 |
Wireshark Multiple Vulnerabilities
updated: 4-Jul-09
Multiple vulnerabilities have been discovered in Wireshark < 1.0.8 which allow for Denial of Service (application crash) or remote code execution.
A remote attacker could exploit these vulnerabilities by sending specially crafted packets on a network being monitored by Wireshark or by enticing a user to read a malformed packet trace file which can trigger a Denial of Service (application crash or excessive CPU and memory usage) and possibly allow for the execution of arbitrary code with the privileges of the user running Wireshark.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4683
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1829
Apache Tomcat JK Connector Information Disclosure
updated: 4-Jul-09
Apache Tomcat mod_jk < 1.2.27 does not properly handle (1) requests setting the "Content-Length" header while not providing data and (2) clients sending repeated requests very quickly.
A remote attacker could send specially crafted requests or a large number of requests at a time, possibly resulting in the disclosure of a response intended for another client.
Upgrade Apache Tomcat JK Connector to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519
phpMyAdmin Multiple Vulnerabilities
updated: 4-Jul-09
Multiple errors in phpMyAdmin < 2.11.9.5 might allow the remote execution of arbitrary code or a Cross-Site Scripting attack.
A remote unauthorized attacker could exploit the first vulnerability to execute arbitrary code with the privileges of the user running phpMyAdmin and conduct Cross-Site Scripting attacks using the second vulnerability.
Upgrade phpMyAdmin to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1151
Ruby Denial of Service
updated: 4-Jul-09
BigDecimal in ext/bigdecimal/bigdecimal.c of Ruby < 1.8.6_p369 does not properly handle string arguments containing overly long numbers.
A remote attacker could exploit this issue to remotely cause a Denial of Service attack.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904
osTicket v1.6 RC4 Admin Login Blind SQLi
updated: 4-Jul-09
osTicket prior to v1.6 RC5 fails to validate / escape staff usernames which can be abused to execute a blind SQL injection attack by an unauthenticated attacker.
Upgrade to the latest version.
Reference
ttp://osticket.com/forums/project.php?issueid=118
libpng Information Disclosure
updated: 4-Jul-09
libpng < 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file.
A remote attacker might entice a user to open a specially crafted PNG file, possibly resulting in the disclosure of sensitive memory portions.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
HP Network Node Manager rping Stack Buffer Overflow Vulnerability
updated: 4-Jul-09
A stack based buffer overflow vulnerability exists within the 'rping' application of HP Network Node Manager 7.53 for Linux.
Successful exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the affected service. On RedHat Enterprise 4, the application is started as the user 'bin'. 'rping' is not compiled with compiler protections such as stack cookies or the -pie flag, which makes exploitation less difficult.
Install the patch from HP.
Reference
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=810
http://support.openview.hp.com/selfsolve/patches
Trillian SSL Certificate Vulnerability
updated: 4-Jul-09
Trillian does not check SSL certificate before sending MSN user credentials. An attacker is able to obtain MSN username and password with a spoofed certificate and no alert is generated to the user.
This vulnerability was found in Trillian Basic 3.1. Other versions and/or protocols may also be affected.
Gizmo SSL Certificate Vulnerability
updated: 4-Jul-09
Gizmo does not check SSL certificate before sending user credentials.
An attacker is able to obtain username and password with a spoofed certificate and no alert is generated to the user.
This vulnerability was found in Gizmo for Linux 3.1.0.79. Other versions may also be affected.
aMSN SSL Certificate Vulnerability
updated: 4-Jul-09
aMSN does not check SSL certificate before sending MSN user credentials. An attacker is able to obtain MSN username and password with a spoofed certificate and no alert is generated to the user.
This vulnerability was found in aMSN 0.97.2. Other versions may also be affected.
Unisys Business Information Server Stack Buffer Overflow
updated: 4-Jul-09
A stack based buffer overflow was found in Unisys Business Information Server 10 could allow an attacker to execute arbitrary code with the privileges of the affected service.
If attackers send a packet to the Unisys Business Information Server over a TCP port, the attacker can corrupt stack memory and gain arbitrary code execution.
10. Previous versions may also be affected.
Install the patch from Unisys.
Reference
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=808
ftp://ftp.support.unisys.com/pub/mapper/NT/BIS10.1/Readme.txt
Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow
updated: 4-Jul-09
A stack-based buffer overflow was reported in Motorola Timbuktu Pro 8.6.5 since the software fails to properly handle user-supplied data passed through a named pipe session. When the PlughNTCommand named pipe receives an overly large character string, a buffer overflow will occur resulting in arbitrary code execution.
Install the patch from Motorola.
Reference
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=809
http://www.netopia.com/software/products/tb2/win/upgrade_version_8.html
Vulnerabilities in Cisco Video Surveillance Products
updated: 4-Jul-09
Cisco Video Surveillance Stream Manager firmware for the Cisco Video Surveillance Services Platforms and Cisco Video Surveillance Integrated Services Platforms contain a denial of service (DoS) vulnerability that could result in a reboot on systems that receive a crafted packet.
Cisco Video Surveillance 2500 Series IP Cameras contain an information disclosure vulnerability that could allow an authenticated user to view any file on a vulnerable camera.
Install the update from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20090624-video.shtml
Cisco Physical Access Gateway Denial of Service Vulnerability
updated: 4-Jul-09
A denial of service (DoS) vulnerability exists in the Cisco Physical Access Gateway. There are no workarounds available to mitigate the vulnerability.
This vulnerability has been corrected in Cisco Physical Access Gateway software version 1.1. Install the update from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20090624-gateway.shtml
ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow
updated: 4-Jul-09
There exists a vulnerability within a function of the ToolTalk database server (rpc.ttdbserverd), which when properly exploited can lead to remote compromise of the vulnerable system.
AIX 5.1.0 to 6.1.3 are affected. Install the fix from IBM.
Reference
http://risesecurity.org/advisories/RISE-2009001.txt
http://aix.software.ibm.com/aix/efixes/security/libtt_advisory.asc
Nokia 6212 classic URI spoofing and DoS
updated: 4-Jul-09
The Nokia 6212 Classic mobile phone has multiple security vulnerabilities in the code that parses and displays the content of a NDEF tags and plain URI tags.
Reference
http://mulliner.org/security/advisories/
CA Service Desk Tomcat Cross Site Scripting
updated: 4-Jul-09
The release of Tomcat as included with CA Service Desk r11.2 is potentially susceptible to a cross-site scripting vulnerability.
Install the fix from CA.
Reference
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500
CA ARCserve Backup Message Engine Denial of Service
updated: 4-Jul-09
CA ARCserve Backup r12.0 SP 1 and prior contains multiple vulnerabilities in the message engine that can allow a remote attacker to cause a denial of service.
Install the update from CA.
Reference
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209502
CA ARCserve Backup Message Engine Denial of Service
updated: 4-Jul-09
CA ARCserve Backup r12.0 SP 1 and prior contains multiple vulnerabilities in the message engine that can allow a remote attacker to cause a denial of service.
Install the update from CA.
Reference
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209502
Netgear DG632 Router Remote DoS Vulnerability
updated: 4-Jul-09
The "/cgi-bin/" directory of the administrative web interface of Netgear DG632 Router, there exists a file called "firmwarecfg". This file is used for firmware upgrades. A HTTP POST request for this file causes the web server to hang. The web server will stop responding to requests and the administrative interface will become inaccessible until the router is physically restarted.
Reference
http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt
Netgear DG632 Router Authentication Bypass Vulnerability
updated: 4-Jul-09
Vulnerabilities were found in the web administration interface of netgear DG632 router that enables an attacker to access files and data without authentication.
Reference
http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt
Multiple Vendor WebKit Error Handling Use After Free Vulnerability
updated: 14-Jun-09
A memory corruption vulnerability was reported in WebKit browser engine, when JavaScript code is used to set a certain property of an HTML tag within a web page. When JavaScript code sets this property, child elements of the tag are freed. However, when an error in the remaining HTML is encountered, these previously freed tag values are referenced. The freed memory is then treated as a C++ object, which can lead to attacker controlled values being used as function pointers.
WebKit is used by multiple applications, including Google Chrome and Apple Safari (including Safari on the iPhone): Google Chrome 1.0.154.53, Safari 3.2.1 (5525.27.1), and Safari 3.1.1 running on iPhone 2.2.1 (5525.27.1).
Disabling JavaScript will prevent exploitation of this vulnerability, or install the patch from Apple.
Reference
http://support.apple.com/kb/HT3613
Adobe Reader/Acrobat TrueType Font Processing Memory Corruption
updated: 14-Jun-09
A memory corruption vulnerability exists in Adobe Reader and Acrobat PDF reader 7.1.0, 8.1.3, 9.0.0 when processing PDF documents and handling TrueType fonts, which could allow an attacker to execute arbitrary code with the privileges of the current user.
Upgrade to the latest version.
Reference
http://www.adobe.com/support/security/bulletins/apsb09-07.html
Adobe Reader and Acrobat FlateDecode Integer Overflow
updated: 14-Jun-09
An integer overflow vulnerability was reported in Adobe Acrobat and Acrobat PDF reader 7.1.0, 8.1.3, 9.0.0 and prior, when parsing a FlateDecode filter inside a PDF file.
FlateDecode is a filter for data compressed with zlib deflate compression method. Several parameters can be specified for the FlateDecode filter. Those values are used in an arithmetic operation that calculates the number of bytes to allocate for a heap buffer. This calculation can overflow, which results in an undersized heap buffer being allocated. This buffer is then overflowed with data decompressed from the FlateDecode stream. This leads to a heap-based buffer overflow that can result in arbitrary code execution.
Upgrade to the latest version.
Reference
http://www.adobe.com/support/security/bulletins/apsb09-07.html
Adobe Acrobat and Reader JBIG2 Filter Heap Overflow
updated: 14-Jun-09
A vulnerability was reported in Adobe Acrobat and Reader caused by an integer overflow error within the JBIG2 filter when processing certain data streams within a PDF file, which could allow attackers to cause a heap overflow and execute arbitrary code by tricking a user into opening a specially crafted document.
Adobe Acrobat and Readers prior to 9.1.2, 8.1.6 or 7.1.3 are affected. Upgrade to the latest version.
Reference
http://www.adobe.com/support/security/bulletins/apsb09-07.html
Mozilla Firefox Java Applet Loading Vulnerability
updated: 14-Jun-09
Firefox 3.0.7, 3.0.8, and 3.0.9 for Windows with JRE 6 Update 13
Has a vulnerability due to a race condition when accessing the private data of an NPObject JS wrapper class object if navigating away from a web page while loading a Java applet. This can be exploited via a specially crafted web page to use already freed memory.
Successful exploitation may allow execution of arbitrary code. Update to version 3.0.11.
Reference
http://secunia.com/secunia_research/2009-19/
Insufficient Default Privileges in Serena Dimensions CM
updated: 14-Jun-09
Serena Dimensions CM 10.1 and later contains a vulnerability that allows users with any role on a Dimensions product to have read access to all of its containing items.
Remove the rule "User holds any role on the product owning the object" for the privilege "Download Files from Project".
Adobe Reader U3D RHAdobeMeta Stack Overflow Vulnerability
updated: 14-Jun-09
Adobe Acrobat 7.1.0, 8.1.3, 9.0.0 and prior contains flaws when parsing malformed U3D model files contained in a PDF. When a specially crafted extension block of a model is processed, insufficient bounds checking is done before a call to wcsncpy(). Because of this a stack overflow can occur resulting in reliable code execution. Proper exploitation of this vulnerability will result in system compromise under the credentials of the currently logged in user.
Upgrade to the latest version.
Reference
http://www.adobe.com/support/security/bulletins/apsb09-07.html
http://www.zerodayinitiative.com/advisories/ZDI-09-042
F5 FirePass Cross-Site Scripting Vulnerability
updated: 14-Jun-09
A Cross-Site Scripting vulnerability was reported in the F5 Networks FirePass SSL VPN controller. This vulnerability can be used to execute arbitrary JavaScript code on the computer of a user as if it genuinely originated from the target domain.
Install the hotfix from F5 Networks.
Reference
https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106
https://support.f5.com/kb/en-us/solutions/public/10000/100/sol10143.html
MS09-027 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution
updated: 14-Jun-09
A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Office Word 2002, Word 2003, Word 2007, Office 2004 for Mac, and Office 2008 are affected. Install the security update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms09-027.mspx
MS09-026 Vulnerability in RPC Could Allow Elevation of Privilege
updated: 14-Jun-09
An elevation of privilege vulnerability exists in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately. The failure to update internal state could lead to a pointer being read from an incorrect location. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected. Install the security update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms09-026.mspx
MS09-025 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
updated: 14-Jun-09
4 elevation of privilege vulnerabilities were reported in the Windows kernel of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
An attacker who successfully exploited any of these vulnerabilities could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
Install the security update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms09-025.mspx
MS09-024 Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution
updated: 14-Jun-09
A remote code execution vulnerability exists in the way that the Works for Windows document converters handle specially crafted Works files. The vulnerability could allow remote code execution if a user opens a specially crafted .wps file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Office Word 2000, Word 2002, Word 2003 with the Microsoft Works 6-9 File Converter, Word 2007 SP1, and Microsoft Works 8.5 and 9 are affected. Install the security update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms09-024.mspx
MS09-023 Vulnerability in Windows Search Could Allow Information Disclosure
updated: 14-Jun-09
An information disclosure vulnerability exists in Windows Search due to the way file previews are generated. Attempts to exploit this vulnerability require user interaction.
An attacker who successfully exploited this vulnerability could run a malicious HTML script that could disclose information, forward user data to a third party, or access any data on the affected systems that was accessible to the logged-on user.
Windows XP and Windows Server 2003 are affected. Install the security update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms09-023.mspx
MS09-022 Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution
updated: 14-Jun-09
3 vulnerabilities were reported in Windows Print Spooler of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.
The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request.
Install the security update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx
DX Studio Player Firefox Plug-in Command Injection
updated: 14-Jun-09
DX Studio Player plug-in prior to 3.0.29.1 for Firefox is vulnerable to a remote command execution vulnerability.
Upgrade to DX Studio Player 3.0.29.1.
Reference
http://www.coresecurity.com/content/DXStudio-player-firefox-plugin
MS09-021 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution
updated: 14-Jun-09
Several vulnerabilities were reported in Microsoft Office Excel 2000, 2002, 2003, and 2007; Microsoft Office 2004, 2008 for Mac; Open XML File Format Converter for Mac; and all supported versions of Microsoft Office Excel Viewer and Microsoft Office Compatibility Pack.
Successful exploitation could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Install the security update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms09-021.mspx
MS09-020 Vulnerabilities in Internet Information Services Could Allow Elevation of Privilege
updated: 14-Jun-09
2 elevation of privilege vulnerabilities were reported in Microsoft Internet Information Services (IIS), in the way that the WebDAV extension for IIS handles HTTP requests.
The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication. These vulnerabilities allow an attacker to bypass the IIS configuration that specifies which type of authentication is allowed, but not the file system-based access control list (ACL) check that verifies whether a file is accessible by a given user. Successful exploitation of these vulnerabilities would still restrict the attacker to the permissions granted to the anonymous user account by the file system ACLs.
Microsoft Internet Information Services on all supported editions of Microsoft Windows 2000, XP, and 2003 are affected. Install the security update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms09-020.mspx
MS09-019 Cumulative Security Update for Internet Explorer
updated: 14-Jun-09
8 vulnerabilities were reported in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Internet Explorer 5.01, 6 Service Pack 1, 7, and 8 are affected. Install the security update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx
MS09-018 Vulnerabilities in Active Directory Could Allow Remote Code Execution
updated: 14-Jun-09
2 vulnerabilities were reported in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003.
The more severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
Install the security update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms09-018.mspx
Adobe Reader JBIG2 Text Region Segment Buffer Overflow
updated: 14-Jun-09
Adobe Reader 7.1.0, 8.1.3, 9.0.0 and prior contain a vulnerability due to a boundary error in the processing of Huffman encoded JBIG2 text region segments. This can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
Successful exploitation may allow execution of arbitrary code. Update to version 9.1.2, 8.1.6, or 7.1.3.
Reference
http://secunia.com/secunia_research/2009-24/
Apple Safari Remote Memory Corruption Vulnerability
updated: 14-Jun-09
A memory corruption vulnerability was reported in Apple Safari 4.0, occurs when handling HTML table elements. A remote attacker may craft a malicious webpage and lure an unsuspecting user. When the page is viewed and these elements are processed, arbitrary code execution may occur resulting in the victim machine being compromised.
Install the security updates from Apple.
Reference
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3318
Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow
updated: 14-Jun-09
Adium Adiumx and Pidgin Pidgin contain a heap overflow flaw in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution.
Install update from vendor.
Reference
http://pidgin.im/news/security/?id=32
http://www.zerodayinitiative.com/advisories/ZDI-09-031
SAP GUI Buffer Overflow Vulnerability
updated: 14-Jun-09
SAP GUI for Windows 6.4 contains ActiveX component SAPIrRfc which is vulnerable to Buffer overflow attack.
Attacker can construct html page which will call vulnerable function "Accept" from ActiveX Object SAPIrRfc with long parameter. When user open this vulnerable page it will occur DOS (Example 1) or full remote control on target system (Example2 execute calc.exe aviable by request).
Install the fix from SAP.
Reference
http://dsecrg.com/pages/vul/show.php?id=115
https://service.sap.com/sap/support/notes/1286637
http://dsecrg.com/pages/vul/show.php?id=115
HP Discovery & Dependency Mapping Inventory Remote Unauthorized Access
updated: 7-Jun-09
A potential security vulnerability has been identified with HP Discovery & Dependency Mapping Inventory (DDMI) running on Windows. The vulnerability could be exploited remotely to gain unauthorized access to DDMI agents.
HP Discovery & Dependency Mapping Inventory (DDMI) 7.51 and prior running on Windows are affected. Install the fix from HP.
Joomla! JA_Purity Multiple Persistent XSS
updated: 7-Jun-09
JA_Purity template is bundled in Joomla! 1.5.10 and fails to sanitized user supplied input. An attacker can inject JavaScript or DHTML that will be saved in the cookie making persistent, running in the context of targeted user browser, allowing him to steal cookies.
Upgrade to version 1.5.11.
Apple QuickTime Sorenson Video 3 Content Parsing Vulnerability
updated: 7-Jun-09
Apple QuickTime 7.60 was found containing a vulnerability caused by an error in the parsing of Sorenson Video 3 content. This can be exploited to corrupt memory by tricking a user into viewing a specially crafted movie file.
Successful exploitation may allow execution of arbitrary code. Update to version 7.6.2.
Reference
http://secunia.com/secunia_research/2009-10/
http://support.apple.com/kb/HT3591
Apache Tomcat Information Disclosure Vulnerability
updated: 7-Jun-09
Apache Tomcat 6.0.0 to 6.0.18, 5.5.0 to 5.5.27 and 4.1.0 to 4.1.39 allowed a web application to replace the XML parser used by Tomcat to process web.xml, context.xml and tld files. If a web application is the first web application loaded, these bugs allow that web application to potentially view and/or alter the web.xml, context.xml and tld files of other web applications deployed on the Tomcat instance.
Install the patch or upgrade to a safer version.
Reference
https://issues.apache.org/bugzilla/show_bug.cgi?id=29936 https://issues.apache.org/bugzilla/show_bug.cgi?id=45933
Apache Tomcat information disclosure vulnerability
updated: 7-Jun-09
Due to insufficient error checking in some authentication classes, Tomcat allows for the enumeration (brute force testing) of usernames by supplying illegally URL encoded passwords. The attack is possible if form based authentication (j_security_check) with one of the following authentication realms is used: MemoryRealm, DataSourceRealm or JDBCRealm.
Apache Tomcat 4.1.0 to 4.1.39, 5.5.0 to 5.5.27, and 6.0.0 to 6.0.18 are affected. Upgrade to a safer version or apply the patch from Apache.
Reference
http://tomcat.apache.org/security.html
Apache Tomcat denial of service vulnerability
updated: 7-Jun-09
If Tomcat receives a request with invalid headers via the Java AJP connector, it does not return an error and instead closes the AJP connection. In case this connector is member of a mod_jk load balancing worker, this member will be put into an error state and will be blocked
from use for approximately one minute. Thus the behaviour can be used for a denial of service attack using a carefully crafted request.
Apache Tomcat 4.1.0 to 4.1.39, 5.5.0 to 5.5.27, and 6.0.0 to 6.0.18 are affected. Upgrade to a safer version or apply the patch from Apache.
Reference
http://tomcat.apache.org/security.html
Apple QuickTime Image Description Atom Sign Extension Memory Corruption
updated: 7-Jun-09
When the data format field (offset 4 of the sample description table extension) is 'RVZA' (Apple Video), it is possible to trigger a sign extension vulnerability which leads to a buffer underflow in Apple QuickTime prior to 7.6.2.
By writing to memory regions below the buffer's VA, An attacker may overwrite crucial data such as function pointers, flags, heap structures and so forth. Doing so may allow an attacker to alter the normal control flow of the application and execute arbitrary code.
A simple attack vector would be to lure the victim to browse to a web site controlled by the attacker, which serves a malicious QuickTime file that exploits this vulnerability.
Upgrade to a safer version.
Reference
http://support.apple.com/kb/HT3591
Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability
updated: 7-Jun-09
A flaw has been identified in CUPS, when handling the 'IPP_TAG_UNSUPPORTED' tag, which could be exploited by attackers to cause a remote pre-authentication denial of service.
This flaw was fixed in Mac OS X 10.5.7 by updating CUPS to 1.3.10. Apple intends to fix it on Mac OS X 10.4 in a future update. All CUPS users should upgrade the software to 1.3.10.
Reference
http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability
Apple Terminal xterm Resize Escape Sequence Memory Corruption
updated: 7-Jun-09
Apple OS X was reported containing a vulnerability when handling of 'CSI[4' xterm window resizing escape code. When a very low negative value for (x, y) size is set, an integer overflow occurs resulting in a memory corruption. This can be further leveraged to execute arbitrary code under the context of the logged in user.
Apple has issued an update to correct this vulnerability.
Reference
http://dvlabs.tippingpoint.com/advisory/TPTI-09-04
http://support.apple.com/kb/HT3549
Apple iTunes Multiple Protocol Handler Buffer Overflow Vulnerabilities
updated: 7-Jun-09
A flaw was reported in the URL handlers associated with Apple iTunes. When processing URLs via the protocol handlers "itms", "itmss", "daap", "pcast", and "itpc" an exploitable stack overflow occurs. Successful exploitation can lead to a remote system compromise under the credentials of the currently logged in user.
Apple has issued an update to correct this vulnerability.
Reference
http://support.apple.com/kb/HT3592
Apple Quicktime PICT Opcode 0x71 Heap Overflow Vulnerability
updated: 7-Jun-09
Apple Quicktime contains a flaw in the parsing of PICT files in QuickTime.qts. While processing data for opcode 0x71 QuickTime trusts a value contained in the file and makes an allocation accordingly. By providing a malicious value this buffer can be undersized and subsequently can be overflowed leading to arbitrary code execution under the context of the user running QuickTime.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Apple has issued an update to correct this vulnerability.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-09-030
http://support.apple.com/kb/HT3591
Apple QuickTime Jpeg2000 Marker Size Heap Overflow Vulnerability
updated: 7-Jun-09
Apple Quicktime contains a flaw during the parsing of malformed Jpen2000 image files. A field is read directly from the file and used to allocate memory for a structure. If the value read is smaller then the expected structure size then a memory corruption will occur which can be leveraged by an attacker to execute arbitrary code under the context of the current user.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Apple has issued an update to correct this vulnerability.
Reference
http://support.apple.com/kb/HT3591
http://www.zerodayinitiative.com/advisories/ZDI-09-029
Apple QuickTime CRGN Atom Parsing Heap Buffer Overflow Vulnerability
updated: 7-Jun-09
Apple Quicktime contains a flaw during parsing of Clipping Region (CRGN) atom types in a Quicktime Movie file. The application trusts the contents of the atom to contain a terminator during a copy operation. The application will copy user-supplied data into a heap-buffer until it identifies this terminator. This will allow one to overwrite heap-control structures which can be leveraged to achieve code execution from the context of the application.
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must either open a malicious file, or visit a malicious web page.
Apple has issued an update to correct this vulnerability.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-09-028
http://support.apple.com/kb/HT3591
Apple Quicktime PICT Opcode 0x8201 Heap Overflow Vulnerability
updated: 7-Jun-09
Apple Quicktime contains a flaw when parsing of PICT files in QuickTime.qts. While processing data for opcode 0x8201 QuickTime trusts a value contained in the file and makes an allocation accordingly. The process then enters a loop whose terminating condition is controlled. The previously allocated heap buffer can be overflowed leading to arbitrary code execution under the context of the user running QuickTime.
Apple has issued an update to correct this vulnerability.
Reference
http://support.apple.com/kb/HT3591
http://www.zerodayinitiative.com/advisories/ZDI-09-027
Apple QuickTime Packed-bit Decoding Heap Overflow Vulnerability
updated: 7-Jun-09
Apple Quicktime contains a flaw when the application parses a malformed .PSD image. While decoding the columns, rows and channels in the image header, the application trusts a different length for copying than used for allocating it. This results in a heap overflow and can lead to code execution under the context of the current user.
Apple has issued an update to correct this vulnerability.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-09-026
http://support.apple.com/kb/HT3591
Apple Quicktime Picture Viewer FLC Delta-Encoded Frame Decompression Vulnerability
updated: 7-Jun-09
Apple Quicktime has a flaw during decompression of a delta-encoded chunk. The algorithm to decompress the frame trusts a line specifier when calculating where to write decompressed data. This results in a relative
write using attacker supplied values which can lead to remove code execution under the context of the current user.
Apple has issued an update to correct this vulnerability.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-09-025
http://support.apple.com/kb/HT3591
Apple QuickTime Sorenson Video 3 Content Parsing Vulnerability
updated: 7-Jun-09
A vulnerability was reported in Apple QuickTime < 7.6.2, caused by an error in the parsing of Sorenson Video 3 content. This can be exploited to corrupt memory by tricking a user into viewing a specially crafted movie file.
Successful exploitation may allow execution of arbitrary code. Update to version 7.6.2.
Reference
http://secunia.com/secunia_research/2009-10/
Apple QuickTime MS ADPCM Encoding Buffer Overflow
updated: 7-Jun-09
Apple QuickTime version 7.6 contains a vulnerability is caused by an error in the processing of MS ADPCM encoded audio data. This can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file.
Successful exploitation may allow execution of arbitrary code. Update to version 7.6.2.
Reference
http://secunia.com/secunia_research/2009-6/
Safenet SoftRemote IKE Service Remote Stack Overflow Vulnerability
updated: 7-Jun-09
Safenet SoftRemote < 10.8.6 contains a buffer overflow vulnerability in the ireIke.exe service listening on UDP port 62514. The process does not adequately handle long requests resulting in a stack overflow. Exploitation can result in complete system compromise
under the SYSTEM credentials.
Upgrade to version 10.8.6.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-09-024
|
|
