Network Security

AERAsec
Network Security
Current Security Messages


Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!


This is some information you send:

Your Browser

CCBot/2.0 (http://commoncrawl.org/faq/)

Your IP address

ec2-54-82-49-200.compute-1.amazonaws.com [54.82.49.200]

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen month 12 / 2008

System: All
Topic: Vulnerability in MD5
Links: TUE, VU#836068,
Cisco, ESB-2009.0065
ID: ae-200812-068

MD5 is a widely used hash algorithm. A new paper points out a weakness in the MD5 algorithm than might result in collision attacks, at least in principle. In 2008, researchers demonstrated the practical vulnerability of Public Key Infrastructures (PKI) to such attacks, including the construction of an SSL certificate that allows an attacker to impersonate a trusted root Certificate Authority (CA). Most operating systems bundle a collection of trusted CA certificates, including some that use the MD5 signing algorithm, providing obvious targets for attackers to spoof. A workaround is not known until now, so it's recommended not to use MD5 any more.

System: Sun Solaris
Topic: Vulnerabilities in Sun Fire Server Firmware
Links: Sun Alert #246746, CVE-2008-5685, ESB-2008.1122
ID: ae-200812-067

An IP spoofing security vulnerability in mid-range Sun Fire Server's Firmware may allow unauthorized access to system controllers. This might lead to Root compromize as well as inappropriate access as well as Denial-of-Service (DoS). New releases of the firmware and patches solve this problem.

System: Sun Solaris
Topic: Vulnerability in Sun Solaris Kerberos
Links: Sun Alert #244866, CVE-2008-5690, ESB-2008.1121
ID: ae-200812-066

A security vulnerability in the management of Solaris Kerberos (see kerberos(5)) credential renewal may allow a local unprivileged user to prevent other users from authenticating to the Kerberos server. This is a type of Denial-of-Service (DoS). Patches are available now.

System: Various
Topic: Vulnerability in libICE
Links: Sun Alert #243566, CVE-2008-5684, ESB-2008.1120
ID: ae-200812-065

A security vulnerability in the X Inter Client Exchange library (libICE) may allow a local or remote unprivileged user to crash an application that dynamically links to libICE. The ability to crash an application is a type of Denial-of-Service (DoS). For some systems a patch is available.

System: Sun Solaris
Topic: Vulnerability in Sun SNMP Management Agent
Links: Sun Alert #248646, ESB-2008.1163
ID: ae-200812-064

An insecure temporary file vulnerability in the Sun Simple Network Management Protocol (SNMP) Management Agent may allow a local unprivileged user to overwrite any system file or gain root privileges. The Sun SNMP Management Agent ("SUNWmasf") 1.5.5 or later solves this potential problem.

System: Debian GNU/Linux
Topic: Vulnerabilities in php-xajax and phppgadmin
Links: DSA-1692, CVE-2007-2739, ESB-2008.1161, DSA-1693, CVE-2007-2865, CVE-2007-5728, CVE-2008-5587, ESB-2008.1162
ID: ae-200812-063

Php-xajax is a library to develop Ajax applications. URLs are not sufficiently sanitised, so it allows attackers to perform cross-site scripting attacks by using malicious URLs. Phppgadmin is a tool to administrate PostgreSQL database over the web. Several remote exploitable vulnerabilities have been found. They allow attackers to inject arbitrary web script or HTML as well as to exploit a directory traversal vulnerability. Updated packages are available now.

System: Microsoft Windows
Topic: Vulnerabilities in Trend Micro HouseCall ActiveX control
Links: Trend Micro, CVE-2008-2435, VU#702628, VU#541025, AA-2008.0265
ID: ae-200812-062

The Trend Micro HouseCall ActiveX control contains two vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. An updated version of this control remedies this problem.

System: Microsoft Windows
Topic: Vulnerability in Microsoft SQL Server
Links: SEC Consult, CVE-2008-4270, VU#696644, Microsoft, milw0rm, AU-2008.0028, AA-2008.0266
ID: ae-200812-061

Some versions of Microsoft SQL Server contain a vulnerability in the "sp_replwriterovarbin" stored procedure. The vulnerability could allow an attacker to modify heap memory and potentially execute arbitrary code. Exploit code is publicly available for this vulnerability. A patch isn't available yet, but a workaround is described in the advisory.

System: FreeBSD
Topic: Vulnerabilities in ftpd and protosw
Links: FreeBSD-SA-08:12, CVE-2008-4247, ESB-2008.1159
FreeBSD-SA-08:13, ESB-2008.1160
ID: ae-200812-060

Ftpd(8) is a general-purpose implementation of File Transfer Protocol (FTP) server that is shipped with the FreeBSD base system. The ftpd(8) server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command, leading to a Cross-Site request forgery (XSRF) attack.
The FreeBSD kernel provides support for a variety of different types of communications sockets. Some function pointers for netgraph and bluetooth sockets are not properly initialized. Due to this a local user can cause the FreeBSD kernel to execute arbitrary code, including a root exploit.
Updated packages are available for download now.

System: Debian GNU/Linux
Topic: Vulnerabilities in avahi and moodle
Links: DSA-1690, CVE-2007-3372, CVE-2008-5081, ESB-2008.1154
DSA-1691, CVE-2007-3555, CVE-2008-1502, CVE-2008-3325, CVE-2008-3326, CVE-2008-4796, CVE-2008-4810, CVE-2008-4811, CVE-2008-5432, ESB-2008.1155
ID: ae-200812-059

Two Denial-of-Service (DoS) vulnerabilities have been found in avahi, a multicast DNS implementation. DoS can be triggered by UDP packets with source port 0 or via an empty TXT record over D-Bus. Several remote vulnerabilities have been discovered in Moodle, an online course management system. The issues are ranging from cross site scripting to remote code execution. Updated packages are available now.

System: Sun Solaris 10
Topic: Vulnerability in zfs
Links: Sun Alert #246207, ESB-2008.1153
ID: ae-200812-058

A change in boot architecture introduced when installing Solaris 10 kernel patches 137137-09 (SPARC) and 137138-09 (x86) may cause systems to run out of space in the root filesystem and become unbootable. Please refer to the advisory for more information.

System: Sun Solaris / OpenSolaris
Topic: Vulnerability in Sun Solaris Name Service Cache Daemon
Links: Sun Alert #242006, ESB-2008.1152
ID: ae-200812-057

A security vulnerability in the Solaris name service cache daemon (nscd(1M)) may allow local unprivileged users to gain access to unauthorized information and gain elevated privileges. A patch remedies this problem.

System: Hewlett-Packard
Topic: Vulnerabilities in Storage Management Appliance (SMA)
Links: HPSBST02394, SSRT080183, HPSBST02397, SSRT080187, ESB-2008.1150, ESB-2008.1158
ID: ae-200812-056

Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA. Patches are available to fix all vulnerabilities mentioned in MS08-070 up to MS08-078.

System: Debian GNU/Linux
Topic: Vulnerabilities in courier-authlib and proftpd-dfsg
Links: DSA-1688, CVE-2008-2380, CVE-2008-2667, ESB-2008.1151
DSA-1689, CVE-2008-4242, ESB-2008.1149
ID: ae-200812-055

Two SQL injection vulnerabilities have been found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used. A similar issue affects the PostgreSQL database interface.
Further on, the FTP server ProFTPD is vulnerable to Cross-Site request forgery (XSRF) attacks and executes arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
Updated packages are solving these problems.

System: Various
Topic: Vulnerability in phpMyAdmin
Links: PMASA-2008-10, CVE-2008-5621, milw0rm, ESB-2008.1147
ID: ae-200812-054

A logged-in user can be subject of SQL injection through cross site request forgery. Several scripts in phpMyAdmin are vulnerable and the attack can be made through table parameter. A patch is available now, fixing this vulnerability. It can also be fixed by a new version.

System: Sun Solaris 10 / OpenSolaris
Topic: Vulnerability in Sun Solaris IP Tunnel Parameter Processing
Links: TKADV2008-015, Sun Alert #242266, ESB-2008.1142
ID: ae-200812-053

A security vulnerability in the Solaris 10 IP tunnel parameter processing may allow a local unprivileged user the ability to panic the system or execute arbitrary commands with all (super-user) privileges. The ability to panic a system is a type of Denial-of-Service (DoS). A patch remedies this problem.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in java-1.6.0-bea, java-1.5.0-bea, and java-1.4.2-bea
Links: RHSA-2008-1043, RHSA-2008-1044, RHSA-2008-1045, CVE-2008-3103, CVE-2008-3104, CVE-2008-3103, CVE-2008-3106, CVE-2008-3108, CVE-2008-3109, CVE-2008-3110, ESB-2008.1141
ID: ae-200812-052

Several vulnerabilities were found in the BEA WebLogic JRockit JRE and SDK. Affected are the packages java-1.6.0-bea, java-1.5.0-bea, and java-1.4.2-bea. Fixed packages are available now.

System: Linux
Topic: Vulnerability in Adobe Flash Player
Links: APSB08-24, CVE-2008-5499, ESB-2008.1146, RHSA-2008-1047, ESB-2008.1148, SUSE-SA:2008:059, TLSA-2008-44
ID: ae-200812-051

A critical vulnerability has been identified in Adobe Flash Player for Linux that could allow an attacker who successfully exploits this potentialr vulnerability to take control of the affected system. A specially formed SWF must be loaded in Flash Player for Linux by the user for an attacker to exploit this potential vulnerability. Fixed software is available now.

System: Various
Topic: Vulnerabilities in Drupal
Links: DRUPAL-SA-2008-074, DRUPAL-SA-2008-075, ESB-2008.1138, ESB-2008.1139
ID: ae-200812-050

Multiple vulnerabilities have been discovered in several Drupal third-party modules. Fixed software is available and should be installed now.

System: SuSE Linux
Topic: Vulnerabilities in clamav, IBM Java, freeradius, and squirrelmail
Links: SUSE-SR:2008:028, ESB-2008.1134
ID: ae-200812-049

A SUSE Security Summary reports about vulnerabilities in the packages clamav, IBM Java, freeradius, and squirrelmail. Updated packages are available now and should be installed on vulnerable systems.

System: Red Hat Enterprise Linux 3
Topic: Vulnerabilities in Kernel
Links: RHSA-2008-0973, CVE-2007-6063, CVE-2008-0598, CVE-2008-2136, CVE-2008-2812, CVE-2008-3275, CVE-2008-3525, CVE-2008-4210, ESB-2008.1137
ID: ae-200812-048

Several vulnerabilities have been found in the kernel of Red Hat Enterprise Linux 3. Fixed kernel packages are available now.

System: Various
Topic: Vulnerabilities in Mozilla Firefox, Thunderbird, and Seamonkey
Links: Mozilla, RHSA-2008-1036, RHSA-2008-1037, ESB-2008.1136, MDVSA-2008:244, SUSE-SA:2008:058, RHSA-2009-0002, ESB-2009.0007, DSA-1696, DSA-1697, DSA-1704, DSA-1707, ESB-2009.0014, ESB-2009.0015, ESB-2009.0050, ESB-2009.0062, TLSA-2009-1, SUSE-SA:2009:002
ID: ae-200812-047

Multiple vulnerabilities were found in the Mozilla Firefox browser. Also affected are Thunderbird and Seamonkey. Fixed software is available now.

System: Apple Mac OS X
Topic: New Apple Security Update available
Links: APPLE-SA-2008-12-15, ESB-2008.1123
ID: ae-200812-046

Apple has published the security update 2008-008 for Mac OS X. It fixes multiple vulnerabilities in ATS, BOM, CoreGraphics, CoreServices, CoreTypes, Flash Player, Kernel, Libsystem, Managed Client, network_cmds, Podcast Producer, and UDF. It's recommended to install this update.

System: Red Hat Enterprise Linux 5
Topic: Vulnerabilities in Kernel
Links: RHSA-2008-1017, CVE-2008-3831, CVE-2008-4554, CVE-2008-4576, ESB-2008.1129
ID: ae-200812-045

Several vulnerabilities have been found in the kernel of Red Hat Enterprise Linux 5. Fixed kernel packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in pidgin and cups
Links: RHSA-2008-1023, CVE-2008-2955, CVE-2008-2957, CVE-2008-3532, ESB-2008.1126,
RHSA-2008-1028, RHSA-2008-1029, CVE-2008-5183, CVE-2008-5286, ESB-2008.1124, ESB-2008.1125
ID: ae-200812-044

Several vulnerabilities were found in Pidgin, a multi-protocol Internet Messaging client.
Several vulnerabilities were found in CUPS, the Common UNIX® Printing System.
Updated packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in Linux Kernel 2.6.x
Links: DSA-1687, CVE-2008-3527, CVE-2008-3528, CVE-2008-4554, CVE-2008-4576, CVE-2008-4933, CVE-2008-4934, CVE-2008-5025, CVE-2008-5029, CVE-2008-5079, CVE-2008-5182, CVE-2008-5300, ESB-2008.1128
ID: ae-200812-043

Several vulnerabilities have been discovered in the Linux kernel that may lead to a Denial-of-Service or privilege escalation. The Linux Kernel 2.6.24 fixes these problems.

System: Various
Topic: Vulnerabilities in enscript
Links: CVE-2008-3863, CVE-2008-4306, DSA-1670, ESB-2008.1070, RHSA-2008-1016, RHSA-2008-1021, ESB-2008.1127, MDVSA-2008:243
ID: ae-200812-042

Several buffer overflows have been discovered in Enscript, a converter from ASCII text to Postscript, HTML or RTF. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in no-ip
Links: DSA-1686, CVE-2008-5297, ESB-2008.1119
ID: ae-200812-041

A buffer overflow has been discovered in the HTTP parser of the No-IP.com Dynamic DNS update client, which may result in the execution of arbitrary code. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in uw-imap
Links: DSA-1685, CVE-2008-5005, CVE-2008-5006, ESB-2008.1118
ID: ae-200812-040

Uw-imap is an IMAP implementation. Now, two vulnerabilities have been found. It has been discovered that several buffer overflows can be triggered via a long folder extension argument to the tmail or dmail program. This could lead to arbitrary code execution. Additionally, it has been discovered that a NULL pointer dereference could be triggered by a malicious response to the QUIT command leading to a Denial-of-Service (DoS). Upgrading to the latest version solves these problems.

System: Microsoft Windows
Topic: Vulnerability in Microsoft Internet Explorer
Links: Microsoft, MS08-078, CVE-2008-4844, VU#493881, AL-2008.0126, AL-2008.0130, AL-2008.0131
ID: ae-200812-039

A serious vulnerability has been identified in Microsoft Internet Explorer 6, 7, and 8, which is currently being exploited in the wild. Workarounds are descriped in the advisory. A patch is available now.

System: Various
Topic: Vulnerability in Sun Java System Portal Server
Links: Sun Alert 243886, ESB-2008.1117
ID: ae-200812-038

A security vulnerability in the Sun Java Web Console components of the Sun Java System Portal Server may allow a remote unprivileged user to gain unauthorized access to certain local files within the Portal Server installation. As a result, any user may be allowed to view the configuration information of the Portal Server. Patches are available now.

System: Various
Topic: Vulnerability in Sun xVM VirtualBox
Links: Sun Alert 247326, CVE-2008-5256, ESB-2008.1116
ID: ae-200812-037

An insecure temporary file creation security vulnerability in Sun xVM VirtualBox may allow a local unprivileged user to create or overwrite arbitrary files, with the access privileges of the user running the VirtualBox. Patches are available now.

System: HP-UX
Topic: Vulnerabilitiy in DCE
Links: HPSBUX02393 SSRT080057, CVE-2008-4418, ESB-2008.1110
ID: ae-200812-036

A security vulnerability has been identified with HP-UX running DCE. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Patches are available now.

System: Various
Topic: Vulnerabilities in Drupal
Links: SA-2008-073, ESB-2008.1111
ID: ae-200812-035

Multiple vulnerabilities and weaknesses were discovered in Drupal. Fixed software is available and should be installed now.

System: Microsoft Windows
Topic: Vulnerability in Microsoft Office SharePoint Server
Links: MS08-077, CVE-2008-4032, ESB-2008.1108
ID: ae-200812-034

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Media Components
Links: MS08-076, CVE-2008-3009, CVE-2008-3010, ESB-2008.1107
ID: ae-200812-033

No further comment due to legal reasons

System: Microsoft Windows Vista / Sever 2008
Topic: Vulnerabilities in Microsoft Windows Search
Links: MS08-075, CVE-2008-4268, CVE-2008-4269, AL-2008.0124, VU#468227
ID: ae-200812-032

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Office Excel
Links: MS08-074, CVE-2008-4264, CVE-2008-4265, CVE-2008-4266, AL-2008.0123
ID: ae-200812-031

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Internet Explorer
Links: MS08-073, CVE-2008-4258, CVE-2008-4259, CVE-2008-4260, CVE-2008-4261, VU#493881, AL-2008.0122
ID: ae-200812-030

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Office Word
Links: MS08-072, CVE-2008-4024, CVE-2008-4025, CVE-2008-4026, CVE-2008-4027, CVE-2008-4028, CVE-2008-4030, CVE-2008-4031, CVE-2008-4837, AL-2008.0121
ID: ae-200812-029

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Windows
Links: MS08-071, CVE-2008-2249, CVE-2008-3465, AL-2008.0120
ID: ae-200812-028

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Visual Basic 6.0 Runtime Extended Files
Links: MS08-070, CVE-2008-3704, CVE-2008-4252, CVE-2008-4253, CVE-2008-4254, CVE-2008-4255, CVE-2008-4256, AL-2008.0119
ID: ae-200812-027

No further comment due to legal reasons

System: Debian GNU/Linux
Topic: Vulnerabilities in lcms
Links: DSA-1684, CVE-2008-5316, CVE-2008-5317, ESB-2008.1113
ID: ae-200812-026

Two vulnerabilities have been found in lcms, a library and set of commandline utilities for image color management. Fixed packages are available now.

System: SuSE Linux
Topic: Vulnerabilities in squirrelmail, gnutls, rubygem-activerecord, rubygem-actionpack, samba, dbus-1, pdns, php5, and pam_krb5
Links: SUSE-SR:2008:027
ID: ae-200812-025

A SUSE Security Summary reports about vulnerabilities in the packages squirrelmail, gnutls, rubygem-activerecord, rubygem-actionpack, samba, dbus-1, pdns, php5, and pam_krb5. Updated packages are available now and should be installed on vulnerable systems.

System: Debian GNU/Linux
Topic: Vulnerabilities in streamripper
Links: DSA-1683, CVE-2008-4337, CVE-2008-4829, ESB-2008.1101
ID: ae-200812-024

Multiple buffer overflows involving HTTP header and playlist parsing have been discovered in streamripper. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in SquirrelMail
Links: DSA-1682, CVE-2008-2379, ESB-2008.1098
ID: ae-200812-023

It was discovered that SquirrelMail, a webmail application, did not sufficiently sanitise incoming HTML email, allowing an attacker to perform cross site scripting through sending a malicious HTML email. Fixed packages are available now.

System: Mandriva Linux
Topic: Vulnerability in ClamAV
Links: MDVSA-2008:239, CVE-2008-5314
ID: ae-200812-022

ClamAV is an anti-virus solution. ClamAV contains a Denial-of-Service condition in its JPEG file processing because it doesn't limit the recursion depth when processing JPEG thumbnails. Updated packages are available now.

System: SuSE Linux
Topic: Vulnerabilities in Linux Kernel 2.6.x
Links: SUSE-SA:2008:057, CVE-2008-3528, CVE-2008-4210, CVE-2008-4395, CVE-2008-5029
ID: ae-200812-021

Several further vulnerabilities have been discovered in the Linux kernel of SuSE Linux 9, that may lead to a Denial-of-Service. An updated Linux Kernel fixes this problem.

System: Some
Topic: Vulnerability in TWiki
Links: TWiki, CVE-2008-5304, ISS #312
ID: ae-200812-020

In versions of TWiki 4.2.3 and older, a shell metacharacter vulnerability was discovered in the way that the SEARCH TWikiVariable handles the "date" keyword. User input is passed to the perl "eval" command without first being properly sanitized. Arbitrary code execution is tedious due to some input filtering that takes place. So it's recommended to install the latest version 4.2.4 or to apply the corresponding hotfix.

System: Firmware
Topic: Vulnerabilities in Linksys WVC54GC
Links: VU#528993, VU#639345, CVE-2008-4390, CVE-2008-4391, ESB-2008.1100
ID: ae-200812-019

The Linksys WVC54GC wireless video camera insecurely sends initial configuration information over the network, which can allow a remote, unauthenticated attacker to intercept video streams, access wireless network authentication credentials, modify the device firmware, or cause a Denial-of-Service (DoS) to the video camera. Further on, the Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Firmware 1.25 has been published, solving these problems.

System: Mandriva Linux
Topic: Vulnerability in libsamplerate
Links: MDVSA-2008:238, CVE-2008-5008
ID: ae-200812-018

A buffer overflow has been found in the libsamplerate library versions prior to 0.1.4 that could possibly lead to the execution of arbitrary code via a specially crafted audio file. An update is available now.

System: SuSE Linux
Topic: Vulnerabilities in Linux Kernel
Links: SUSE-SA:2008:056, CVE-2007-6716, CVE-2008-3528, CVE-2008-4210
ID: ae-200812-017

Some vulnerabilities have been discovered in the Linux kernel that may lead to a Denial-of-Service. A patch updates the SUSE Linux Enterprise 10 SP1 kernel.

System: Debian GNU/Linux
Topic: Vulnerabilities in Linux Kernel 2.6.x
Links: DSA-1681, CVE-2008-3528, CVE-2008-4554, CVE-2008-4576, CVE-2008-4618, CVE-2008-4933, CVE-2008-4934, CVE-2008-5025, CVE-2008-5029, CVE-2008-5134, CVE-2008-5182, CVE-2008-5300, ESB-2008.1095
ID: ae-200812-016

Several vulnerabilities have been discovered in the Linux kernel that may lead to a Denial-of-Service or privilege escalation. The Linux Kernel 2.6.24 fixes these problems.

System: Red Hat Enterprise Linux 4 / 5
Topic: Vulnerability in java-1.6.0-sun
Links: RHSA-2008-1018, RHSA-2008-1025, CVE-2008-2086, ESB-2008.1093
ID: ae-200812-015

The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. A vulnerability was found in in Java Web Start. If a user visits a malicious website, an attacker could misuse this flaw to execute arbitrary code. Additionally, new packages fix several other critical vulnerabilities.

System: Red Hat Enterprise Linux 5
Topic: Vulnerabilities in Red Hat Application Stack v2
Links: RHSA-2008-0966, CVE-2007-6420, CVE-2008-2364, CVE-2008-2939, ESB-2008.1091
ID: ae-200812-014

The Red Hat Application Stack is an integrated open source application stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise Application Platform (EAP) 4.2. Three vulnerabilities have been found in the Application Stack, leading to remote control of the web server, Cross-Site Scripting atttack as well as Cross-Site Request Forgery. Red Hat Application Stack v2.2 is available now, closing the vulnerabilities.

System: Many
Topic: Vulnerabilities in Sun Java Runtime Environment (JRE) and Java SE Development Kit (JDK)
Links: AV08-088, Sun Update Release Notes, Sun Alert #244986, Sun Alert #244987, Sun Alert #244988, Sun Alert #244989, Sun Alert #244990, Sun Alert #244991, Sun Alert #244992, Sun Alert #245246, Sun Alert #246266, Sun Alert #246286, Sun Alert #246346, Sun Alert #246366, Sun Alert #246387, iDEFENSE #757, iDEFENSE #758, iDEFENSE #759, iDEFENSE #760, ESB-2008.1090
ID: ae-200812-013

An important update for Sun JRE and JDK remedies more than 20 different security related vulnerabilites. These can lead to local exploits as well as Denial-of-Service (DoS) or information leakage. Remote execution of arbitrary code is possible too, so the update should be installed soon.

System: Red Hat Enterprise Linux 4 / 5
Topic: Vulnerability in ruby
Links: RHSA-2008-0981, CVE-2008-4310, ESB-2008.1092
ID: ae-200812-012

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It has been reported that an earlier update didn't fix a Denial-of-Service vulnerability in the WEBrick. Here, a remote attacker can send a specially crafted HTTP request to cause the server to use excessive CPU time. Updated packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in ClamAV
Links: DSA-1680, CVE-2008-5050, CVE-2008-5314, AA-2008.0245, AA-2008.0230, ESB-2008.1094
ID: ae-200812-011

ClamAV is an anti-virus solution. It suffers from an off-by-one-error in its VBA project file processing, leading to a heap-based buffer overflow and potentially arbitrary code execution. ClamAV contains also a Denial-of-Service condition in its JPEG file processing because it doesn't limit the recursion depth when processing JPEG thumbnails. Updated packages are available now.

System: Mandriva Linux
Topic: Many vulnerabilities in VIM
Links: MDVSA-2008:236, CVE-2008-2712, CVE-2008-2953, CVE-2008-3074, CVE-2008-3075, CVE-2008-3076, CVE-2008-4101, CVE-2008-4677
ID: ae-200812-010

Several vulnerabilities were found in the vim editor, including input sanitization flaws and format string flaw. Further on, vulnerabilities affect the handling of TAR archives, ZIP archives and plugins for vim. Vulnerabilities can be fixed by installing updated packages now.

System: Turbolinux
Topic: Vulnerabilities in cups
Links: TLSA-2008-43, CVE-2008-3639, CVE-2008-3640, CVE-2008-3641
ID: ae-200812-009

The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. Several vulnerabilities have been found in CUPS, but they can be fixed by installing updated packages.

System: Various
Topic: Vulnerability in Drupal
Links: SA-2008-072, ESB-2008.1089
ID: ae-200812-008

Storm (SpeedTech Organization and Resource Manager) is a project management application for Drupal. It allows users with access to the storm projects to enter input values which are then used directly in SQL queries without being sanitized, enabling SQL injection attacks. Fixed software is available and should be installed now.

System: HP-UX
Topic: Vulnerabilitiy in HP-UX
Links: HPSBUX02389, SSRT080141, CVE-2008-4416, ESB-2008.1088
ID: ae-200812-007

A security vulnerability has been identified with HP-UX. The vulnerability might be exploited by local users to create a Denial-of-Service (DoS). A patch is available now.

System: Many
Topic: Vulnerabilities in VMware products
Links: VMSA-2008-0019, CVE-2008-1372, CVE-2008-4917, ESB-2008.1086
ID: ae-200812-006

Updated VMware Hosted products and patches for ESX and ESXi resolve two security issues. The first is a critical memory corruption vulnerability in virtual device hardware. The second is an updated bzip2 package for the Service Console. Updates are relevant for many programs like e.g. VMware Workstation, VMware Player, VMware server as well as VMware ESXi and ESX.

System: Debian GNU/Linux
Topic: Vulnerabilities in perl and awstats
Links: DSA-1678, CVE-2008-5302, CVE-2008-5303, ESB-2008.1085
DSA-1679, CVE-2008-3714, ESB-2008.1087
ID: ae-200812-005

A vulnerability in the File::Path::rmtree function of Perl has been found. It's possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This vulnerability has been patched before, but was re-introduced later. Further on, a cross-site scripting vulnerability in awstats, a log file analyzer, has been found. Updated packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in flamethrower and cups
Links: DSA-1676, CVE-2008-5141,
DSA-1677, CVE-2008-5286, ESB-2008.1084
ID: ae-200812-004

Flamethrower uses predictable and therefore insecure names for temporary files, so a Denial-of-Service (DoS) is possible via symlinks. An integer overflow has been discovered in the image validation code of cupsys, the Common UNIX Printing System. An attacker might trigger this bug by supplying a malicious graphic that could lead to the execution of arbitrary code. Updated packages are available now.

System: Microsoft Windows 2000/XP
Topic: Vulnerability in DATAC RealWin
Links: VU#976484, Secunia #32055
ID: ae-200812-003

DATAC RealWin is SCADA server software that includes a Human Machine Interface (HMI) componant and runs on Microsoft Windows 2000 or XP. RealWin contains a stack overflow in the way malicious "FC_INFOTAG/SET_CONTROL" packets are processed. A patch isn't available yet, please contact DATAC for more information.

System: Debian GNU/Linux
Topic: Vulnerability in phpMyAdmin
Links: DSA-1675, CVE-2008-4326, ESB-2008.1083
ID: ae-200812-002

PhpMyAdmin is a web-based administration interface for MySQL. It insufficiently sanitises input allowing a remote attacker to gather sensitive data through cross site scripting, provided that the user uses the Internet Explorer web browser. An update is available now.

System: Microsoft Windows
Topic: Vulnerability in BlackBerry Desktop Software
Links: BlackBerry, VU#524681, ESB-2008.1080
ID: ae-200812-001

A buffer overflow exists in the DWUpdateService ActiveX control service bundled with the BlackBerry Desktop Software, which could potentially be exploited to execute arbitrary commands with the privileges of the user when a client visits a malicious web page that invokes this control. A workaround in described in the advisory, an update is available now.



(c) 2000-2014 AERAsec Network Services and Security GmbH