Bugtraq

VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

Fri, 20 Nov 2009 21:16:39 GMT

Posted by VMware Security Team on Nov 20

-----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2009-0016
Synopsis: VMware vCenter and ESX update release and vMA patch
release address multiple security issue in third
party components
Issue date: 2009-11-20
Updated on: 2009-11-20 (initial release of advisory)
CVE numbers: --- JRE ---...

IE7

Fri, 20 Nov 2009 19:47:38 GMT

Posted by info on Nov 20

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<HTML xmlns="http://www.w3.org/1999/xhtml";>
<HEAD>
<script>
function load(){
var e;
e=document.getElementsByTagName("STYLE")[0];...

[security bulletin] HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Access

Fri, 20 Nov 2009 16:22:04 GMT

Posted by security-alert on Nov 20

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01931960
Version: 1

HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2009-11-18
Last Updated: 2009-11-18

Potential Security Impact: Remote unauthorized access

Source: Hewlett-Packard Company, HP Software Security Response Team...

PHP "multipart/form-data" denial of service

Fri, 20 Nov 2009 16:08:59 GMT

Posted by Bogdan Calin on Nov 20

Description
------------
PHP version 5.3.1 was just released. This release contains a patch for a
denial of service condition we've reported on 27 October 2009. The
problem is related with PHP's handling of RFC 1867 (Form-based File
Upload in HTML).

When you send a POST request to a PHP script with the content-type of
"multipart/form-data" and include a list of files in that request, PHP
will create a temporary file for each file from...

Firefox 3.5.3 Remote Array Overrun (UPDATE)

Fri, 20 Nov 2009 16:01:58 GMT

Posted by cxib on Nov 20

Please update CVE-2009-1563 BID:36851 and BID:36843

Mozilla has changed credit.

http://www.mozilla.org/security/announce/2009/mfsa2009-59.html

and add correct CVE: CVE-2009-0689.

CVE-2009-1563 shouldn't never exists. It is duplicate.

KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution)

Fri, 20 Nov 2009 15:57:33 GMT

Posted by cxib on Nov 20

[ KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution) ]

Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009

CVE: CVE-2009-0689
Risk: High
Remote: Yes

Affected Software:
- KDELibs 4.3.3

NOTE: Prior versions may also be affected.

Original URL:
http://securityreason.com/achievement_securityalert/74

--- 0.Description ---
KDELibs is a collection of libraries built on top of...

K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)

Fri, 20 Nov 2009 15:57:21 GMT

Posted by cxib on Nov 20

[ K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) ]

Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009

CVE: CVE-2009-0689
Risk: High
Remote: Yes

Affected Software:
- K-Meleon 1.5.3

NOTE: Prior versions may also be affected.

Original URL:
http://securityreason.com/achievement_securityalert/72

--- 0.Description ---
K-Meleon is an extremely fast, customizable,...

SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)

Fri, 20 Nov 2009 15:47:08 GMT

Posted by cxib on Nov 20

[ SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) ]

Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009

CVE: CVE-2009-0689
Risk: High
Remote: Yes

Affected Software:
- SeaMonkey 1.1.18

Fixed in:
- SeaMonkey 2.0

NOTE: Prior versions may also be affected.

Original URL:
http://securityreason.com/achievement_securityalert/71

--- 0.Description ---
The SeaMonkey project is...

Opera 10.01 Remote Array Overrun (Arbitrary code execution)

Fri, 20 Nov 2009 15:45:42 GMT

Posted by cxib on Nov 20

[ Opera 10.01 Remote Array Overrun (Arbitrary code execution) ]

Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009

CVE: CVE-2009-0689
Risk: High
Remote: Yes

Affected Software:
- Opera 10.01
- Opera 10.10 Beta

NOTE: Prior versions may also be affected.

Original URL:
http://securityreason.com/achievement_securityalert/73

--- 0.Description ---
Opera is a Web browser and Internet suite...

NSA Iraqi Computer Attacks And U.S. Defense

Thu, 19 Nov 2009 16:45:01 GMT

Posted by Gadi Evron on Nov 19

In a recent article in the National Journal Magazine, the NSA
supposedly admits to using computer attacks in Iraq, attacking
cellular systems. Aside to the hacking part, which is obviously
"cool", the impact on the US cyber defense stance as well as
international relations is staggering.

I spent some time trying to figure out what facts were given in the
story, and analyze it.

Original story:...

AssetsSoSimple supplier_admin.php Supplier Field XSS

Thu, 19 Nov 2009 16:36:04 GMT

Posted by Bugs NotHugs on Nov 19

product: AssetsSoSimple
version tested: 0.33
vendor URL: http://assetssosimple.sourceforge.net/
script: supplier_admin.php
field: Supplier

ooo

BugsNotHugs
Shared Vulnerability Disclosure Account

Auto Manager admin.cgi Multiple Field XSS

Thu, 19 Nov 2009 16:27:47 GMT

Posted by Bugs NotHugs on Nov 19

vendor: interactivetools.com, inc.,
http://www.interactivetools.com/products/automanager/
product: Auto Manager
version: 2.52
script: admin.cgi
fields: Vehicle, Year, Price, Drive Train, Transmission, Body, Engine,
Description, Color, Miles

***

BugsNotHugs
Shared Vulnerability Disclosure Account

[security bulletin] HPSBMA02477 SSRT090177 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)

Thu, 19 Nov 2009 16:18:44 GMT

Posted by security-alert on Nov 19

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01926980
Version: 2

HPSBMA02477 SSRT090177 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2009-11-17
Last Updated: 2009-11-18

Potential Security Impact: Remote Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response...

[security bulletin] HPSBPI02472 SSRT090196 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access to Data, Denial of Service

Thu, 19 Nov 2009 16:08:29 GMT

Posted by security-alert on Nov 19

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01886100
Version: 1

HPSBPI02472 SSRT090196 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access to Data, Denial of Service

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2009-11-18
Last Updated: 2009-11-18

Potential Security Impact: Remote unauthorized access to data, Denial of Service (DoS)

Source:...

[USN-860-1] Apache vulnerabilities

Thu, 19 Nov 2009 16:01:14 GMT

Posted by Jamie Strandboge on Nov 19

===========================================================
Ubuntu Security Notice USN-860-1 November 19, 2009
apache2 vulnerabilities
CVE-2009-3094, CVE-2009-3095, CVE-2009-3555
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu,...