Wednesday, September 29, 2010
HP System Management Homepage for Linux and Windows: Remote URL Redirection Vulnerability
Users of HP System Management Homepage for Linux and Windows please be advised of a Remote URL Redirection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HPSBMA02584 SSRT100230 rev.1: HP System Management Homepage for Linux and Windows - Remote URL Redirection Vulnerability
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. The vulnerability could be exploited remotely resulting in URL redirection.
Read more at www.criticalwatch.com
HP System Management Homepage (SMH) for Linux and Windows: Remote URL Redirection
Users of HP System Management Homepage (SMH) for Linux and Windows please be advised of a Remote URL Redirection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HPSBMA02583 SSRT100070 rev.1: HP System Management Homepage (SMH) for Linux and Windows - Remote URL Redirection
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. The vulnerability could be exploited remotely resulting in URL redirection to a malicious site.
Read more at www.criticalwatch.com
HP System Management Homepage (SMH) for Linux and Windows: Remote nformation Disclosure
Users of HP System Management Homepage (SMH) for Linux and Windows please be advised of a Remote Information Disclosure vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HPSBMA02578 SSRT100069 rev.1: HP System Management Homepage (SMH) for Linux and Windows - Remote Information Disclosure
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. The vulnerability could be exploited remotely resulting in disclosure of sensitive information.
our Read more at www.criticalwatch.com
Motorito < v2.0 Ni 483: SQL Injection and XSS Vulnerabilities
Users of Motorito < v2.0 Ni 483 please be advised of a SQL Injection and XSS Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Motorito-SA-09/23/2010: Motorito - SQL Injection and XSS Vulnerabilities
VULNERABILITY
-------------------------
SQL Injection and XSS in Motorito < v2.0 Ni 483
DESCRIPTION
-------------------------
This bug was found using CENTOS and the last release of Motorito with
Apache 2.2.3 and PHP 5.1.6.
To exploit the vulnerability only is needed use the version 1.0 of the
HTTP protocol to interact with the application, and it is possible to
check that the variables of the module index.php are not properly
filtered.
Read more at www.criticalwatch.com
Linux 2.6 kernel: vulnerabilities
Users of Linux 2.6 kernel please be advised of Some vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
MDVSA-2010:188: [MDVSA-2010:188] kernel
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always
follow NFS automount symlinks, which allows attackers to have an
unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088)
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem
in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9
does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure
members, which might allow local users to obtain sensitive information
from kernel memory via unspecified vectors. (CVE-2009-3228)Read more at www.criticalwatch.com
FreePBX: Remote Code Execution
Users of FreePBX please be advised of a Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
TWSL2010-005: FreePBX - Remote Code Execution
Finding:
The configuration interface for FreePBX is prone to a remote arbitrary code
execution on the system recordings menu. FreePBX doesn't handle file uploads
in a secure manner, allowing an attacker to manipulate the file extension
and the beginning of the uploaded file name.Read more at www.criticalwatch.com
Saturday, September 25, 2010
Cisco IOS Software Network Address Translation: Vulnerabilities
Users of Cisco IOS Software Network Address Translation please be advised of Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
cisco-sa-20100922-nat: Cisco IOS Software Network Address Translation Vulnerabilities
Summary
=======
The Cisco IOS Software Network Address Translation functionality
contains three denial of service (DoS) vulnerabilities. The first
vulnerability is in the translation of Session Initiation Protocol
(SIP) packets, the second vulnerability in the translation of H.323
packets and the third vulnerability is in the translation of H.225.0
call signaling for H.323 packets.
Read more at www.criticalwatch.com
Cisco IOS Software Internet Group Management Protocol: Denial of Service Vulnerability
Users of Cisco IOS Software Internet Group Management Protocol please be advised of a Denial of Service vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
cisco-sa-20100922-igmp: Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability
Summary
=======
A vulnerability in the Internet Group Management Protocol (IGMP)
version 3 implementation of Cisco IOS Software and Cisco IOS XE
Software allows a remote unauthenticated attacker to cause a reload
of an affected device. Repeated attempts to exploit this
vulnerability could result in a sustained denial of service (DoS)
condition.Read more at www.criticalwatch.com
Cisco IOS: SSL VPN Vulnerability
Users of Cisco IOS please be advised of a SSL VPN vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
cisco-sa-20100922-sslvpn: Cisco IOS SSL VPN Vulnerability
Summary
=======
Cisco IOS Software contains a vulnerability when the Cisco IOS SSL
VPN feature is configured with an HTTP redirect. Exploitation could
allow a remote, unauthenticated user to cause a memory leak on the
affected devices, that could result in a memory exhaustion condition
that may cause device reloads, the inability to service new TCP
connections, and other denial of service (DoS) conditions.
Read more at www.criticalwatch.com
BSI Hotel Booking System: Admin Login Bypass Vulnerability
Users of BSI Hotel Booking System please be advised of an Admin Login Bypass vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
ECHO_ADV_113$2010: BSI Hotel Booking System Admin Login Bypass Vulnerability
Vulnerability:
~~~~~~~~~~~~~~
A vulnerability has been identified in "BSI Hotel Booking System", which could be exploited by attackers to bypass security restrictions into admin panel.
The vulnerability is caused due to an error within the authentication process in admin panel login page,
which could be exploited by a malicious attackers and login into "BSI Hotel Booking System" as an admin.
Successful exploitations allows attacker to access into administrative functions without requiring knowledge of the password.
An attackers while login as admin, may expose any sensitive information about the customers like : customer name, address, email, payment methods & details,etc.
Read more at www.criticalwatch.com
Joomla TimeTrack 1.2.4 Component: Multiple SQL Injection Vulnerabilities
Users of Joomla TimeTrack 1.2.4 Component please be advised of a Multiple SQL Injection Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
TimeTrack-SA-09/22/2010: TimeTrack 1.2.4 Joomla Component Multiple SQL Injection Vulnerabilities
DESCRIPTION
_______________
Many numeric parameters are not properly sanitised before
being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.
Read more at www.criticalwatch.com
libxml2: Denial of Service
Users of libxml2 please be advised of a Denial of Service vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
GLSA 201009-07: [GLSA 201009-07] libxml2: Denial of Service
Impact
======
A remote attacker could entice a user or automated system to open a
specially crafted XML document with an application using libxml2
resulting in a Denial of Service condition.
Read more at www.criticalwatch.com
python-updater: Untrusted search path
Users of python-updater please be advised of an Untrusted search path vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
GLSA 201009-08: [GLSA 201009-08] python-updater: Untrusted search path
Description
===========
Robert Buchholz of the Gentoo Security Team reported that
python-updater includes the current working directory and
subdirectories in the Python module search path (sys.path) before
calling "import".
Impact
======
A local attacker could entice the root user to run "python-updater"
from a directory containing a specially crafted Python module,
resulting in the execution of arbitrary code with root privileges.
Read more at www.criticalwatch.com
Friday, September 24, 2010
tuenti.com: Insecure Direct Reference allow to read of any message user
Users of tuenti.com please be advised of an Insecure Direct Object Reference allow to read of any message user vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
INTERNET SECURITY AUDITORS ALERT 2010-008: Insecure Direct Object Reference in tuenti.com allow to read of any message user
DESCRIPTION
-------------------------
Has been detected a insecure direct object reference vulnerability in
Tuenti.com, that allows the reading of any blog entry of any user,
thus accessing to private messages of Tuenti.com users.
The "blog_entry_id" parameter directly refer to a blog entry, so if a
user change the value of this parameter can access to arbitrary blog
entries.
Read more at www.criticalwatch.com
Atmail WebMail < v6.1.9: Reflected XSS in the login process
Users of Atmail WebMail < v6.1.9 please be advised of a Reflected XSS in the login process vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
INTERNET SECURITY AUDITORS ALERT 2010-009: Reflected XSS in the login process of the Atmail WebMail < v6.1.9
DESCRIPTION
-------------------------
Has been detected a reflected XSS vulnerability in the login process
of the Atmail WebMail, that allows the execution of arbitrary
HTML/script code to be executed in the context of the victim user's
browser.
The code injection is done through the "MailType" parameter, and can
be exploited without a user account in the WebMail.
Read more at www.criticalwatch.com
phpmyadmin: Cross-site scripting vulnerability
Users of phpmyadmin please be advised of a Cross-site scripting vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
MDVSA-2010:186: [MDVSA-2010:186] phpmyadmin Cross-site scripting
Problem Description:
A vulnerability has been found and corrected in phpmyadmin:
Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php
in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote
attackers to inject arbitrary web script or HTML via a server name
(CVE-2010-3263).
Read more at www.criticalwatch.com
CollabNet Subversion Edge Log Parser: XSS/Code Injection Vulnerability
Users of CollabNet Subversion Edge Log Parser please be advised of a XSS/Code Injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
CollabNet-SA-09/21/2010: CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability
Description:
There is a Cross Site Script (XSS) vulnerability that exists in CollabNet
Subversion Edge 1.2 and prior versions. This said vulnerability can be
exploited by sending a crafted request to the CollabNet Subversion. server.
When an administrator tries to view the log file then this XSS Code will get
executed.
Read more at www.criticalwatch.com
OpenSSL: spoofing vulnerability
Users of OpenSSL please be advised of a spoofing vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-990-1: [USN-990-1] OpenSSL spoofing vulnerability
Details follow:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user's session. This update adds backported support
for the new RFC5746 renegotiation extension and will use it when both the
client and the server support it.
Read more at www.criticalwatch.com
Apache: TLS renegotiation vulnerability
Users of Apache please be advised of a TLS renegotiation vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-990-2: [USN-990-2] Apache TLS renegotiation vulnerability
advisory details:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user's session. This update adds backported support
for the new RFC5746 renegotiation extension and will use it when both the
client and the server support it.
Read more at www.criticalwatch.com
New bzip2 packages: fix integer overflow
Users of New bzip2 packages please be advised of fix integer overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
DSA-2112-1: [DSA-2112-1] New bzip2 packages fix integer overflow
Mikolaj Izdebski has discovered an integer overflow flaw in the
BZ2_decompress function in bzip2/libbz2. An attacker could use a
crafted bz2 file to cause a denial of service (application crash)
or potentially to execute arbitrary code. (CVE-2010-0405)
Read more at www.criticalwatch.com
New drupal6 packages: fix several vulnerabilities
Users of New drupal6 packages please be advised of fix several vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
DSA 2113-1: [DSA 2113-1] New drupal6 packages fix several vulnerabilities
Several vulnerabilities have been discovered in drupal6 a fully-featured
content management framework. The Common Vulnerabilities and Exposures
project identifies the following problems:
Several issues have been discovered in the OpenID module that allows
malicious access to user accounts.
Several cross-site scripting (XSS) issues have been discovered in the
Action feature.
Read more at www.criticalwatch.com
bzip2 decompression: Integer overflow
Users of bzip2 decompression please be advised of an Integer overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
FreeBSD-SA-10:08.bzip2: Integer overflow in bzip2 decompression
Problem Description
When decompressing data, the run-length encoded values are not adequately
sanity-checked, allowing for an integer overflow.
An attacker who can cause maliciously chosen inputs to be decompressed can
cause the decompressor to crash. It is suspected that such an attacker
can cause arbitrary code to be executed, but this is not known for certain.
Read more at www.criticalwatch.com
e107 Website System: SQL injection vulnerability
Users of e107 Website System please be advised of a SQL injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HTB22602: SQL injection vulnerability in e107
Product: e107 Website System
Vulnerability Type: SQL Injection
Vulnerability Details:
The vulnerability exists due to failure in the wmessage.php script to properly sanitize user-supplied input in GET parameter. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.
Read more at www.criticalwatch.com
Battle.net Mobile Authenticator: MITM Vulnerability
Users of Battle.net Mobile Authenticator please be advised of a MITM vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Battle.net-SA-09/20/2010: Battle.net Mobile Authenticator MITM Vulnerability
Description:
The vulnerability exists when an attacker is able to intercept the
initialization request and response bodies sent to and from the mobile
device to the server.
An attacker that is capable of intercepting the encrypted request/response
pair will also be able to derive time stamp information.
Read more at www.criticalwatch.com
bzip2: integer overflow
Users of bzip2 please be advised of an integer overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
MDVSA-2010:185: [MDVSA-2010:185] bzip2 integer overflow
Problem Description:
An integer overflow has been found and corrected in bzip2 which could
be exploited by using a specially crafted bz2 file and cause a denial
of service attack (CVE-2010-0405).
Read more at www.criticalwatch.com
Wednesday, September 22, 2010
IB Promotion Advanced Business Web Suite: Vulnerabilities
Users of IB Promotion Advanced Business Web Suite please be advised of a Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
IB-SA-09/20/2010: Vulnerabilities in IB Promotion Advanced Business Web Suite
Affected products:
IB Promotion Advanced Business Web Suite v1.0, IB Pro CMS v1.0 and IB Pro
CMS v2.0. IB Promotion Advanced Business Web Suite - it's previous name of
system IB Pro CMS.
I want to warn you about Cross-Site Scripting and Insufficient
Anti-automation vulnerabilities in IB Promotion Advanced Business Web Suite.
It's Ukrainian commercial CMS.
Read more at www.criticalwatch.com
OmniVista 4760: Alcatel-Lucent - arbitrary code execution
Users of OmniVista 4760 please be advised of an Alcatel-Lucent- arbitrary code execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
n.runs-SA-2010.002: Alcatel-Lucent - arbitrary code execution on OmniVista 4760
Affected Products: OmniVista 4760 server: all versions prior to
release R5.1.06.03.c_Patch3.
Vulnerability: arbitrary code execution
Description:
--------
By sending a long HTTP GET request it is possible to overwrite CPU
registers.
Due to this vulnerability, an attacker can control the execution path
remotely.
Read more at www.criticalwatch.com
Alcatel-Lucent: unauthenticated administrative access to CTI CCA Server
Users of Alcatel-Lucent please be advised of an unauthenticated administrative access to CTI CCA Server vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
n.runs-SA-2010.001: Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server
Affected Products: Versions before 9.0.8.4 of the CCAgent option of
Vulnerability: unauthenticated administrative access to CTI CCA Server
Description:
--------
Besides the tracking and managing of all connected agents with their
computers
and phones, the server also has remote management and debugging facilities
for
administrators.
For the administration of the server the same tcp/ip ports are used for the
registration of the out of office call center agents.Read more at www.criticalwatch.com
bzip2: integer-overflow vulnerability
Users of bzip2 please be advised of an integer-overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-986-1: [USN-986-1] bzip2 integer-overflow vulnerability
Details follow:
An integer overflow was discovered in bzip2. If a user or automated system
were tricked into decompressing a crafted bz2 file, an attacker could cause
bzip2 or any application linked against libbz2 to crash or possibly execute
code as the user running the program.
Read more at www.criticalwatch.com
ClamAV: integer-overflow vulnerability
Users of ClamAV please be advised of an integer-overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-986-2: [USN-986-2] ClamAV integer-overflow vulnerability
advisory details:
An integer overflow was discovered in bzip2. If a user or automated system
were tricked into decompressing a crafted bz2 file, an attacker could cause
bzip2 or any application linked against libbz2 to crash or possibly execute
code as the user running the program.
Read more at www.criticalwatch.com
dpkg: integer-overflow vulnerability
Users of dpkg please be advised of an integer-overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-986-3: [USN-986-3] dpkg integer-overflow vulnerability
advisory details:
An integer overflow was discovered in bzip2. If a user or automated system
were tricked into decompressing a crafted bz2 file, an attacker could cause
bzip2 or any application linked against libbz2 to crash or possibly execute
code as the user running the program.
Read more at www.criticalwatch.com
PHP: code execution security vulnerabilities
Users of PHP please be advised of a code execution security vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-989-1: [USN-989-1] PHP code execution, security vulnerabilities
Details follow:
Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc
requests. An attacker could exploit this issue to cause the PHP server to
crash, resulting in a denial of service. This issue only affected Ubuntu
6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-0397)
It was discovered that the pseudorandom number generator in PHP did not
provide the expected entropy. An attacker could exploit this issue to
predict values that were intended to be random, such as session cookies.
This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10.
(CVE-2010-1128)
Read more at www.criticalwatch.com
Tuesday, September 21, 2010
New xulrunner packages: fix regression
Users of New xulrunner packages please be advised of a fix regression vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
DSA-2106-2: [DSA-2106-2] New xulrunner packages fix regression
DSA-2106-1 introduced a regression that could lead to an application
crash. This update fixes this problem.
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications.
For the stable distribution (lenny), the problem has been fixed in
version 1.9.0.19-5. The packages for the mips architecture are not
included in this update. They will be released as soon as they become
available.Read more at www.criticalwatch.com
New squid3 packages: fix denial of service
Users of New squid3 packages please be advised of a fix denial of service vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
DSA 2111-1: [DSA 2111-1] New squid3 packages fix denial of service
Phil Oester discovered that squid3, a fully featured Web Proxy cache, is
prone to a denial of service attack via a specially crafted request that
includes empty strings.Read more at www.criticalwatch.com
New Linux 2.6.26 packages: fix several issues
Users of New Linux 2.6.26 packages please be advised of a fix several issues vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
DSA 2110-1: [DSA 2110-1] New Linux 2.6.26 packages fix several issues
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information leak.
The Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2010-2492
Andre Osterhues reported an issue in the eCryptfs subsystem. A buffer
overflow condition may allow local users to cause a denial of service
or gain elevated privileges.
Read more at www.criticalwatch.com
HP System Management Homepage (SMH): Remote XSS, HTTP Response Splitting and other Vulnerabilities
Users of HP System Management Homepage (SMH) please be advised of a Remote XSS, HTTP Response Splitting and other vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HPSBMA02568 SSRT100219 rev.2: HP System Management Homepage (SMH) Remote XSS, HTTP Response Splitting, others
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), HTTP response splitting, Denial of Service (DoS), information disclosure, and data modification.
Read more at www.criticalwatch.com
Free Simple CMS: path sanitization errors
Users of Free Simple CMS please be advised of a path sanitization errors vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
oCERT-2010-003: [oCERT-2010-003] Free Simple CMS path sanitization errors
Description:
Free Simple CMS, an open source content management system, suffers from
remote file inclusion vulnerabilities.
Insufficient path sanitization on several query string parameters leads to
inclusion of arbitrary files from remote sources, this could be exploited to
execute arbitrary command or code.
Read more at www.criticalwatch.com
Firefox and Xulrunner: Several dangling pointer vulnerabilities
Users of Firefox and Xulrunner please be advised of a Several dangling pointer vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-975-2: [USN-975-2] Firefox and Xulrunner regression
Details follow:
Several dangling pointer vulnerabilities were discovered in Firefox. An
attacker could exploit this to crash the browser or possibly run arbitrary
code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,CVE-2010-3167)
Blake Kaplan and Michal Zalewski discovered several weaknesses in the
XPCSafeJSObjectWrapper (SJOW) security wrapper. If a user were tricked into
viewing a malicious site, a remote attacker could use this to run arbitraryJavaScript with chrome privileges. (CVE-2010-2762)Read more at www.criticalwatch.com
Thunderbird: Several dangling pointer vulnerabilities
Users of Thunderbird please be advised of a Several dangling pointer vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-978-2: [USN-978-2] Thunderbird regression
Original advisory details:
Several dangling pointer vulnerabilities were discovered in Thunderbird. An
attacker could exploit this to crash Thunderbird or possibly run arbitrary
code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,
CVE-2010-3167)
It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper
did not always honor the same-origin policy. If JavaScript was enabled, an
attacker could exploit this to run untrusted JavaScript from other domains.
(CVE-2010-2763)
Read more at www.criticalwatch.com
Thunderbird: Several dangling pointer vulnerabilities
Users of Thunderbird please be advised of a Several dangling pointer vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-978-2: [USN-978-2] Thunderbird regression
advisory details:
Several dangling pointer vulnerabilities were discovered in Thunderbird. An
attacker could exploit this to crash Thunderbird or possibly run arbitrary
code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,
CVE-2010-3167)
It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper
did not always honor the same-origin policy. If JavaScript was enabled, an
attacker could exploit this to run untrusted JavaScript from other domains.
(CVE-2010-2763)
Read more at www.criticalwatch.com
Thunderbird: Several dangling pointer vulnerabilities
Users of Thunderbird please be advised of a Several dangling pointer vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-978-2: [USN-978-2] Thunderbird regression
advisory details:
Several dangling pointer vulnerabilities were discovered in Thunderbird. An
attacker could exploit this to crash Thunderbird or possibly run arbitrary
code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,
CVE-2010-3167)
It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper
did not always honor the same-origin policy. If JavaScript was enabled, an
attacker could exploit this to run untrusted JavaScript from other domains.
(CVE-2010-2763)
Read more at www.criticalwatch.com