunia.
2) Dmitriy Pletnev, Secunia Research.

Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2012-31/

Adobe (APSB12-28):
http://www.adobe.com/support/security/bulletins/apsb12-28.html

http://secunia.com/advisories/49929/

Release Date: 2012-12-13

Criticality level : Moderately critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: JBoss Enterprise BRMS Platform 5.x

Description:
Red Hat has issued an update for JBoss Enterprise BRMS Platform. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is reported in version 5.3.0. Prior versions may also be affected.

Solution:
Apply security patch or update to version 5.3.1.

Original Advisory:
RHSA-2012:1559-1:
https://rhn.redhat.com/errata/RHSA-2012-1559.html

RHSA-2012:1573-1:
https://rhn.redhat.com/errata/RHSA-2012-1573.html

http://secunia.com/advisories/51577/

Release Date: 2012-12-13

Criticality level : Moderately critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: UBB.threads 7.x

Description:
A vulnerability has been reported in UBB.threads, which can be exploited by malicious users to bypass certain security restrictions.

The vulnerability is caused due to an unspecified error and can be exploited to gain access to upload of malicious files.

The vulnerability is reported in versions prior to 7.5.7.

Solution:
Update to version 7.5.7.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.ubbcentral.com/forums/ubbthreads.php/topics/251173/IMPORTANT_UBB_THREADS_SECURITY

http://secunia.com/advisories/51552/

Release Date : 2012-12-12

Criticality level : Highly critical
Impact: Unknown
System access
Where : From remote
Solution Status: Vendor Patch

Operating System : openSUSE 12.1
openSUSE 12.2

Description:
SUSE has issued an update for chromium. This fixes multiple vulnerabilities, where two have an unknown impact and others can be exploited by malicious people to compromise a user's system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:1637-1:
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html

http://secunia.com/advisories/51580/

MyBB Tips Of The Day Plugin Script Insertion and SQL Injection Vulnerabilities

Release Date : 2012-12-13

Criticality level : Less critical
Impact : Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: Tips Of The Day 1.x (plugin for MyBB)

Description:
Some vulnerabilities have been discovered in the Tips Of The Day plugin for MyBB, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.

1) Input passed via the "tiptle" and "tip" POST parameters to misc.php (when "tips" is set to "do_newtip") is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

2) Input passed via the "tip" parameter to admin/index.php (when "action" is set to "edittip" and "module" is set to "config-tipsoftheday") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability requires access to the administrative section.

The vulnerabilities are confirmed in version 1.0. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
VipVince

Original Advisory:
http://packetstormsecurity.org/files/118807/MyBB-TipsOfTheDay-Cross-Site-Scripting-SQL-Injection.html

http://secunia.com/advisories/51499/

Release Date : 2012-12-12

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System : Microsoft Windows 8
Microsoft Windows RT
Microsoft Windows Server 2012

Description:
Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system

The vulnerabilities are caused due to a bundled vulnerable version of Adobe Flash Player within Internet Explorer 10.

Solution:
Apply updates.

Original Advisory:
http://technet.microsoft.com/en-us/security/advisory/2755801
http://support.microsoft.com/kb/2785605

http://secunia.com/advisories/51536/

Release Date : 2012-12-12

Criticality level : Highly critical
Impact : Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Operating System : Sun Solaris 10.x

Description:
Oracle has acknowledged multiple vulnerabilities in Thunderbird included in Solaris, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.

Solution:
Apply patch.

Original Advisory:
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird7

http://secunia.com/advisories/51563/

Release Date : 2012-12-13

Criticality level : Less critical
Impact : Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: Centreon 2.x

Description:
Spentera has reported a vulnerability in Centreon, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed via the "menu" parameter to centreon/menu/xml/menuXML.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in versions 2.3.3 through 2.3.9-4.

Solution:
Update to version 2.4.0 or newer.

Provided and/or discovered by:
Tom Gregory, Spentera

Original Advisory:
Spentera:
http://www.spentera.com/2012/12/centreon-enterprise-server-2-3-3-2-3-9-4-blind-sql-injection/

US-CERT:
http://www.kb.cert.org/vuls/id/856892

http://secunia.com/advisories/51532/

IBM Lotus Foundations Start Script Insertion and PHP Command Injection Vulnerabilities

Release Date : 2012-12-13

Criticality level : Moderately critical
Impact: Cross Site Scripting
Exposure of sensitive information
System access
Where : From local network
Solution Status: Vendor Patch

Software: IBM Lotus Foundations Start 1.x

Description:
Two vulnerabilities have been reported in IBM Lotus Foundations Start, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to disclose certain sensitive information or compromise a vulnerable system.

1) Input passed via the "Users" page in Webconfig is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

2) An error exists within the bundled version of PHP.

The vulnerabilities are reported in versions prior to 1.2.2c.

Solution:
Update to version 1.2.2c.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM:
http://www.ibm.com/support/docview.wss?uid=swg21620319
http://www.ibm.com/support/docview.wss?uid=swg21620314

http://secunia.com/advisories/51572/

WordPress Knews Multilingual Newsletters Plugin Cross-Site Request Forgery Vulnerability

Release Date : 2012-12-13

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Knews Multilingual Newsletters Plugin 1.x

Description:
A vulnerability has been discovered in the Knews Multilingual Newsletters plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change sender's e-mail if a logged-in administrative user visits a malicious web site.

The vulnerability is confirmed in version 1.2.5. Prior versions may also be affected.

Solution:
Update to version 1.2.6.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://wordpress.org/extend/plugins/knews/changelog/

http://secunia.com/advisories/51543/

Release Date : 2012-12-12

Criticality level : Highly critical
Impact: System access
Where : From remote
Solution Status: Vendor Patch

Software: Red Hat Enterprise Linux Desktop Supplementary (v. 6)
Red Hat Enterprise Linux Server Supplementary (v. 6)
Red Hat Enterprise Linux Workstation Supplementary (v. 6)
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)

Description:
Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:1569-1:
https://rhn.redhat.com/errata/RHSA-2012-1569.html

http://secunia.com/advisories/51526/

Release Date : 2012-12-12

Criticality level : Highly critical
Impact: System access
Where : From remote
Solution Status: Vendor Patch

Software: MuPDF 1.x

Description:
A vulnerability has been discovered in MuPDF, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to a signedness error in the "pdf_repair_obj_stm()" function (pdf/pdf_repair.c) when processing a stream and can be exploited to corrupt memory via a specially crafted length number.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious PDF document.

The vulnerability is confirmed in version 1.0. Prior versions may also be affected.

Solution:
Update to version 1.1.

Provided and/or discovered by:
beford

Original Advisory:
beford:
http://www.exploit-db.com/exploits/23246/

http://secunia.com/advisories/51544/