CIAC C-Notes

CIAC's C-Notes are collections of computer security articles and information that are of a less time critical nature than information contained in CIAC's Bulletins and Advisories. C-Notes will be listed here as we find and validate appropriate information.

Current CIAC C-Notes

C-Note-08-030: Motorola Surfboard Vulnerability (05/01/08)

Motorola Suftboard cable modems may contain a cross-site request forgery vulnerability that allows an attacker to cause an affected modem to reboot or reload its configuration.

To view this advisory visit: http://www.kb.cert.org/vuls/id/643049

CIAC would like to thank US-CERT for this information.

C-Note-08-029: ldm Vulnerability (04/28/08)

Within the Linux Terninal Server Project, it is possible to connect to X on any LTSP client from any host on the network, making client windows and keystrokes visible to that host.

To view this advisory visit: http://www.debian.org/security/2008-dsa-1561

CIAC would like to thank Debian for this information.

C-Note-08-028: Kronolith Vulnerability (04/28/08)

The Kronolith, a calendar component for the Horde Framework, didn't properly sanitize URL input, leading to a cross-site scripting vulnerability in the add event screen.

To view this advisory visit: http://www.debian.org/security/2008-dsa-1560

CIAC would like to thank Debian for this information.

C-Note-08-027: CUPS Vulnerability (04/28/08)

CUPS contains an integer overflow that may allow a remote attacker to cause a vulnerable system to crash.

To view this advisory visit: http://www.kb.cert.org/vuls/id/218395

CIAC would like to thank US-CERT for this information.

C-Note-08-026: Perl Vulnerability (04/28/08)

It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct.

To view this advisory visit: http://www.debian.org/security/2008-dsa-1556

CIAC would like to thank Debian for this information.

C-Note-08-025: phpMyAdmin Vulnerabilities (04/28/08)

Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW.

To view this advisory visit: http://www.debian.org/security/2008-dsa-1557

CIAC would like to thank Debian for this information.

C-Note-08-024: xpdf Vulnerabilities (04/25/08)

A vulnerability was discovered in xpdf, a set of tools for display and conversion of Portable Document Format (PDF) files. If a maliciuously crafted PDF file is opened, the vulnerability may allow the execution of arbitrary code with privileges of the user running xpdf.

To view this advisory visit: http://www.debian.org/security/2008-dsa-1548

CIAC would like to thank Debian for this information.

C-Note-08-023: Update to Improve Kernel Patch Protection (04/25/08)

An update is available for Kernel Patch Protection included with x64-based Windows operating systems. Kernel Patch Protection protects code and critical structures in the Windows Kernel from modification by unknown code or data.

To view this advisory visit: http://www.microsoft.com/technet/security/advisory/932596.mspx

CIAC would like to thank Microsoft for this information.

C-Note-08-022: Iceweasel Vulnerabilities (04/25/08)

It was discovered that crashes in the Javascript engine of Iceweasel, an unbranded version of the Firefox browser could potentially lead to the execution of arbitrary code.

To view this advisory visit: http://www.debian.org/security/2008/dsa-1555

CIAC would like to thank Debian for this information.

C-Note-08-021: ikiwiki Vulnerabilities (04/25/08)

It has been discovered that ikiwiki, a Wiki implementation, does not guard password and content chnages against cross-site request forgery (CSRF) attacks.

To view this advisory visit: http://www.debian.org/security/2008/dsa-1553

CIAC would like to thank Debian for this information.

C-Note-08-020: Firebird Vulnerabilities (04/10/08)

Multiple security problems have been discovered in the Firebird database, which may lead to the execution of arbitrary code or denial of service.

To view these advisories visit: http://www.debian.org/security/2008/dsa-1529

CIAC would like to thank Debian for this information.

C-Note-08-019: GNU Complier Collection (GCC) Vulnerability (04/04/08)

Some versions of gcc may silently discard certain checks for overflow. Applications compiled with these versions of gcc may be vulnerable to buffer overflows.

To view these advisories visit: http://www.kb.cert.org/vuls/id/162289

CIAC would like to thank US-CERT for this information.

C-Note-08-018: AirSpan Base Station Distribution Unit Vulnerability (03/28/08)

AirSpan Base Station Distribution Units may contain an undocumented telnet server that authenticates via a known password and is enabled by default.

To view these advisories visit: http://airspan4wimax.googlepages.com
http://www.kb.cert.ogr/vuls/id/446403

CIAC would like to thank AirSpan for this information.

C-Note-08-017: KC Wiki 'wiki.php' Vulnerabilities (03/06/08)

KC Wiki is prone to multiple remote file-include vulnerabilities because it fails to properly sanitise user-supplied input.

To view these advisories visit: http://www.securityfocus.com/bid/28074/discuss

CIAC would like to thank Security Focus for this information.

C-Note-08-016: Vocera Communications System Vulnerability (02/26/08)

The Vocera Communications System is prone to a security-bypass vulnerability in its PEAP implementation because the software fails to properly validate server certificates.

To view these advisories visit: http://www.securityfocus.com/bid/27935/discuss

CIAC would like to thank Security Focus for this information.

C-Note-08-015: XOOPS Vulnerabilities (02/26/08)

The XOOPS Tiny Event 'print' Option and the 'prayerlist' module are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

To view these advisories visit: http://www.securityfocus.com/bid/27931/discuss
http://www.securityfocus.com/bid/27934/discuss

CIAC would like to thank Security Focus for this information.

C-Note-08-014: PHP-Nuke Parameter SQL Injection Vulnerabilities (02/26/08)

The Classifieds, NukeC, and Manuales modules for PHP-Nuke are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

To view these advisories visit: http://www.securityfocus.com/bid/27930/discuss
http://www.securityfocus.com/bid/27937/discuss
http://www.securityfocus.com/bid/27933/discuss

CIAC would like to thank Security Focus for this information.

C-Note-08-013: Liferay Portal Vulnerabilities (02/08/08)

Liferay Portal fails to properly protect against Cross-Site request Forgery (CSRF). This may allow a remote attacker to be able to forge requests that Liferay Portal takes action upon.

To view these advisories visit: http://www.kb.cert.org/vuls/id/767825
http://www.kb.cert.org/vuls/id/217825
http://www.kb.cert.org/vuls/id/732449
http://www.kb.cert.org/vuls/id/888209
http://www.kb.cert.org/vuls/id/326065

CIAC would like to thank US-CERT for this information.

C-Note-08-012: Toshiba Surveillance Surveillix DVR 'MeIpCamX.DLL' ActiveX Control Buffer Overflow Vulnerabilities (01/28/08)

Surveillix DVR 'MeIpCamX.DLL' ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

This advisory is visit: http://www.securityfocus.com/bid/27360/discuss

CIAC would like to thank Security Focus for this information.

C-Note-08-011: Default Passwords in the Cisco Application Velocity System (01/28/08)

Versions of the Cisco Application Velocity System (AVS) prior to software version AVS 5.1.0 do not prompt users to modify system account passwords during the initial configuration process. Because there is no requirement to change these credentials during the initial configuration process, an attacker may be able to leverage the accounts that have default credentials, some of which have root privileges, to take full administrative control of the AVS system.

This advisory is visit: http://www.cisco.com/en/US/products/products_security_advisory09186a0080939431.shtml

CIAC would like to thank Cisco for this information.

C-Note-08-010: Gforge Vulnerability (01/16/08)

It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports.

This advisory is visit: http://www.debian.org/security/2008/dsa-1459 http://www.debian.org/security/2008/dsa-1459">http://www.debian.org/security/2008/dsa-1459

CIAC would like to thank Debain for this information.

C-Note-08-009: Gateway CWebLaunchCtl ActiveX Control Buffer Overflow (01/10/08)

The Gateway CWebLaunchCtl ActiveX control contains a buffer overflow, which may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system.

This advisory is visit: http://www.kb.cert.org/vuls/id/735441

CIAC would like to thank US-CERT for this information.

C-Note-08-008: Wireshark Security Update (12/03/07)

Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or execution of arbitrary code.

This advisory is posted at: http://www.debian.org/security/2007/dsa-1414

CIAC would like to thank Debian for this information.

C-Note-08-007: MySQL Security Update (12/03/07)

Several vulnerabilities have been found inthe MySQL database packages with implications ranging from unauthorized database modifications to remotely triggered server crashes.

This advisory is posted at: http://www.debian.org/security/2007/dsa-1413

CIAC would like to thank Debian for this information.

C-Note-08-006: Kernel Security Update (12/03/07)

There are several security issues in Linux Kernel that could causing a denial of service (DoS) attacks.

This advisory is posted at: https://rhn.redhat.com/errata/RHSA-2007-0993.html

CIAC would like to thank Red Hat for this information.

C-Note-08-005: Adobe ColdFusion Security Update (11/16/07)

An errir in ColdFusion MX7 and ColdFusion 8 applications could allow an attacker to hijack user sessions. This issue does not apply to customers using J2EE session management.

This advisory is posted at: http://www.adobe.com/support/security/bulletins/apsb07-19.html

CIAC would like to thank Adobe for this information.

C-Note-08-004: Apache Tomcat Update (10/26/07)

There are Several security vulnerabilities in Apache Tomcat.

This advisory is posted at: http://tomcat.apache.org/security-4.html

CIAC would like to thank Apache for this information.

C-Note-08-003: FLAC Security Update (10/23/07)

A security flaw was found in the way flac processed audio data. FLAC is a Free Lossless Audio Codec.

This advisory is posted at: https://rhn.redhat.com/errata/RHSA-2007-0975.html

CIAC would like to thank Red Hat for this information.

C-Note-08-002: Kernel Security Update (10/23/07)

There are numerous flaws in Linux Kernel packages which could cause a denial of service condition.

This advisory is posted at: https://rhn.redhat.com/errata/RHSA-2007-0940.html

CIAC would like to thank Red Hat for this information.

C-Note-08-001: Cisco Wireless Control System Conversion Utility Adds Default Password (10/11/07)

Customers who use the Cisco Works Wireless LAN Solution Engine (WLSE) may use a conversion utility to convert over to a Cisco Wireless Control System (WCS). This conversion utility creates and uses administrative accounts with default credentials. Because there is no requirement to change these credentials during the conversion process, an attacker may be able to leverage the accounts that have default credentials to take full administrative control of the WCS after the conversion has been completed.

This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20071010-wcs.shtml

CIAC would like to thank Cisco for this information.