Spyware, viruses, & security forum: VULNERABILITIES / FIXES - February 27, 2013

Release Date : 2013-02-27

Criticality level: Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Operating System :
Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 5
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6
RHEL Desktop Workstation 5

Description:
Red Hat has issued an update for dbus-glib. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0568-2:
http://rhn.redhat.com/errata/RHSA-2013-0568.html

http://secunia.com/advisories/52375/

Release Date : 2013-02-27

Criticality level: Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Operating System:
Citrix XenServer 5.0
Citrix XenServer 5.5
Citrix XenServer 5.6
Citrix XenServer 6.0
Citrix XenServer 6.1

Description:
Citrix has acknowledged multiple vulnerabilities in XenServer, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

The vulnerabilities are reported in versions 6.1 and prior.

Solution:
Apply updates.

Original Advisory:
http://support.citrix.com/article/CTX136540

http://secunia.com/advisories/52353/

McAfee VirusScan Enterprise Privilege Escalation Vulnerability

Release Date : 2013-02-26

Criticality level: Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Software: McAfee VirusScan Enterprise 8.x

Description:
A vulnerability has been reported in McAfee VirusScan Enterprise, which can be exploited by malicious, local users to potentially gain escalated privileges.

The vulnerability is caused due to an unspecified error when enforcing security permissions and can be exploited to gain escalated privileges.

Note: Successful exploitation requires Access Protection, including Self Protection, to be turned off (enabled by default).

The vulnerability is reported in version 8.8 Patch 2.

Solution:
Apply VSE88HF778101 or Patch 3.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
McAfee (SB10038):
https://kc.mcafee.com/corporate/index?page=content&id=SB10038

http://secunia.com/advisories/52386/

Cisco ASA Xlate Table Exhaustion Denial of Service Vulnerability

Release Date: 2013-02-27

Criticality level: Less critical
Impact : DoS
Where : From remote
Solution Status : Unpatched

Operating System : Cisco Adaptive Security Appliance (ASA) 8.x

Description:
A vulnerability has been reported in Cisco Adaptive Security Appliance (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error within implementation of the Network Address Translation (NAT) process. This can be exploited to cause a delay in processing of new valid connections for the xlates table by sending specially crafted packets.

Please see the vendor's advisory for the list of affected versions.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Cisco:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1138
http://tools.cisco.com/security/center/viewAlert.x?alertId=28382

http://secunia.com/advisories/52331/

Release Date: 2013-02-27

Criticality level: Less critical
Impact : Security Bypass
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: IP.Downloads (module for IP.Board) 2.x

Description:
Two security issues have been reported in the IP.Downloads module for IP.Board, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose potentially sensitive information.

1) The application does not properly restrict access when accessing files in the Previous Version section. This can be exploited to e.g. download otherwise restricted files.

2) The application does not properly verify permissions when displaying categories in Quick Navigation. This can be exploited to disclose otherwise restricted category names.

The security issues are reported in version 2.5.2. Prior versions may also be affected.

Solution:
Update to version 2.5.3.

Provided and/or discovered by:
1) Reported by the vendor.
2) Con

Original Advisory:
IP.Downloads:
http://community.invisionpower.com/topic/380382-ipboard-343-and-application-maintenance-updates-released/
http://community.invisionpower.com/resources/bugs.html/_/ip-downloads/restrictions-not-applied-to-previous-version-downloads-r41123

Con:
http://community.invisionpower.com/resources/bugs.html/_/ip-downloads/quick-navigation-does-not-honor-ipd-category-permissions-r40008

http://secunia.com/advisories/52382/

Release Date: 2013-02-27

Criticality level : Moderately critical
Impact : DoS
Manipulation of data
Where : From remote
Solution Status: Vendor Patch

Software:
IBM DB2 Performance Expert 3.x
IBM InfoSphere Optim Performance Manager 5.x
IBM Optim Performance Manager 4.x

Description:
IBM has acknowledged two vulnerabilities in IBM DB2 Performance Expert, IBM Optim Performance Manager, and IBM InfoSphere Optim Performance Manager, which can be exploited by malicious, local users to manipulate certain data and cause a DoS (Denial of Service) and by malicious people to cause a DoS (Denial of Service).

The vulnerabilities exist in the bundled version of Java.

Note: CVE-2012-1720 affects these products only when running on Sun Solaris systems.

Please see the vendor's advisory for the affected versions.

Solution:
Apply patches or contact IBM Software Support.

Original Advisory:
IBM:
http://www.ibm.com/support/docview.wss?uid=swg21626504
https://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_vulnerabilities_in_ibm_db2_performance_expert_and_ibm_infosphere_optim_performance_manager_due_to_vulnerabilities_in_ibm_java_runtime_environment_cve_2012_1720_cve_2012_508113

http://secunia.com/advisories/52402/

Dell SonicWALL Scrutinizer Script Insertion and SQL Injection Vulnerabilities

Release Date : 2013-02-27

Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Where : From local network
Solution Status : Vendor Patch

Software: Dell SonicWALL Scrutinizer 10.x

Description:
Benjamin Kunz Mejri has reported multiple vulnerabilities in Dell SonicWALL Scrutinizer, which can be exploited by malicious users to conduct script insertion and by malicious people to conduct SQL injection attacks.

1) Certain unspecified input is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

2) Certain unspecified input passed to cgi-bin/fa_web.cgi is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are reported in versions 10.1.0 and prior.

Solution:
Update to version 10.1.2.

Provided and/or discovered by:
Benjamin Kunz Mejri, Vulnerability Lab

Original Advisory:
SonicWALL:
http://www.sonicwall.com/us/shared/download/Support_Bulletin_-_Scrutinizer_Vulnerabilities_130222.pdf

Vulnerability Lab:
http://www.vulnerability-lab.com/get_content.php?id=786
http://www.vulnerability-lab.com/get_content.php?id=789

http://secunia.com/advisories/52169/

Release Date : 2013-02-27

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Software: FusionForge 5.x

Description:
A security issue has been reported in FusionForge, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to the application creating certain files with insecure permissions and can be exploited to e.g. overwrite arbitrary files via symlink attacks.

The security issue is reported in versions 5.0, 5.1, and 5.2.

Solution:
Fixed in the GIT repository.

Provided and/or discovered by:
Helmut Grohne

Original Advisory:
Helmut Grohne:
http://www.openwall.com/lists/oss-security/2013/02/25/5

http://secunia.com/advisories/52318/

IBM Security Network Intrusion Prevention System OpenSSL Multiple Vulnerabilities

Release Date : 2013-02-26

Criticality level : Highly critical
Impact : Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System : IBM Security Network Intrusion Prevention System 4.x

Description:
IBM has acknowledged multiple vulnerabilities in Security Network Intrusion Prevention System, which can be exploited by malicious people to disclose certain sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

The vulnerabilities are caused due to a bundled vulnerable version of OpenSSL.

The vulnerabilities are reported in firmware versions 1.0 through 4.5. Please see the vendor's advisory for more information.

Solution:
Upgrade to Firmware 4.4, with fixpack 4.4.0.0-ISS-ProvG-AllModels-System-FP0001, or Firmware 4.5, with fixpack 4.5.0.0-ISS-ProvG-AllModels-System-FP0001, or later.

Original Advisory:
IBM:
http://www.ibm.com/support/docview.wss?uid=swg21626257

http://secunia.com/advisories/52334/

OpenStack Compute (Nova) VNC Console Token Validation Security Bypass Weakness

Release Date : 2013-02-27

Criticality level : Not critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Workaround

Software: OpenStack Compute (Nova) 2012.x

Description:
A weakness has been reported in OpenStack Compute (Nova), which can be exploited by malicious users to bypass certain security restrictions.

The weakness is caused due to an error within the VNC console token validation mechanism. This can be exploited to reuse a valid unexpired token to connect to a different VM without proper authentication.

Successful exploitation requires usage of the same VNC port as the original connection.

The weakness is reported in versions Essex (2012.1) and Folsom (2012.2).

Solution:
Fixed in the GIT repository for series Essex (2012.1) and Folsom (2012.2).

Provided and/or discovered by:
The vendor credits Loganathan Parthipan (HP) and Rohit Karajgi (NTT Data).

Original Advisory:
OSSA-2013-006:
http://lists.openstack.org/pipermail/openstack-announce/2013-February/000082.html

http://secunia.com/advisories/52337/

Release Date : 2013-02-26

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for openjpeg. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2629-1:
http://www.debian.org/security/2013/dsa-2629

http://secunia.com/advisories/52387/

War FTP Daemon "CDUP" Command Processing Denial of Service Vulnerability

Release Date: 2013-02-27

Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Software: War FTP Daemon 1.8x

Description:
A vulnerability has been discovered in War FTP Daemon, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to improper handling of FTP commands. This can be exploited to crash the service via a specially crafted CDUP command.

The vulnerability is confirmed in version 1.82 RC 13. Prior versions may also be affected.

Solution:
Update to version 1.83.

Provided and/or discovered by:
The vendor credits jura.ba

Original Advisory:
http://www.warftp.org/index.php?menu=338&cmd=show_article&article_id=1035

http://secunia.com/advisories/52362/

WordPress Comment Rating Plugin Security Bypass Weakness and SQL Injection Vulnerability

Release Date: 2013-02-27

Criticality level : Moderately critical
Impact : Security Bypass
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: WordPress Comment Rating Plugin 2.x

Description:
A weakness and a vulnerability have been discovered in Comment Rating plugin for WordPress, which can be exploited by malicious people to bypass certain security restrictions and conduct SQL injection attacks.

1) The weakness is caused due to the application not properly verifying vote requests and can be exploited to submit multiple votes for a comment.

2) Input passed via the "X-Forwarded-For" HTTP header to /wp-content/plugins/comment-rating/ck-processkarma.php (when "id" is set set to a valid comment id, "action" is set set to "add" or "subtract", and "path" is set) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The weakness and the vulnerability are confirmed in version 2.9.32. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
ebanyu.

Original Advisory:
ebanyu:
http://www.exploit-db.com/exploits/24552/

http://secunia.com/advisories/52348/