NGS00014: [NGS00014] Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration

Gavin Jones of NGS Secure has discovered a vulnerability in (Cisco) Cisco VPN Concentrator, Cisco PIX and Cisco Adaptive Security Appliance. Read more at http://www.criticalwatch.com

Winamp-SA-12/01/2010: Winamp NSV Table of Contents Parsing Integer Overflow

Affected Software * Winamp 5.581 * Winamp 5.59 Beta Build 3033 NOTE: Other versions may also be affected.

Description of Vulnerability Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused by an integer overflow error in the “in_nsv.dll” plugin when parsing the Table of Contents. This can be exploited to cause a heap-based buffer overflow via a specially crafted NSV stream or file. Successful exploitation allows execution of arbitrary code.

Read more at http://www.criticalwatch.com

USN-1025-1: [USN-1025-1] Bind vulnerabilities

Details follow: It was discovered that Bind would incorrectly allow a ncache entry and a rrsig for the same type. A remote attacker could exploit this to cause Bind to crash, resulting in a denial of service. (CVE-2010-3613) It was discovered that Bind would incorrectly mark zone data as insecure when the zone is undergoing a key algorithm rollover. (CVE-2010-3614) Read more at http://www.criticalwatch.com

CVE-2010-3449: Apache Archiva CSRF Vulnerability

Description: Apache Archiva doesn’t check which form sends credentials. An attacker can create a specially crafted page and force archiva administrators to view it and change their credentials. To fix this, a referrer check was added to the security interceptor for all secured actions. A prompt for the administrator’s password when changing a user account was also set in place. Read more at http://www.criticalwatch.com

CORE-2010-1109: [CORE-2010-1109] Multiple vulnerabilities in BugTracker.Net

*Vulnerability Description* BugTracker.NET [1][2] is an open-source web-based bug tracker written using ASP.NET, C#, and Microsoft SQL Server. Several cross-site scripting and SQL-injection vulnerabilities were found in the following files of the BugTracker.NET: . *bugs.aspx*. SQL injection in line 141. . *delete_query.aspx*. No sanitization for ‘row_id.Value’ in line 30. . *edit_bug.aspx*. Variables without sanitization in lines 1846 and 1857. . *edit_bug.aspx*. No sanitization for variable ‘new_project’, line 2214. . *edit_bug.aspx*. XSS in line 2918. . *edit_comment.aspx*. XSS in line 233. . *edit_customfield.aspx*. Lines 165 and 172, no sanitization. . *edit_user_permissions2.aspx*. XSS in line 40. . *massedit.aspx*. SQL Injection in line 162. Read more at http://www.criticalwatch.com

CORE-2010-1109: [CORE-2010-1109] Multiple vulnerabilities in BugTracker.Net

*Vulnerability Description* BugTracker.NET [1][2] is an open-source web-based bug tracker written using ASP.NET, C#, and Microsoft SQL Server. Several cross-site scripting and SQL-injection vulnerabilities were found in the following files of the BugTracker.NET: . *bugs.aspx*. SQL injection in line 141. . *delete_query.aspx*. No sanitization for ‘row_id.Value’ in line 30. . *edit_bug.aspx*. Variables without sanitization in lines 1846 and 1857. . *edit_bug.aspx*. No sanitization for variable ‘new_project’, line 2214. . *edit_bug.aspx*. XSS in line 2918. . *edit_comment.aspx*. XSS in line 233. . *edit_customfield.aspx*. Lines 165 and 172, no sanitization. . *edit_user_permissions2.aspx*. XSS in line 40. . *massedit.aspx*. SQL Injection in line 162. Read more at http://www.criticalwatch.com

Pandora-SA-11/30/2010: Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities

Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities CVE IDs in this security advisory: 1) Authentication bypass – CVE-2010-4279 2) OS Command Injection – CVE-2010-4278 3) SQL Injection – CVE-2010-4280 4) Blind SQL Injection – CVE-2010-4280 5) Path Traversal – CVE-2010-4281 – CVE-2010-4282 – CVE-2010-4283 Read more at http://www.criticalwatch.com

MDVSA-2010:244: [MDVSA-2010:244] phpmyadmin Cross-site-scripting Issue

Package : phpmyadmin

Problem Description: A vulnerability has been found and corrected in phpmyadmin: It was possible to conduct a XSS attack using spoofed request on the db search script (CVE-2010-4329). This upgrade provides the latest phpmyadmin versions which is not vulnerable to this security issue. Read more at http://www.criticalwatch.com

MITKRB5-SA-2010-007: [MITKRB5-SA-2010-007] Multiple checksum handling vulnerabilities

SUMMARY ======= These vulnerabilities are in the MIT implementation of Kerberos (krb5), but because these vulnerabilities arise from flaws in protocol handling logic, other implementations may also be vulnerable. CVE-2010-1324 MIT krb5 (releases krb-1.7 and newer) incorrectly accepts an unkeyed checksum with DES session keys for version 2 (RFC 4121) of the GSS-API krb5 mechanism. MIT krb5 (releases krb5-1.7 and newer) incorrectly accepts an unkeyed checksum for PAC signatures. Running exclusively krb5-1.8 or newer KDCs blocks the attack. MIT krb5 KDC (releases krb5-1.7 and newer) incorrectly accepts RFC 3961 key-derivation checksums using RC4 keys when verifying the req-checksum in a KrbFastArmoredReq. Read more at http://www.criticalwatch.com

RHSA-2010:0921-01: [RHSA-2010:0921-01] Important: Red Hat Enterprise MRG Messaging and Grid security update

Product: Red Hat Enterprise MRG for RHEL-5

Synopsis: Important: Red Hat Enterprise MRG Messaging and Grid security update

Summary: Updated Red Hat Enterprise MRG Messaging and Grid packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Read more at http://www.criticalwatch.com