Spyware, viruses, & security forum: VULNERABILITIES / FIXES -February 18, 2013

Release Date : 2013-02-18

Criticality level : Less critical
Impact : Security Bypass
Cross Site Scripting
DoS
Where : From remote
Solution Status : Vendor Patch

Software: Jenkins 1.x

Description:
Multiple vulnerabilities have been reported in Jenkins, which can be exploited by malicious users to bypass certain security restrictions and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting and request forgery attacks.

1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions when a logged-in user visits a specially crafted web page.

2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) An unspecified error can be exploited to build otherwise restricted jobs.

4) An unspecified error can be exploited to render the service unusable via a specially crafted request.

Successful exploitation of vulnerabilities #3 and #4 requires write access.

The vulnerabilities are reported in versions prior to 1.502 and 1.480.3.

Solution:
Update to version 1.502 or 1.480.3.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16

http://secunia.com/advisories/52236/

Release Date : 2013-02-18

Criticality level : Highly critical
Impact : Unknown
DoS
System access
Where: From remote
Solution Status : Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for ffmpeg. This fixes multiple vulnerabilities where one has an unknown impact while others can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2624-1:
http://www.debian.org/security/2013/dsa-2624

http://secunia.com/advisories/52213/

chillyCMS Security Bypass Security Issue and Arbitrary File Upload Vulnerability

Release Date : 2013-02-18

Criticality level : Moderately critical
Impact : Security Bypass
System access
Where : From remote
Solution Status : Unpatched

Software: chillyCMS 1.x

Description:
A security issue and a vulnerability have been reported in chillyCMS, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to bypass certain security restrictions.

1) An error when redirecting unauthenticated users can be exploited to bypass the authentication system.

2) The admin/design.site.php script allows the upload of certain archive files to a folder inside the webroot. This can be exploited to e.g. upload and decompress a ZIP archive containing a PHP script and subsequently execute arbitrary PHP code.

The vulnerabilities are reported in version 1.3.0. Other versions may also be affected.

Solution:
Use another product.

Provided and/or discovered by:
Abhi M Balakrishnan

Original Advisory:
Abhi M Balakrishnan:
http://www.exploit-db.com/exploits/24507/

http://secunia.com/advisories/52185/

Release Date : 2013-02-18

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Operating System: Linux Kernel 3.4.x

Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to a race condition error when handling certain ptrace actions, which can be exploited to read from or write to arbitrary kernel stack memory.

Successful exploitation may allow execution of arbitrary code with kernel-mode privileges.

The vulnerability is reported in versions prior to 3.4.28.

Solution:
Update to version 3.4.28.

Provided and/or discovered by:
Salman Qazi and Suleiman Souhlal, Google

Original Advisory:
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.28
http://www.openwall.com/lists/oss-security/2013/02/15/16

http://secunia.com/advisories/52269/

Release Date : 2013-02-18

Criticality level : Moderately critical
Impact : Security Bypass
Cross Site Scripting
Spoofing
Where : From remote
Solution Status : Partial Fix

Software:
IBM Maximo Asset Management 6.x
IBM Maximo Asset Management 7.x
IBM Maximo Asset Management Essentials 6.x
IBM Maximo Asset Management Essentials 7.x
IBM SmartCloud Control Desk 7.x
IBM Tivoli Asset Management for IT 6.x
IBM Tivoli Asset Management for IT 7.x
IBM Tivoli Change and Configuration Management Database 7.x
IBM Tivoli Service Request Manager 7.x

Description:
A weakness and multiple vulnerabilities have been reported in multiple IBM products, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting and spoofing attacks and bypass certain security restrictions.

1) The application bundles a vulnerable version of the IBM Eclipse Help System (IEHS).

2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) Some unspecified errors can be exploited to bypass certain security restrictions.

The vulnerabilities are reported in the following products:
* IBM Maximo Asset Management versions 7.5, 7.1, and 6.2
* IBM Maximo Asset Management Essentials versions 7.5, 7.1, and 6.2
* IBM SmartCloud Control Desk version 7.5
* IBM Tivoli Asset Management for IT versions 7.2, 7.1, and 6.2
* IBM Tivoli Change and Configuration Management Database versions 7.2 and 7.1
* IBM Tivoli Service Request Manager versions 7.2, 7.1, and 6.2

Solution:
Apply updates if available (please see the vendor's advisory for details).

Provided and/or discovered by:
2, 3) Reported by the vendor.

Original Advisory:
IBM (JR43170, JR43170, IV24609, IV25198, IV23838, IV22698, IV20823, IV30384, IV27329, IV23511, IV20590):
https://www.ibm.com/support/docview.wss?uid=swg21625624
https://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_security_vulnerabilities_addressed_in_asset_and_service_mgmt3?lang=en_us

http://secunia.com/advisories/52132/

Release Date : 2013-02-18

Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: Games Site Script

Description:
A vulnerability has been reported in the Games Site Script, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "id" parameter to index.php (when "act" is set to "play") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
No official solution is currently available.

Provided and/or discovered by:
3spi0n

Original Advisory:
http://www.exploit-db.com/exploits/24509/

http://secunia.com/advisories/52258/

Scripts Genie Pet Rate Pro SQL Injection and PHP Code Execution Vulnerabilities

Release Date : 2013-02-18

Criticality level : Highly critical
Impact : Manipulation of data
System access
Where : From remote
Solution Status : Unpatched

Software: Scripts Genie Pet Rate Pro

Description:TheMirkin has reported two vulnerabilities in Scripts Genie Pet Rate Pro, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.

1) Input passed via the "ty" parameter to index.php (when "cmd" is set to "10") is not properly sanitised before being used in "eval()" calls. This can be exploited to execute arbitrary PHP code.

2) Input passed via the "username" POST parameter to index.php (when "cmd" is set to "4") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
No official solution is currently available.

Provided and/or discovered by:
TheMirkin

Original Advisory:
TheMirkin:
http://www.janissaries.org/threads/scripts-genie-pet-rate-pro-multiple-vulnerabilities.692

http://secunia.com/advisories/52265/

Cisco Unity Connection Memory Leak Flooding Denial of Service Vulnerability

Release Date : 2013-02-18

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Software: Cisco Unity Connection 9.x

Description:
A vulnerability has been reported in Cisco Unity Connection, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error when handling TCP sessions, which can be exploited to cause a memory leak in a process via a flooding attack and cause the process to crash.

The vulnerability is reported in version 9.0(1).

Solution:
No official solution is currently available.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1129

http://secunia.com/advisories/52237/