Spyware, viruses, & security forum: VULNERABILITIES / FIXES - March 15, 2013

Release Date : 2013-03-15

Criticality level : Highly critical
Impact : Spoofing
Security Bypass
Exposure of system information
Exposure of sensitive information
Cross Site Scripting
System access
Where : From remote
Solution Status: Vendor Patch

Operating System: Apple Macintosh OS X

Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) A canonicalisation error within the mod_hfs_apple when handling URIs with certain unicode sequences can be exploited to bypass the HTTP authentication and access otherwise restricted directories.

2) An error exists in International Components for Unicode.

3) An error exists in the Identity Service.

4) An error exists in ImageIO.

5) An error when handling graphics data in IOAcceleratorFamily can be exploited to corrupt memory.

6) An error exists in Kernel.

7) A logic error when handling VoiceOver at the Login Window can be exploited to e.g. modify system configurations by launching System Preferences.

8) An error exists in Message Server.

9) A use-after-free error when handling ink annotations in PDF files within PDFKit can be exploited via a specially crafted PDF file.

10) Two errors exist in Podcast Producer Server.

11) Multiple errors exists in PostgreSQL.

12) An error exists in Profile Manager.

13) An error exists in QuickTime.

14) An error exists in Ruby.

15) An error when handling plugin content within Software Update can be exploited via Man-in-the-Middle (MitM) attacks.

16) Two errors exists in Wiki Server.

Note: Additionally a weakness exists when handling FaceTime:// URLs within Messages, which can be exploited to bypass the FaceTime call confirmation and initiate a FaceTime call by tricking a user into clicking a specially crafted link.

Solution:
Update to OS X Mountain Lion 10.8.3 or apply Security Update 2013-001.

Provided and/or discovered by:
The vendor credits:
1) Clint Ruoho, Laconic Security
5) An anonymous person
7) Eric A. Schulman, Purpletree Labs
9) Tobias Klein via ZDI
15) Emilio Escobar

Original Advisory:
APPLE-SA-2013-03-14-1:
http://support.apple.com/kb/HT5672
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

http://secunia.com/advisories/52643/

Release Date : 2013-03-15

Criticality level : Highly critical
Impact : DoS
System access
Where : From remote
Solution Status: Vendor Patch

Operating System : Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6
RHEL Desktop Workstation 5

Software: RHEL Optional Productivity Applications (v. 5 server)

Description:
Red Hat has issued an update for pidgin. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0646-1:
http://rhn.redhat.com/errata/RHSA-2013-0646.html

http://secunia.com/advisories/52621/

Release Date : 2013-03-15

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status: Vendor Patch

Operating System:
openSUSE 12.1
openSUSE 12.2

Description:
SUSE has issued an update for seamonkey. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0468-1:
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00026.html

http://secunia.com/advisories/52632/

Release Date : 2013-03-15

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status: Vendor Patch

Operating System:
openSUSE 12.1
openSUSE 12.2

Description:
SUSE has issued an update for MozillaFirefox. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0465-1:
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00023.html

http://secunia.com/advisories/52645/

Release Date : 2013-03-15

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status: Vendor Patch

Operating System:
openSUSE 12.1
openSUSE 12.2

Description:
SUSE has issued an update for xulrunner. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0466-1:
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00024.html

http://secunia.com/advisories/52636/

Release Date : 2013-03-15

Criticality level : Moderately critical
Impact : Security Bypass
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status: Vendor Patch

Operating System: openSUSE 11.4

Description:
SUSE has issued an update for RubyOnRails. This fixes two security issues and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to bypass certain security restrictions, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0462-1:
http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

http://secunia.com/advisories/52634/

Release Date : 2013-03-15

Criticality level : Less critical
Impact : Security Bypass
Cross Site Scripting
Spoofing
Manipulation of data
Exposure of sensitive information
Where : From remote
Solution Status: Vendor Patch

Software: Open-Xchange Server 6.x

Description:
Multiple vulnerabilities have been reported in Open-Xchange Server, which can be exploited by malicious, local users to disclose certain sensitive information, by malicious users to bypass certain security restrictions, and by malicious people to conduct HTTP response splitting, script insertion, cross-site scripting, and spoofing attacks.

1) Input passed via arbitrary GET parameters to /servlet/TestServlet is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

2) Input related to the "Source" field when creating subscriptions is not properly sanitised before being used. This can be exploited to perform arbitrary HTTP GET requests to remote and local servers.

3) The OXUpdater component does not properly validate the SSL certificate of an update server. This can be exploited to e.g. spoof update packages via a MitM (Man-in-the-Middle) attack.

4) The application creates the /opt/open-exchange/etc directory with insecure world-readable permissions. This can be exploited to disclose certain sensitive information.

5) Input passed via the "location" GET parameter to /ajax/redirect is not properly sanitised before being used to construct HTTP response headers. This can be exploited to include arbitrary HTTP headers in a response sent to the user.

6) Certain input related to RSS feed contents is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

The vulnerabilities are reported in versions prior to 6.20.7-rev14, 6.22.0-rev13, and 6.22.1-rev14.

Solution:
Update to versions 6.20.7-rev14, 6.22.0-rev13, or 6.22.1-rev14.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://software.open-xchange.com/OX6/6.20/doc/Release_Notes_for_Public_Patch_Release_1310_6.20.7_Rev14_2013-02-28.pdf
http://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Public_Patch_Release_1311_6.22.0_Rev13_2013-02-28.pdf
http://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Public_Patch_Release_1312_6.22.1_Rev14_2013-02-28.pdf
http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html

http://secunia.com/advisories/52603/

Release Date: 2013-03-14
Last Update : 2013-03-15

Criticality level : Highly critical
Impact : Manipulation of data
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status: Vendor Patch

Operating System :
SUSE Linux Enterprise Server (SLES) 10
SUSE Linux Enterprise Server (SLES) 11

Description:
SUSE has issued an update for java-1_4_2-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
SUSE-SU-2013:0440-2:
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00016.html

SUSE-SU-2013:0440-3:
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00022.html

http://secunia.com/advisories/52601

Release Date : 2013-03-15

Criticality level : Less critical
Impact : Security Bypass
Where : From remote
Solution Status: Vendor Patch

Software: JBoss Enterprise Application Platform 6.x

Description:
Red Hat has issued an update for JBoss Enterprise Application Platform. This fixes a weakness and a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

Solution:
Apply security patch.

Original Advisory:
RHSA-2013:0647-01:
https://rhn.redhat.com/errata/RHSA-2013-0647.html

RHSA-2013:0648-01:
https://rhn.redhat.com/errata/RHSA-2013-0648.html

http://secunia.com/advisories/52620/

Release Date : 2013-03-15

Criticality level : Less critical
Impact : Spoofing
Where : From remote
Solution Status: Vendor Patch

Operating System:
Ubuntu Linux 11.10
Ubuntu Linux 12.04

Description:
Ubuntu has issued an update for apt. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

The security issue is caused due to the application incorrectly handling repositories using "InRelease" files and can potentially be exploited to install altered packages via Man-in-the-Middle (MitM) attacks.

Solution:
Apply updated packages.

Provided and/or discovered by:
The vendor credits Ansgar Burchardt.

Original Advisory:
USN-1762-1:
http://www.ubuntu.com/usn/usn-1762-1/

http://secunia.com/advisories/52633/