Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - February 07, 2013

by: Carol~ February 7, 2013 8:04 AM PST

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - February 07, 2013

by Carol~ Moderator - 2/7/13 8:04 AM

WordPress CommentLuv Plugin "_ajax_nonce" Cross-Site Scripting Vulnerability

Release Date : 2013-02-07

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status: Vendor Patch

Software: WordPress CommentLuv Plugin 2.x

Description:
High-Tech Bridge SA has discovered a vulnerability in the CommentLuv plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "_ajax_nonce" POST parameter to wp-admin/admin-ajax.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is been confirmed in version 2.92.3. Prior versions may also be affected.

Solution:
Update to version 2.92.4.

Provided and/or discovered by:
High-Tech Bridge SA.

Original Advisory:
HTB23138:
https://www.htbridge.com/advisory/HTB23138

http://secunia.com/advisories/52092/


Reply
Report offensive post
Email to friend

SUSE update for libupnp

by Carol~ Moderator - 2/7/13 8:19 AM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

Release Date : 2013-02-07

Criticality level : Less critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch

Operating System :
openSUSE 12.1
openSUSE 12.2

Description:
SUSE has issued an update for libupnp. This fixes three vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0255-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html

http://secunia.com/advisories/52124/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

EasyITSP File Disclosure and File Deletion Vulnerabilities

by Carol~ Moderator - 2/7/13 8:19 AM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

Release Date: 2013-02-07

Criticality level: Not critical
Impact : Manipulation of data
Exposure of sensitive information
Where : From remote
Solution Status : Unpatched

Software: EasyITSP 2.x

Description:
Michal Blaszczak has discovered two vulnerabilities in EasyITPS, which can be exploited by malicious users to disclose sensitive information and manipulate certain data.

1) Input passed via the "folder" GET parameter to WEB/customer/voicemail.php is not properly verified before being used to read files. This can be exploited to disclose "txt" files via directory traversal sequences.

2) Input passed via the "delvm" POST parameter to WEB/customer/voicemail.php is not properly verified before being used to delete files. This can be exploited to delete arbitrary "txt", "wav", and "gsm" files with the privileges of the application.

The vulnerabilities are confirmed in version 2.0.7. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Michal Blaszczak.

Original Advisory:
http://blaszczakm.blogspot.com/2013/02/niebezpieczny-system-telekomunikacyjny_4.html

http://secunia.com/advisories/52081/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Cisco ATA 187 Analog Telephone Adaptor Authentication and

by Carol~ Moderator - 2/7/13 8:19 AM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

Cisco ATA 187 Analog Telephone Adaptor Authentication and Authorisation Bypass Vulnerability

Release Date : 2013-02-07

Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch

Operating System: Cisco ATA 180 Series Analog Telephone Adaptors

Description:
A vulnerability has been reported in Cisco ATA 187 Analog Telephone Adaptor, which can be exploited by malicious people to compromise a vulnerable device.

The vulnerability is caused due to an error when handling authentication and command authorisation and can be exploited to bypass authentication and shell command authorisation via telnet request to TCP port 7870 and subsequently execute arbitrary shell commands.

The vulnerability is reported in firmware versions 9.2.1.0 and 9.2.3.1.

Solution:
Update to firmware version 9.2.3.1 ES build 4 or later.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Cisco (CSCtz67038):
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130206-ata187
http://tools.cisco.com/security/center/viewAlert.x?alertId=28010
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtz67038

http://secunia.com/advisories/52060/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Cisco Nexus 7000 Series M1-Series Module Denial of Service

by Carol~ Moderator - 2/7/13 8:19 AM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

Cisco Nexus 7000 Series M1-Series Module Denial of Service Vulnerability

Release Date: 2013-02-07

Criticality level: Less critical
Impact : DoS
Where : From remote
Solution Status : Unpatched

Operating System :
Cisco Nexus 7000 Series Switches
Cisco NX-OS 5.x
Cisco NX-OS 6.x

Description:
A vulnerability has been reported in Cisco Nexus 7000 M1-Series Modules, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling certain packets and can be exploited to cause the module to reload by sending specially crafted packets.

Successful exploitation requires the device to be configured with Overlay Transport Virtualization (OTV), where the physical interface of the connection is over the M1-Series module.

The vulnerability is reported in Cisco Nexus 7000 M1-Series Modules running NX-OS versions 6.1 (0.208)S0 and prior. Please see the vendor's advisory for details.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Cisco (CSCud15673):
http://tools.cisco.com/security/center/viewAlert.x?alertId=28116
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1122
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCud15673

http://secunia.com/advisories/52090/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Buffalo TeraStation Network Attached Storage (NAS) TS-Series

by Carol~ Moderator - 2/7/13 8:19 AM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

Buffalo TeraStation Network Attached Storage (NAS) TS-Series File Download Vulnerability

Release Date: 2013-02-07

Criticality level: Not critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Unpatched

Operating System: Buffalo TeraStation Network Attached Storage (NAS) TS-Series 1.x

Description:
Andrea Fabrizi has reported a vulnerability in Buffalo TeraStation Network Attached Storage (NAS) TS-Series, which can be exploited by malicious people to disclose potentially sensitive information.

Input passed via the "gKey" parameter to cgi-bin/sync.cgi (when "gPage" is set to "information", "gMode" is set to "log", and "gTyp" is set to "save") is not properly verified before being used. This can be exploited to download arbitrary files.

The vulnerability is reported in version 1.57. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Andrea Fabrizi

Original Advisory:
http://www.andreafabrizi.it/?exploits:terastation

http://secunia.com/advisories/52012/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

GnuTLS TLS CBC Ciphersuite Plaintext Recovery Weakness

by Carol~ Moderator - 2/7/13 8:23 AM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

Release Date: 2013-02-07

Criticality level: Not critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software:
GnuTLS 2.x
GnuTLS 3.x

Description:
A weakness has been reported in GnuTLS, which can be exploited by malicious people to disclose certain sensitive information.

The weakness is caused due to the CBC ciphersuite of the Transport Layer Security (TLS) implementation exposing timing differences when verifying the padding checks. This can be exploited to recover parts of the plaintext via a timing attack.

The weakness is reported in versions prior to 3.1.7, 3.0.28, and 2.12.23.

Solution:
Update to version 3.1.7, 3.0.28, or 2.12.23.

Provided and/or discovered by:
Nadhem Alfardan and Kenny Paterson.

Original Advisory:
GNUTLS-SA-2013-1:
http://www.gnutls.org/security.html
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6586

Nadhem Alfardan and Kenny Paterson:
http://www.isg.rhul.ac.uk/tls/

http://secunia.com/advisories/51824/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

CyaSSL TLS CBC Ciphersuite Plaintext Recovery Weakness

by Carol~ Moderator - 2/7/13 8:23 AM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

Release Date: 2013-02-07

Criticality level: Not critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: CyaSSL 2.x

Description:
A weakness has been reported in CyaSSL, which can be exploited by malicious people to disclose certain sensitive information.

The weakness is caused due to the CBC ciphersuite of the Transport Layer Security (TLS) implementation exposing timing differences when verifying the padding checks. This can be exploited to recover parts of the plaintext via a timing attack.

The weakness is reported in versions prior to 2.5.0.

Solution:
Update to version 2.5.0.

Provided and/or discovered by:
Nadhem Alfardan and Kenny Paterson.

Original Advisory:
CyaSSL:
http://www.yassl.com/yaSSL/Docs-cyassl-changelog.html

Nadhem Alfardan and Kenny Paterson:
http://www.isg.rhul.ac.uk/tls/

http://secunia.com/advisories/52028/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

PolarSSL TLS CBC Ciphersuite Plaintext Recovery Weakness

by Carol~ Moderator - 2/7/13 8:23 AM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

Release Date: 2013-02-07

Criticality level: Not critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: PolarSSL 1.x

Description:
A weakness has been reported in PolarSSL, which can be exploited by malicious people to disclose certain sensitive information.

The weakness is caused due to the CBC ciphersuite of the Transport Layer Security (TLS) implementation exposing timing differences when verifying the padding checks. This can be exploited to recover parts of the plaintext via a timing attack.

The weakness is reported in versions prior to 1.2.5.

Solution:
Update to version 1.2.5.

Provided and/or discovered by:
Nadhem Alfardan and Kenny Paterson.

Original Advisory:
PolarSSL:
https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released

Nadhem Alfardan and Kenny Paterson:
http://www.isg.rhul.ac.uk/tls/

http://secunia.com/advisories/52068/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

MatrixSSL TLS CBC Ciphersuite Plaintext Recovery Weakness

by Carol~ Moderator - 2/7/13 8:23 AM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

Release Date: 2013-02-07

Criticality level: Not critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: MatrixSSL 3.x

Description:
A weakness has been reported in MatrixSSL, which can be exploited by malicious people to disclose certain sensitive information.

The weakness is caused due to the CBC ciphersuite of the Transport Layer Security (TLS) implementation exposing timing differences when verifying the padding checks. This can be exploited to recover parts of the plaintext via a timing attack.

The weakness is reported in versions prior to 3.4.1.

Solution:
Update to version 3.4.1.

Provided and/or discovered by:
Nadhem Alfardan and Kenny Paterson.

Original Advisory:
MatrixSSL:
http://www.matrixssl.org/news.html

Nadhem Alfardan and Kenny Paterson:
http://www.isg.rhul.ac.uk/tls/

http://secunia.com/advisories/52126/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Netezza WebAdmin Multiple Vulnerabilities

by Carol~ Moderator - 2/7/13 9:11 AM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

Release Date : 2013-02-07

Criticality level : Less critical
Impact: Cross Site Scripting
Spoofing
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: IBM Netezza 6.x

Description:
A weakness and multiple vulnerabilities have been reported in IBM Netezza, which can be exploited by malicious users to manipulate certain data and conduct script insertion and SQL injection attacks and by malicious people to conduct spoofing attacks.

The weakness and the vulnerabilities are reported in versions 6.0.5 and 6.0.8.

Solution:
Upgrade to version 7.0 and apply patch version 7.0 P2.

Original Advisory:
http://www.ibm.com/support/docview.wss?uid=swg21624568

http://secunia.com/advisories/52125/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Netezza WebAdmin Multiple Vulnerabilities (2)

by Carol~ Moderator - 2/7/13 9:11 AM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

Release Date : 2013-02-07

Criticality level : Less critical
Impact: Cross Site Scripting
Spoofing
Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: IBM Netezza 7.x

Description:
A weakness and multiple vulnerabilities have been reported in IBM Netezza, which can be exploited by malicious users to manipulate certain data and conduct script insertion and SQL injection attacks and by malicious people to conduct spoofing attacks.

1) Certain unspecified input passed is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Certain unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

3) An error when verifying the authenticity of requests can be exploited to manipulate certain data.

4) Certain unspecified input is not properly verified before being used. This can be exploited to display an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

The weakness and the vulnerabilities are reported in version 7.0.

Solution:
Apply patch version 7.0 P2.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.ibm.com/support/docview.wss?uid=swg21624568

http://secunia.com/advisories/52107/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

cURL / libcURL "Curl_sasl_create_digest_md5_message()"

by Carol~ Moderator - 2/7/13 9:20 AM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

cURL / libcURL "Curl_sasl_create_digest_md5_message()" Buffer Overflow Vulnerability

Release Date : 2013-02-07

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: cURL 7.x

Description:
Volema has reported a vulnerability in cURL / libcURL, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the "Curl_sasl_create_digest_md5_message()" function (lib/curl_sasl.c) when negotiating SASL DIGEST-MD5 authentication and can be exploited to cause a stack-based buffer overflow.

Successful exploitation may allow execution of arbitrary code but requires tricking a user into connecting to a malicious server.

The vulnerability is reported in versions 7.26.0 through 7.28.1.

Solution:
Update to version 7.29.0.

Provided and/or discovered by:
Volema

Original Advisory:
cURL:
http://curl.haxx.se/docs/adv_20130206.html

Volema
http://blog.volema.com/curl-rce.html

http://secunia.com/advisories/52103/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft System Center Operations Manager Cross-Site

by Carol~ Moderator - 2/7/13 11:27 AM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

Microsoft System Center Operations Manager Cross-Site Scripting Vulnerabilities

Release Date: 2013-01-08
Last Update : 2013-02-07

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Partial Fix

Software: Microsoft System Center Operations Manager 2007

Description:
Two vulnerabilities have been reported in Microsoft System Center Operations Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.

1) Certain unspecified input passed to the Web Console is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed to the "__CALLBACKPARAM" parameter in InternalPages/ExecuteTask.aspx is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) Input passed via the URL or the "DisplayMode" and "SearchStr" parameters in ResultViews/ViewTypeManager.aspx is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Apply patches.

Provided and/or discovered by:
1) Reported by the vendor.
2, 3) Andy Yang, Stratsec.

Original Advisory:
MS13-003 (KB2783850):
http://technet.microsoft.com/en-us/security/bulletin/ms13-003

Stratsec:
http://www.stratsec.net/Research/Advisories/Microsoft-System-Center-Operations-Manager-(SCOM)-

http://secunia.com/advisories/51686


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Glossword Multiple Vulnerabilities

by Carol~ Moderator - 2/7/13 11:27 AM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

Release Date: 2013-02-07

Criticality level : Highly critical
Impact: Cross Site Scripting
Exposure of sensitive information
System access
Where : From remote
Solution Status : Unpatched

Software: Glossword 1.x

Description:
Multiple vulnerabilities have been discovered in Glossword, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks and disclose certain sensitive data.

1) Input passed via the "a" GET parameter to gw_admin.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

2) The application stores database backups in directories with predictable names, which can be exploited to disclose sensitive data.

3) The application allows the upload of files with arbitrary extensions to a folder inside the web root when uploading avatars. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.

Successful exploitation of this vulnerability requires the permission to edit own profile (not granted by default) or other users' profiles (granted by predefined permission profiles #3 and #4).

The vulnerabilities are confirmed in version 1.8.12. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
AkaStep

Original Advisory:
AkaStep:
http://packetstormsecurity.com/files/120045/Glossword-1.8.12-XSS-CSRF-Shell-Upload-Database-Disclosure.html

http://secunia.com/advisories/52082/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

GNOME Online Accounts SSL Certificate Verification Security

by Carol~ Moderator - 2/7/13 1:47 PM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

GNOME Online Accounts SSL Certificate Verification Security Issue

Release Date : 2013-02-07

Criticality level : Less critical
Impact : Spoofing
Where : From remote
Solution Status : Vendor Patch

Software: GNOME Online Accounts 3.x

Description:
Simon McVittie has reported a security issue in GNOME Online Accounts, which can be exploited by malicious people to conduct spoofing attacks.

The security issue is caused due to the application not properly verifying a server SSL certificate, which can be exploited to e.g. spoof a server via MitM (Man-in-the-Middle) attacks.

The security issue is reported in version 3.4.2 and versions 3.7.x prior to 3.7.5. Other versions may also be affected.

Solution:
Apply updates if available.

Provided and/or discovered by:
Simon McVittie

Original Advisory:
Gnome Online Accounts:
http://git.gnome.org/browse/gnome-online-accounts/tree/NEWS
http://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e

Simon McVittie:
http://seclists.org/oss-sec/2013/q1/239
https://bugzilla.gnome.org/show_bug.cgi?id=693214

http://secunia.com/advisories/51976/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

PostgreSQL "enum_recv()" Denial of Service Vulnerability

by Carol~ Moderator - 2/7/13 1:47 PM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

Release Date : 2013-02-07

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Software:
PostgreSQL 8.x
PostgreSQL 9.x

Description:
Sumit Soni has discovered a vulnerability in PostgreSQL, which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due an input validation error within the "enum_recv()" function (backend/utils/adt/enum.c) and can be exploited to crash the server via a specially crafted SQL query.

The vulnerability is confirmed in version 9.2.2-1 64-bit. Prior versions may also be affected.

Solution:
Update to version 8.3.23, 8.4.16, 9.0.12, 9.1.8, or 9.2.3.

Provided and/or discovered by:
Sumit Soni via Secunia.

http://secunia.com/advisories/51923/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

HP LeftHand Virtual SAN Appliance Software Multiple

by Carol~ Moderator - 2/7/13 2:19 PM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

HP LeftHand Virtual SAN Appliance Software Multiple Vulnerabilities

Release Date : 2013-02-07

Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Unpatched

Software:
HP StorageWorks P4000 Virtual SAN Appliance Software 8.x
HP StorageWorks P4000 Virtual SAN Appliance Software 9.x

Description:
Multiple vulnerabilities have been reported in HP LeftHand Virtual SAN Appliance Software, which can be exploited by malicious people to compromise a vulnerable system.

1) An unspecified error in the hydra component can be exploited to potentially execute arbitrary code.

2) An unspecified error in the hydra component can be exploited to potentially execute arbitrary code.

3) An unspecified error in the hydra component can be exploited to potentially execute arbitrary code.

4) An unspecified error in the hydra component can be exploited to potentially execute arbitrary code.

The vulnerabilities are reported in versions prior to 10.0.

Solution:
Upgrade to version 10.0.

Provided and/or discovered by:
The vendor credits e6af8de8b1d4b2b6d5ba2610cbf9cd38 via ZDI.

Original Advisory:
HPSBST02846 SSRT100798:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03661318

http://secunia.com/advisories/52110/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Lorex LH110 Series Security Bypass Vulnerability

by Carol~ Moderator - 2/7/13 2:19 PM

In Reply to: VULNERABILITIES / FIXES - February 07, 2013 by Carol~ Moderator

Release Date : 2013-02-07

Criticality level : Less critical
Impact : Security Bypass
Where : From local network
Solution Status : Unpatched

Operating System: Lorex LH110 Series

Description:
A vulnerability has been reported in Lorex LH110 Series, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an unspecified error and can be exploited to gain unauthorised access to video recording and device control.

The vulnerability is reported in LH114, LH118, and LH116 manufactured from January 2011 through November 2012.

Solution:
The vendor plans to release a fixed firmware version on 8th Februrary.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.lorextechnology.com/support/alerts/Security+DVRs+upcoming+firmware+update/5000084

http://secunia.com/advisories/52108/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close