Spyware, viruses, & security forum: VULNERABILITIES / FIXES - February 12, 2013

Release Date : 2013-02-12

Criticality level : Moderately critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: json gem for Ruby 1.x

Description:
A vulnerability has been reported in the json gem for Ruby, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an input validation error within the gem, which allows creating additions when parsing JSON documents. This can be exploited to create arbitrary Ruby symbols and e.g. cause a Denial of Service or execute arbitrary SQL code.

The vulnerability is reported in versions prior to 1.7.7, 1.6.8, and 1.5.5.

Solution:
Update to version 1.7.7, 1.6.8, or 1.5.5.

Provided and/or discovered by:
Thomas Hollstegge, Zweitag.

The vendor also credits Ben Murphy.

Original Advisory:
Ruby on Rails:
http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58

Zweitag:
http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection

http://secunia.com/advisories/52075/

Release Date : 2013-02-12

Criticality level : Highly critical
Impact : System access
DoS
Where : From remote
Solution Status : Vendor Patch

Operating System:
openSUSE 12.1
openSUSE 12.2

Description:
SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0276-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00028.html

http://secunia.com/advisories/52152/

Release Date : 2013-02-12

Criticality level : Moderately critical
Impact : System access
DoS
Where : From local network
Solution Status : Vendor Patch

Operating System: openSUSE 12.1

Description:
SUSE has issued an update for libvirt. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0274-1
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html

http://secunia.com/advisories/52153/

Release Date : 2013-02-12

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Operating System :
openSUSE 11.4
openSUSE 12.1
openSUSE 12.2

Description:
SUSE has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to conduct clickjacking attacks.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0277-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00029.html

openSUSE-SU-2013:0281-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00033.html

http://secunia.com/advisories/52135/

Release Date : 2013-02-12

Criticality level : Highly critical
Impact : Unknown
System access
Where : From remote
Solution Status : Vendor Patch

Operating System:
openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issued an update for opera. This fixes multiple vulnerabilities, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0273-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00025.html

openSUSE-SU-2013:0282-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00034.html

http://secunia.com/advisories/52150/

Release Date: 2013-02-12

Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System : openSUSE 12.1

Description:
SUSE has issued an update for gnutls. This fixes a vulnerability, which can be exploited by malicious people to potentially cause a DoS (Denial of Service) in an application using the library.

Solution:
Apply update packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0283-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00035.html

http://secunia.com/advisories/52148/

Huawei Mobile Partner Insecure File Permissions Privilege Escalation Security Issue

Release Date : 2013-02-12

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Unpatched

Software: Huawei Mobile Partner 23.x

Description:
Myo Soe has discovered a security issue in Huawei Mobile Partner, which can be exploited by malicious, local users to gain escalated privileges.

The security issue is caused due to the application setting insecure file system permissions on the installation directory and can be exploited to overwrite files (e.g. "Mobile Partner.exe" or "mobilepartner") and execute programs with privileges of another user.

The security issue is confirmed in version 23.009.05.02.1014 running on Windows and Mac OS X.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Myo Soe, YGN Ethical Hacker Group.

Original Advisory:
http://core.yehg.net/lab/pr0js/advisories/huawei_mobile_partner-insecure_permission

http://secunia.com/advisories/52014/

Release Date : 2013-02-12

Criticality level : Highly critical
Impact : Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Software:
Adobe AIR 3.x
Adobe Flash Player 11.x

Description:
Multiple vulnerabilities have been reported in Adobe Flash Player and AIR, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.

1) Some unspecified errors can be exploited to cause buffer overflows.

2) Some use-after-free errors can be exploited to dereference already freed memory.

3) An integer overflow error can be exploited to execute arbitrary code.

4) An unspecified error can be exploited to corrupt memory.

5) An unspecified error can be exploited to corrupt memory.

6) An unspecified error can be exploited to disclose certain sensitive information.

Successful exploitation of vulnerabilities #1 through #5 may allow execution of arbitrary code.

The vulnerabilities are reported in the following products and versions:
* Adobe Flash Player versions 11.5.502.149 and prior for Windows and Macintosh
* Adobe Flash Player versions 11.2.202.262 and prior for Linux
* Adobe Flash Player versions 11.1.115.37 and prior for Android 4.x
* Adobe Flash Player versions 11.1.111.32 and prior for Android 3.x and 2.x
* Adobe AIR versions 3.5.0.1060 and prior
* Adobe AIR versions 3.5.0.1060 SDK and prior

Solution:
Update to a fixed version.

Provided and/or discovered by:
1, 2, 5) The vendor credits Mateusz Jurczyk, Gynvael Coldwind, and Fermin Serna, Google
3) The vendor credits Natalie Silvanovich, BlackBerry Security, Research in Motion
4) The vendor credits Damian Put via iDefense
6) Reported by the vendor.

Original Advisory:
Adobe (APSB13-05):
http://www.adobe.com/support/security/bulletins/apsb13-05.html

http://secunia.com/advisories/52166/

Microsoft Windows Read Only Share File Operations Handling Denial of Service Vulnerability

Release Date : 2013-02-12

Criticality level: Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Operating System :
Microsoft Windows Server 2008
Microsoft Windows Server 2012

Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL pointer dereference error when handling file operations on a read only share and can be exploited to cause the system to stop responding and restart.

Successful exploitation requires the NFS role to be enabled.

Solution:
Apply updates.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
MS13-014 (KB2790978):
http://technet.microsoft.com/en-us/security/bulletin/ms13-014

http://secunia.com/advisories/52138/

Microsoft .NET Framework WinForms Callback Handling Vulnerability

Release Date : 2013-02-12

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software:
Microsoft .NET Framework 2.x
Microsoft .NET Framework 3.x
Microsoft .NET Framework 4.x

Description:
A vulnerability has been reported in Microsoft .NET Framework, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when handling permissions of a callback function when a certain WinForm object is created and can be exploited to bypass CAS (Code Access Security) restrictions via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.

Successful exploitation allows execution of arbitrary code.

Solution:
Apply updates.

Provided and/or discovered by:
The vendor credits James Forshaw, Context Information Security.

Original Advisory:
MS13-015 (KB2789642, KB2789643, KB2789644, KB2789645, KB2789646, KB2789648, KB2789649, KB2789650):
http://technet.microsoft.com/en-us/security/bulletin/ms13-015

http://secunia.com/advisories/52143/

Microsoft Windows Kernel Multiple Privilege Escalation Vulnerabilities

Release Date : 2013-02-12

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Operating System:
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows RT
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Description:
Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.

1) A race condition error when handling certain objects in memory can be exploited to execute arbitrary code with kernel privileges.

2) Another race condition error when handling certain objects in memory can be exploited to execute arbitrary code with kernel privileges.

3) An error when handling the reference counter for certain objects in memory can be exploited to execute arbitrary code with kernel privileges.

Solution:
Apply updates.

Provided and/or discovered by:
1, 2) The vendor credits Gynvael Coldwind and Mateusz "j00ru" Jurczyk, Google.
3) Reported by the vendor.

Original Advisory:
MS13-017 (KB2799494):
http://technet.microsoft.com/en-us/security/bulletin/ms13-017

http://secunia.com/advisories/52157/

Microsoft Windows CSRSS Memory Handling Privilege Escalation Vulnerability

Release Date : 2013-02-12

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Operating System:
Microsoft Windows 7
Microsoft Windows Server 2008

Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an error in the Client/Server Run-time Subsystem (CSRSS) when handling the reference counter for certain objects in memory and can be execute code with escalated privileges.

Solution:
Apply updates.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
MS13-019 (KB2790113):
http://technet.microsoft.com/en-us/security/bulletin/ms13-019

http://secunia.com/advisories/52162/

Release Date : 2013-02-12

Criticality level : Highly critical
Impact : Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Software: Google Chrome 24.x

Description:
Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.

The vulnerabilities are caused due to the application bundling a vulnerable version of Adobe Flash Player.

The vulnerabilities are reported in versions prior to 24.0.1312.70 running on Linux.

Solution:
Update to version 24.0.1312.70.

Original Advisory:
http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_12.html

http://secunia.com/advisories/52163/

Release Date : 2013-02-12

Criticality level : Highly critical
Impact : Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Software:
Microsoft Internet Explorer 10.x
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
Microsoft Internet Explorer 9.x

Description:
Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.

1) An error when handling the encoding for Shift_JIS auto-selection can be exploited to gain access to information in another domain or Internet Explorer zone.

2) A use-after-free error related to SetCapture can be exploited to access an already freed object.

3) A use-after-free error related to COmWindowProxy can be exploited to access an already freed object.

4) A use-after-free error related to CMarkup can be exploited to access an already freed object.

5) A use-after-free error related to vtable can be exploited to access an already freed object.

6) A use-after-free error related to LsGetTrailInfo can be exploited to access an already freed object.

7) A use-after-free error related to CDispNode can be exploited to access an already freed object.

8) A use-after-free error related to pasteHTML can be exploited to access an already freed object.

9) A use-after-free error related to SLayoutRun can be exploited to access an already freed object.

10) A use-after-free error related to InsertElement can be exploited to access an already freed object.

11) A use-after-free error related to CPasteCommand can be exploited to access an already freed object.

12) A use-after-free error related to CObjectElement can be exploited to access an already freed object.

13) A use-after-free error related to CHTML can be exploited to access an already freed object.

Successful exploitation of the vulnerabilities #2 through #13 allows the execution of arbitrary code.

Solution:
Apply updates.

Provided and/or discovered by:
The vendor credits:
1) Masato Kinugawa
2, 6) Omair
3) SkyLined via HP's Zero Day Initiative
4) Arthur Gerkis via Exodus Intelligence and Stephen Fewer, Harmony Security
5) Tencent PC Manager
7) Arthur Gerkis via HP's Zero Day Initiative
8) An anonymous person via HP's Zero Day Initiative
9, 12) Scott Bell, Security-Assessment.com
10) Jose A Vazquez, Yenteasy Security Research via Exodus Intelligence
11) Mark Yason, IBM X-Force
13) Stephen Fewer, Harmony Security and Aniway.Aniway@gmail.com via HP's Zero Day Initiative

Original Advisory:
MS13-009 (KB2792100)
http://technet.microsoft.com/en-us/security/bulletin/ms13-009

http://secunia.com/advisories/52122/