Release Date : 2011-04-13
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Operating System: Fedora 14
Description:
Fedora has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
Solution:
Apply updated packages via the yum utility ("yum update dhcp").
Original Advisory:
FEDORA-2011-4897:
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html
http://secunia.com/advisories/44180/
Reply 1 : VULNERABILITIES / FIXES - April 13, 2011
Release Date : 2011-04-13
Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched
Software: WebJaxe 1.x
Description:
High-Tech Bridge SA has discovered a vulnerability in WebJaxe, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrator's password by tricking a logged in administrator into visiting a malicious web site.
The vulnerability is confirmed in version 1.2. Other versions may also be affected.
Solution:
Do not browse untrusted sites or follow untrusted links while being logged-in to the application.
Provided and/or discovered by:
High-Tech Bridge SA
Original Advisory:
HTB22927:
http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_webjaxe.html
http://secunia.com/advisories/44118/
Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched
Software: WebJaxe 1.x
Description:
High-Tech Bridge SA has discovered a vulnerability in WebJaxe, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrator's password by tricking a logged in administrator into visiting a malicious web site.
The vulnerability is confirmed in version 1.2. Other versions may also be affected.
Solution:
Do not browse untrusted sites or follow untrusted links while being logged-in to the application.
Provided and/or discovered by:
High-Tech Bridge SA
Original Advisory:
HTB22927:
http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_webjaxe.html
http://secunia.com/advisories/44118/
Reply 2 : VULNERABILITIES / FIXES - April 13, 2011
Wordtrainer Glosexpert File Parsing Buffer Overflow Vulnerabilities
Release Date : 2011-04-13
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Unpatched
Software: Wordtrainer 3.x
Description:
Two vulnerabilities have been discovered in Wordtrainer, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to boundary errors when parsing Glosexpert (*.ord) files, which can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted Glosexpert file.
The vulnerabilities are confirmed in version 3.07 (Shareware). Other versions may also be affected.
Solution:
Do not open untrusted Glosexpert files.
Provided and/or discovered by:
C4SS!0 G0M3S
Original Advisory:
http://www.exploit-db.com/exploits/17157/
http://secunia.com/advisories/44101/
Release Date : 2011-04-13
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Unpatched
Software: Wordtrainer 3.x
Description:
Two vulnerabilities have been discovered in Wordtrainer, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to boundary errors when parsing Glosexpert (*.ord) files, which can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted Glosexpert file.
The vulnerabilities are confirmed in version 3.07 (Shareware). Other versions may also be affected.
Solution:
Do not open untrusted Glosexpert files.
Provided and/or discovered by:
C4SS!0 G0M3S
Original Advisory:
http://www.exploit-db.com/exploits/17157/
http://secunia.com/advisories/44101/
Reply 3 : VULNERABILITIES / FIXES - April 13, 2011
Release Date : 2011-04-13
Criticality level : Not critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch
Operating System: openSUSE 11.4
Description:
SUSE has issued an update for rsyslog. This fixes some weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
Apply updated packages via the zypper package manager.
Original Advisory:
openSUSE-SU-2011:0326-1:
https://hermes.opensuse.org/messages/7977734
http://secunia.com/advisories/44158/
Criticality level : Not critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch
Operating System: openSUSE 11.4
Description:
SUSE has issued an update for rsyslog. This fixes some weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
Apply updated packages via the zypper package manager.
Original Advisory:
openSUSE-SU-2011:0326-1:
https://hermes.opensuse.org/messages/7977734
http://secunia.com/advisories/44158/
Reply 4 : VULNERABILITIES / FIXES - April 13, 2011
Release Date : 2011-04-13
Criticality level : Less critical
Impact : Security Bypass
Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch
Software: MediaWiki 1.x
Description:
Some vulnerabilities have been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
1) The application does not properly prevent certain browsers (e.g. Internet Explorer 6) from guessing the content type based on the ending of the query URL, which can be exploited to inject and execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain input passed via CSS comments is not properly sanitised by the wikitext parser before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
3) The transwiki import feature does not properly restrict access on form submissions, which can be exploited to perform e.g. unauthorised, remote imports from certain sources.
This vulnerability requires the transwiki import feature to be enabled (disabled by default).
The vulnerabilities are reported in versions prior to 1.16.3.
Solution:
Update to version 1.16.3. The vendor suggests the use of URL rewrite features of web servers (e.g. "rewrite_mod" in Apache) to mitigate vulnerability #1. Please see the vendor's advisory for more details.
Provided and/or discovered by:
1) The vendor credits Masato Kinugawa.
2) The vendor credits Suffusion of Yellow.
3) Reported by the vendor.
Original Advisory:
MediaWiki:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html
http://secunia.com/advisories/44142/
Criticality level : Less critical
Impact : Security Bypass
Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch
Software: MediaWiki 1.x
Description:
Some vulnerabilities have been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
1) The application does not properly prevent certain browsers (e.g. Internet Explorer 6) from guessing the content type based on the ending of the query URL, which can be exploited to inject and execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain input passed via CSS comments is not properly sanitised by the wikitext parser before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
3) The transwiki import feature does not properly restrict access on form submissions, which can be exploited to perform e.g. unauthorised, remote imports from certain sources.
This vulnerability requires the transwiki import feature to be enabled (disabled by default).
The vulnerabilities are reported in versions prior to 1.16.3.
Solution:
Update to version 1.16.3. The vendor suggests the use of URL rewrite features of web servers (e.g. "rewrite_mod" in Apache) to mitigate vulnerability #1. Please see the vendor's advisory for more details.
Provided and/or discovered by:
1) The vendor credits Masato Kinugawa.
2) The vendor credits Suffusion of Yellow.
3) Reported by the vendor.
Original Advisory:
MediaWiki:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html
http://secunia.com/advisories/44142/
Reply 5 : VULNERABILITIES / FIXES - April 13, 2011
BlackBerry Enterprise Server Apache Tomcat Multiple Vulnerabilities
Release Date : 2011-04-13
Criticality level : Less critical
Impact : Manipulation of data
Exposure of sensitive information
DoS
Where : From local network
Solution Status : Vendor Patch
Software: BlackBerry Enterprise Server for Domino 4.x
BlackBerry Enterprise Server for Exchange 4.x
BlackBerry Enterprise Server for Novell GroupWise 4.x
Description:
Research In Motion has acknowledged multiple vulnerabilities in BlackBerry Enterprise Server, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
The vulnerabilities exist in the bundled Apache Tomcat server, which is used by the BlackBerry Administration service.
The vulnerabilities are reported in version 4.1.4 and higher.
Solution:
Apply the Interim Security Software Update (please see the vendor's advisory for details).
Original Advisory:
http://www.blackberry.com/btsc/KB25966
http://secunia.com/advisories/44166/
Release Date : 2011-04-13
Criticality level : Less critical
Impact : Manipulation of data
Exposure of sensitive information
DoS
Where : From local network
Solution Status : Vendor Patch
Software: BlackBerry Enterprise Server for Domino 4.x
BlackBerry Enterprise Server for Exchange 4.x
BlackBerry Enterprise Server for Novell GroupWise 4.x
Description:
Research In Motion has acknowledged multiple vulnerabilities in BlackBerry Enterprise Server, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
The vulnerabilities exist in the bundled Apache Tomcat server, which is used by the BlackBerry Administration service.
The vulnerabilities are reported in version 4.1.4 and higher.
Solution:
Apply the Interim Security Software Update (please see the vendor's advisory for details).
Original Advisory:
http://www.blackberry.com/btsc/KB25966
http://secunia.com/advisories/44166/
Reply 6 : VULNERABILITIES / FIXES - April 13, 2011
Release Date : 2011-04-13
Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Exposure of sensitive information
DoS
Where : From remote
Solution Status : Vendor Patch
Software: BlackBerry Enterprise Server 5.x
Description:
Multiple vulnerabilities have been reported in BlackBerry Enterprise Server, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
1) Certain unspecified input is not properly sanitised in the BlackBerry Web Desktop Manager before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Some vulnerabilities exist in the bundled Apache Tomcat server.
Please see the vendor's advisories for a list of affected products.
Solution:
Apply the Interim Security Software Update (please see the vendor's advisory for details).
Provided and/or discovered by:
1) The vendor credits Ivan Huertas, Cybsec.
2) Reported by the vendor.
Original Advisory:
http://www.blackberry.com/btsc/KB25966
http://www.blackberry.com/btsc/KB26296
http://secunia.com/advisories/44183/
Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Exposure of sensitive information
DoS
Where : From remote
Solution Status : Vendor Patch
Software: BlackBerry Enterprise Server 5.x
Description:
Multiple vulnerabilities have been reported in BlackBerry Enterprise Server, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
1) Certain unspecified input is not properly sanitised in the BlackBerry Web Desktop Manager before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Some vulnerabilities exist in the bundled Apache Tomcat server.
Please see the vendor's advisories for a list of affected products.
Solution:
Apply the Interim Security Software Update (please see the vendor's advisory for details).
Provided and/or discovered by:
1) The vendor credits Ivan Huertas, Cybsec.
2) Reported by the vendor.
Original Advisory:
http://www.blackberry.com/btsc/KB25966
http://www.blackberry.com/btsc/KB26296
http://secunia.com/advisories/44183/
Reply 7 : VULNERABILITIES / FIXES - April 13, 2011
Release Date : 2011-04-13
Criticality level : Less critical
Impact : Security Bypass
Exposure of system information
Privilege escalation
DoS
Where : Local system
Solution Status : Vendor Patch
Operating System: Red Hat Enterprise Linux 5 (Server)
Red Hat Enterprise Linux Desktop 5
Description:
Red Hat has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges.
Solution:
Updated packages are available via Red Hat Network.
Original Advisory:
RHSA-2011:0429-01:
https://rhn.redhat.com/errata/RHSA-2011-0429.html
http://secunia.com/advisories/44136/
Criticality level : Less critical
Impact : Security Bypass
Exposure of system information
Privilege escalation
DoS
Where : Local system
Solution Status : Vendor Patch
Operating System: Red Hat Enterprise Linux 5 (Server)
Red Hat Enterprise Linux Desktop 5
Description:
Red Hat has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges.
Solution:
Updated packages are available via Red Hat Network.
Original Advisory:
RHSA-2011:0429-01:
https://rhn.redhat.com/errata/RHSA-2011-0429.html
http://secunia.com/advisories/44136/
Reply 8 : VULNERABILITIES / FIXES - April 13, 2011
Release Date : 2011-04-13
Criticality level : Less critical
Impact : Hijacking
Where : From remote
Solution Status : Vendor Patch
Software: Xataface 1.x
Description:
A security issue has been reported in Xataface, which can be exploited by malicious people to hijack another user's session.
The security issue is caused due to an error within the output cache feature, which can be exploited to hijack another users session.
Successful exploitation requires that the output cache feature is enabled (disabled by default).
The security issue is reported in versions 1.0 through 1.3rc1.
Solution:
Update to version Xataface 1.3rc2.
Provided and/or discovered by:
Reported by the vendor.
http://secunia.com/advisories/44130/
Criticality level : Less critical
Impact : Hijacking
Where : From remote
Solution Status : Vendor Patch
Software: Xataface 1.x
Description:
A security issue has been reported in Xataface, which can be exploited by malicious people to hijack another user's session.
The security issue is caused due to an error within the output cache feature, which can be exploited to hijack another users session.
Successful exploitation requires that the output cache feature is enabled (disabled by default).
The security issue is reported in versions 1.0 through 1.3rc1.
Solution:
Update to version Xataface 1.3rc2.
Provided and/or discovered by:
Reported by the vendor.
http://secunia.com/advisories/44130/
Reply 9 : VULNERABILITIES / FIXES - April 13, 2011
FirstClass Client Link Input Sanitation and Insecure Library Loading Vulnerabilities
Release Date : 2011-04-13
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched
Software: FirstClass Client 11.x
Description:
Two vulnerabilities have been discovered in FirstClass Client, which can be exploited by malicious people to compromise a user's system.
1) An input sanitation error when processing "FCP://" URL links can be exploited to create an arbitrary file with attacker controlled content via a specially crafted link e.g. sent in an email message.
Successful exploitation of this vulnerability allows execution of arbitrary code, but requires a user to click on a malicious link.
2) The application bundles a vulnerable version of the Pthreads-win32 library, which loads libraries (e.g. quserex.dll) in an insecure manner and can be exploited to load arbitrary libraries by tricking a user into e.g. opening a FC (".fc") file located on a remote WebDAV or SMB share.
The vulnerabilities are confirmed in version 11.005. Other versions may also be affected.
Solution:
Do not open links and files from untrusted users.
Provided and/or discovered by:
1) Kyle Ossinger
2) Mister Teatime
Original Advisory:
http://www.k0ss.net/post/4379731102/firstclass-0day-release-part-1
http://www.k0ss.net/post/4394800170/firstclass-0day-release-part-2-some-fun-tricks
http://secunia.com/advisories/44052/
Release Date : 2011-04-13
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched
Software: FirstClass Client 11.x
Description:
Two vulnerabilities have been discovered in FirstClass Client, which can be exploited by malicious people to compromise a user's system.
1) An input sanitation error when processing "FCP://" URL links can be exploited to create an arbitrary file with attacker controlled content via a specially crafted link e.g. sent in an email message.
Successful exploitation of this vulnerability allows execution of arbitrary code, but requires a user to click on a malicious link.
2) The application bundles a vulnerable version of the Pthreads-win32 library, which loads libraries (e.g. quserex.dll) in an insecure manner and can be exploited to load arbitrary libraries by tricking a user into e.g. opening a FC (".fc") file located on a remote WebDAV or SMB share.
The vulnerabilities are confirmed in version 11.005. Other versions may also be affected.
Solution:
Do not open links and files from untrusted users.
Provided and/or discovered by:
1) Kyle Ossinger
2) Mister Teatime
Original Advisory:
http://www.k0ss.net/post/4379731102/firstclass-0day-release-part-1
http://www.k0ss.net/post/4394800170/firstclass-0day-release-part-2-some-fun-tricks
http://secunia.com/advisories/44052/
Reply 10 : VULNERABILITIES / FIXES - April 13, 2011
Barcode Reader Toolkit "pdf2tif.dll" File Processing Buffer Overflow Vulnerability
Release Date : 2011-04-13
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Software: Barcode Reader Toolkit 7.x
Description:
nSense has reported a vulnerability in Barcode Reader Toolkit, which can be exploited by malicious people to compromise an application using the library.
The vulnerability exists in the bundled version of PDF Extract TIFF dynamic library module pdf2tif.dll.
The vulnerability is reported in version 7.4.1.3. Other versions may also be affected.
Solution:
Update to version 7.4.1.5.
Provided and/or discovered by:
JODE, nSense Vulnerability Research.
Original Advisory:
http://www.nsense.fi/advisories/nsense_2011_001.txt
http://secunia.com/advisories/44095/
Release Date : 2011-04-13
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Software: Barcode Reader Toolkit 7.x
Description:
nSense has reported a vulnerability in Barcode Reader Toolkit, which can be exploited by malicious people to compromise an application using the library.
The vulnerability exists in the bundled version of PDF Extract TIFF dynamic library module pdf2tif.dll.
The vulnerability is reported in version 7.4.1.3. Other versions may also be affected.
Solution:
Update to version 7.4.1.5.
Provided and/or discovered by:
JODE, nSense Vulnerability Research.
Original Advisory:
http://www.nsense.fi/advisories/nsense_2011_001.txt
http://secunia.com/advisories/44095/
Reply 11 : VULNERABILITIES / FIXES - April 13, 2011
Release Date : 2011-04-13
Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch
Operating System: Red Hat Enterprise Linux 5 (Server)
Red Hat Enterprise Linux Desktop 5
RHEL Desktop Workstation 5
Description:
Debian has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
Updated packages are available via Red Hat Network.
Original Advisory:
RHSA-2011:0436-01:
https://rhn.redhat.com/errata/RHSA-2011-0436.html
http://secunia.com/advisories/44131/
Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch
Operating System: Red Hat Enterprise Linux 5 (Server)
Red Hat Enterprise Linux Desktop 5
RHEL Desktop Workstation 5
Description:
Debian has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
Updated packages are available via Red Hat Network.
Original Advisory:
RHSA-2011:0436-01:
https://rhn.redhat.com/errata/RHSA-2011-0436.html
http://secunia.com/advisories/44131/
Reply 12 : VULNERABILITIES / FIXES - April 13, 2011
Release Date : 2011-04-13
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Operating System: Debian GNU/Linux 6.0
Description:
Debian has issued an update for vlc. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.
Solution:
Apply updated packages via the apt-get package manager.
Original Advisory:
DSA-2218-1:
http://www.debian.org/security/2011/dsa-2218
http://secunia.com/advisories/43890/
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Operating System: Debian GNU/Linux 6.0
Description:
Debian has issued an update for vlc. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.
Solution:
Apply updated packages via the apt-get package manager.
Original Advisory:
DSA-2218-1:
http://www.debian.org/security/2011/dsa-2218
http://secunia.com/advisories/43890/
Reply 13 : VULNERABILITIES / FIXES - April 13, 2011
Release Date : 2011-04-13
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched
Software: Microsoft Reader 2.x
Description:
Luigi Auriemma has discovered multiple vulnerabilities in Microsoft Reader, which can be exploited by malicious people to compromise a user's system.
1) An error in msreader.exe when parsing certain eBook content can be exploited to cause a heap-based buffer overflow via a specially crafted LIT (".lit") file.
2) An integer underflow error in msreader.exe when parsing certain eBook content can be exploited to cause a heap-based buffer overflow via a specially crafted LIT (".lit") file.
3) An input validation error in aud_file.dll when processing certain Audible Audio content can be exploited to write a NULL byte to an arbitrary memory location via a specially crafted AA (".aa") file.
Successful exploitation of these vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are confirmed in version 2.1.1.3143. Other versions may also be affected.
Solution:
Do not open files from untrusted sources.
Provided and/or discovered by:
Luigi Auriemma
Original Advisory:
http://aluigi.altervista.org/adv/msreader_2-adv.txt
http://aluigi.altervista.org/adv/msreader_3-adv.txt
http://aluigi.altervista.org/adv/msreader_5-adv.txt
http://secunia.com/advisories/44121/
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched
Software: Microsoft Reader 2.x
Description:
Luigi Auriemma has discovered multiple vulnerabilities in Microsoft Reader, which can be exploited by malicious people to compromise a user's system.
1) An error in msreader.exe when parsing certain eBook content can be exploited to cause a heap-based buffer overflow via a specially crafted LIT (".lit") file.
2) An integer underflow error in msreader.exe when parsing certain eBook content can be exploited to cause a heap-based buffer overflow via a specially crafted LIT (".lit") file.
3) An input validation error in aud_file.dll when processing certain Audible Audio content can be exploited to write a NULL byte to an arbitrary memory location via a specially crafted AA (".aa") file.
Successful exploitation of these vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are confirmed in version 2.1.1.3143. Other versions may also be affected.
Solution:
Do not open files from untrusted sources.
Provided and/or discovered by:
Luigi Auriemma
Original Advisory:
http://aluigi.altervista.org/adv/msreader_2-adv.txt
http://aluigi.altervista.org/adv/msreader_3-adv.txt
http://aluigi.altervista.org/adv/msreader_5-adv.txt
http://secunia.com/advisories/44121/
Reply 14 : VULNERABILITIES / FIXES - April 13, 2011
Release Date : 2011-04-13
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Software: Xceed Zip Compression Library 6.x
Description:
A vulnerability has been discovered in the Xceed Zip Compression Library, which can be exploited by malicious people to potentially compromise an application using the library.
The vulnerability is caused due to a boundary error when processing certain ZIP archives. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted ZIP archive in an application using the library.
The vulnerability is confirmed in version 6.1.7557.0 (DLL). Other versions may also be affected.
Solution:
Update to version 6.5.10316.0.
Provided and/or discovered by:
Originally reported in Vallen Zipper by C4SS!0 G0M3S.
Original Advisory:
http://www.exploit-db.com/exploits/17145/
http://secunia.com/advisories/44099/
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Software: Xceed Zip Compression Library 6.x
Description:
A vulnerability has been discovered in the Xceed Zip Compression Library, which can be exploited by malicious people to potentially compromise an application using the library.
The vulnerability is caused due to a boundary error when processing certain ZIP archives. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted ZIP archive in an application using the library.
The vulnerability is confirmed in version 6.1.7557.0 (DLL). Other versions may also be affected.
Solution:
Update to version 6.5.10316.0.
Provided and/or discovered by:
Originally reported in Vallen Zipper by C4SS!0 G0M3S.
Original Advisory:
http://www.exploit-db.com/exploits/17145/
http://secunia.com/advisories/44099/
Reply 15 : VULNERABILITIES / FIXES - April 13, 2011
Release Date : 2011-04-13
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched
Software: Vallen Zipper 2.x
Description:
A vulnerability has been discovered in Vallen Zipper, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to the use of a vulnerable version of the Xceed Zip Compression Library.
The vulnerability is confirmed in version 2.30 (build 9.1215).
Solution:
Do not open untrusted ZIP archives.
Provided and/or discovered by:
C4SS!0 G0M3S
Original Advisory:
http://www.exploit-db.com/exploits/17145/
http://secunia.com/advisories/44128/
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched
Software: Vallen Zipper 2.x
Description:
A vulnerability has been discovered in Vallen Zipper, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to the use of a vulnerable version of the Xceed Zip Compression Library.
The vulnerability is confirmed in version 2.30 (build 9.1215).
Solution:
Do not open untrusted ZIP archives.
Provided and/or discovered by:
C4SS!0 G0M3S
Original Advisory:
http://www.exploit-db.com/exploits/17145/
http://secunia.com/advisories/44128/
Reply 16 : VULNERABILITIES / FIXES - April 13, 2011
Release Date : 2011-04-13
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Unpatched
Software: Xceed Zip Compression Library 6.x
Description:
A vulnerability has been discovered in the Xceed Zip Compression Library, which can be exploited by malicious people to potentially compromise an application using the library.
The vulnerability is caused due to a boundary error when processing certain ZIP archives. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted ZIP archive in an application using the library.
The vulnerability is confirmed in version 6.5.10316.0 (DLL). Other versions may also be affected.
Solution:
Do not open untrusted ZIP archives in an application using the library.
Provided and/or discovered by:
Variant of a vulnerability originally reported in Vallen Zipper by C4SS!0 G0M3S.
Original Advisory:
http://www.exploit-db.com/exploits/17145/
http://secunia.com/advisories/44129/
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Unpatched
Software: Xceed Zip Compression Library 6.x
Description:
A vulnerability has been discovered in the Xceed Zip Compression Library, which can be exploited by malicious people to potentially compromise an application using the library.
The vulnerability is caused due to a boundary error when processing certain ZIP archives. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted ZIP archive in an application using the library.
The vulnerability is confirmed in version 6.5.10316.0 (DLL). Other versions may also be affected.
Solution:
Do not open untrusted ZIP archives in an application using the library.
Provided and/or discovered by:
Variant of a vulnerability originally reported in Vallen Zipper by C4SS!0 G0M3S.
Original Advisory:
http://www.exploit-db.com/exploits/17145/
http://secunia.com/advisories/44129/
Reply 17 : VULNERABILITIES / FIXES - April 13, 2011
HP Network Node Manager i Java Double Literal Denial of Service Vulnerability
Release Date : 2011-04-13
Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch
Software: HP Network Node Manager i (NNMi) 8.x
HP Network Node Manager i (NNMi) 9.x
Description:
HP has acknowledged a vulnerability in Network Node Manager i, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is reported in versions 8.1x and 9.0x running on HP-UX, Linux, Solaris, and Windows.
Solution:
Apply Hotfixes. Please contact HP Services support channel for details.
Original Advisory:
HPSBUX02642 SSRT100415:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02746026
http://secunia.com/advisories/44186/
Release Date : 2011-04-13
Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch
Software: HP Network Node Manager i (NNMi) 8.x
HP Network Node Manager i (NNMi) 9.x
Description:
HP has acknowledged a vulnerability in Network Node Manager i, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is reported in versions 8.1x and 9.0x running on HP-UX, Linux, Solaris, and Windows.
Solution:
Apply Hotfixes. Please contact HP Services support channel for details.
Original Advisory:
HPSBUX02642 SSRT100415:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02746026
http://secunia.com/advisories/44186/
Reply 18 : VULNERABILITIES / FIXES - April 13, 2011
Fedora Security Update Fixes NSS Fraudulent SSL Certificates Issue
VUPEN ID : VUPEN/ADV-2011-0958
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Release Date : 2011-04-13
Technical Description:
A security issue has been identified in Fedora, which could allow attackers to gain knowledge of sensitive information. This issue is caused by an error related to the use of several revoked and fraudulent SSL certificates for public websites, which could allow attackers to decrypt SSL traffic sent to legitimate web sites by manipulating the DNS servers and using the fraudulent certificates.
Affected Products:
Fedora 14
Solution :
Upgrade the affected package (nss) :
http://docs.fedoraproject.org/yum/
References:
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057821.html
http://www.vupen.com/english/advisories/2011/0958
VUPEN ID : VUPEN/ADV-2011-0958
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Release Date : 2011-04-13
Technical Description:
A security issue has been identified in Fedora, which could allow attackers to gain knowledge of sensitive information. This issue is caused by an error related to the use of several revoked and fraudulent SSL certificates for public websites, which could allow attackers to decrypt SSL traffic sent to legitimate web sites by manipulating the DNS servers and using the fraudulent certificates.
Affected Products:
Fedora 14
Solution :
Upgrade the affected package (nss) :
http://docs.fedoraproject.org/yum/
References:
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057821.html
http://www.vupen.com/english/advisories/2011/0958
Reply 19 : VULNERABILITIES / FIXES - April 13, 2011
HP Network Node Manager i Unauthorized Access and Cross-Site Scripting Vulnerabilities
Release Date : 2011-04-13
Criticality level : Less critical
Impact : Cross Site Scripting
Security Bypass
Where : From remote
Solution Status : Vendor Patch
Software: HP Network Node Manager i (NNMi) 9.x
Description:
Two vulnerabilities have been reported in HP Network Node Manager i, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.
1) An unspecified error can be exploited to gain unauthorized access to certain files.
2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in version 9.00 running on HP-UX, Linux, Solaris, and Windows.
Solution:
Apply patches.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
HPSBMA02643 SSRT100416:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02729035
http://secunia.com/advisories/44185/
Release Date : 2011-04-13
Criticality level : Less critical
Impact : Cross Site Scripting
Security Bypass
Where : From remote
Solution Status : Vendor Patch
Software: HP Network Node Manager i (NNMi) 9.x
Description:
Two vulnerabilities have been reported in HP Network Node Manager i, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.
1) An unspecified error can be exploited to gain unauthorized access to certain files.
2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in version 9.00 running on HP-UX, Linux, Solaris, and Windows.
Solution:
Apply patches.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
HPSBMA02643 SSRT100416:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02729035
http://secunia.com/advisories/44185/
Reply 20 : VULNERABILITIES / FIXES - April 13, 2011
Release Date : 2011-04-13
Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch
Software: SPIP 2.x
Description:
A vulnerability has been reported in SPIP, which can be exploited by malicious users to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error and can be exploited to disconnect the site from the database.
Successful exploitation requires "editor" access.
The vulnerability is reported in versions prior to 2.1.10.
Solution:
Update to version 2.1.10.
Provided and/or discovered by:
The vendor credits Arnault.
Original Advisory:
SPIP:
http://www.spip-contrib.net/Mise-a-jour-de-securite-SPIP-2-1-10
http://secunia.com/advisories/44147/
Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch
Software: SPIP 2.x
Description:
A vulnerability has been reported in SPIP, which can be exploited by malicious users to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error and can be exploited to disconnect the site from the database.
Successful exploitation requires "editor" access.
The vulnerability is reported in versions prior to 2.1.10.
Solution:
Update to version 2.1.10.
Provided and/or discovered by:
The vendor credits Arnault.
Original Advisory:
SPIP:
http://www.spip-contrib.net/Mise-a-jour-de-securite-SPIP-2-1-10
http://secunia.com/advisories/44147/
Reply 21 : VULNERABILITIES / FIXES - April 13, 2011
Release Date : 2011-04-13
Criticality level : Moderately critical
Impact : Exposure of sensitive information
System access
Where : From local network
Solution Status : Vendor Patch
Software: IBM Tivoli Directory Server 5.x
IBM Tivoli Directory Server 6.x
Description:
Two vulnerabilities have been reported in IBM Tivoli Directory Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to compromise a vulnerable system.
1) An error within ibmslapd.exe can be exploited to cause a stack-based buffer overflow.
2) The TDS proxy server stores the user's password in cleartext.
The vulnerabilities are reported in versions 5.2 and 6.0.
Solution:
Apply interim fixes.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
IBM (IO14046, IO14045):
http://www.ibm.com/support/docview.wss?uid=swg24029663
http://www.ibm.com/support/docview.wss?uid=swg24029672
http://secunia.com/advisories/44184/
Criticality level : Moderately critical
Impact : Exposure of sensitive information
System access
Where : From local network
Solution Status : Vendor Patch
Software: IBM Tivoli Directory Server 5.x
IBM Tivoli Directory Server 6.x
Description:
Two vulnerabilities have been reported in IBM Tivoli Directory Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to compromise a vulnerable system.
1) An error within ibmslapd.exe can be exploited to cause a stack-based buffer overflow.
2) The TDS proxy server stores the user's password in cleartext.
The vulnerabilities are reported in versions 5.2 and 6.0.
Solution:
Apply interim fixes.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
IBM (IO14046, IO14045):
http://www.ibm.com/support/docview.wss?uid=swg24029663
http://www.ibm.com/support/docview.wss?uid=swg24029672
http://secunia.com/advisories/44184/
Reply 22 : VULNERABILITIES / FIXES - April 13, 2011
WooThemes "Live Wire" and "Gazette Edition" WordPress Themes Multiple Vulnerabilities
Release Date : 2011-04-13
Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch
Software: Gazette Edition 2.x (theme for WordPress)
Live Wire 2.x (theme for WordPress)
Description:
Two security issues and two vulnerabilities have been reported in WooThemes "Live Wire" and "Gazette Edition" WordPress themes, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
The security issues and vulnerabilities are caused due to a bundled, vulnerable version of TimThumb.
The vulnerabilities are reported in the following products and versions:
* Live Wire version 2.3.1 and prior.
* Gazette Edition version 2.9.4 and prior.
Solution:
Update to the respective latest version.
Provided and/or discovered by:
MustLive
Original Advisory:
http://packetstormsecurity.org/files/view/100238/livewire-xssdos.txt
http://packetstormsecurity.org/files/view/100293/gazette-xssdos.txt
http://secunia.com/advisories/44140/
Release Date : 2011-04-13
Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch
Software: Gazette Edition 2.x (theme for WordPress)
Live Wire 2.x (theme for WordPress)
Description:
Two security issues and two vulnerabilities have been reported in WooThemes "Live Wire" and "Gazette Edition" WordPress themes, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
The security issues and vulnerabilities are caused due to a bundled, vulnerable version of TimThumb.
The vulnerabilities are reported in the following products and versions:
* Live Wire version 2.3.1 and prior.
* Gazette Edition version 2.9.4 and prior.
Solution:
Update to the respective latest version.
Provided and/or discovered by:
MustLive
Original Advisory:
http://packetstormsecurity.org/files/view/100238/livewire-xssdos.txt
http://packetstormsecurity.org/files/view/100293/gazette-xssdos.txt
http://secunia.com/advisories/44140/
Reply 23 : VULNERABILITIES / FIXES - April 13, 2011
TimThumb Cross-Site Scripting and Denial of Service Vulnerabilities
Release Date : 2011-04-13
Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch
Software: TimThumb 1.x
Description:
Two security issues and two vulnerabilities have been reported in TimThumb, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
1) Input passed to the "src" parameter in timthumb.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain unspecified input passed to the URL query string in timthumb.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) The application handles overly large remote image data improperly, which can be exploited to cause a DoS.
4) The application processes overly large image dimensions being passed to the image resizing functionality improperly, which can be exploited to cause a DoS.
Solution:
Update to the latest version.
Provided and/or discovered by:
1) A TimThumb customer within a bug report.
2-4) Disclosed in SVN commits.
Original Advisory:
timthumb Google Code:
http://code.google.com/p/timthumb/issues/detail?id=49
http://code.google.com/p/timthumb/source/detail?r=88
http://code.google.com/p/timthumb/source/detail?r=114
http://code.google.com/p/timthumb/source/detail?r=123
http://secunia.com/advisories/44126/
Release Date : 2011-04-13
Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch
Software: TimThumb 1.x
Description:
Two security issues and two vulnerabilities have been reported in TimThumb, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
1) Input passed to the "src" parameter in timthumb.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain unspecified input passed to the URL query string in timthumb.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) The application handles overly large remote image data improperly, which can be exploited to cause a DoS.
4) The application processes overly large image dimensions being passed to the image resizing functionality improperly, which can be exploited to cause a DoS.
Solution:
Update to the latest version.
Provided and/or discovered by:
1) A TimThumb customer within a bug report.
2-4) Disclosed in SVN commits.
Original Advisory:
timthumb Google Code:
http://code.google.com/p/timthumb/issues/detail?id=49
http://code.google.com/p/timthumb/source/detail?r=88
http://code.google.com/p/timthumb/source/detail?r=114
http://code.google.com/p/timthumb/source/detail?r=123
http://secunia.com/advisories/44126/
No comments:
Post a Comment