Release Date : 2011-04-18
Criticality level : Highly critical
Impact : Manipulation of data
Exposure of sensitive information
Where : From remote
Solution Status : Unpatched
Software: Skype for Android
Description:
Justin Case has reported a weakness in Skype for Android, which can be exploited by malicious people to gain access to sensitive information.
The weakness is caused due to the application setting insecure permissions for files, which contain cached profile information and instant messages and can be exploited to disclose or manipulate stored information.
Successful exploitation may require tricking a user into installing a malicious application.
Solution:
Do not install applications from untrusted sources.
Provided and/or discovered by:
Justin Case
Original Advisory:
Skype:
http://blogs.skype.com/security/2011/04/privacy_vulnerability_in_skype.html
Justin Case:
http://www.androidpolice.com/2011/04/14/exclusive-vulnerability-in-skype-for-android-is-exposing-your-name-phone-number-chat-logs-and-a-lot-more/
http://secunia.com/advisories/44223/
Reply 1 : VULNERABILITIES / FIXES - April 18, 2011
Release Date : 2011-04-18
Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status : Vendor Patch
Software: Jifty::DBI 0.x
Description:
Some vulnerabilities have been reported in Perl Jifty::DBI, which can be exploited by malicious people to conduct SQL injection attacks.
Certain input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting SQL code.
The vulnerabilities are reported in versions prior to 0.68.
Solution:
Update to version 0.68.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
http://cpansearch.perl.org/src/SARTAK/Jifty-DBI-0.68/Changes
http://lists.jifty.org/pipermail/jifty-devel/2011-April/002424.html
http://secunia.com/advisories/44224/
Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status : Vendor Patch
Software: Jifty::DBI 0.x
Description:
Some vulnerabilities have been reported in Perl Jifty::DBI, which can be exploited by malicious people to conduct SQL injection attacks.
Certain input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting SQL code.
The vulnerabilities are reported in versions prior to 0.68.
Solution:
Update to version 0.68.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
http://cpansearch.perl.org/src/SARTAK/Jifty-DBI-0.68/Changes
http://lists.jifty.org/pipermail/jifty-devel/2011-April/002424.html
http://secunia.com/advisories/44224/
Reply 2 : VULNERABILITIES / FIXES - April 18, 2011
Release Date : 2011-04-18
Criticality level : Moderately critical
Impact : Manipulation of data
DoS
Where : From remote
Solution Status : Vendor Patch
Operating System: Fedora 13
Fedora 14
Description:
Fedora has issued an update for proftpd. This fixes two vulnerabilities, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service).
Solution:
Apply updated packages using the yum utility ("yum update proftpd").
Original Advisory:
FEDORA-2011-5033:
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058356.html
FEDORA-2011-5040:
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058344.html
http://secunia.com/advisories/44240/
Criticality level : Moderately critical
Impact : Manipulation of data
DoS
Where : From remote
Solution Status : Vendor Patch
Operating System: Fedora 13
Fedora 14
Description:
Fedora has issued an update for proftpd. This fixes two vulnerabilities, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service).
Solution:
Apply updated packages using the yum utility ("yum update proftpd").
Original Advisory:
FEDORA-2011-5033:
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058356.html
FEDORA-2011-5040:
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058344.html
http://secunia.com/advisories/44240/
Reply 3 : VULNERABILITIES / FIXES - April 18, 2011
Release Date : 2011-04-18
Criticality level : Less critical
Impact : Privlilege Escalation
Where : Local system
Solution Status : Vendor Patch
Operating System: Fedora 14
Description:
Fedora has issued an update for tmux. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Solution:
Apply updated packages using the yum utility ("yum update tmux").
Original Advisory:
FEDORA-2011-5167:
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058367.html
http://secunia.com/advisories/44239/
Criticality level : Less critical
Impact : Privlilege Escalation
Where : Local system
Solution Status : Vendor Patch
Operating System: Fedora 14
Description:
Fedora has issued an update for tmux. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Solution:
Apply updated packages using the yum utility ("yum update tmux").
Original Advisory:
FEDORA-2011-5167:
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058367.html
http://secunia.com/advisories/44239/
Reply 4 : VULNERABILITIES / FIXES - April 18, 2011
Release Date : 2011-04-18
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Operating System: Fedora 14
Description:
Fedora has issued an update for libmodplug. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
Solution:
Apply updated packages using the yum utility ("yum update libmodplug").
Original Advisory:
FEDORA-2011-5204:
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058368.html
http://secunia.com/advisories/44238/
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Operating System: Fedora 14
Description:
Fedora has issued an update for libmodplug. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
Solution:
Apply updated packages using the yum utility ("yum update libmodplug").
Original Advisory:
FEDORA-2011-5204:
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058368.html
http://secunia.com/advisories/44238/
Reply 5 : VULNERABILITIES / FIXES - April 18, 2011
Thunar "thunar_transfer_job_copy_node()" Format String Vulnerability
Release Date : 2011-04-18
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Workaround
Software: Thunar 1.x
Description:
A vulnerability has been discovered in Thunar, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a format sting error within the "thunar_transfer_job_copy_node()" function in thunar/thunar-transfer-job.c when handling filenames containing format specifiers. This can be exploited by e.g. tricking a user into copying a malicious named file.
The vulnerability is confirmed in version 1.3.0. Other versions may also be affected.
Solution:
Fixed in the GIT repository.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
http://git.xfce.org/xfce/thunar/diff/?id=03dd312e157d4fa8a11d5fa402706ae5b05806fa
http://secunia.com/advisories/44104/
Release Date : 2011-04-18
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Workaround
Software: Thunar 1.x
Description:
A vulnerability has been discovered in Thunar, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a format sting error within the "thunar_transfer_job_copy_node()" function in thunar/thunar-transfer-job.c when handling filenames containing format specifiers. This can be exploited by e.g. tricking a user into copying a malicious named file.
The vulnerability is confirmed in version 1.3.0. Other versions may also be affected.
Solution:
Fixed in the GIT repository.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
http://git.xfce.org/xfce/thunar/diff/?id=03dd312e157d4fa8a11d5fa402706ae5b05806fa
http://secunia.com/advisories/44104/
Reply 6 : VULNERABILITIES / FIXES - April 18, 2011
Release Date : 2011-04-18
Criticality level : Moderately critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch
Software: Mojolicious 1.x
Description:
A vulnerability has been reported in Mojolicious, which can be exploited by malicious people to disclose potentially sensitive information.
Input passed via the URL is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks.
The vulnerability is reported in versions prior to 1.16.
Solution:
Update to version 1.16.
Provided and/or discovered by:
Viacheslav Tykhanovskyi
Original Advisory:
https://github.com/kraih/mojo/issues/114
http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes
http://secunia.com/advisories/44051/
Criticality level : Moderately critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch
Software: Mojolicious 1.x
Description:
A vulnerability has been reported in Mojolicious, which can be exploited by malicious people to disclose potentially sensitive information.
Input passed via the URL is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks.
The vulnerability is reported in versions prior to 1.16.
Solution:
Update to version 1.16.
Provided and/or discovered by:
Viacheslav Tykhanovskyi
Original Advisory:
https://github.com/kraih/mojo/issues/114
http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes
http://secunia.com/advisories/44051/
Reply 7 : VULNERABILITIES / FIXES - April 18, 2011
Release Date : 2011-04-18
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Operating System: openSUSE 11.2
openSUSE 11.3
openSUSE 11.4
Description:
SUSE has issued an update for libmodplug. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
Solution:
Apply updated packages via the zypper package manager.
Original Advisory:
openSUSE-SU-2011:0350-1:
https://hermes.opensuse.org/messages/8086915
http://secunia.com/advisories/44173/
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Operating System: openSUSE 11.2
openSUSE 11.3
openSUSE 11.4
Description:
SUSE has issued an update for libmodplug. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
Solution:
Apply updated packages via the zypper package manager.
Original Advisory:
openSUSE-SU-2011:0350-1:
https://hermes.opensuse.org/messages/8086915
http://secunia.com/advisories/44173/
Reply 8 : VULNERABILITIES / FIXES - April 18, 2011
Release Date : 2011-04-18
Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch
Operating System: openSUSE 11.2
openSUSE 11.3
openSUSE 11.4
Description:
SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
Apply updated packages via the zypper package manager.
Original Advisory:
openSUSE-SU-2011:0347-1:
https://hermes.opensuse.org/messages/8086844
http://secunia.com/advisories/44169/
Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch
Operating System: openSUSE 11.2
openSUSE 11.3
openSUSE 11.4
Description:
SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
Apply updated packages via the zypper package manager.
Original Advisory:
openSUSE-SU-2011:0347-1:
https://hermes.opensuse.org/messages/8086844
http://secunia.com/advisories/44169/
Reply 9 : VULNERABILITIES / FIXES - April 18, 2011
Wireshark Denial of Service and Buffer Overflow Vulnerabilities
Release Date : 2011-04-18
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Software: Wireshark 1.x
Description:
Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
1) A use-after-free error within the X.509if dissector can be exploited to cause a crash via specially crafted packets.
This vulnerability is reported in versions 1.2.0 through 1.2.15 and 1.4.0 through 1.4.4.
2) A data type mismatch error in epan/dissectors/packet-nfs.c (NFS dissector) can be exploited to cause a crash via specially crafted packets.
This vulnerability is reported in versions 1.4.0 through 1.4.4 for Windows only.
3) An error in the DECT dissector can be exploited to cause a buffer overflow via specially crafted packets.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
This vulnerability is reported in versions 1.4.0 through 1.4.4 running on multiple platforms.
Solution:
Update to version 1.2.16 and 1.4.5.
Provided and/or discovered by:
1, 2) Reported by the vendor.
3) The vendor credits Paul Makowski, SEI/CERT.
Original Advisory:
http://www.wireshark.org/security/wnpa-sec-2011-05.html
http://www.wireshark.org/security/wnpa-sec-2011-06.html
http://secunia.com/advisories/44172/
Release Date : 2011-04-18
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Software: Wireshark 1.x
Description:
Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
1) A use-after-free error within the X.509if dissector can be exploited to cause a crash via specially crafted packets.
This vulnerability is reported in versions 1.2.0 through 1.2.15 and 1.4.0 through 1.4.4.
2) A data type mismatch error in epan/dissectors/packet-nfs.c (NFS dissector) can be exploited to cause a crash via specially crafted packets.
This vulnerability is reported in versions 1.4.0 through 1.4.4 for Windows only.
3) An error in the DECT dissector can be exploited to cause a buffer overflow via specially crafted packets.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
This vulnerability is reported in versions 1.4.0 through 1.4.4 running on multiple platforms.
Solution:
Update to version 1.2.16 and 1.4.5.
Provided and/or discovered by:
1, 2) Reported by the vendor.
3) The vendor credits Paul Makowski, SEI/CERT.
Original Advisory:
http://www.wireshark.org/security/wnpa-sec-2011-05.html
http://www.wireshark.org/security/wnpa-sec-2011-06.html
http://secunia.com/advisories/44172/
Reply 10 : VULNERABILITIES / FIXES - April 18, 2011
Release Date : 2011-04-18
Criticality level : Moderately critical
Impact : Security Bypass
Exposure of system information
Privilege escalation
System access
DoS
Where : From remote
Solution Status : Vendor Patch
Operating System: openSUSE 11.2
Description:
SUSE has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, cause a DoS (Denial of Service), bypass certain security restrictions, and potentially gain escalated privileges, by malicious people with physical access to potentially compromise a vulnerable system and cause a DoS, and by malicious people to cause a DoS and potentially compromise a vulnerable system.
Solution:
Apply updated packages via the zypper package manager.
Original Advisory:
openSUSE-SU-2011:0346-1:
https://hermes.opensuse.org/messages/8086845
SUSE-SA:2011:017:
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00003.html
http://secunia.com/advisories/44190/
Criticality level : Moderately critical
Impact : Security Bypass
Exposure of system information
Privilege escalation
System access
DoS
Where : From remote
Solution Status : Vendor Patch
Operating System: openSUSE 11.2
Description:
SUSE has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, cause a DoS (Denial of Service), bypass certain security restrictions, and potentially gain escalated privileges, by malicious people with physical access to potentially compromise a vulnerable system and cause a DoS, and by malicious people to cause a DoS and potentially compromise a vulnerable system.
Solution:
Apply updated packages via the zypper package manager.
Original Advisory:
openSUSE-SU-2011:0346-1:
https://hermes.opensuse.org/messages/8086845
SUSE-SA:2011:017:
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00003.html
http://secunia.com/advisories/44190/
Reply 11 : VULNERABILITIES / FIXES - April 18, 2011
Release Date : 2011-04-18
Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch
Operating System: SUSE Linux Enterprise Server (SLES) 10
Description:
SUSE has issued an update for dhcp6. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
Solution:
Apply updated packages via the zypper package manager.
Original Advisory:
SUSE-SU-2011:0305-5:
https://hermes.opensuse.org/messages/8086792
http://secunia.com/advisories/44179/
Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch
Operating System: SUSE Linux Enterprise Server (SLES) 10
Description:
SUSE has issued an update for dhcp6. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
Solution:
Apply updated packages via the zypper package manager.
Original Advisory:
SUSE-SU-2011:0305-5:
https://hermes.opensuse.org/messages/8086792
http://secunia.com/advisories/44179/
Reply 12 : VULNERABILITIES / FIXES - April 18, 2011
Release Date : 2011-04-18
Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch
Operating System: openSUSE 11.2
openSUSE 11.3
openSUSE 11.4
Description:
SUSE has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
Apply updated packages via the zypper package manager.
Original Advisory:
openSUSE-SU-2011:0348-1:
https://hermes.opensuse.org/messages/8086843
http://secunia.com/advisories/44181/
Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch
Operating System: openSUSE 11.2
openSUSE 11.3
openSUSE 11.4
Description:
SUSE has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
Apply updated packages via the zypper package manager.
Original Advisory:
openSUSE-SU-2011:0348-1:
https://hermes.opensuse.org/messages/8086843
http://secunia.com/advisories/44181/
Reply 13 : VULNERABILITIES / FIXES - April 18, 2011
Release Date : 2011-04-18
Criticality level : Not critical
Impact : Exposure of sensitive information
Where : Local system
Solution Status : Vendor Patch
Operating System: openSUSE 11.2
openSUSE 11.3
SUSE Linux Enterprise Server (SLES) 11
Description:
SUSE has issued an update for sysconfig. This fixes a weakness, which can be exploited by malicious, local users to disclose potentially sensitive information.
The weakness is caused due to the ifcfg files (e.g. /etc/sysconfig/network/ifcfg-wlan0) being changed to world-readable during a fillup run, which can be exploited to e.g. disclose the password.
Solution:
Apply updated packages via the zypper package manager.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
SUSE-SU-2011:0344-1:
https://hermes.opensuse.org/messages/8086857
openSUSE-SU-2011:0353-1:
https://hermes.opensuse.org/messages/8086916
http://secunia.com/advisories/44241/
Criticality level : Not critical
Impact : Exposure of sensitive information
Where : Local system
Solution Status : Vendor Patch
Operating System: openSUSE 11.2
openSUSE 11.3
SUSE Linux Enterprise Server (SLES) 11
Description:
SUSE has issued an update for sysconfig. This fixes a weakness, which can be exploited by malicious, local users to disclose potentially sensitive information.
The weakness is caused due to the ifcfg files (e.g. /etc/sysconfig/network/ifcfg-wlan0) being changed to world-readable during a fillup run, which can be exploited to e.g. disclose the password.
Solution:
Apply updated packages via the zypper package manager.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
SUSE-SU-2011:0344-1:
https://hermes.opensuse.org/messages/8086857
openSUSE-SU-2011:0353-1:
https://hermes.opensuse.org/messages/8086916
http://secunia.com/advisories/44241/
Reply 14 : VULNERABILITIES / FIXES - April 18, 2011
Joomla Facebook Graph Connect Component Information Disclosure Vulnerability
Release Date : 2011-04-18
Criticality level : Less critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch
Software: Facebook Graph Connect 1.x (component for Joomla)
Description:
A vulnerability has been reported in the Facebook Graph Connect component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information.
The vulnerability is caused due to an error within an installation script and can be exploited to disclose certain information about the installed component.
The vulnerability is reported in version 1.3 to 1.5(L & U).
Solution:
Update to version 1.6.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
http://www.sikkimonline.info/fbgconnect-download/category/1-sikkimonline-downloads
http://secunia.com/advisories/44174/
Release Date : 2011-04-18
Criticality level : Less critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch
Software: Facebook Graph Connect 1.x (component for Joomla)
Description:
A vulnerability has been reported in the Facebook Graph Connect component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information.
The vulnerability is caused due to an error within an installation script and can be exploited to disclose certain information about the installed component.
The vulnerability is reported in version 1.3 to 1.5(L & U).
Solution:
Update to version 1.6.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
http://www.sikkimonline.info/fbgconnect-download/category/1-sikkimonline-downloads
http://secunia.com/advisories/44174/
Reply 15 : VULNERABILITIES / FIXES - April 18, 2011
MyBB Information Disclosure and SQL Injection Vulnerabilities
Release Date : 2011-04-18
Criticality level : Moderately critical
Impact : Manipulation of data
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch
Software: MyBB (formerly MyBulletinBoard) 1.x
Description:
A security issue and a vulnerability have been discovered in MyBB, which can be exploited by malicious people to disclose certain sensitive information and conduct SQL injection attacks.
1) The application incorrectly handles malformed SQL queries. This can be exploited to disclose certain sensitive information via SQL error messages by performing a "standard" search.
2) Input passed via the "mybb[forumread]" cookie parameter to showthread.php (when the "action" parameter is set to "newpost") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities are confirmed in version 1.6.2 and reported in version 1.4.15. Prior versions may also be affected.
Solution:
Update to version 1.6.3 or 1.4.16.
Provided and/or discovered by:
1) Reported by the vendor.
2) The vendor credits thebod.
Original Advisory:
MyBB:
http://blog.mybb.com/2011/04/17/mybb-1-6-3-and-1-4-16-security-update/
http://secunia.com/advisories/44219/
Release Date : 2011-04-18
Criticality level : Moderately critical
Impact : Manipulation of data
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch
Software: MyBB (formerly MyBulletinBoard) 1.x
Description:
A security issue and a vulnerability have been discovered in MyBB, which can be exploited by malicious people to disclose certain sensitive information and conduct SQL injection attacks.
1) The application incorrectly handles malformed SQL queries. This can be exploited to disclose certain sensitive information via SQL error messages by performing a "standard" search.
2) Input passed via the "mybb[forumread]" cookie parameter to showthread.php (when the "action" parameter is set to "newpost") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities are confirmed in version 1.6.2 and reported in version 1.4.15. Prior versions may also be affected.
Solution:
Update to version 1.6.3 or 1.4.16.
Provided and/or discovered by:
1) Reported by the vendor.
2) The vendor credits thebod.
Original Advisory:
MyBB:
http://blog.mybb.com/2011/04/17/mybb-1-6-3-and-1-4-16-security-update/
http://secunia.com/advisories/44219/
Reply 16 : VULNERABILITIES / FIXES - April 18, 2011
Release Date : 2011-04-18
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Workaround
Software: KDE 4.x
Description:
A vulnerability has been reported in KDE, which can be exploited by malicious people to compromise a user's system.
KGet does not properly sanitise the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks.
Note: This is caused due to an incomplete fix for SA39528.
The vulnerability is reported in version 4.6.2. Other versions may also be affected.
Solution:
Fixed in the SVN repository.
Provided and/or discovered by:
Disclosed in SVN commits.
Original Advisory:
KDE:
http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468&r2=1227467&pathrev=1227468
http://websvn.kde.org/branches/KDE/4.5/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227469&r2=1227468&pathrev=1227469
http://websvn.kde.org/branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227471&r2=1227470&pathrev=1227471
Launchpad Bug#757526:
https://bugs.launchpad.net/ubuntu/+source/kdenetwork/+bug/757526
http://secunia.com/advisories/44124/
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Workaround
Software: KDE 4.x
Description:
A vulnerability has been reported in KDE, which can be exploited by malicious people to compromise a user's system.
KGet does not properly sanitise the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks.
Note: This is caused due to an incomplete fix for SA39528.
The vulnerability is reported in version 4.6.2. Other versions may also be affected.
Solution:
Fixed in the SVN repository.
Provided and/or discovered by:
Disclosed in SVN commits.
Original Advisory:
KDE:
http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468&r2=1227467&pathrev=1227468
http://websvn.kde.org/branches/KDE/4.5/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227469&r2=1227468&pathrev=1227469
http://websvn.kde.org/branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227471&r2=1227470&pathrev=1227471
Launchpad Bug#757526:
https://bugs.launchpad.net/ubuntu/+source/kdenetwork/+bug/757526
http://secunia.com/advisories/44124/
No comments:
Post a Comment