Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - January 25, 2013

by: Carol~ January 25, 2013 7:59 AM PST

Like this

1 person likes this thread

Staff pick

VULNERABILITIES / FIXES - January 25, 2013

by Carol~ Moderator - 1/25/13 7:59 AM

Debian update for ircd-ratbox

Release Date: 2013-01-25

Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for ircd-ratbox. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2612-1:
http://www.debian.org/security/2013/dsa-2612

http://secunia.com/advisories/51802/


Reply
Report offensive post
Email to friend

ISC BIND AAAA Record Lookup Handling Assertion Failure

by Carol~ Moderator - 1/25/13 8:05 AM

In Reply to: VULNERABILITIES / FIXES - January 25, 2013 by Carol~ Moderator

ISC BIND AAAA Record Lookup Handling Assertion Failure Vulnerability

Release Date: 2013-01-25

Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Workaround

Software:
ISC BIND 9.8.x
ISC BIND 9.9.x

Description:
A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when remapping A records into AAAA records while handling AAAA record lookups for an A record rewrite rule in a Response Policy Zone (RPZ). This can be exploited to trigger an assertion failure and terminate the named process.

Successful exploitation requires that both DNS64 and Response Policy Zones are configured and that A rewrite rules are maintained but not AAAA rewrite rules.

The vulnerability is reported in versions 9.8.0 through 9.8.4-P1 and 9.9.0 through 9.9.2-P1.

Solution:
As a workaround ensure that the RPZ contains a AAAA rewrite rule for every A rewrite rule. The vulnerability will be fixed in a beta version scheduled to be released on January 24, 2013.

Provided and/or discovered by:
The vendor credits Pories Ediansyah, Institut Teknologi Bandung.

Original Advisory:
http://www.isc.org/software/bind/advisories/cve-2012-5689
https://kb.isc.org/article/AA-00855

http://secunia.com/advisories/51969/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

iTop Two Cross-Site Scripting Vulnerabilities

by Carol~ Moderator - 1/25/13 8:05 AM

In Reply to: VULNERABILITIES / FIXES - January 25, 2013 by Carol~ Moderator

Release Date: 2013-01-25

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Workaround

Software:
iTop 1.x
iTop 2.x

Description:
Compass Security has discovered two vulnerabilities in iTop, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "text" GET parameter to /pages/UI.php (when "operation" is set to "full_text") and the "expression" GET parameter to /pages/run_query.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session context of an affected site.

The vulnerabilities are confirmed in versions 1.2.1 and 2.0. Other versions may also be affected.

Solution:
Fixed in the SVN repository.

Provided and/or discovered by:
Stephan Rickauer, Compass Security

Original Advisory:
Compass Security:
http://archives.neohapsis.com/archives/fulldisclosure/2013-01/0208.html

http://secunia.com/advisories/51702/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Perforce Web Client (P4Web) Multiple Cross-Site Scripting

by Carol~ Moderator - 1/25/13 8:05 AM

In Reply to: VULNERABILITIES / FIXES - January 25, 2013 by Carol~ Moderator

Perforce Web Client (P4Web) Multiple Cross-Site Scripting Vulnerabilities

Release Date: 2013-01-25

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Perforce Web Client (P4Web)

Description:
Multiple vulnerabilities have been discovered in Perforce Web Client (P4Web), which can be exploited by malicious people to conduct cross-site scripting attacks.

1) Input passed via multiple GET parameters to various web interface sections (when "ac" is set to the respective section) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

List of affected scripts and parameters:
http://[host]/@&cl
http://[host]/@&cnm&cdu&cow&cda&cho
http://[host]/@&unm&udu&uda
http://[host]/@&pat
http://[host]/@&bnm&bow&bdu&bda
http://[host]/@&lnm&low&ldu&lda
http://[host]/@&ft
http://[host]/@&pat&sr&u&cl

2) Input appended to the URL after e.g. http://[host]/@@ (when "ac" is set to a valid section) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are confirmed in version 2011.1. Other versions may also be affected.

Solution:
Update to version 2012.1 or later.

Provided and/or discovered by:
Christy Philip Mathew, Offcon Info Security

Original Advisory:
http://packetstormsecurity.com/files/119737/Perforce-P4web-2011-2012-Web-Client-Cross-Site-Scripting.html

http://secunia.com/advisories/51924/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM InfoSphere BigInsights Java Two Vulnerabilities

by Carol~ Moderator - 1/25/13 8:05 AM

In Reply to: VULNERABILITIES / FIXES - January 25, 2013 by Carol~ Moderator

Release Date : 2013-01-25

Criticality level : Less critical
Impact : Exposure of sensitive information
DoS
Where: From local network
Solution Status: Unpatched

Software: IBM InfoSphere BigInsights 1.x

Description:
IBM has acknowledged two vulnerabilities in IBM InfoSphere BigInsights, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service).

The application bundles a vulnerable version of Java.

The vulnerabilities are reported in versions 1.1 through 1.4.

Solution:
Upgrade to version 2.0.

Original Advisory:
http://www.ibm.com/support/docview.wss?uid=swg21623161
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_vulnerabilities_in_infosphere_biginsights_due_to_vulnerabilities_in_ibm_java_jdk_version_6_cve_2012_1717_cve_2012_171813?lang=en_us

http://secunia.com/advisories/51914/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

F5 Products "defaultQuery" SQL Injection Vulnerability

by Carol~ Moderator - 1/25/13 9:06 AM

In Reply to: VULNERABILITIES / FIXES - January 25, 2013 by Carol~ Moderator

Release Date: 2013-01-25

Criticality level : Less critical
Impact : Manipulation of data
Where : From local network
Solution Status : Vendor Patch

Operating System : F5 TMOS 11.x

Description:
SEC Consult has reported a vulnerability in F5 Products, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed via the "defaultQuery" POST parameter to /sam/admin/reports/php/saveSettings.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in the following products:
* BIG-IP LTM version 11.x
* BIG-IP GTM version 11.x
* BIG-IP ASM version 11.x
* BIG-IP Link Controller version 11.x
* BIG-IP PSM version 11.x
* BIG-IP APM version 11.x
* BIG-IP Edge Gateway version 11.x
* BIG-IP Analytics version 11.x

Solution:
Update to a fixed version (Please see vendor's advisory for details).

Provided and/or discovered by:
Stefan Viehbock, SEC Consult.

Original Advisory:
sol14154:
http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14154.html

SEC Consult:
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-1_F5_BIG-IP_SQL_Injection_v10.txt

http://secunia.com/advisories/51867/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Multiple Vulnerabilities

by Carol~ Moderator - 1/25/13 9:09 AM

In Reply to: VULNERABILITIES / FIXES - January 25, 2013 by Carol~ Moderator

Release Date : 2013-01-25

Criticality level : Moderately critical
Impact : Cross Site Scripting
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: WordPress 3.x

Description:
Multiple vulnerabilities have been reported in Wordpress, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks and disclose sensitive data.

1) Certain unspecified input related to shortcodes and post content is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Certain unspecified input related to Plupload is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) Input passed via the "sourceUri" parameter to the "pingback.ping" XMLRPC API method is not properly sanitised before being used. This can be exploited to e.g. disclose sensitive data.

The vulnerabilities are reported in versions prior to 3.5.1.

Solution:
Update to version 3.5.1.

Provided and/or discovered by:
The vendor credits:
1) Jon Cave, WordPress security team.
2) Moxiecode.
3) Gennady Kovshenin and Ryan Dewhurst.

Original Advisory:
WordPress:
http://wordpress.org/news/2013/01/wordpress-3-5-1/

http://secunia.com/advisories/51967/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

F5 Products XML Entity References Information Disclosure

by Carol~ Moderator - 1/25/13 9:23 AM

In Reply to: VULNERABILITIES / FIXES - January 25, 2013 by Carol~ Moderator

F5 Products XML Entity References Information Disclosure Vulnerability

Release Date: 2013-01-25

Criticality level : Less critical
Impact : Exposure of sensitive information
Where : From local network
Solution Status : Vendor Patch

Operating System :
F5 TMOS 10.x
F5 TMOS 11.x

Description:
SEC Consult has reported a vulnerability in F5 Products, which can be exploited by malicious users to disclose certain sensitive information.

The vulnerability is caused due to an error in the web interface XML parser when validating XML requests and can be exploited to e.g. disclose local files.

The vulnerability is reported in the following products:
* BIG-IP LTM versions 10.x and 11.x
* BIG-IP GTM versions 10.x and 11.x
* BIG-IP ASM versions 10.x and 11.x
* BIG-IP Link Controller versions 10.x and 11.x
* BIG-IP WebAccelerator versions 10.x and 11.x
* BIG-IP PSM versions 10.x and 11.x
* BIG-IP WOM versions 10.x and 11.x
* BIG-IP APM versions 10.x and 11.x
* BIG-IP Edge Gateway versions 10.x and 11.x
* BIG-IP Analytics version 11.x

Solution:
Update to a fixed version (Please see vendor's advisory for details).

Provided and/or discovered by:
Stefan Viehbock, SEC Consult.

Original Advisory:
sol14138:
http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html

SEC Consult:
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-0_F5_BIG-IP_XML_External_Entity_Injection_v10.txt

http://secunia.com/advisories/51986/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for JBoss Enterprise Application Platform

by Carol~ Moderator - 1/25/13 10:36 AM

In Reply to: VULNERABILITIES / FIXES - January 25, 2013 by Carol~ Moderator

Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform

Release Date : 2013-01-25

Criticality level : Moderately critical
Impact : Security Bypass
Cross Site Scripting
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: JBoss Enterprise Application Platform 5.x
JBoss Enterprise Web Platform 5.x

Description:
Red Hat has issued an update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, by malicious users to bypass certain security restrictions, and by malicious people to conduct cross-site scripting and request forgery attacks and bypass certain security restrictions.

1) Certain input related to operation invocations passed to the JMX console is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) An error within the "SecurityAssociation.getCredential()" function when handling a request without a SecurityContext to a secured back-end resource can be exploited to authenticate as the previously authenticated user.

3) An error in the JMX Invoker due to the AuthorizationInterceptor not properly verifying permissions can be exploited to perform otherwise restricted JMX operations.

Solution:
Updated packages are available via Red Hat Network.

Provided and/or discovered by:
The vendor credits:
1) Tyler Krpata
2) Carlo de Wolf, Red Hat
3) Derek Horton, Red Hat

Original Advisory:
RHSA-2013:0191-1:
https://rhn.redhat.com/errata/RHSA-2013-0191.html

RHSA-2013:0192-1:
https://rhn.redhat.com/errata/RHSA-2013-0192.html

RHSA-2013:0193-1:
https://rhn.redhat.com/errata/RHSA-2013-0193.html

RHSA-2013:0194-1:
https://rhn.redhat.com/errata/RHSA-2013-0194.html

RHSA-2013:0195-1:
https://rhn.redhat.com/errata/RHSA-2013-0195.html

RHSA-2013:0196-1:
https://rhn.redhat.com/errata/RHSA-2013-0196.html

RHSA-2013:0197-1:
https://rhn.redhat.com/errata/RHSA-2013-0197.html

RHSA-2013:0198-1:
https://rhn.redhat.com/errata/RHSA-2013-0198.html

http://secunia.com/advisories/51984/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for WebYaST and SUSE Studio Standard Edition

by Carol~ Moderator - 1/25/13 10:38 AM

In Reply to: VULNERABILITIES / FIXES - January 25, 2013 by Carol~ Moderator

Release Date: 2013-01-25

Criticality level : Less critical
Impact : Manipulation of data
Where : From local network
Solution Status : Vendor Patch

Software:
SUSE Studio Standard Edition 1.x
WebYaST 1.x

Description:
SUSE has issued an update for WebYaST and SUSE Studio Standard Edition. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data.

The vulnerability is caused due to an error when handling the /host configuration path and can be exploited to modify the host list used for back-end connection and subsequently disclose values sent by WebYaST via a malicious website.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
SUSE-SU-2013:0053-1:
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00008.html

http://secunia.com/advisories/51947/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

django CMS page_attribute Template Tag Script Insertion

by Carol~ Moderator - 1/25/13 10:40 AM

In Reply to: VULNERABILITIES / FIXES - January 25, 2013 by Carol~ Moderator

django CMS page_attribute Template Tag Script Insertion Vulnerability

Release Date: 2013-01-25

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: django CMS 2.x

Description:
A vulnerability has been reported in django CMS, which can be exploited by malicious users to conduct script insertion attacks.

Input passed via the page_attribute template tag is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

Successful exploitation requires the permission to edit at least one django CMS page object.

The vulnerability is reported in versions prior to 2.3.5.

Solution:
Update to version 2.3.5.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
https://www.django-cms.org/en/blog/2012/12/04/2-3-5-security-release/

http://secunia.com/advisories/51953/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close