Spyware, viruses, & security forum: VULNERABILITIES / FIXES - January 11, 2013

Release Date: 2013-01-11

Criticality level : Highly critical
Impact : Unknown
Security Bypass
System access
Where: From remote
Solution Status : Unpatched

Software: Google Chrome 23.x

Description:
Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

1) A buffer overflow vulnerability exists in the bundled version of Adobe Flash Player.

2) A use-after-free error exists when handling SVG layouts.

3) An error when handling URLs can be exploited to bypass the same origin policy.

4) A use-after-free error exists when handling certain DOM objects.

5) An unspecified error exists when handling certain filenames.

6) An integer overflow error exists when handling audio IPC.

7) A use-after-free error exists when seeking video.

8) An integer overflow error exists when handling JavaScript in PDF files.

9) An out-of-bounds read error exists when seeking video.

10) An out-of-bounds stack access error exists in v8.

11) An integer overflow error exists in shared memory allocation.

NOTE: This vulnerability affects Windows only.

12) An unspecified error can be exploited to bypass the sandbox for worker processes.

NOTE: This security issue affects Mac only.

13) A use-after-free error exists when handling certain fields in PDF files.

14) Some out-of-bounds read errors exist when handling images in PDF files.

15) A bad cast error exists in PDF root handling.

16) An unspecified error can be exploited to corrupt database metadata and access certain files.

17) A use-after-free error exists when printing.

18) An out-of-bounds read error exists when printing.

19) An out-of-bounds read error exists when handling glyph.

20) An unspecified error exists within v8 garbage collection.

21) An unspecified error exists within extension tab handling.

The vulnerabilities are reported in versions prior to 24.0.1312.52.

Solution:
Upgrade to version 24.0.1312.52.

Provided and/or discovered by:
The vendor credits:
2) Atte Kettunen, OUSPG
3) Erling A Ellingsen and Subodh Iyengar, Facebook
4) Jose A. Vazquez
5) Justin Schuh, Google Chrome Security Team
6, 11) Chris Evans, Google Chrome Security Team
7, 9) Inferno, Google Chrome Security Team
8, 13, 14, 15) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
10) Andreas Rossberg, Chromium development community
12) Julien Tinnes, Google Chrome Security Team
16) Juri Aedla, Google Chrome Security Team
17, 18, 19, 20) Cris Neckar, Google Chrome Security Team
21) Tom Nielsen

Original Advisory:
http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html

http://secunia.com/advisories/51825/

Release Date : 2013-01-11

Criticality level : Less critical
Impact : Cross Site Scripting
Where: From remote
Solution Status : Vendor Patch

Software: Quick.Cart 6.x

Description:
High-Tech Bridge SA has reported a vulnerability in Quick.Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input appended to the URL after admin.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in Quick.Cart version 6.0. Prior versions may also be affected.

Solution:
The vendor has released an updated 6.0 version.

Provided and/or discovered by:
High-Tech Bridge SA

Original Advisory:
HTB23135:
https://www.htbridge.com/advisory/HTB23135

http://secunia.com/advisories/51813/

Release Date: 2013-01-11

Criticality level : Highly critical
Impact: Cross Site Scripting
Manipulation of data
DoS
System access
Where: From remote
Solution Status : Vendor Patch

Software: Red Hat Subscription Asset Manager 1.x

Description:
Red Hat has issued an update for Ruby on Rails. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0154-1:
https://rhn.redhat.com/errata/RHSA-2013-0154.html

http://secunia.com/advisories/51795/

TYPO3 Static Methods since 2007 Extension Cross-Site Scripting Vulnerability

Release Date : 2013-01-11

Criticality level : Less critical
Impact : Cross Site Scripting
Where: From remote
Solution Status : Vendor Patch

Software: Static Methods since 2007 (div2007) Extension for TYPO3 0.x

Description:
A vulnerability has been reported in the Static Methods since 2007 extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions 0.10.1 and prior.

Solution:
Update to version 0.10.2 or later.

Provided and/or discovered by:
The vendor credits Dimitri Konig.

Original Advisory:
TYPO3-EXT-SA-2013-001:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-001/

http://secunia.com/advisories/51836/

TYPO3 T3 jQuery Extension "unserialize()" Arbitrary PHP Code Execution Vulnerability

Release Date : 2013-01-11

Criticality level : Highly critical
Impact : System access
Where: From remote
Solution Status : Vendor Patch

Software: T3 jQuery (t3jquery) Extension for TYPO3 2.x

Description:
A vulnerability has been reported in T3 jQuery extension for TYPO3, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the extension using "unserialize()" with user controlled input and can be exploited to potentially execute arbitrary PHP code.

The vulnerability is reported in versions 2.2.0 and prior.

Solution:
Update to version 2.2.1 or later.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
TYPO3-EXT-SA-2013-001:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-001/

http://secunia.com/advisories/51835/

DotNetNuke Information Disclosure and Denial of Service Vulnerabilities

Release Date : 2013-01-11

Criticality level : Moderately critical
Impact : Exposure of sensitive information
DoS
Where: From remote
Solution Status : Vendor Patch

Software: DotNetNuke 6.x
DotNetNuke 7.x

Description:
Two vulnerabilities have been reported in DotNetNuke, which can be exploited by malicious users to disclose potentially sensitive information and potentially cause a DoS (Denial of Service).

1) The application allows the creation of user profile images with arbitrary width and height. This can potentially be exploited to exhaust the disk space.

This vulnerability is reported in versions 6.2.1 through 6.2.5 and version 7.0.0.

2) Certain unspecified input passed to the MemberDirectory module is not properly sanitised before being used. This can be exploited to disclose potentially sensitive information.

Successful exploitation requires that the MemberDirectory module is enabled (disabled by default).

This vulnerability is reported in versions prior to 6.2.6 and version 7.0.0.

Solution:
Update to version 6.2.6 or 7.0.1.

Provided and/or discovered by:
The vendor credits:
1) Rutger Buijzen, DotControl
2) Ben Zhong

Original Advisory:
DNN 2013-1-L:
http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.74.aspx

DNN 2013-2-C:
http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.75.aspx

http://secunia.com/advisories/51839/

Citrix CloudPlatform Log File Multiple Information Disclosure Weaknesses

Release Date : 2013-01-11

Criticality level: Not critical
Impact : Exposure of sensitive information
Where : Local system
Solution Status : Vendor Workaround

Software: Citrix CloudPlatform 2.x
Citrix CloudPlatform 3.x

Description:
Multiple weaknesses has been reported in Citrix CloudPlatform, which can be exploited by malicious, local users to disclose sensitive information.

The weaknesses are reported in versions prior to 3.0.5.

Solution:
As a workaround set the log threshold to "WARN" or higher.

Original Advisory:
Citrix:
http://support.citrix.com/article/CTX136163

http://secunia.com/advisories/51827/

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Security Alert for CVE-2013-0422.

In addition, the following change has been made:

Area: deploy
Synopsis: Default Security Level Setting Changed to High
The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation.

Full details:
http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html

Updates for JDK and JRE available here:
http://www.oracle.com/technetwork/java/javase/downloads/index.html