Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - February 08, 2013

by: Carol~ February 8, 2013 8:18 AM PST

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - February 08, 2013

by Carol~ Moderator - 2/8/13 8:18 AM

Microsoft Windows Flash Player Two Vulnerabilities

Release Date : 2013-02-08

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System : Microsoft Windows 8
Microsoft Windows RT
Microsoft Windows Server 2012

Description:
Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to a bundled vulnerable version of Adobe Flash Player within Internet Explorer 10.

Solution:
Apply updates.

Original Advisory:
Microsoft (KB2811522):
http://technet.microsoft.com/en-us/security/advisory/2755801
http://support.microsoft.com/kb/2811522

http://secunia.com/advisories/52117/


Reply
Report offensive post
Email to friend

Adobe Flash Player Two Vulnerabilities

by Carol~ Moderator - 2/8/13 8:19 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

Release Date : 2013-02-08

Criticality level : Extremely critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Adobe Flash Player 11.x

Description:
Two vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.

1) An unspecified error can be exploited to cause a buffer overflow.

NOTE: This vulnerability is currently being actively exploited in targeted attacks against the Windows version.

2) An unspecified error can be exploited to corrupt memory.

NOTE: This vulnerability is currently being actively exploited in targeted attacks against the Macintosh and Windows versions.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

The vulnerabilities are reported in the following versions:
* Adobe Flash Player versions 11.5.502.146 and earlier for Windows and Macintosh
* Adobe Flash Player versions 11.2.202.261 and earlier for Linux
* Adobe Flash Player versions 11.1.115.36 and earlier for Android 4.x
* Adobe Flash Player versions 11.1.111.31 and earlier for Android 3.x
* Adobe Flash Player versions 11.5.31.137 and earlier for Chrome users
* Adobe Flash Player versions 11.3.378.5 and earlier for Internet Explorer 10 users on Windows 8

Solution:
Update to a fixed version.

Provided and/or discovered by:
1, 2) Reported as 0-day.

Original Advisory:
http://www.adobe.com/support/security/bulletins/apsb13-04.html
http://blogs.adobe.com/psirt/2013/02/security-updates-available-for-adobe-flash-player-apsb13-04.html

http://secunia.com/advisories/52116/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

FreeBSD ftpd GLOB_LIMIT Resource Exhaustion Denial

by Carol~ Moderator - 2/8/13 8:24 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

FreeBSD ftpd GLOB_LIMIT Resource Exhaustion Denial of Service

Release Date : 2013-02-08

Criticality level : Not critical
Impact : DoS
Where : From remote
Solution Status : Unpatched

Operating System : FreeBSD 9.x

Description:
Maksymilian Arciemowicz has discovered a weakness in FreeBSD, which can be exploited by malicious users to cause a DoS (Denial of Service).

The weakness is caused due to an insufficient GLOB_LIMIT implementation in the ftpd daemon, which can be exploited to exhaust memory or cause a high CPU load via specially crafted patterns in commands passed to the ftpd server.

The weakness is confirmed in version 9.1-RELEASE. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Maksymilian Arciemowicz

Original Advisory:
http://cxsecurity.com/issue/WLB-2013020003

http://secunia.com/advisories/52025/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for ircd-hybrid

by Carol~ Moderator - 2/8/13 8:24 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

Release Date : 2013-02-08

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Software: Debian GNU/Linux 6.0

Description:
Debian has issued an update for ircd-hybrid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2618-1:
http://www.debian.org/security/2013/dsa-2618

http://secunia.com/advisories/52106/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Audio Player Plugin "playerID" Cross-Site

by Carol~ Moderator - 2/8/13 8:24 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

WordPress Audio Player Plugin "playerID" Cross-Site Scripting Vulnerability

Release Date : 2013-02-08

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Audio Player Plugin 2.x

Description:
A vulnerability has been discovered in the Audio Player plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "playerID" parameter to wp-content/plugins/audio-player/assets/player.swf is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

The vulnerability is confirmed in versions 2.0.4.5. Prior versions may also be affected.

Solution:
Update to version 2.0.4.6.

Provided and/or discovered by:
hip

Original Advisory:
Audio Player:
http://wordpress.org/extend/plugins/audio-player/changelog/

hip:
http://packetstormsecurity.com/files/120129/WordPress-Audio-Player-SWF-Cross-Site-Scripting.html

http://secunia.com/advisories/52083/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for xen

by Carol~ Moderator - 2/8/13 8:24 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

Release Date : 2013-02-08

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Operating System :
Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Server 5

Description:
Red Hat has issued an update for xen. This fixes a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0241-1:
https://rhn.redhat.com/errata/RHSA-2013-0241.html

http://secunia.com/advisories/52118/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

VMware Multiple Products VMCI Privilege Escalation

by Carol~ Moderator - 2/8/13 8:24 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

VMware Multiple Products VMCI Privilege Escalation Vulnerability

Release Date : 2013-02-08

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Operating System :
VMware ESX Server 4.x
VMware ESX Server 5.x
VMware ESXi 4.x
VMware ESXi 5.x

Software:
VMware Fusion 4.x
VMware Fusion 5.x
VMware View 4.x
VMware View 5.x
VMware Workstation 8.x
VMware Workstation 9.x

Description:
A vulnerability has been reported in VMware ESX and ESXi Server, Workstation, Fusion, and View, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to potentially gain escalated privileges.

The vulnerability is caused due to an error in vmci.sys when handling control code, which can be exploited to manipulate the memory allocation through the Virtual Machine Communication Interface (VMCI) code.

Successful exploitation requires a Windows-based host or guest operating system.

The vulnerability is reported in the following products and versions:
* VMware Workstation versions 8.x prior to 8.0.5 and 9.x prior to 9.0.1 running on Windows
* VMware Fusion versions 4.x prior to 4.1.4 and 5.x prior to 5.0.2 running on Mac OS X
* VMware View versions 4.x prior to 4.6.2 and 5.x prior to 5.1.2
* VMware ESXi versions 4.0, 4.1, 5.0, 5.1
* VMware ESX versions 4.0 and 4.1

Solution:
Apply patches or updates.

Provided and/or discovered by:
The vendor independently credits Derek Soeder of Cylance, Inc. and Kostya Kortchinsky, Microsoft.

Original Advisory:
VMware (VMSA-2013-0002):
http://www.vmware.com/security/advisories/VMSA-2013-0002.html

http://secunia.com/advisories/52131/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

CubeCart "unserialize()" Configuration Manipulation

by Carol~ Moderator - 2/8/13 8:27 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

CubeCart "unserialize()" Configuration Manipulation Vulnerability

Release Date : 2013-02-08

Criticality level : Moderately critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: CubeCart 5.x

Description:
Egidio Romano has discovered a vulnerability in CubeCart, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the classes/cubecart.class.php script using the "unserialize()" function with user controlled input, which can be exploited save a serialised object in the database and e.g. manipulate the configuration using the "__destruct()" method of the "Config" class.

The vulnerability is confirmed in version 5.2.0. Prior versions may also be affected.

Solution:
Update to version 5.2.1.

Provided and/or discovered by:
Egidio Romano (Egix)

Original Advisory:
CubeCart:
http://forums.cubecart.com/?showtopic=47026

Egidio Romano (Egix):
http://karmainsecurity.com/KIS-2013-02

http://secunia.com/advisories/52072/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for flash-plugin

by Carol~ Moderator - 2/8/13 8:28 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

Release Date : 2013-02-08

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software:
Red Hat Enterprise Linux Desktop Supplementary (v. 6)
Red Hat Enterprise Linux Server Supplementary (v. 6)
Red Hat Enterprise Linux Workstation Supplementary (v. 6)
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)

Description:
Red Hat has issued an update for flash-plugin. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0243-1:
https://rhn.redhat.com/errata/RHSA-2013-0243.html

http://secunia.com/advisories/52078/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Cybozu Garoon Cross-Site Scripting and SQL Injection

by Carol~ Moderator - 2/8/13 8:28 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

Cybozu Garoon Cross-Site Scripting and SQL Injection Vulnerabilities

Release Date : 2013-02-08

Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: Cybozu Garoon 3.x

Description:
Two vulnerabilities have been reported in Cybozu Garoon, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

1) Certain unspecified input is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability requires logging permission.

2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions 3.5.3 and prior.

Solution:
Update to version 3.5.4.

Provided and/or discovered by:
JVN credits Ken Asai.

Original Advisory:
Cybozu (Japanese):
http://cs.cybozu.co.jp/information/20130125up01.php
http://cs.cybozu.co.jp/information/20130125up02.php
https://support.cybozu.com/ja/article/6116
https://support.cybozu.com/ja/article/6117

JVN (English):
http://jvn.jp/en/jp/JVN95863326/index.html
http://jvn.jp/en/jp/JVN07629635/index.html
http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000008.html
http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000007.html

JVN (Japanese):
http://jvn.jp/jp/JVN07629635/index.html
http://jvn.jp/jp/JVN95863326/index.html

http://secunia.com/advisories/52042/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Cybozu Garoon Cross-Site Scripting and SQL Injection (2)

by Carol~ Moderator - 2/8/13 8:28 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

Cybozu Garoon Cross-Site Scripting and SQL Injection Vulnerabilities

Release Date : 2013-02-08

Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: Cybozu Garoon 2.x

Description:

Two vulnerabilities have been reported in Cybozu Garoon, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

1) Certain unspecified input is not properly sanitised before being used in a SQL query.

This vulnerability is reported in versions 2.5.0 and later.

2) Certain unspecified input is not properly sanitised before being returned to the user.

This vulnerability is reported in versions 2.0.0 and later.

Solution:
Upgrade to version 3.5.4.

Original Advisory:
Cybozu (Japanese):
http://cs.cybozu.co.jp/information/20130125up01.php
http://cs.cybozu.co.jp/information/20130125up02.php
https://support.cybozu.com/ja/article/6116
https://support.cybozu.com/ja/article/6117

JVN (English):
http://jvn.jp/en/jp/JVN95863326/index.html
http://jvn.jp/en/jp/JVN07629635/index.html
http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000008.html
http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000007.html

JVN (Japanese):
http://jvn.jp/jp/JVN07629635/index.html
http://jvn.jp/jp/JVN95863326/index.html

http://secunia.com/advisories/52114/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

FFmpeg Multiple Vulnerabilities

by Carol~ Moderator - 2/8/13 8:46 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

Release Date : 2013-02-08

Criticality level : Moderately critical
Impact : DoS
System access
Where : From remote
Solution Status : Vendor Patch

Software: FFmpeg 1.x

Description:
Multiple vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

1) Some integer overflows exist within the "process_frame_obj()" function (libavcodec/sanm.c) when parsing certain data.

2) An error within the "old_codec47()" function (libavcodec/sanm.c) can be exploited to cause a buffer overflow.

3) An error within the "gif_copy_img_rect()" function (libavcodec/gifdec.c) can be exploited to cause a crash.

4) A boundary error within the "vqa_decode_chunk()" function (libavcodec/vqavideo.c) can be exploited to cause a buffer overflow.

5) A boundary error within the "aac_decode_init()" function (libavcodec/aacdec.c) can be exploited to cause cause a crash.

6) An error within the "decode_slice_header()" function (libavcodec/h264.c) can be exploited to cause a crash.

7) An error within the "generate_joint_tables()" function (libavcodec/huffyuvdec.c) can be exploited to cause a buffer overflow.

8) An error within the "field_end()" function (libavcodec/h264.c) can be exploited to cause a crash.

The vulnerabilities are reported in versions prior to 1.1.2.

Solution:
Update to version 1.1.2.

Provided and/or discovered by:
The vendor credits Mateusz "j00ru" Jurczyk and Gynvael Coldwind.

Original Advisory:
http://ffmpeg.org/security.html

http://secunia.com/advisories/52093/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

D-Link DIR-300 / DIR-600 Multiple Vulnerabilities

by Carol~ Moderator - 2/8/13 8:46 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

Release Date : 2013-02-08

Criticality level : Moderately critical
Impact : Exposure of system information
System access
Where : From local network
Solution Status : Unpatched

Operating System :
D-Link DIR-300
D-Link DIR-600

Description:
Michael Messner has reported a weakness, two security issues, and a vulnerability in D-Link DIR-300 and DIR-600, which can be exploited by malicious people to disclose certain system information and to compromise a vulnerable device.

1) An error due to the device not restricting access to router_info.xml can be exploited to disclose the full path within an error message.

2) An error due to the device not restricting access to DevInfo.txt and version.txt can be exploited to disclose certain device information.

3) An error due to the device not restricting access to the command.php script can be exploited to execute arbitrary shell commands via a specially crafted HTTP post request.

The weakness, security issues, and vulnerability are reported in the following products:
* D-Link DIR-300 version 2.12 and 2.13.
* D-Link DIR-600 version 2.12b02, 2.13b01, and 2.14b01.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Michael Messner.

Original Advisory:
http://www.s3cur1ty.de/m1adv2013-003

http://secunia.com/advisories/52080/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SiteGo Multiple Vulnerabilities

by Carol~ Moderator - 2/8/13 9:38 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

Release Date : 2013-02-08

Criticality level : Less critical
Impact : Cross Site Scripting
Exposure of system information
Where : From remote
Solution Status : Unpatched

Software: SiteGo 1.x

Description:
Multiple vulnerabilities have been discovered in SiteGo, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose certain system information.

1) The application does not properly restrict access to the admin/include/phpinfo.php script, which can be exploited to e.g. disclose PHP and web server configuration.

2) Input passed via the "Browse" GET parameter (when "action" is set to "vote" and "page" is set to a valid page number) and the "delete" GET parameter (when "action" is set to "MailList" and "reason" is set to "1") to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

The vulnerabilities are confirmed in version 1.0.

Solution:
No official solution is currently available.

Provided and/or discovered by:
L0n3ly-H34rT

Original Advisory:
http://packetstormsecurity.com/files/120122/SiteGo-Local-File-Inclusion-Cross-Site-Scripting.html

http://secunia.com/advisories/52123/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Puppet Cross-Site Request Forgery and Information Disclosure

by Carol~ Moderator - 2/8/13 9:38 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

Release Date : 2013-02-08

Criticality level : Less critical
Impact : Cross Site Scripting
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: Puppet Enterprise 2.x

Description:
A weakness and a vulnerability have been reported in Puppet, which can be exploited by malicious users to disclose certain sensitive information and by malicious people to conduct cross-site request forgery attacks.

1) The weakness is caused due to an unspecified error within the pe_mcollective module and can be exploited to gain access to the catalog containing SSL keys.

NOTE: Successful exploitation requires root access to a single node in a Puppet Enterprise deployment.

2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions against the Administrator user interface when a logged-in user visits a specially crafted web page.

The weakness and a vulnerability are reported in version 2.7.0. Prior versions may also be affected.

Solution:
Update to version 2.7.1.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Puppet:
https://puppetlabs.com/security/cve/cve-2013-1398/
https://puppetlabs.com/security/cve/cve-2013-1399/

http://secunia.com/advisories/52127/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Rack Insecure File Access Security Issue

by Carol~ Moderator - 2/8/13 9:38 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

Release Date : 2013-02-08

Criticality level : Not critical
Impact : Exposure of system information
Where : Local system
Solution Status : Vendor Patch

Software: Rack 1.x

Description:
A security issue has been reported in Rack, which can be exploited by malicious, local users to disclose potentially sensitive information.

The security issue is caused due to the application using files in an insecure manner, which can be exploited to disclose potentially sensitive information via symlink attacks.

The security issue is reported in versions prior to 1.4.5 and 1.5.2.

Solution:
Update to version 1.4.5 or 1.5.2.

Provided and/or discovered by:
Ben Murphy

Original Advisory:
https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ
https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ

http://secunia.com/advisories/52033/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Rack "Rack::Session::Cookie" Information Disclosure Security

by Carol~ Moderator - 2/8/13 11:23 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

Rack "Rack::Session::Cookie" Information Disclosure Security Issue

Release Date : 2013-02-08

Criticality level : Less critical
Impact : Exposure of system information
Where : From remote
Solution Status : Unpatched

Software: Rack 1.x

Description:
A security issue has been reported in Rack, which can be exploited by malicious people to disclose potentially sensitive information.

The security issue is caused due to the application checking cookie data in an insecure manner, which can be exploited to disclose potentially sensitive information via timing attack.

NOTE: This can further be exploited to execute arbitrary code.

The security issue is reported in versions prior to 1.1.6, 1.2.8, 1.3.10, 1.4.5, and 1.5.2.

Solution:
Update to version 1.1.6, 1.2.8, 1.3.10, 1.4.5, or 1.5.2.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
https://groups.google.com/forum/#!msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J
https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ
https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ
https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ
https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ

http://secunia.com/advisories/52134/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ActiveFax (ActFax) LPD/LPR and RAW Server Buffer Overflow

by Carol~ Moderator - 2/8/13 11:51 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

ActiveFax (ActFax) LPD/LPR and RAW Server Buffer Overflow Vulnerabilities

Release Date : 2013-02-08

Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Unpatched

Software: ActiveFax (ActFax) 5.x

Description:
Some vulnerabilities have been discovered in ActiveFax (ActFax), which can be exploited by malicious people to compromise a vulnerable system.

1) Some boundary errors within the RAW server when processing the "@F000", "@F506", and "@F605" data fields can be exploited to cause stack-based buffer overflows by sending a specially crafted command to the server.

2) A boundary error exists within the LPD/LPR server.

The vulnerabilities are confirmed in version 5.01 build 0232. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
1) Craig Freyman

Original Advisory:
http://packetstormsecurity.com/files/120109/ActFax-5.01-RAW-Server-Buffer-Overflow.html

http://secunia.com/advisories/52096/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ezStats2 for Battlefield 3 Information Disclosure and

by Carol~ Moderator - 2/8/13 11:51 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

ezStats2 for Battlefield 3 Information Disclosure and Cross-Site Scripting Vulnerabilities

Release Date : 2013-02-08

Criticality level : Less critical
Impact : Cross Site Scripting
Exposure of system information
Where : From remote
Solution Status : Unpatched

Software: ezStats2 for Battlefield 3 0.x

Description:
A weakness and two vulnerabilities have been discovered in ezStats2 for Battlefield 3, which can be exploited by malicious people to disclose certain system information and conduct cross-site scripting attacks.

1) The application provides unrestricted access to admin/apitest.php, which can be exploited to disclose system information e.g. PHP configuration details.

2) Input passed via the "common" and "rankings" GET parameters to admin/stylsheets/style.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are confirmed in version 0.91. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
L0n3ly-H34rT.

Original Advisory:
http://se3c.blogspot.dk/2013/02/ezstats-for-battlefield-3-v091-multiple.html

http://secunia.com/advisories/52104/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ezStats Multiple Products Information Disclosure Weakness

by Carol~ Moderator - 2/8/13 11:51 AM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

Release Date : 2013-02-08

Criticality level : Less critical
Impact : Exposure of system information
Where : From remote
Solution Status : Unpatched

Software:
ezStats2 for Medal of Honor Warfighter 1.x
ezStats2 for Playstation Network 1.x
ezStats2 Serverviewer 0.x

Description:
A weakness has been discovered in multiple ezStats products, which can be exploited by malicious people to disclose certain system information.

The application provides unrestricted access to admin/apitest.php.

List of affected products:
* ezStats2 for Playstation Network version 1.10.
* ezStats2 Serverviewer version 0.62.
* ezStats2 for Medal of Honor Warfighter version 1.0.

Solution:
No official solution is currently available.

Provided and/or discovered by:
L0n3ly-H34rT.

Original Advisory:
http://se3c.blogspot.dk/2013/02/ezstats2-for-playstation-network-v110.html
http://se3c.blogspot.dk/2013/02/ezstats2-serverviewer-v062-local-file.html
http://se3c.blogspot.dk/2013/02/ezstats2-for-medal-of-honor-warfighter.html

http://secunia.com/advisories/52097/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

RoundCube Webmail "href" Email Body Script Insertion

by Carol~ Moderator - 2/8/13 12:46 PM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

RoundCube Webmail "href" Email Body Script Insertion Vulnerability

Release Date : 2012-08-17
Last Update : 2013-02-08

Criticality level : Moderately critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: RoundCube Webmail 0.x

Description:
A vulnerability has been discovered in RoundCube Webmail, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via a "href" HTML attribute in an email body is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

The vulnerability is confirmed in version 0.8.4. Prior versions may also be affected.

Solution:
Update to version 0.8.5.

Provided and/or discovered by
Shai rod (@NightRang3r) within a RoundCube ticket.

Original Advisory:
RoundCube:
http://trac.roundcube.net/ticket/1488613
https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee
http://trac.roundcube.net/ticket/1488850
https://github.com/roundcube/roundcubemail/commit/74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba

http://secunia.com/advisories/50279


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft System Center Operations Manager Cross-Site

by Carol~ Moderator - 2/8/13 2:37 PM

In Reply to: VULNERABILITIES / FIXES - February 08, 2013 by Carol~ Moderator

Microsoft System Center Operations Manager Cross-Site Scripting Vulnerabilities

Release Date : 2013-01-08
Last Update : 2013-02-08

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status: Partial Fix

Software: Microsoft System Center Operations Manager 2007

Description:
Multiple vulnerabilities have been reported in Microsoft System Center Operations Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.

1) Certain unspecified input passed to the Web Console is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed to the "__CALLBACKPARAM" parameter in InternalPages/ExecuteTask.aspx is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) Input passed via the URL or the "DisplayMode" and "SearchStr" parameters in ResultViews/ViewTypeManager.aspx is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Apply patches.

Provided and/or discovered by:
1) Reported by the vendor.
2, 3) Andy Yang, Stratsec.

Original Advisory:
MS13-003 (KB2783850):
http://technet.microsoft.com/en-us/security/bulletin/ms13-003

Stratsec:
http://www.stratsec.net/Research/Advisories/Microsoft-System-Center-Operations-Manager-(SCOM)-

http://secunia.com/advisories/51686


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close