Spyware, viruses, & security forum: VULNERABILITIES / FIXES - January 28, 2013

ISC BIND AAAA Record Lookup Handling Assertion Failure Vulnerability

Release Date : 2013-01-28

Criticality level : Moderately critical
Impact: DoS
Where : From remote
Solution Status: Vendor Workaround

Software:
ISC BIND 9.8.x
ISC BIND 9.9.x

Description:
A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when remapping A records into AAAA records while handling AAAA record lookups for an A record rewrite rule in a Response Policy Zone (RPZ). This can be exploited to trigger an assertion failure and terminate the named process.

Successful exploitation requires that both DNS64 and Response Policy Zones are configured and that A rewrite rules are maintained but not AAAA rewrite rules.

The vulnerability is reported in versions 9.8.0 through 9.8.4-P1 and 9.9.0 through 9.9.2-P1.

Solution:
As a workaround ensure that the RPZ contains a AAAA rewrite rule for every A rewrite rule. The vulnerability will be fixed in a beta version scheduled to be released on January 24, 2013.

Provided and/or discovered by:
The vendor credits Pories Ediansyah, Institut Teknologi Bandung.

Original Advisory:
http://www.isc.org/software/bind/advisories/cve-2012-5689
https://kb.isc.org/article/AA-00855

http://secunia.com/advisories/51969/

Release Date : 2013-01-28

Criticality level : Less critical
Impact: Manipulation of data
Where : From remote
Solution Status: Vendor Patch

Software: ImageCMS 4.x

Description:
High-Tech Bridge SA has discovered a vulnerability in ImageCMS, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed via the "q" parameter to admin/admin_search is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires the "access control panel" and "find pages in the control panel" permissions.

The vulnerability is confirmed in version 4.0.0. Other versions may also be affected.

Solution:
Update to version 4.2.

Provided and/or discovered by:
High-Tech Bridge SA

Original Advisory:
ImageCMS (Russian):
http://www.imagecms.net/blog/news/reliz-imagecms-42-razgranichenie-prav-dostupa-i-drugie-novinki

HTB23132:
https://www.htbridge.com/advisory/HTB23132

http://secunia.com/advisories/51913/

Cisco WebEx Social Information Disclosure and Cross-Site Scripting Vulnerabilities

Release Date : 2013-01-28

Criticality level : Less critical
Impact: Exposure of sensitive information
Cross Site Scripting
Where: From remote
Solution Status : Unpatched

Operating System : Cisco WebEx Social (formerly Cisco Quad)

Description:
Two vulnerabilities have been reported in Cisco WebEx Social, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks.

1) An error within the search functionality can be exploited to access certain local files via specially crafted parameters.

2) Certain input passed via Rich Site Summary (RSS) service links is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6397
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1107

http://secunia.com/advisories/51996/

WordPress WP e-Commerce Plugin "cart_messages[]" Cross-Site Scripting Vulnerability

Release Date : 2011-08-04
Last Update : 2013-01-28

Criticality level : Less critical
Impact: Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress WP e-Commerce Plugin 3.x

Description:
High-Tech Bridge SA has discovered a vulnerability in the WP e-Commerce plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "cart_messages[]" parameter in wp-content/plugins/wp-e-commerce/wpsc-theme/wpsc-cart_widget.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is confirmed in version 3.8.6. Other versions may also be affected.

Solution:
Update to version 3.8.8.

Provided and/or discovered by:
High-Tech Bridge SA.

http://secunia.com/advisories/45513