Network Security

AERAsec
Network Security
Current Security Messages


Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!


This is some information you send:

Your Browser

CCBot/2.0 (http://commoncrawl.org/faq/)

Your IP address

ec2-54-211-100-183.compute-1.amazonaws.com [54.211.100.183]

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen month 10 / 2009

System: Debian GNU/Linux
Topic: Vulnerabilities in xulrunner and libhtml-parser-perl
Links: DSA-1922, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, CVE-2009-3382,
DSA-1923, CVE-2009-3627, ESB-2009.1461
ID: ae-200910-074

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. Exploitation might lead to several security issues, including remote code execution.
Libhtml-parser-perl is a collection of modules to parse HTML in text documents, used quite often (e.g. SpamAssasin). The decode_entities() function will get stuck in an infinite loop when parsing certain HTML entities with invalid UTF-8 characters, leading to a Denial-of-Service (DoS).
Fixed packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in pidgin
Links: RHSA-2009-1535, RHSA-2009-1536, CVE-2009-2703, CVE-2009-3083, CVE-2009-3615, ESB-2009.1460
ID: ae-200910-073

Pidgin is an instant messaging program. An invalid pointer dereference bug was found in the way the Pidgin OSCAR protocol implementation processed lists of contacts. A remote attacker could send a specially-crafted contact list to a user running Pidgin, causing Pidgin to crash. NULL pointer dereference flaws have been found in the way the Pidgin IRC protocol plug-in handles IRC topics and improper MSNSLP invitations. A malicious IRC server or atacker could send a specially-crafted message, which once received by Pidgin, would lead to a Denial-of-Service (DoS) because here also Pidgin crashes. Updated software is available now.

System: Various
Topic: Vulnerabilities in Drupal 3rd party modules
Links: DRUPAL-SA-CONTRIB-2009-083, DRUPAL-SA-CONTRIB-2009-084, DRUPAL-SA-CONTRIB-2009-085, DRUPAL-SA-CONTRIB-2009-086, DRUPAL-SA-CONTRIB-2009-087, DRUPAL-SA-CONTRIB-2009-088, DRUPAL-SA-CONTRIB-2009-089, ESB-2009.1459
ID: ae-200910-072

Vulnerabilities were found in the Drupal third-party modules CCK Comment Reference, LDAP Integration, Insert Node, OpenSocial Shindig-Integrator, FAQ Ask, Workflow, and Storm.
Updated software is available now and should be installed immediately when these modules are used. Please be aware that Drupal core is not affected.

System: SuSE Linux
Topic: Vulnerabilities in php5, newt, rubygem-actionpack, rubygem-activesupport, java-1_4_2-ibm, postgresql, samba, phpMyAdmin, and viewvc
Links: SUSE-SR:2009:017
ID: ae-200910-071

A SUSE Security Summary reports about vulnerabilities in the packages php5, newt, rubygem-actionpack, rubygem-activesupport, java-1_4_2-ibm, postgresql, samba, phpMyAdmin, and viewvc. Updated packages are available now and should be installed on vulnerable systems.

System: Debian GNU/Linux
Topic: Vulnerability in expat
Links: DSA-1921, CVE-2009-2625, ESB-2009.1457
ID: ae-200910-070

An error was discovered in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. Fixed packages are available now.

System: Various
Topic: Vulnerabilities in Mozilla Firefox, Thunderbird, and Seamonkey
Links: Mozilla, iDEFENSE #830, RHSA-2009-1530, RHSA-2009-1531, ESB-2009.1456, DSA-1922, ESB-2009.1458, SUSE-SA:2009:052, ESB-2009.1475
ID: ae-200910-069

Several vulnerabilities were found in the Mozilla Firefox browser, Thuderbird and Seamonkey. Fixed software is available now.

System: Sun Solaris, OpenSolaris
Topic: Vulnerabilities in FreeType, PostgreSQL, and Solaris Trusted Extensions
Links: Sun Alert #270268, CVE-2009-0946, ESB-2009.1453,
Sun Alert #270408, CVE-2009-3229, CVE-2009-3230, CVE-2009-3231, ESB-2009.1454,
Sun Alert #270969, ESB-2009.1455
ID: ae-200910-068

Multiple integer overflow vulnerabilities in the FreeType 2 Font Library (libfreetype) may affect applications that make use of this library. Depending on the application, this vulnerability may allow a local or remote unprivileged user to crash the application through a specially crafted font file, resulting in a Denial-of-Service (DoS) or to execute arbitrary code with the privileges of the user running that application.
Security vulnerabilities affecting the PostgreSQL software shipped with Solaris may allow an authenticated PostgreSQL user to cause a Denial-of-Service (DoS) to the PostgreSQL server by "re-LOAD-ing" libraries from a certain plugins directory. However, the PostgreSQL versions shipped with Solaris do not include any plugins. In addition, an issue with the privileges for RESET ROLE and RESET SESSION AUTHORIZATION operations may allow any authenticated users to gain extra privileges.
A security weakness in Solaris Trusted Extensions Policy configuration may allow a remote unprivileged user who has authorized or unauthorized access to the X server, to leverage an additional vulnerability which could lead to arbitrary code execution as a local privileged or unprivileged user.
Patches address these issues.

System: Various
Topic: Vulnerabilities in VMware products
Links: VMSA-2009-0015, CVE-2009-2267, CVE-2009-3733, ESB-2009.1452
ID: ae-200910-067

Two vulnerabilities have been found in VMware ESX, ESXI, Fusion, Server, ACE, Player and Workstation. When having an existing account, privilege escalation is possible. Further on, remote access is possible, even when it's read only. Fixed software is available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in samba
Links: RHSA-2009-1528, RHSA-2009-1529, CVE-2009-1888, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948, ESB-2009.1451
ID: ae-200910-066

Several vulnerabilities have been discovered in samba, an implementation of the SMB/CIFS protocol for Unix systems. The mount.cifs utility is missing proper checks for file permissions when used in verbose mode. A reply to an oplock break notification which samba doesn't expect could lead to the service getting stuck in an infinite loop, leading to a Denial-of-Service (DoS). Further on, a lack of error handling in case no home diretory was configured/specified for the user could lead to file disclosure, allowing access the file system from the root directory. Additionally, a flaw has been discovered in the smbd Daemon when using the "dos filemode" configuration. Unauthorized file access might be the consequence. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in nginx
Links: DSA-1920, ESB-2009.1448
ID: ae-200910-065

A vulnerability has been found in nginx, a small and efficient web server. It was discovered that a remote attacker could cause a denial of service (segmentation fault) by sending a crafted request. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in kdelibs, mimetex, phpmyadmin, and smarty
Links: DSA-1916, CVE-2009-2702, ESB-2009.1439,
DSA-1917, CVE-2009-1382, CVE-2009-2459, ESB-2009.1440,
DSA-1918, CVE-2009-3696, CVE-2009-3697, ESB-2009.1441
DSA-1919, CVE-2008-4810, CVE-2009-1669, ESB-2009.1442
ID: ae-200910-064

It was discovered that kdelibs, core libraries from the official KDE release, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Several vulnerabilities have been discovered in mimetex, a lightweight alternative to MathML.
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web.
Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine.
Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in kernel 2.6
Links: DSA-1915, CVE-2009-2695, CVE-2009-2903, CVE-2009-2908, CVE-2009-2909, CVE-2009-2910, CVE-2009-3001, CVE-2009-3286, CVE-2009-3290, CVE-2009-3613, ESB-2009.1438
ID: ae-200910-063

Several vulnerabilities have been found in linux 2.6, the kernel which is the base of the system. These vulnerabilities might lead to privilege escalation, Denial-of-Service (DoS) or leaking sensitive information. An update addresses this issue.

System: HP-UX
Topic: Vulnerabilities in Apache httpd and Apache Tomcat
Links: HPSBUX02465, SSRT090192, ESB-2009.1435,
HPSBUX02466, SSRT090192, ESB-2009.1436
ID: ae-200910-062

Several security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access.
Several security vulnerabilities have been identified with HP-UX running Tomcat-based Servlet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access.
Patches are available now.

System: Red Hat Enterprise Linux 4
Topic: Vulnerabilities in Kernel
Links: RHSA-2009-1522, CVE-2005-4881, CVE-2009-3228, ESB-2009.1433
ID: ae-200910-061

Several vulnerabilities have been discovered in the Linux kernel of Red Hat Enterprise Linux 4. Updated kernel packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in mapserver
Links: DSA-1914, CVE-2009-0839, CVE-2009-0840, CVE-2009-0841, CVE-2009-0842, CVE-2009-0843, CVE-2009-2281, ESB-2009.1434
ID: ae-200910-060

Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. Fixed packages are available now.

System: Various
Topic: Vulnerabilities in Drupal 3rd party modules
Links: DRUPAL-SA-CONTRIB-2009-076, DRUPAL-SA-CONTRIB-2009-077, DRUPAL-SA-CONTRIB-2009-075, DRUPAL-SA-CONTRIB-2009-078, DRUPAL-SA-CONTRIB-2009-079, DRUPAL-SA-CONTRIB-2009-080, DRUPAL-SA-CONTRIB-2009-081, ESB-2009.1432
ID: ae-200910-059

Vulnerabilities were found in the Drupal third-party modules Flag Content, Organic Groups Vocabulary, Moodle Course List module, vCard module, Simplenews Statistics, snd Abuse.
Updated software is available now and should be installed immediately when these modules are used. Please be aware that Drupal core is not affected.

System: Mandriva Linux
Topic: Vulnerabilities in php
Links: MDVSA-2009:285, CVE-2009-3293, CVE-2009-3546, ESB-2009.1431
ID: ae-200910-058

Multiple vulnerabilities has been found in php. Fixed packages are available now.

System: Various
Topic: Vulnerabilities in Oracle
Links: Oracle
ID: ae-200910-057

Oracle has released a critical patch update for October 2009, fixing many vulnerabilities in the products of Oracle. Some of them are very critical, so the patch should be installed as soon as possible.

System: Turbolinux
Topic: Vulnerabilities in postgresql
Links: TLSA-2009-29, CVE-2009-3229, CVE-2009-3230, CVE-2009-3231
ID: ae-200910-056

Three vulnerabilities have been found and fixed in PostgreSQL. Authenticated users may create a Denial-of-Service (DoS) when reloading certain plugins libraries. Such a user might also misuse the RESET ROLE and RESET SESSION AUTHORIZATION commands to install malicious code that would later execute with superuser privileges. Additionally it's possible to allow remote attackers bypass authentication. To achieve this, LDAP authentication with anonymous binds needs to be configured. Fixed software is available now.

System: VMware ESX
Topic: Vulnerabilities in DHCP, Service Console kernel, and JRE
Links: ESB-2009.1430
ID: ae-200910-055

Several vulnerabilities were found in DHCP, Service Console package kernel, and the JRE of VMware ESX 3.5 and 3.0.3. Fixed software is available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in cmalimages and bugzilla
Links: DSA-1912, CVE-2009-2660, CVE-2009-3296, ESB-2009.1427,
DSA-1913, CVE-2009-3165, ESB-2009.1428
ID: ae-200910-054

It was discovered that CamlImages, an open source image processing library, suffers from several integer overflows, which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of TIFF files.
An SQL injection vulnerability was discovered in the Bug.create WebService function in Bugzilla, a web-based bug tracking system, which allows remote attackers to execute arbitrary SQL commands.
Fixed packages are available now.

System: Various
Topic: Vulnerability in IBM Informix
Links: IBM, CVE-2009-3691, ESB-2009.1426
ID: ae-200910-053

Multiple IBM Informix products are vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing .nfx files. By persuading a victim to open a specially-crafted .nfx file containing an overly long HostList entry, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. A patch is not available yet.

System: Various
Topic: Vulnerabilities in Drupal 3rd party modules
Links: DRUPAL-SA-CONTRIB-2009-070, DRUPAL-SA-CONTRIB-2009-071, DRUPAL-SA-CONTRIB-2009-072, DRUPAL-SA-CONTRIB-2009-073, DRUPAL-SA-CONTRIB-2009-074, ESB-2009.1418, ESB-2009.1421
ID: ae-200910-052

Vulnerabilities were found in the Drupal third-party modules Shibboleth authentication, OG Vocabulary, RealName, Printer, and Webform. Updated software is available now and should be installed immediately when these modules are used. Please be aware that Drupal core is not affected.

System: Sun Solaris
Topic: Vulnerabilities in zfs and libpng
Links: Sun Alert #265908, ESB-2009.1424
Sun Alert #269788, CVE-2009-2042, ESB-2009.1425
ID: ae-200910-051

A security vulnerability in the ZFS file system in OpenSolaris and Solaris 10 systems may allow a local unprivileged user with the 'file_chown_self' privilege to take ownership of files belonging to another user.
Multiple security vulnerabilities in libpng(3), which is shipped with Solaris, may allow a local or remote unprivileged user to disclose potentially sensitive information associated with applications linked to libpng(3), when a user has loaded a specially crafted Portable Network Graphics (PNG) format image file (.png) supplied by an untrusted user.
Patches are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in xpdf, kdegraphics, gpdf, poppler, and cups
Links: RHSA-2009-1500, RHSA-2009-1501, RHSA-2009-1502, RHSA-2009-1503, RHSA-2009-1504, RHSA-2009-1512, RHSA-2009-1513, CVE-2009-0791, CVE-2009-1188, CVE-2009-3603, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609, ESB-2009.1423
ID: ae-200910-050

Multiple integer overflow flaws were found in Xpdf. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. Affected are also the packages kdegraphics, gpdf, poppler, and cups. Fixed packages address these issues.

System: Cisco
Topic: Vulnerability in Cisco Unified Presence
Links: Cisco, CVE-2009-2052, CVE-2009-2874a ESB-2009.1419
ID: ae-200910-049

Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that may cause an interruption to presence services. Fixed software is available now.

System: Sun OpenSolaris
Topic: Vulnerabilities in GNOME PDF Viewer
Links: Sun Alert #269008, CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-1187, CVE-2009-1188, ESB-2009.1414
ID: ae-200910-048

Multiple security vulnerabilities in the JBIG2 decoding feature in the Poppler PDF Rendering Library (libpoppler) may allow a local or remote unprivileged user to cause the OpenSolaris GNOME PDF Viewer (Evince) to crash and potentially execute arbitrary code with the privileges of the user running the application, when the user has loaded a specially crafted PDF file. Patches are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in postgresql-ocaml, mysql-ocaml, and pygresql
Links: DSA-1909, CVE-2009-2943, DSA-1910, CVE-2009-2942, DSA-1910, CVE-2009-2940, ESB-2009.1420
ID: ae-200910-047

Several vulnerabilities were found in the postgresql-ocaml, mysql-ocaml, and pygresql modules. Fixed packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in java-1.4.2-ibm and tomcat6
Links: RHSA-2009-1505, CVE-2008-5349, CVE-2009-2625, ESB-2009.1416,
RHSA-2009-1506, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0783, ESB-2009.1417
ID: ae-200910-046

Two vulnerabilities were discovered in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
Several security vulnerabilities were found in the Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Fixed packages address these issues.

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Windows GDI+
Links: MS09-062, CVE-2009-2500, CVE-2009-2501, CVE-2009-2502, CVE-2009-2503, CVE-2009-2504, CVE-2009-2518, CVE-2009-2528, CVE-2009-3126, ESB-2009.1411
ID: ae-200910-045

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft .NET Common Language Runtime
Links: MS09-061, CVE-2009-0090, CVE-2009-0091, CVE-2009-2497, ESB-2009.1410
ID: ae-200910-044

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Active Template Library ActiveX Controls
Links: MS09-060, CVE-2009-0901, CVE-2009-2493, CVE-2009-2495, ESB-2009.1409
ID: ae-200910-043

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Local Security Authority Subsystem Service
Links: MS09-059, CVE-2009-2524 ESB-2009.1408
ID: ae-200910-042

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Windows Kernel
Links: MS09-058, CVE-2009-2515 CVE-2009-2516 CVE-2009-2517 ESB-2009.1407
ID: ae-200910-041

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Microsoft Indexing Service
Links: MS09-057, CVE-2009-2507 ESB-2009.1406
ID: ae-200910-040

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Windows CryptoAPI
Links: MS09-056, CVE-2009-2510 CVE-2009-2511 ESB-2009.1405
ID: ae-200910-039

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in ActiveX Controls
Links: MS09-055, CVE-2009-2493, ESB-2009.1404
ID: ae-200910-038

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Internet Explorer
Links: MS09-054, CVE-2009-1547, CVE-2009-2529, CVE-2009-2530 CVE-2009-2531 ESB-2009.1403
ID: ae-200910-037

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Internet Information Services
Links: MS09-053, CVE-2009-2521, CVE-2009-3023, ESB-2009.1402
ID: ae-200910-036

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Microsoft Windows Media Player
Links: MS09-052, CVE-2009-2527, ESB-2009.1401
ID: ae-200910-035

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Windows Media Runtime
Links: MS09-051, CVE-2009-0555, CVE-2009-2525, ESB-2009.1400
ID: ae-200910-034

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Windows SMBv2
Links: MS09-050, CVE-2009-2526, CVE-2009-2532, CVE-2009-3103, ESB-2009.1399
ID: ae-200910-033

No further comment due to legal reasons

System: Mandriva Linux
Topic: Vulnerabilities in samba
Links: MDVSA-2009:277, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948
ID: ae-200910-032

Several vulnerabilities have been discovered in samba, an implementation of the SMB/CIFS protocol for Unix systems. The mount.cifs utility is missing proper checks for file permissions when used in verbose mode. A reply to an oplock break notification which samba doesn't expect could lead to the service getting stuck in an infinite loop, leading to a Denial-of-Service (DoS). Further on, a lack of error handling in case no home diretory was configured/specified for the user could lead to file disclosure, allowing access the file system from the root directory. Fixed packages are available now.

System: Mandriva Linux
Topic: Vulnerabilities in sympa, libnasl, and phpmyadmin
Links: MDVSA-2009:263, CVE-2008-4476, ESB-2009.1396,
MDVSA-2009:271, CVE-2008-5077, CVE-2009-0125, ESB-2009.1397,
MDVSA-2009:274, CVE-2009-3696, CVE-2009-3697, ESB-2009.1398,
ID: ae-200910-031

sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 doesn't properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature. Some XSS and SQL Injection problems have been found in phpmyadmin.
Fixed packages are available now.

System: SuSE Linux
Topic: Vulnerabilities in silc-toolkit, open-iscsi, stronswan/freeswan/openswan, mutt, openldap2, cyrrus-imapd, java-1_6_0-openjdk, postgresql, IBMJava2-JRE/java-1_4_2_ibm, wireshark, freeradius, and dovecot
Links: SUSE-SR:2009:015
ID: ae-200910-030

A SUSE Security Summary reports about vulnerabilities in the packages silc-toolkit, open-iscsi, stronswan/freeswan/openswan, mutt, openldap2, cyrrus-imapd, java-1_6_0-openjdk, postgresql, IBMJava2-JRE/java-1_4_2_ibm, wireshark, freeradius, and dovecot. Updated packages are available now and should be installed on vulnerable systems.

System: Mandriva Linux
Topic: Vulnerability in python-django
Links: MDVSA-2009:275, djangoproject, CVE-2009.2659, ESB-2009.1386
ID: ae-200910-029

The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 doesn't properly map URL requests to expected static media files, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL. An updated package is available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in kvm and samba
Links: DSA-1907, CVE-2008-5714, CVE-2009-3290, ESB-2009.1393,
DSA-1908, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948, ESB-2009.1412
ID: ae-200910-028

KVM is a full virtualization system, showing some vulnerabilities. An off-by-one bug limits KVM's VNC passwords to 7 characters. This flaw might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. The kvm_emulate_hypercall function in KVM doesn't prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a Denial-of-Service (DoS) and read or write guest kernel memory.
Several vulnerabilities have been discovered in samba, an implementation of the SMB/CIFS protocol for Unix systems. The mount.cifs utility is missing proper checks for file permissions when used in verbose mode. A reply to an oplock break notification which samba doesn't expect could lead to the service getting stuck in an infinite loop, leading to a Denial-of-Service (DoS). Further on, a lack of error handling in case no home diretory was configured/specified for the user could lead to file disclosure, allowing access the file system from the root directory.
Fixed packages are available now.

System: Sun Solaris, OpenSolaris
Topic: Vulnerability in Thunderbird
Links: Sun Alert #269468, CVE-2009-2404, CVE-2009-2408, ESB-2009.1391
ID: ae-200910-027

Security vulnerabilities in thunderbird(1) related to handling of SSL server certificates may allow remote SSL servers with crafted server certificates to compromise an encrypted communication or cause arbitrary code execution with the privileges of a Thunderbird user. Patches are available now.

System: Mandriva Linux
Topic: Vulnerabilities in mono and libmikmod
Links: MDVSA-2009:268, CVE-2008-3422, CVE-2009-0217, ESB-2009.1392,
MDVSA-2009:272, CVE-2007-6720, CVE-2009-0179
ID: ae-200910-026

Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono allow remote attackers to inject arbitrary web script or HTML via crafted attributes. The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation.
Several vulnerabilities in 'libmikmod' allow user-assisted attackers to cause a denial of service.
Fixed packages are available now.

System: Mandriva Linux
Topic: Vulnerability in netpbm
Links: MDVSA-2009:262, CVE-2008-4799, ESB-2009.1389
ID: ae-200910-025

pamperspective in Netpbm does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in wget and python-django
Links: DSA-1904, CVE-2009-3490, ESB-2009.1385,
DSA-1905, ESB-2009.1386
ID: ae-200910-024

It was discovered that wget, a network utility to retrieve files from the Web using HTTP(S) and FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" published at the Blackhat conference some time ago. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field.
The forms library of python-django, a high-level Python web development framework, is using a badly chosen regular expression when validating email addresses and URLs. An attacker can use this to perform denial of service attacks (100% CPU consumption) due to bad backtracking via a specially crafted email address or URL which is validated by the django forms library.
Fixed packages are available now.

System: Many
Topic: Vulnerability in Adobe Reader and Acrobat
Links: APSB09-15, CVE-2007-0045, CVE-2007-0048, CVE-2009-2564, CVE-2009-2979, CVE-2009-2980, CVE-2009-2981, CVE-2009-2982, CVE-2009-2983, CVE-2009-2984, CVE-2009-2985, CVE-2009-2986, CVE-2009-2987, CVE-2009-2988, CVE-2009-2989, CVE-2009-2990, CVE-2009-2991, CVE-2009-2992, CVE-2009-2993, CVE-2009-2994, CVE-2009-2995, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998, CVE-2009-3431, CVE-2009-3458, CVE-2009-3459, CVE-2009-3460, CVE-2009-3461, CVE-2009-3462, iDEFENSE #826, iDEFENSE #827, VU #257117, ESB-2009.1395, RHSA-2009-1499, ESB-2009.1415, ESB-2009.1444, SUSE-SA:2009:049
ID: ae-200910-023

Adobe is planning to release an update for Adobe Reader 9.1.3 and Acrobat 9.1.3, Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh and UNIX, and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh to resolve critical security issues. Among other issues, this update will resolve a critical vulnerability in Adobe Reader and Acrobat 9.1.3 and earlier on Windows, Macintosh and UNIX. There are reports that this issue is being exploited in the wild. The update should be available on October, 13th this year.

System: IBM AIX
Topic: Vulnerability in libcsa.a
Links: IBM, iDefense, ESB-2009.1381
ID: ae-200910-022

There is a buffer overflow vulnerability in the calendar daemon library libcsa.a. A remote attacker can exploit this vulnerability when the rpc.cmsd calendar daemon is enabled in /etc/inetd.conf. A patch is available now.

System: Mandriva Linux
Topic: Vulnerability in snort
Links: MDVSA-2009:259, CVE-2008-1804
ID: ae-200910-021

The frag3 preprocessor in Sourcefire Snort does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. Fixed packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerability in squirrelmail
Links: RHSA-2009-1490, CVE-2009-2964, ESB-2009.1384
ID: ae-200910-020

Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in graphicsmagick
Links: DSA-1903, CVE-2007-1667, CVE-2007-1797, CVE-2007-4985, CVE-2007-4986, CVE-2007-4988, CVE-2008-1096, CVE-2008-3134, CVE-2008-6070, CVE-2008-6071, CVE-2008-6072, CVE-2008-6073, CVE-2009-1882, ESB-2009.1379
ID: ae-200910-019

Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. Fixed packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in postgresql
Links: RHSA-2009-1484, RHSA-2009-1485, CVE-2009-0922, CVE-2009-3230, ESB-2009.1378
ID: ae-200910-018

An authenticated user could misuse the RESET ROLE and RESET SESSION AUTHORIZATION commands to install malicious code that would later execute with superuser privileges. Fixed packages are available now.

System: Mandriva Linux
Topic: Vulnerability in dbus
Links: MDVSA-2009:256, CVE-2009-1189
ID: ae-200910-017

The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. Fixed packages are available now.

System: Many
Topic: Vulnerability in Wireshark
Links: Wireshark, VU#676492
ID: ae-200910-016

Wireshark is a powerful tool for analyzing network traffic. It can open or import previously saved files. When processing an erf file Wireshark may try to allocate a very large buffer, resulting in an unsigned integer wrap vulnerability. To exploit this issue, an attacker would have to convince a user to open a crafted erf file using Wireshark. Wireshark 1.2.2 has been published now, addressing this issue.

System: Debian GNU/Linux
Topic: Vulnerability in elinks
Links: DSA-1902, CVE-2008-7224, ESB-2009.1375
ID: ae-200910-015

ELinks is a text-based Web browser which supports frames, tables and most other HTML tags. When handling its internal cache of string representations for HTML special entities a off-by-one buffer overflow might happen. This allows an attacker to crash the browser or even the execution of arbitrary code. Updated packages address these issues.

System: Sun Solaris 10
Topic: Vulnerability in Solaris Kernel
Links: Sun Alert #268728, ESB-2009.1369
ID: ae-200910-014

A race condition introduced in the IP squeue handling code in Solaris 10 kernel may cause a BAD TRAP panic. Patches are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in mediawiki
Links: DSA-1901, CVE-2008-5249, CVE-2008-5250, CVE-2008-5252, CVE-2009-0737, ESB-2009.1374
ID: ae-200910-013

Several vulnerabilities have been discovered in mediawiki1.7, a website engine for collaborative work. Fixed packages are available now.

System: FreeBSD
Topic: Vulnerabilities in pipe and devfs
Links: FreeBSD-SA-09:13, ESB-2009.1367,
FreeBSD-SA-09:14, ESB-2009.1368
ID: ae-200910-012

A race condition exists in the pipe close() code relating to kqueues, causing use-after-free for kernel memory, which may lead to local kernel privilege escalation, kernel data corruption and/or crash.
Due to the interaction between devfs and VFS, a race condition exists where the kernel might dereference a NULL pointer. Successful exploitation of the race condition can lead to local kernel privilege escalation, kernel data corruption and/or crash.
Patches are available now.

System: SuSE Linux
Topic: Vulnerabilities in TCP/IP
Links: SUSE-SA:2009:047, CVE-2008-4609, ESB-2009.1372
ID: ae-200910-011

All versions of SuSE Linux are affected by Denial-of-Service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. Updated software is available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in strongswan
Links: DSA-1899, CVE-2009-1957, CVE-2009-1958, CVE-2009-2661, ESB-2009.1370
ID: ae-200910-010

Strongswan is an implementation of the IPSEC and IKE protocols. The daemon can crashes when processing certain crafted IKEv2 packets or specially crafted X.509 certificates. Updated packages are available now.

System: Turbolinux
Topic: Vulnerabilities in Kernel
Links: TLSA-2009-28, CVE-2009-2692, CVE-2009-2698
ID: ae-200910-009

Several vulnerabilities have been discovered in the Linux kernel of Turbolinux. Updated kernel packages are available now.

System: Mandriva Linux
Topic: Vulnerability in graphviz
Links: MDVSA-2009:254, CVE-2008-4555
ID: ae-200910-008

A stack-based buffer overflow in the push_subg function in parser.y in Graphviz allows user-assisted remote attackers to cause a Denial-of-Service (memory corruption) or execute arbitrary code via a DOT file. Fixed software is available now.

System: Sun Solaris, OpenSolaris
Topic: Vulnerability in Solaris IP Module
Links: Sun Alert #263388, CVE-2009-3519, ESB-2009.1364
ID: ae-200910-007

Security vulnerabilities in the Solaris IP(7P) module and STREAMS Framework may allow an unprivileged local user to leak kernel memory,eventually causing the system to hang. This is a type of Denial-of-Service (DoS). Patches are available now for Sun Solaris 9 and 10. It's pending for Sun Solaris 8.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in elinks and xen
Links: RHSA-2009-1471, CVE-2007-2027, CVE-2008-7224, ESB-2009.1362,
RHSA-2009-1472, CVE-2009-1472, ESB-2009.1363
ID: ae-200910-006

ELinks is a text-based Web browser which supports frames, tables and most other HTML tags. When handling its internal cache of string representations for HTML special entities a off-by-one buffer overflow might happen. This allows an attacker to crash the browser or even the execution of arbitrary code. Further on, a vulnerability regarding relative paths has been found. Due to this, attackers have the same possibilities as mentioned above.
Xen is an open source virtualization framework. The pyGrub boot loader doesn't honor the "password" option in the grub.conf file for para-virtualized guests. Users with access to a guest's console could use this flaw to bypass intended access restrictions and boot the guest with arbitrary kernel boot options, allowing them to get root privileges in the guest's operating system.
Updated packages address these issues.

System: Novell Netware
Topic: Vulnerability in NFS Portmapper
Links: ESB-2009.1360
ID: ae-200910-005

A vulnerability was discovered, that allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware NFS Portmapper daemon. Authentication is not required to exploit this vulnerability. Fixed software is available now.

System: Linux
Topic: Vulnerabilities in postgresql
Links: CVE-2009-3229, CVE-2009-3230, CVE-2009-3231, MDVSA-2009:251, DSA-1900, ESB-2009.1371
ID: ae-200910-004

Several vulnerabilities were found in PostgreSQL. Fixed software is available now.

System: Various
Topic: Vulnerabilities in Drupal 3rd party modules
Links: DRUPAL-SA-CONTRIB-2009-063, DRUPAL-SA-CONTRIB-2009-064, DRUPAL-SA-CONTRIB-2009-065, DRUPAL-SA-CONTRIB-2009-066, DRUPAL-SA-CONTRIB-2009-067, DRUPAL-SA-CONTRIB-2009-068, DRUPAL-SA-CONTRIB-2009-069, ESB-2009.1359, ESB-2009.1390
ID: ae-200910-003

Vulnerabilities were found in the Drupal third-party modules XML sitemap, Bibliography, Browscap, Organic Groups, Dex: Contact Information Manager, Boost, and Shared Sign On.
Updated software is available now and should be installed immediately when these modules are used. Please be aware that Drupal core is not affected.

System: Red Hat Enterprise Linux 4
Topic: Vulnerabilities in Kernel
Links: RHSA-2009-1357, CVE-2009-1389, CVE-2009-2692, CVE-2009-2698, ESB-2009.1357
ID: ae-200910-002

Several vulnerabilities have been discovered in the Linux kernel of Red Hat Enterprise Linux 4. Updated kernel packages are available now.

System: Red Hat Enterprise Linux 5
Topic: Vulnerability in openssh
Links: RHSA-2009-1470, CVE-2009-2904, ESB-2009.1358
ID: ae-200910-001

A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership requirements for directories used as arguments for the ChrootDirectory configuration options. A malicious user that also has or previously had non-chroot shell access to a system could possibly use this flaw to escalate their privileges and run commands as any system user. Fixed packages are available now.



(c) 2000-2014 AERAsec Network Services and Security GmbH