Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - January 07, 2013

by: Carol~ January 7, 2013 4:27 AM PST

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - January 07, 2013

by Carol~ Moderator - 1/7/13 4:27 AM

Debian update for rails

Release Date: 2013-01-07

Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status: Vendor Patch

Operating System : Debian GNU/Linux 6.0

Description:
Debian has issued an update for rails. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2597-1:
http://www.debian.org/security/2013/dsa-2597

http://secunia.com/advisories/51637/


Reply
Report offensive post
Email to friend

NVIDIA Graphics Drivers for Windows "nvsr" Named Pipe Buffer

by Carol~ Moderator - 1/7/13 4:28 AM

In Reply to: VULNERABILITIES / FIXES - January 07, 2013 by Carol~ Moderator

NVIDIA Graphics Drivers for Windows "nvsr" Named Pipe Buffer Overflow Vulnerability

Release Date : 2013-01-03
Last Update : 2013-01-07

Criticality level: Less critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch

Software: NVIDIA Graphics Drivers for Windows 310.x

Description:
A vulnerability has been reported in NVIDIA Graphics Drivers for Windows, which can be exploited by malicious users to compromise a vulnerable system.

The vulnerability is caused due to a boundary error when processing data received in the "nvsr" named pipe and can be exploited to cause a stack-based buffer overflow via specially crafted requests.

Successful exploitation requires that file sharing is enabled.

The vulnerability is reported in NVIDIA Graphics Drivers for Windows version 310.70. Other versions may also be affected.

Solution:
Update to version 310.90.

Provided and/or discovered by:
Peter Winter-Smith

Original Advisory:
Peter Winter-Smith:
http://packetstormsecurity.com/files/119107/NVidia-Display-Driver-Buffer-Overflow.html

NVIDIA:
http://www.geforce.com/drivers/results/55121

http://secunia.com/advisories/51629


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

concrete5 Unspecified Cross-Site Scripting Vulnerability

by Carol~ Moderator - 1/7/13 5:02 AM

In Reply to: VULNERABILITIES / FIXES - January 07, 2013 by Carol~ Moderator

Release Date : 2013-01-07

Criticality level : Less critical
Impact: Cross Site Scripting
Where : From remote
Solution Status: Partial Fix

Software: concrete5 5.x

Description:
A vulnerability has been reported in concrete5, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions 5.5.1 through 5.5.2.1 of the Japanese version and versions 5.5.0 through 5.6.0.2 of the English version.

Solution:
Update to a fixed version.

Provided and/or discovered by:
JVN credits Yuji Tounai, bogus.jp

Original Advisory:
JVN:
http://jvn.jp/en/jp/JVN65458431/index.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000113.html

http://secunia.com/advisories/51608/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for weechat

by Carol~ Moderator - 1/7/13 5:02 AM

In Reply to: VULNERABILITIES / FIXES - January 07, 2013 by Carol~ Moderator

Release Date : 2013-01-07

Criticality level : Highly critical
Impact: Spoofing
System access
Where : From remote
Solution Status: Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for weechat. This fixes a security issue and a vulnerability, which can be exploited by malicious people to conduct spoofing attacks and potentially compromise a user's system.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2598-1:
http://www.debian.org/security/2013/dsa-2598

http://secunia.com/advisories/51700/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Facebook Camera for iOS Certificate Verification Security

by Carol~ Moderator - 1/7/13 5:07 AM

In Reply to: VULNERABILITIES / FIXES - January 07, 2013 by Carol~ Moderator

Facebook Camera for iOS Certificate Verification Security Issue

Release Date : 2013-01-04
Last Update : 2013-01-07

Criticality level : Less critical
Impact : Spoofing
Where: From remote
Solution Status : Vendor Patch

Software: Facebook Camera for iOS 1.x

Description:
Mohamed Ramadan has reported a security issue in Facebook Camera for iOS, which can be exploited by malicious people to conduct spoofing attacks.

The security issue is caused due to the application not properly verifying the server SSL certificate. This can be exploited to e.g. spoof the server via a MitM (Man-in-the-Middle) attack and e.g. disclose potentially sensitive information.

The security issue is reported in versions prior to 1.1.2.

Solution:
Update to version 1.1.2.

Provided and/or discovered by:
Mohamed Ramadan

Original Advisory:
http://techcrunch.com/2012/12/24/security-loophole-in-facebooks-camera-app-allowed-hackers-to-hijack-accounts-over-wifi/

http://secunia.com/advisories/51699


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Nexpose Security Console Cross-Site Request Forgery

by Carol~ Moderator - 1/7/13 8:11 AM

In Reply to: VULNERABILITIES / FIXES - January 07, 2013 by Carol~ Moderator

Nexpose Security Console Cross-Site Request Forgery Vulnerability

Release Date : 2013-01-07

Criticality level : Less critical
Impact: Cross Site Scripting
Where : From remote
Solution Status: Vendor Patch

Software: Nexpose 5.x

Description:
Robert Gilbert has reported a vulnerability in Nexpose, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests to the Security Console without performing proper validity checks to verify the requests. This can be exploited to e.g. delete a site when a logged-in user visits a specially crafted web page.

The vulnerability is reported in versions prior to 5.5.4.

Solution:
Update to version 5.5.4.

Provided and/or discovered by:
Robert Gilbert, HALOCK Security Labs.

Original Advisory:
Nexpose:
https://community.rapid7.com/docs/DOC-2065#release5

Robert Gilbert:
http://archives.neohapsis.com/archives/bugtraq/2013-01/0014.html

http://secunia.com/advisories/51732/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ProFTPD Race Condition Privilege Escalation Security Issue

by Carol~ Moderator - 1/7/13 8:11 AM

In Reply to: VULNERABILITIES / FIXES - January 07, 2013 by Carol~ Moderator

Release Date : 2013-01-07

Criticality level : Less critical
Impact: Privilege escalation
Where : Local system
Solution Status: Vendor Workaround

Software: ProFTPD 1.3.x

Description:
A security issue has been reported in ProFTPD, which can be exploited by malicious, local users to gain escalated privileges.

The security issue is caused due to a race condition when handling the MKD and XMKD FTP commands, which can be exploited to gain escalated privileges by e.g. overwriting arbitrary file via symlink attacks.

Successful exploitation requires UserOwner directive.

The security issue is reported in version 1.3.3. Other versions may also be affected.

Solution:
Apply patch

Provided and/or discovered by:
The vendor credits Jann Horn.

Original Advisory:
http://bugs.proftpd.org/show_bug.cgi?id=3841

http://secunia.com/advisories/51761/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Symantec PGP Whole Disk Encryption 0x80022058 IOCTL Handling

by Carol~ Moderator - 1/7/13 8:29 AM

In Reply to: VULNERABILITIES / FIXES - January 07, 2013 by Carol~ Moderator

Symantec PGP Whole Disk Encryption 0x80022058 IOCTL Handling Privilege Escalation Vulnerability

Release Date : 2013-01-07

Criticality level : Less critical
Impact: Privilege escalation
Where : Local system
Solution Status: Unpatched

Software: Symantec PGP Whole Disk Encryption 10.x

Description:
Nikita Tarakanov has reported a vulnerability in Symantec PGP Whole Disk Encryption, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an error in the pgpwded.sys driver when processing the 0x80022058 IOCTL and can be exploited to overwrite arbitrary kernel memory.

Successful exploitation may allow execution of arbitrary code with escalated privileges.

The vulnerability is reported in version 10.2.0 Build 2599 running on Windows XP and Windows Server 2003. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Nikita Tarakanov

Original Advisory:
Symantec:
http://www.symantec.com/connect/blogs/pgp-whole-disk-encryption-zero-day-vulnerability

Nikita Tarakanov:
http://pastebin.com/pEBSjsmC
http://pastebin.com/s3gzFicw

http://secunia.com/advisories/51762/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Jenkins Cryptographic Key Disclosure Vulnerability

by Carol~ Moderator - 1/7/13 8:30 AM

In Reply to: VULNERABILITIES / FIXES - January 07, 2013 by Carol~ Moderator

Release Date : 2013-01-07

Criticality level : Moderately critical
Impact Exposure of system information
Where : From remote
Solution Status : Vendor Patch

Software: Jenkins 1.x

Description:
A vulnerability has been reported in Jenkins, which can be exploited my malicious people to disclose certain sensitive information.

The vulnerability is caused due to an unspecified error, which can be exploited to gain access to the master cryptographic key and execute arbitrary code or impersonate arbitrary users.

The vulnerability is reported in versions prior to 1.497 and 1.480.2.

Solution:
Update to versions 1.497 or 1.480.2.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
http://jenkins-ci.org/changelog

http://secunia.com/advisories/51712/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

TomatoCart Cross-Site Scripting and Arbitrary PHP Code

by Carol~ Moderator - 1/7/13 8:32 AM

In Reply to: VULNERABILITIES / FIXES - January 07, 2013 by Carol~ Moderator

TomatoCart Cross-Site Scripting and Arbitrary PHP Code Execution Vulnerabilities

Release Date : 2013-01-07

Criticality level : Moderately critical
Impact Cross Site Scripting
System access
Where : From remote
Solution Status : Unpatched

Software: TomatoCart 1.x

Description:
Two vulnerabilities have been discovered in TomatoCart, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.

1) The vulnerability is caused due to a bundled version of Piwik.

2) An error exists due to the admin/json.php script (when "action" is set to "save_file") allowing to create files in a folder inside the webroot. This can be exploited to execute e.g. arbitrary PHP code by creating a malicious PHP script.

Successful exploitation of this vulnerability requires access to the admin section.

The vulnerabilities are confirmed in version 1.1.8.1. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
2) Aung Khant, YGN Ethical Hacker Group.

Original Advisory:
Aung Khant:
http://bl0g.yehg.net/2013/01/tomatocart-1x-vulnerable-piwik-extension.html
http://yehg.net/lab/pr0js/advisories/%5Btomatocart1.x%5D_arbitrary_file_creation

http://secunia.com/advisories/51621/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Perl Locale::Maketext Two Code Injection Vulnerabilities

by Carol~ Moderator - 1/7/13 9:14 AM

In Reply to: VULNERABILITIES / FIXES - January 07, 2013 by Carol~ Moderator

Release Date : 2013-01-07

Criticality level : Moderately critical
Impact System access
Where : From remote
Solution Status : Vendor Workaround

Software: Perl 5.x

Description:
Two vulnerabilities have been reported in Perl, which can be exploited by malicious users to compromise an application using the module.

The vulnerabilities are caused due to a two vulnerabilities in the included Locale::Maketext module.

Solution:
Fixed in the GIT repository.

Original Advisory:
https://bugzilla.redhat.com/show_bug.cgi?id=884354

http://secunia.com/advisories/51741/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Havalite "comment" Script Insertion Vulnerability

by Carol~ Moderator - 1/7/13 9:39 AM

In Reply to: VULNERABILITIES / FIXES - January 07, 2013 by Carol~ Moderator

Release Date : 2013-01-07

Criticality level : Moderately critical
Impact Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Havalite 1.x

Description:
Henri Salo has discovered a vulnerability in Havalite, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via the "comment" parameter to index.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

The vulnerability is confirmed in version 1.1.7. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Henri Salo

Original Advisory:
http://www.openwall.com/lists/oss-security/2013/01/06/2

http://secunia.com/advisories/51722/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

MyBB Profile Wii Friend Code Plugin Cross-Site Scripting

by Carol~ Moderator - 1/7/13 9:46 AM

In Reply to: VULNERABILITIES / FIXES - January 07, 2013 by Carol~ Moderator

MyBB Profile Wii Friend Code Plugin Cross-Site Scripting and SQL Injection Vulnerabilities

Release Date : 2013-01-07

Criticality level : Moderately critical
Impact Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: Profile Wii Friend Code 1.x (plugin for MyBB)

Description:
Two vulnerabilities have been discovered in the Profile Wii Friend Code plugin for MyBB, which can be exploited by malicious users to conduct cross-site scripting and SQL injection attacks.

1) Input passed via the "wfc" parameter to usercp.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

2) Input passed via the "wfc" parameter to usercp.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are confirmed in version 1.0. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Ichi

Original Advisory:
http://www.exploit-db.com/exploits/23888/

http://secunia.com/advisories/51747/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close