Spyware, viruses, & security forum: VULNERABILITIES / FIXES - January 08, 2013

Release Date : 2013-01-08

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: JBoss Enterprise Portal Platform 5.x

Description:
Red Hat has issued an update for JBoss Enterprise Portal Platform. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain input passed to the GateIn Portal component is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Apply update.

Provided and/or discovered by:
The vendor credits Hideharu Ohkuma, Ricoh Company.

Original Advisory:
RHSA-2013:0141-1:
https://rhn.redhat.com/errata/RHSA-2013-0141.html

http://secunia.com/advisories/51775/

Release Date : 2013-01-08

Criticality level : Less critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Operating System : Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Server 5
RHEL Desktop Workstation 5

Description:
Red Hat has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0129-1:
https://rhn.redhat.com/errata/RHSA-2013-0129.html

http://secunia.com/advisories/51723/

Release Date : 2013-01-08

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Operating System: Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Server 5
RHEL Desktop Workstation 5

Description:
Red Hat has issued an update for OpenIPMI. This fixes a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0123-1:
https://rhn.redhat.com/errata/RHSA-2013-0123.html

http://secunia.com/advisories/51744/

Foxit Reader Plugin For Browsers URL Processing Buffer Overflow Vulnerability]

Release Date : 2013-01-08

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: Foxit Reader 5.x
Foxit Reader Plugin 2.x (extension for Firefox)

Description:
Andrea Micalizzi has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the Foxit Reader plugin for browsers (npFoxitReaderPlugin.dll) when processing a URL and can be exploited to cause a stack-based buffer overflow via e.g. an overly long file name in the URL.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 5.4.4.1128 (npFoxitReaderPlugin.dll version 2.2.1.530). Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Andrea Micalizzi (rgod)

Original Advisory:
http://retrogod.altervista.org/9sg_foxit_overflow.htm

http://secunia.com/advisories/51733/

Release Date : 2013-01-08

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System : Red Hat Enterprise Linux Server 5
RHEL Desktop Workstation 5

Description:
Red Hat has issued an update for squirrelmail. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0126-1:
https://rhn.redhat.com/errata/RHSA-2013-0126.html

http://secunia.com/advisories/51730/

Release Date : 2013-01-08

Criticality level : Less critical
Impact : Security Bypass
Where : From local network
Solution Status : Vendor Patch

Operating System: Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Server 5

Description:
Red Hat has issued an update for quota. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0120-1:
https://rhn.redhat.com/errata/RHSA-2013-0120.html

http://secunia.com/advisories/51751/

Release Date : 2013-01-08

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Operating System : Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Server 5
RHEL Desktop Workstation 5

Description:
Red Hat has issued an update for httpd. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0130-1:
https://rhn.redhat.com/errata/RHSA-2013-0130.html

http://secunia.com/advisories/51727/

Release Date : 2013-01-08

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System : Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Server 5
RHEL Desktop Workstation 5

Description:
Red Hat has issued an update for tcl. This fixes two vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service).

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0122-1:
https://rhn.redhat.com/errata/RHSA-2013-0122.html

http://secunia.com/advisories/51743/

Release Date : 2013-01-08

Criticality level : Less critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Operating System:
Red Hat Enterprise Linux Server 5
RHEL Desktop Workstation 5

Description:
Red Hat has issued an update for freeradius2. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.

The security issue is caused due to the "unix" module not verifying the password expiration specified within /etc/shadow, which can be exploited to authenticate by using an expired password.

Successful exploitation requires the "unix" module to be enabled.

Solution:
Updated packages are available via Red Hat Network.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
RHSA-2013:0134-1:
https://rhn.redhat.com/errata/RHSA-2013-0134.html

http://secunia.com/advisories/51729/

Release Date : 2013-01-08

Criticality level : Less critical
Impact : Security Bypass
Manipulation of data
Exposure of sensitive information
Privilege escalation
DoS
System access
Where : From local network
Solution Status : Vendor Patch

Software: Sybase Adaptive Server Enterprise 15.x

Description:
Multiple vulnerabilities have been reported in Sybase Adaptive Server Enterprise, which can be exploited by malicious, local users to disclose certain sensitive information and gain escalated privileges, by malicious users to bypass certain security restrictions and compromise a vulnerable system, and by malicious people to conduct SQL injection attacks, manipulate certain data, and cause a DoS (Denial of Service).

1) An error when creating proxy tables can be exploited to bypass certain security restrictions.

2) An error when creating create tables via the ASE plugin for Sybase Central can be exploited to bypass certain security restrictions.

3) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

4) An unspecified error when handling installation log files can be exploited to gain access to certain sensitive information.

5) An unspecified error can be exploited to cause a stack-based buffer overflow and gain escalated privileges.

6) An unspecified error can be exploited to cause a DoS (Denial of Service).

7) An unspecified error can be exploited to cause a stack-based buffer overflow.

8) An unspecified error can be exploited to corrupt certain server side files.

9) An unspecified error can be exploited to execute arbitrary Java code.

The vulnerabilities are reported in versions 15.0.3 and later.

Solution:
Apply the latest ESDs (please see the vendor's advisory for details).

Provided and/or discovered by:
The vendor credits:
1, 3 - 9) Martin Rakhmanov, Application Security Inc
2) Esteban Martinez Fayo, Application Security Inc

Original Advisory:
http://www.sybase.com/detail?id=1099305

http://secunia.com/advisories/51737/

Release Date : 2013-01-08

Criticality level: Highly critical
Impact : Unknown
Hijacking
Security Bypass
Cross Site Scripting
Spoofing
Manipulation of data
Exposure of system information
Exposure of sensitive information
Privilege escalation
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Gentoo Linux

Description:
Gentoo has issued an update for multiple packages. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious, local users to disclose certain sensitive information, manipulate certain data, and gain escalated privileges and by malicious people to bypass certain security restrictions, manipulate certain data, disclose certain system and sensitive information, hijack a user's session, conduct spoofing, phishing, cross-site scripting, and cross-site request forgery attacks, cause a DoS (Denial of Service), and compromise a user's system.

Solution:
Please see the vendor's advisory for details.

Original Advisory:
GLSA 201301-01:
http://www.gentoo.org/security/en/glsa/glsa-201301-01.xml

http://secunia.com/advisories/51766/

Release Date : 2013-01-08

Criticality level : Highly critical
Impact : Security Bypass
System access
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft .NET Framework 1.x
Microsoft .NET Framework 2.x
Microsoft .NET Framework 3.x
Microsoft .NET Framework 4.x

Description:
Multiple vulnerabilities have been reported in Microsoft .NET Framework, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

1) An error within the System Drawing namespace of Windows Forms when handling pointers can be exploited to bypass CAS (Code Access Security) restrictions and disclose information via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.

2) An error within WinForms when handling certain objects can be exploited to cause a buffer overflow via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.

3) A boundary error within the System.DirectoryServices.Protocols namespace when handling objects can be exploited to cause a buffer overflow via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.

4) A double construction error within the framework does not validate object permissions and can be exploited via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.

Successful exploitation of vulnerabilities #2 - #4 allows execution of arbitrary code.

Solution:
Apply updates.

Provided and/or discovered by:
The vendor credits:
1) Jon Erickson, iSIGHT Partners GVP
2, 3) Vitaliy Toropov via ZDI
4) James Forshaw, Context Information Security

Original Advisory:
MS13-004 (KB2769324, KB2742607, KB2742597, KB2742596, KB2742595, KB2756918, KB2742604, KB2742601, KB2742613, KB2756919, KB2742599, KB2756921, KB2742598, KB2756920, KB2742616, KB2756923, KB2742614):
http://technet.microsoft.com/en-us/security/bulletin/ms13-004

http://secunia.com/advisories/51777/

Microsoft .NET Framework Open Data Protocol "Replace()" Denial of Service Vulnerability

Release Date : 2013-01-08

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System : Microsoft Windows Server 2012

Software: Microsoft .NET Framework 3.x
Microsoft .NET Framework 4.x

Description:
A vulnerability has been reported in Microsoft .NET Framework, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the WCF "Replace()" function when handling Open Data Protocol (OData) data and can be exploited to exhaust system resources.

Solution:
Apply updates.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
MS13-007 (KB2769327, KB2736416, KB2736428, KB2736418, KB2736422, KB2736693, KB2753596):
http://technet.microsoft.com/en-us/security/bulletin/ms13-007

http://secunia.com/advisories/51772/

Microsoft Windows SSLv3/TLS Version Negotiation Downgrade Vulnerability

Release Date : 2013-01-08

Criticality level : Less critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Operating System: Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows RT
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Vista

Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error when handling the SSL/TLS session version negotiation and can be exploited to downgrade the connection to SSLv2 via Man-in-the-Middle (MitM) attacks, potentially leading to the client using a weaker ciphersuite.

Solution:
Apply patches.

Provided and/or discovered by:
The vendor credits Kenichiro Katayama

Original Advisory:
MS13-006 (KB2785220):
https://technet.microsoft.com/en-us/security/bulletin/ms13-006

http://secunia.com/advisories/51724/

Release Date: 2013-01-08

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System : Microsoft Windows 8
Microsoft Windows RT
Microsoft Windows Server 2012

Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system

The vulnerability is caused due to a bundled vulnerable version of Adobe Flash Player within Internet Explorer 10.

Solution:
Apply updates.

Original Advisory:
http://technet.microsoft.com/en-us/security/advisory/2755801
http://support.microsoft.com/kb/2796096

http://secunia.com/advisories/51728/