Release Date : 2011-03-25
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Software: Google Picasa 3.x
Description:
A vulnerability has been reported in Google Picasa, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening certain files located on a remote WebDAV or SMB share via the "Locate on Disk" functionality.
Successful exploitation may allow the execution of arbitrary code.
Solution:
Update to version 3.8.
Provided and/or discovered by:
Makoto Shiotsuki via JPCERT/CC.
Original Advisory:
JVN#99977321:
http://jvn.jp/en/jp/JVN99977321/index.html
http://secunia.com/advisories/43853/
Reply 1 : VULNERABILITIES / FIXES - March 25, 2011
Release Date : 2011-03-25
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Software: Google Chrome 10.x
Description:
Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.
1) An unspecified buffer error exists in the handling of base strings.
2) A use-after-free error exists within the frame loader.
3) A use-after-free error exists within HTMLCollection.
4) An error when handling CSS can lead to a stale pointer.
5) An error when handling broken node parentage can be exploited to corrupt the DOM tree.
6) An error within the handling of SVG text can lead to a stale pointer.
The vulnerabilities are reported in versions prior to 10.0.648.204.
Solution:
Update to version 10.0.648.204.
Provided and/or discovered by:
The vendor credits:
1) Alex Turpin.
2) Slawomir Blazek.
3-6) Sergey Glazunov.
Original Advisory:
http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html
http://secunia.com/advisories/43859/
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Software: Google Chrome 10.x
Description:
Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.
1) An unspecified buffer error exists in the handling of base strings.
2) A use-after-free error exists within the frame loader.
3) A use-after-free error exists within HTMLCollection.
4) An error when handling CSS can lead to a stale pointer.
5) An error when handling broken node parentage can be exploited to corrupt the DOM tree.
6) An error within the handling of SVG text can lead to a stale pointer.
The vulnerabilities are reported in versions prior to 10.0.648.204.
Solution:
Update to version 10.0.648.204.
Provided and/or discovered by:
The vendor credits:
1) Alex Turpin.
2) Slawomir Blazek.
3-6) Sergey Glazunov.
Original Advisory:
http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html
http://secunia.com/advisories/43859/
Reply 2 : VULNERABILITIES / FIXES - March 25, 2011
Release Date : 2011-03-25
Criticality level : Moderately critical
Impact : Exposure of sensitive information
DoS
Where : From remote
Solution Status : Unpatched
Software: Python 2.6.x
Python 2.7.x
Description:
A security issue has been reported in Python, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).
The security issue is caused due to the urllib/urlib2 redirect handling allowing "file://" URL schemes, which can be exploited to e.g. disclose potentially sensitive information or cause a high resource consumption by returning specially crafted HTTP redirect responses to a Python application using the urllib or urllib2 module.
Solution:
Restrict "file://" URL schemes using a firewall with filtering capabilities.
Provided and/or discovered by:
Reported to the vendor by an unknown person.
Original Advisory:
Python Bug #11662:
http://bugs.python.org/issue11662
http://secunia.com/advisories/43831/
Criticality level : Moderately critical
Impact : Exposure of sensitive information
DoS
Where : From remote
Solution Status : Unpatched
Software: Python 2.6.x
Python 2.7.x
Description:
A security issue has been reported in Python, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).
The security issue is caused due to the urllib/urlib2 redirect handling allowing "file://" URL schemes, which can be exploited to e.g. disclose potentially sensitive information or cause a high resource consumption by returning specially crafted HTTP redirect responses to a Python application using the urllib or urllib2 module.
Solution:
Restrict "file://" URL schemes using a firewall with filtering capabilities.
Provided and/or discovered by:
Reported to the vendor by an unknown person.
Original Advisory:
Python Bug #11662:
http://bugs.python.org/issue11662
http://secunia.com/advisories/43831/
Reply 3 : VULNERABILITIES / FIXES - March 25, 2011
Release Date : 2011-03-25
Criticality level : Moderately critical
Impact : Exposure of sensitive information
DoS
Where : From remote
Solution Status : Unpatched
Software: Python 3.x
Description:
A security issue has been reported in Python, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).
The security issue is caused due to the urllib.request redirect handling allowing "file://" URL schemes, which can be exploited to e.g. disclose potentially sensitive information or cause a high resource consumption by returning specially crafted HTTP redirect responses to a Python application using the urllib.request module.
Solution:
Restrict "file://" URL schemes using a firewall with filtering capabilities.
Provided and/or discovered by:
Reported to the vendor by an unknown person.
Original Advisory:
Python Bug #11662:
http://bugs.python.org/issue11662
http://secunia.com/advisories/43883/
Criticality level : Moderately critical
Impact : Exposure of sensitive information
DoS
Where : From remote
Solution Status : Unpatched
Software: Python 3.x
Description:
A security issue has been reported in Python, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).
The security issue is caused due to the urllib.request redirect handling allowing "file://" URL schemes, which can be exploited to e.g. disclose potentially sensitive information or cause a high resource consumption by returning specially crafted HTTP redirect responses to a Python application using the urllib.request module.
Solution:
Restrict "file://" URL schemes using a firewall with filtering capabilities.
Provided and/or discovered by:
Reported to the vendor by an unknown person.
Original Advisory:
Python Bug #11662:
http://bugs.python.org/issue11662
http://secunia.com/advisories/43883/
Reply 4 : VULNERABILITIES / FIXES - March 25, 2011
Release Date : 2011-03-25
Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Unpatched
Software: Avaya IP Office Manager 8.x
Description:
A vulnerability has been discovered in Avaya IP Office Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing TFTP requests and can be exploited to cause the service to terminate via a specially crafted packet.
Successful exploitation requires the Manager application to be running.
The vulnerability is confirmed in version 8.1 (5). Other versions may also be affected.
Solution:
Restrict access to trusted hosts only (e.g. via MAC-based network access control lists).
Provided and/or discovered by:
Craig Freyman
http://secunia.com/advisories/43819/
Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Unpatched
Software: Avaya IP Office Manager 8.x
Description:
A vulnerability has been discovered in Avaya IP Office Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing TFTP requests and can be exploited to cause the service to terminate via a specially crafted packet.
Successful exploitation requires the Manager application to be running.
The vulnerability is confirmed in version 8.1 (5). Other versions may also be affected.
Solution:
Restrict access to trusted hosts only (e.g. via MAC-based network access control lists).
Provided and/or discovered by:
Craig Freyman
http://secunia.com/advisories/43819/
Reply 5 : VULNERABILITIES / FIXES - March 25, 2011
Linux Kernel "iriap_getvaluebyclass_indication()" Buffer Overflows
Release Date : 2011-03-25
Criticality level : Less critical
Impact : DoS
System access
Where : From local network
Solution Status : Unpatched
Operating System: Linux Kernel 2.6.x
Description:
Two vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
The vulnerabilities are caused due to boundary errors within the "iriap_getvaluebyclass_indication()" function in net/irda/iriap.c, which can be exploited to cause stack-based buffer overflows via overly long names or attributes.
Solution:
Do not use IrDA to interface with untrusted devices.
Provided and/or discovered by:
Dan Rosenberg
Original Advisory:
http://permalink.gmane.org/gmane.linux.network/190145
http://secunia.com/advisories/43841/
Release Date : 2011-03-25
Criticality level : Less critical
Impact : DoS
System access
Where : From local network
Solution Status : Unpatched
Operating System: Linux Kernel 2.6.x
Description:
Two vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
The vulnerabilities are caused due to boundary errors within the "iriap_getvaluebyclass_indication()" function in net/irda/iriap.c, which can be exploited to cause stack-based buffer overflows via overly long names or attributes.
Solution:
Do not use IrDA to interface with untrusted devices.
Provided and/or discovered by:
Dan Rosenberg
Original Advisory:
http://permalink.gmane.org/gmane.linux.network/190145
http://secunia.com/advisories/43841/
Reply 6 : VULNERABILITIES / FIXES - March 25, 2011
SyndeoCMS Cross-Site Scripting and SQL Injection Vulnerabilities
Release Date : 2011-03-25
Criticality level : Moderately critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Unpatched
Software: SyndeoCMS 2.x
Description:
Some vulnerabilities have been discovered in SyndeoCMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
1) Input passed to the "speed" parameter in starnet/addons/scroll_page.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed to the "loc_id" parameter in starnet/addons/page_slideshow.php and in starnet/addons/tv.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) Input passed to the "user_username" parameter in index.php (when "option" is set to "userlogin" or "save_new_password") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and e.g. log-in as an arbitrary user.
The vulnerabilities are confirmed in version 2.9.0. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
High-Tech Bridge SA.
Original Advisory:
High-Tech Bridge SA:
http://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_syndeocms.html
http://www.htbridge.ch/advisory/sql_injection_in_syndeocms.html
http://www.htbridge.ch/advisory/xss_in_syndeocms.html
http://secunia.com/advisories/43834/
Release Date : 2011-03-25
Criticality level : Moderately critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Unpatched
Software: SyndeoCMS 2.x
Description:
Some vulnerabilities have been discovered in SyndeoCMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
1) Input passed to the "speed" parameter in starnet/addons/scroll_page.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed to the "loc_id" parameter in starnet/addons/page_slideshow.php and in starnet/addons/tv.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) Input passed to the "user_username" parameter in index.php (when "option" is set to "userlogin" or "save_new_password") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and e.g. log-in as an arbitrary user.
The vulnerabilities are confirmed in version 2.9.0. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
High-Tech Bridge SA.
Original Advisory:
High-Tech Bridge SA:
http://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_syndeocms.html
http://www.htbridge.ch/advisory/sql_injection_in_syndeocms.html
http://www.htbridge.ch/advisory/xss_in_syndeocms.html
http://secunia.com/advisories/43834/
Reply 7 : VULNERABILITIES / FIXES - March 25, 2011
Release Date : 2011-03-25
Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch
Software: netjukebox 5.x
Description:
AutoSec Tools has discovered a vulnerability in netjukebox, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "skin" parameter in message.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is confirmed in version 5.25.4. Prior versions may also be affected.
Solution:
Update to version 5.26.
Provided and/or discovered by:
AutoSec Tools
Original Advisory:
http://www.autosectools.com/Advisories/netjukebox.5.25_Reflected.Cross-site.Scripting_140.html
http://secunia.com/advisories/43868/
Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch
Software: netjukebox 5.x
Description:
AutoSec Tools has discovered a vulnerability in netjukebox, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "skin" parameter in message.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is confirmed in version 5.25.4. Prior versions may also be affected.
Solution:
Update to version 5.26.
Provided and/or discovered by:
AutoSec Tools
Original Advisory:
http://www.autosectools.com/Advisories/netjukebox.5.25_Reflected.Cross-site.Scripting_140.html
http://secunia.com/advisories/43868/
No comments:
Post a Comment