Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - January 04, 2013

by: Carol~ January 4, 2013 8:52 AM PST

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - January 04, 2013

by Carol~ Moderator - 1/4/13 8:52 AM

Red Hat update for JBoss Enterprise Web Server

Release Date : 2013-01-04

Criticality level : Less critical
Impact: Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: JBoss Enterprise Web Server 2.x

Description:
Red Hat has issued an update for JBoss Enterprise Web Server. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0004-01:
https://rhn.redhat.com/errata/RHSA-2013-0004.html

RHSA-2013:0005-01:
https://rhn.redhat.com/errata/RHSA-2013-0005.html

http://secunia.com/advisories/51736/


Reply
Report offensive post
Email to friend

Facebook Camera for iOS Certificate Verification Security

by Carol~ Moderator - 1/4/13 8:55 AM

In Reply to: VULNERABILITIES / FIXES - January 04, 2013 by Carol~ Moderator

Facebook Camera for iOS Certificate Verification Security Issue

Release Date : 2013-01-04

Criticality level : Less critical
Impact: Spoofing
Where : From remote
Solution Status : Vendor Patch

Software: Facebook Camera for iOS 1.x

Description:
Mohamed Ramadan has discovered a security issue in Facebook Camera for iOS, which can be exploited by malicious people to conduct spoofing attacks.

The security issue is caused due to the application not properly verifying the server SSL certificate. This can be exploited to e.g. spoof the server via a MitM (Man-in-the-Middle) attack and e.g. disclose potentially sensitive information.

The security issue is confirmed in versions prior to 1.1.2.

Solution:
Update to version 1.1.2.

Provided and/or discovered by:
Mohamed Ramadan

Original Advisory:
http://techcrunch.com/2012/12/24/security-loophole-in-facebooks-camera-app-allowed-hackers-to-hijack-accounts-over-wifi/

http://secunia.com/advisories/51699/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SWI-Prolog "canoniseFileName()" and "expand()" Buffer

by Carol~ Moderator - 1/4/13 8:55 AM

In Reply to: VULNERABILITIES / FIXES - January 04, 2013 by Carol~ Moderator

SWI-Prolog "canoniseFileName()" and "expand()" Buffer Overflow Vulnerabilities

Release Date : 2013-01-04

Criticality level : Moderately critical
Impact: System access
Where : From remote
Solution Status : Vendor Patch

Software: SWI-Prolog 6.x

Description:
Two vulnerabilities have been reported in SWI-Prolog, which can be exploited by malicious people to potentially compromise a vulnerable system.

1) An error within the "canoniseFileName()" function (os/pl-os.c) when handling patch canonisation paths can be exploited to cause a stack-based buffer overflow.

2) An error within the "expand()" function (os/pl-glob.c) when expanding file names can be exploited to cause a stack-based buffer overflow.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 6.2.5.

Solution:
Update to version 6.2.5.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html

http://secunia.com/advisories/51709/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WHMCompleteSolution PayPal and Google Checkout Modules

by Carol~ Moderator - 1/4/13 9:13 AM

In Reply to: VULNERABILITIES / FIXES - January 04, 2013 by Carol~ Moderator

WHMCompleteSolution PayPal and Google Checkout Modules Vulnerabilities

Release Date : 2013-01-04

Criticality level : Less critical
Impact: Manipulation of data
Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: WHMCompleteSolution 4.x

Description:
Two vulnerabilities have been reported in WHMCompleteSolution, which can be exploited by malicious users to bypass certain security restrictions and conduct SQL injection attacks.

1) An error when handling PayPal transactions within the paypal module can be exploited to credit a different PayPal account than the application configured PayPal account.

Successful exploitation of this vulnerability requires the paypal module to be enabled.

2) Certain input passed to the Google checkout module is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability requires the Google checkout module to be enabled.

The vulnerabilities are reported in versions prior to 4.5.3.

Solution:
Update to version 4.5.3 or apply patch.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://blog.whmcs.com/index.php?t=64778
http://forum.whmcs.com/showthread.php?64778-Security-Advisory-for-V4-5-amp-Google-Checkout-Users

http://secunia.com/advisories/51683/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WHMCompleteSolution Google Checkout Module SQL Injection

by Carol~ Moderator - 1/4/13 9:14 AM

In Reply to: VULNERABILITIES / FIXES - January 04, 2013 by Carol~ Moderator

WHMCompleteSolution Google Checkout Module SQL Injection Vulnerability

Release Date : 2013-01-04

Criticality level : Less critical
Impact: Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: WHMCompleteSolution 5.x

Description:
A vulnerability has been reported in WHMCompleteSolution, which can be exploited by malicious users to conduct SQL injection attacks.

Certain input passed to the Google checkout module is not properly sanitised before being used in a SQL query.

The vulnerability is reported in versions prior to 5.1.3.

Solution:
Update to version 5.1.3 or apply patch.

Original Advisory:
http://blog.whmcs.com/index.php?t=64778
http://forum.whmcs.com/showthread.php?64778-Security-Advisory-for-V4-5-amp-Google-Checkout-Users

http://secunia.com/advisories/51719/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

VLC Media Player HTML Subtitle Parsing Buffer Overflow

by Carol~ Moderator - 1/4/13 9:15 AM

In Reply to: VULNERABILITIES / FIXES - January 04, 2013 by Carol~ Moderator

VLC Media Player HTML Subtitle Parsing Buffer Overflow Vulnerabilities

Release Date : 2012-12-28
Last Update : 2013-01-04

Criticality level : Highly critical
Impact System access
Where : From remote
Solution Status: Vendor Patch

Software: VLC Media Player 2.x

Description:
Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to errors when parsing HTML subtitles in modules/codec/subsdec.c and can be exploited to cause buffer overflows via a specially crafted subtitle file.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 2.0.5.

Solution:
Update to version 2.0.5.

Provided and/or discovered by:
The vendor credits Kaveh Ghaemmaghami(coolkaveh).

Original Advisory:
VideoLAN-SA-1301:
http://www.videolan.org/security/sa1301.html

http://secunia.com/advisories/51692


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress WPScientist Multiple Themes Arbitrary File Upload

by Carol~ Moderator - 1/4/13 12:23 PM

In Reply to: VULNERABILITIES / FIXES - January 04, 2013 by Carol~ Moderator

WordPress WPScientist Multiple Themes Arbitrary File Upload Vulnerability

Release Date : 2013-01-04

Criticality level : Highly critical
Impact: System access
Where : From remote
Solution Status : Unpatched

Software: WordPress Eptonic Theme 1.x
WordPress Lightspeed Theme 1.x
WordPress Nuance Theme 1.x

Description:
A vulnerability has been reported in multiple WPScientist themes for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the valums_uploader/php.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.

The vulnerability is reported in the following themes:
* Lightspeed version 1.1.2
* Eptonic version 1.4.3
* Nuance version 1.2.3

Solution:
No official solution is currently available.

Provided and/or discovered by:
JingoBD

Original Advisory:
http://packetstormsecurity.com/files/119241/WordPress-Valums-Uploader-Shell-Upload.html

http://secunia.com/advisories/51714/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

nginx Proxy Module Certificate Verification Security Issue

by Carol~ Moderator - 1/4/13 12:23 PM

In Reply to: VULNERABILITIES / FIXES - January 04, 2013 by Carol~ Moderator

Release Date : 2013-01-04

Criticality level : Less critical
Impact: Spoofing
Where : From remote
Solution Status : Unpatched

Software: nginx 0.x
nginx 1.0.x
nginx 1.1.x
nginx 1.2.x

Description:
A security issue has been reported in nginx, which can be exploited by malicious people to conduct spoofing attacks.

The security issue is caused due to the application not properly verifying the server SSL certificate while using proxy functionality. This can be exploited to e.g. spoof the server via a MitM (Man-in-the-Middle) attack and e.g. disclose potentially sensitive information.

The security issue is reported in version 1.2.6. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
waloeiii.myopenid.com and Daniel Kahn Gillmor

Original Advisory:
http://trac.nginx.org/nginx/ticket/13

http://secunia.com/advisories/51708/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

RPM Package Manager Signature Verification Bypass Security

by Carol~ Moderator - 1/4/13 12:24 PM

In Reply to: VULNERABILITIES / FIXES - January 04, 2013 by Carol~ Moderator

RPM Package Manager Signature Verification Bypass Security Issue

Release Date : 2013-01-04

Criticality level : Less critical
Impact: Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: RPM Package Manager 4.x

Description:
A security issue has been reported in RPM Package Manager, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to the application not properly verifying RPM signatures, which can result in the signature check being bypassed. This can be exploited to e.g. trick a user into installing malicious packages.

The security issue is reported in versions 4.10 and 4.10.1.

Solution:
Update to version 4.10.2.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://rpm.org/wiki/Releases/4.10.2

http://secunia.com/advisories/51706/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close