Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - December 19, 2012

by: Carol~ December 19, 2012 10:21 AM PST

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - December 19, 2012

by Carol~ Moderator - 12/19/12 10:21 AM

HP-UX update for BIND

Release Date: 2012-12-19

Criticality level : Less critical
Impact : Spoofing
Where : From remote
Solution Status: Vendor Patch

Operating System: HP-UX 11.x

Description:
HP has issued an update for BIND in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.

The vulnerability is reported in HP-UX version B.11.31 running BIND 9.7.3 prior to C.9.7.3.1.0, B.11.23 and B.11.11 running BIND 9.3 prior to C.9.3.2.13.0, B.11.31 running BIND 9.3 prior to C.9.3.2.15.0, B.11.11 running BIND 9.2.0 prior to B.11.00.01.004, and B.11.23 running BIND 9.2.0 without patch PHNE_43369.

Solution:
Apply patches.

Original Advisory:
HPSBUX02835 SSRT100763:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03577598

http://secunia.com/advisories/51604/


Reply
Report offensive post
Email to friend

Oracle Solaris Java Multiple Vulnerabilities

by Carol~ Moderator - 12/19/12 10:23 AM

In Reply to: VULNERABILITIES / FIXES - December 19, 2012 by Carol~ Moderator

Release Date: 2012-12-19

Criticality level : Highly critical
Impact : Exposure of sensitive information
DoS
System access
Manipulation of data
Where : From remote
Solution Status: Vendor Patch

Operating System: Oracle Solaris 11.x

Description:
Oracle has acknowledged multiple vulnerabilities in Java included in Solaris, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

Solution:
Apply 10/12 SRU 2.5.

Original Advisory:
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_java
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_java1

http://secunia.com/advisories/51618/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Oracle Solaris Apache HTTP Server LD_LIBRARY_PATH

by Carol~ Moderator - 12/19/12 10:27 AM

In Reply to: VULNERABILITIES / FIXES - December 19, 2012 by Carol~ Moderator

Oracle Solaris Apache HTTP Server LD_LIBRARY_PATH and Cross-Site Scripting Vulnerabilities

Release Date : 2012-12-19

Criticality level : Less critical
Impact : Cross Site Scripting
Privilege escalation
Where : From remote
Solution Status : Vendor Patch

Operating System : Oracle Solaris 11.x
Sun Solaris 10.x

Description:
Oracle has acknowledged a security issue and a vulnerability in Apache HTTP Server included in Solaris, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks.

Solution:
Apply patch.

Original Advisory:
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http2

http://secunia.com/advisories/51575/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Nagios history.cgi "get_history()" Buffer Overflow

by Carol~ Moderator - 12/19/12 10:27 AM

In Reply to: VULNERABILITIES / FIXES - December 19, 2012 by Carol~ Moderator

Nagios history.cgi "get_history()" Buffer Overflow Vulnerability

Release Date: 2012-12-19

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status: Vendor Patch

Software: Nagios 3.x

Description:
temp66 has reported a vulnerability in Nagios, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "get_history()" function (history.c) within history.cgi when handling certain parameters, which can be exploited to cause a stack-based buffer overflow via an overly long "host" parameter.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 3.4.3. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
temp66

Original Advisory:
http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html

http://secunia.com/advisories/51537/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for libtiff

by Carol~ Moderator - 12/19/12 10:27 AM

In Reply to: VULNERABILITIES / FIXES - December 19, 2012 by Carol~ Moderator

Release Date: 2012-12-19

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status: Vendor Patch

Operating System : Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 5
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6
RHEL Desktop Workstation 5

Description:
Red Hat has issued an update for libtiff. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:1590-1:
https://rhn.redhat.com/errata/RHSA-2012-1590.html

http://secunia.com/advisories/51582/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for kernel

by Carol~ Moderator - 12/19/12 10:27 AM

In Reply to: VULNERABILITIES / FIXES - December 19, 2012 by Carol~ Moderator

Release Date: 2012-12-19

Criticality level : Not critical
Impact: DoS
Where : From local network
Solution Status : Vendor Patch

Operating System : Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6

Description:
Red Hat has issued an update for kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service).

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:1580-1:
https://rhn.redhat.com/errata/RHSA-2012-1580.html

http://secunia.com/advisories/51613/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

MyBB MyTube Plugin "profile_fields[]" Script Insertion

by Carol~ Moderator - 12/19/12 10:27 AM

In Reply to: VULNERABILITIES / FIXES - December 19, 2012 by Carol~ Moderator

MyBB MyTube Plugin "profile_fields[]" Script Insertion Vulnerability

Release Date: 2012-12-19

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status: Unpatched

Software: MyTube 1.x (plugin for MyBB)

Description:
A vulnerability has been discovered in MyTube plugin for MyBB, which can be exploited by malicious users to conduct script insertion attacks.

Input passed via the "profile_fields[]" parameter to usercp.php (when parameter index is set to a valid value) is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

The vulnerability is confirmed in version 1.0. Other versions may be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Kim Kun Bum

Original Advisory:
http://www.exploit-db.com/exploits/23470/

http://secunia.com/advisories/51600/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Zend Framework "Zend_Feed" XML Entity References Information

by Carol~ Moderator - 12/19/12 10:29 AM

In Reply to: VULNERABILITIES / FIXES - December 19, 2012 by Carol~ Moderator

Zend Framework "Zend_Feed" XML Entity References Information Disclosure Vulnerability

Release Date: 2012-12-19

Criticality level: Less critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: Zend Framework 1.x

Description:
A vulnerability has been reported in Zend Framework, which can be exploited by malicious people to disclose certain sensitive information.

The vulnerability is caused due to an error within the "Zend_Feed_Rss" and "Zend_Feed_Atom" classes of the "Zend_Feed" component when processing XML data and can be exploited to e.g. disclose contents of certain local files by sending specially crafted XML data including external entity references.

The vulnerability is reported in versions prior to 1.11.15 and 1.12.1.

Solution:
Update to version 1.11.15 or 1.12.1.

Provided and/or discovered by:
The vendor credits Yury Dyachenko, Positive Research Center.

Original Advisory:
Zend:
http://framework.zend.com/security/advisory/ZF2012-05

http://secunia.com/advisories/51583/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IronJacamar Security Domains "allow-multiple-users" Security

by Carol~ Moderator - 12/19/12 10:29 AM

In Reply to: VULNERABILITIES / FIXES - December 19, 2012 by Carol~ Moderator

IronJacamar Security Domains "allow-multiple-users" Security Bypass

Release Date: 2012-12-19

Criticality level: Less critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: IronJacamar 1.x

Description:
A security issue has been reported in IronJacamar, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to the application improperly validating credentials when using the "allow-multiple-users" option with security domains and can be exploited to gain access to a valid connection by using invalid credentials.

The security issue is reported in versions prior to 1.0.12.

Solution:
Update to version 1.0.12.

Provided and/or discovered by:
Red Hat credits Arun Neelicattu of the Red Hat Security Response Team.

Original Advisory:
IronJacamar:
https://issues.jboss.org/browse/JBJCA-864
https://issues.jboss.org/browse/JBJCA/fixforversion/12319522

Red Hat Bug#843358:
https://bugzilla.redhat.com/show_bug.cgi?id=843358

http://secunia.com/advisories/51550/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for JBoss Enterprise Application Platform

by Carol~ Moderator - 12/19/12 1:06 PM

In Reply to: VULNERABILITIES / FIXES - December 19, 2012 by Carol~ Moderator

Release Date: 2012-12-19

Criticality level : Moderately critical
Impact : Security Bypass
Exposure of sensitive information
Where : From remote
Solution Status: Vendor Patch

Software: JBoss Enterprise Application Platform 6.x

Description:
Red Hat has issued an update for JBoss Enterprise Application Platform. This fixes multiple security issues and vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to disclose sensitive information and by malicious people to bypass certain security restrictions.

1) An error when handling method invocations in the "processInvocation()" method (org.jboss.as.ejb3.security.AuthorizationInterceptor) with an empty list of allowed roles can be exploited to get otherwise restricted method invocations authorised.

2) An error when handling role-based authorisation for Enterprise Java Beans (EJB) access can be exploited to e.g. bypass a configured JACC authorisation module.

Solution:
Updated packages are available via Red Hat Network

Provided and/or discovered by:
1) Arun Neelicattu of the Red Hat Security Response Team
2) Josef Cacek of the Red Hat JBoss EAP Quality Engineering Team

Original Advisory
RHSA-2012:1591-1:
https://rhn.redhat.com/errata/RHSA-2012-1591.html

RHSA-2012:1592-1:
https://rhn.redhat.com/errata/RHSA-2012-1592.html

RHSA-2012:1594-1:
https://rhn.redhat.com/errata/RHSA-2012-1594.html

http://secunia.com/advisories/51607/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

MyBB Profile Xbox Live ID Plugin "xli" SQL Injection and

by Carol~ Moderator - 12/19/12 1:08 PM

In Reply to: VULNERABILITIES / FIXES - December 19, 2012 by Carol~ Moderator

MyBB Profile Xbox Live ID Plugin "xli" SQL Injection and Script Insertion Vulnerabilities

Release Date: 2012-12-19

Criticality level : Moderately critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status: Unpatched

Software: Profile Xbox Live ID 1.x (plugin for MyBB)

Description:
Two vulnerabilities have been discovered in the Profile Xbox Live ID plugin for MyBB, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.

1) Input passed via the "xli" POST parameter to usercp.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

2) Input passed via the "xli" POST parameter to usercp.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are confirmed in version 1.0. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
1) limb0
2) n3urot0xin

Original Advisory:
limb0:
http://packetstormsecurity.org/files/118927/MyBB-Xbox-Live-ID-Cross-Site-Scripting.html

n3urot0xin:
http://1337day.com/exploit/20001

http://secunia.com/advisories/51620/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

fail2ban Unspecified Vulnerability

by Carol~ Moderator - 12/19/12 1:09 PM

In Reply to: VULNERABILITIES / FIXES - December 19, 2012 by Carol~ Moderator

Release Date: 2012-12-19

Criticality level: Less critical
Impact : Unknown
Where : From remote
Solution Status : Vendor Patch

Software: Fail2ban 0.x

Description:
A vulnerability with an unknown impact has been reported in fail2ban.

The vulnerability is caused due to an unspecified error when parsing matched content. No further information is currently available.

The vulnerability is reported in version 0.8.7. Prior versions may also be affected.

Solution:
Update to version 0.8.8.

Provided and/or discovered by:
The vendor credits NBS System Security Team

Original Advisory:
https://raw.github.com/fail2ban/fail2ban/master/ChangeLog

http://secunia.com/advisories/51553/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Tivoli Storage Manager for Space Management Two

by Carol~ Moderator - 12/19/12 1:10 PM

In Reply to: VULNERABILITIES / FIXES - December 19, 2012 by Carol~ Moderator

IBM Tivoli Storage Manager for Space Management Two Vulnerabilities

Release Date: 2012-12-19

Criticality level: Less critical
Impact : Manipulation of data
Privilege escalation
Where : From local network
Solution Status : Vendor Patch

Software: IBM Tivoli Storage Manager for Space Management 6.x

Description:
Two vulnerabilities have been reported in IBM Tivoli Storage Manager for Space Management, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious users to manipulate certain data.

1) An unspecified error can be exploited by a local user to access and manipulate arbitrary files.

2) An unspecified error can be exploited to access and manipulate files managed by the application.

The vulnerabilities are reported in versions prior to 6.2.5.0 and 6.3.1.0.

Solution:
Update to version 6.2.5.0 (when available) or 6.3.1.0.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (IC86724, IC87006):
http://www.ibm.com/support/docview.wss?uid=swg21615292

http://secunia.com/advisories/51623/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Quenlig "comment" Script Insertion Vulnerability

by Carol~ Moderator - 12/19/12 1:11 PM

In Reply to: VULNERABILITIES / FIXES - December 19, 2012 by Carol~ Moderator

Release Date: 2012-12-19

Criticality level : Moderately critical
Impact : Cross Site Scripting
Where : From remote
Solution Status: Vendor Patch

Software: Quenlig 2.x

Description:
A vulnerability has been discovered in Quenlig, which can be exploited by malicious users to conduct script insertion attacks.

Input passed via the "comment" parameter when writing a comment to a question is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

The vulnerability is confirmed in version 2.3.7. Prior versions may also be affected.

Solution:
Update to version 2.3.8.

Provided and/or discovered by:
Reported by the vendor.

http://secunia.com/advisories/51564/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

phpwcms "preg_replace()" Arbitrary Code Execution

by Carol~ Moderator - 12/19/12 1:56 PM

In Reply to: VULNERABILITIES / FIXES - December 19, 2012 by Carol~ Moderator

phpwcms "preg_replace()" Arbitrary Code Execution Vulnerabilities

Release Date: 2012-12-19

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status: Unpatched

Software: phpwcms 1.x

Description:
aeon has discovered multiple vulnerabilities in phpwcms, which can be exploited by malicious users to compromise a vulnerable system.

Input passed via the "article_summary" POST parameter to phpwcms.php (when "do" is set to "articles", "p" is set to "2", and "s" is set to "1") is not properly sanitised in the include/inc_front/content.func.inc.php and include/inc_front/front.func.inc.php scripts before calling the "preg_replace()" function with the "e" modifier. This can be exploited to execute arbitrary PHP code.

Successful exploitation requires a "backend" or "frontend / backend" user account.

The vulnerabilities are confirmed in version 1.5.4.6. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
aeon

Original Advisory:
aeon:
https://infosecabsurdity.wordpress.com/2012/12/17/phpwcms-remote-code-execution-and-php-pcre-filter-evasion-bypasses-zeroday/

http://secunia.com/advisories/51588/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close