 |
Multiple Flaws in Axesstel MV 410R
updated: 4-Jul-09
Axesstel MV 410R firmware and its default configuration have many flaws, which allow remote unauthorized access to device and the internal network behind it.
Restrict access to device only from LAN, change the default administrator password (still can be sniffed in LAN), enable Wi-Fi encryption, turn on clients MAC addresses filtering and turn off SSID broadcasting.
ModSecurity Denial of Service
updated: 4-Jul-09
Two vulnerabilities were discovered in ModSecurity < 2.5.9, namely a NULL pointer dereference when processing multipart requests without a part header name and the "PDF XSS protection" feature does not properly handle HTTP requests to a PDF file that do not use the GET method.
A remote attacker might send requests containing specially crafted multipart data or send certain requests to access a PDF file, possibly resulting in a Denial of Service (crash) of the Apache HTTP daemon.
Upgrade ModSecurity to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1903
libwmf User-assisted execution of arbitrary code
updated: 4-Jul-09
libwmf < 0.2.8.4-r3 bundles an old GD version which contains a "use-after-free" vulnerability.
A remote attacker could entice a user to open a specially crafted WMF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.
Upgrade libwmf to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1364
Nagios Vulnerability
updated: 4-Jul-09
It was discovered that Nagios prior to 2.11 and 3.06 did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.
Upgrade to a safer version.
FCKeditor Input Sanitization Errors
updated: 4-Jul-09
The input of several connector modules of FCKeditor <= 2.6.4 is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows file uploading to arbitrary locations. The affected code is remotely exposed before authentication. An attacker can exploit this vulnerability to install remote shells on the victim server among other things, it should be noted that this vulnerability is being actively exploited in the wild.
Additionally several XSS vulnerabilities are present in the packaged samples directory.
Install the patch from the developer.
Reference
http://www.ocert.org/advisories/ocert-2009-007.html
Joomla! Multiple XSS vulnerabilities in HTTP Headers
updated: 4-Jul-09
Joomla! < 1.5.12 fails to sanitized user supplied input. An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing him to steal cookies. HTTP headers are not properly parsed, concretly the HTTP_REFERER variable.
An attacker can redirect the victim to a site with this script for executing javascript code in the victim's browser. The PoC creates a crafted HTTP request with malicious data in the HTTP_REFERER header.
Upgrade to version 1.5.12
radware AppWall Source Code Disclosure
updated: 4-Jul-09
The radware AppWall Web Application Firewall operates as a reverse proxy between the clients and the web server to be protected.
All HTTP requests are checked before being forwarded to the web server. The system can be administered via a separate management interface which is normally not accessible for external users. The web interface is realized using the PHP programming language. Some of the functionality is stored in include files and embedded when needed.
The files have a *.inc extension and are not interpreted by the web server. A user/attacker with access to the web management interface can therefore access parts of the product source code by requesting the included files directly.
radware Gateway 4.6.0.2 / AppWall 1.0.2.6 are affected.
phion airlock Web Application Firewall Remote DoS and Command Execution
updated: 4-Jul-09
The phion airlock Web Application Firewall operates as a reverse proxy between the clients and the web server to be protected.
All HTTP requests are checked before being forwarded to the web server. The system can be administered via a separate management interface which is normally not accessible for external users.
By sending a specially crafted HTTP GET request an attacker with access to the management interface (but no authentication needed) is able to conduct a denial of service attack.
phion airlock Web Application Firewall 4.1-10.41 and prior are affected. Install the hotfix from vendor.
Reference
https://techzone.phion.com/hotfix_HF4112
Artofdefence Hyperguard Web Application Firewall Remote Denial of Service
updated: 4-Jul-09
The Artofdefence Hyperguard Web Application Firewall operates as a reverse proxy module between the clients and the web server to be protected. All HTTP requests are checked before being forwarded to the web server. By sending specially crafted HTTP POST requests an attacker is able to trigger high memory usage on the WAF. By repeatedly sending the request the available memory is exhausted resulting in a kernel panic and therefore a denial of service.
The vulnerability can be triggered by sending HTTP POST requests with a high "Content-Length" header value set but without transmitting any content. Artofdefence Hyperguard is available as a plug-in for several web servers. The vulnerability was confirmed in connection with the Apache web server module. Other modules have not been tested.
Artofdefence Hyperguard Web Application Firewall 3.1.1 branch prior to 3.1.1-11637 is affected. Install the update from vendor.
Sourcefire 3D Sensor and DC, Privilege Escalation Vulnerability
updated: 4-Jul-09
A privilege escalation vulnerability found in the web based management interfaces of Sourcefire 3D Sensor and Defense Center 4.8.x allows any local account to take over the appliances administrator role.
While the "user.cgi" PERL script correctly validates that incoming requests belong to an authenticated session, in such a case it also blindly grants read/write access to all accounts configuration with no regard for the role of the request's originator.
Therefore a user with even the lowest level of access (ie. without any role configured) is able to promote himself as administrator and/or change others roles and account parameters at will.
Depending of the role or roles initially configured for this user, access to the user management page may not be visible into the interface's layout however the underlying script itself is still reachable and can be invoked "by hand".
Upgrade the appliance software to 4.8.2.
Reference
https://support.sourcefire.com/
|
|
