(-) HatSecurity.com » vulnerability

Oracle to issue patch for 41 security issues

Tahir — Mon, 12 Jan 2009 16:07:27 +0000

Oracle is to release a patch tomorrow that fixes 41 security vulnerabilities across hundreds of its products. According to the announcement, the affected supported products are:

• Oracle Database 11g, version 11.1.0.6

• Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3, 10.2.0.4

• Oracle Database 10g, version 10.1.0.5

• Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV

• Oracle Secure Backup version 10.2.0.2, 10.2.0.3

• Oracle Secure Backup version 10.1.0.1, 10.1.0.2, 10.1.0.3

• Oracle TimesTen In-Memory Database version 7.0.5.1.0, 7.0.5.2.0, 7.0.5.3.0, 7.0.5.4.0

• Oracle Application Server 10g Release 3 (10.1.3), version 10.1.3.3.0

• Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.2.0, 10.1.2.3.0

• Oracle Collaboration Suite 10g, version 10.1.2

• Oracle E-Business Suite Release 12, version 12.0.6

• Oracle E-Business Suite Release 11i, version 11.5.10.2

• Oracle Enterprise Manager Grid Control 10g Release 4, version 10.2.0.4

• PeopleSoft Enterprise HRMS versions 8.9, 9.0 and 9.1

• JD Edwards Tools version 8.97

• Oracle WebLogic Server (formerly BEA WebLogic Server) 10.0 released through MP1, 10.3 GA

• Oracle WebLogic Server (formerly BEA WebLogic Server) 9.0 GA, 9.1 GA, 9.2 released through MP3

• Oracle WebLogic Server (formerly BEA WebLogic Server) 8.1 released through SP6

• Oracle WebLogic Server (formerly BEA WebLogic Server) 7.0 released through SP7

• Oracle WebLogic Portal (formerly BEA WebLogic Portal) 10.0 released through MP1, 10.2 GA, 10.3 GA

• Oracle WebLogic Portal (formerly BEA WebLogic Portal) 9.2 released through MP3

• Oracle WebLogic Portal (formerly BEA WebLogic Portal) 8.1 released through SP6

This release dwarfs Microsoft’s one-patch fix that affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

Rogue Certification Authority certificates a reality

Tahir — Wed, 31 Dec 2008 19:21:58 +0000

A team of researchers presenting yesterday at the 25th Annual Chaos Communication Congress held in Berlin, have successfully demonstrated an attack against X.509 digital certificates signed by a trusted Certification Authority (CA) using the MD5 hashing algorithm. The attack method makes use of MD5 collision techniques which were known to exist since 2004 but demonstrated in practice for the first time.

Yahoo! fixes cross-site scripting vulnerability

Tahir — Tue, 28 Oct 2008 23:13:28 +0000

Yahoo! has fixed a cross-site scripting vulnerability affecting the HotJobs website. The vulnerability, first reported by Netcraft allowed injection of malicious code that stole session authentication cookie of Yahoo! users and submitting them to a US-based webserver. Yahoo!’s statement found on Netcraft states:

The team was made aware of this particular Cross-Site Scripting issue yesterday morning (Sunday, Oct. 26) and a fix was deployed within a matter of hours. Yahoo! appreciates Netcraft’s assistance in identifying this issue.

As a safety precaution, we recommend users change their passwords, should they still be concerned. Users should always verify via their Sign-in Seal that they are giving their passwords to Yahoo.com.

The session authentication cookies could have been used for accessing Yahoo! services such as Yahoo! Mail and Yahoo! HotJobs amongst others.

Google’s Chrome under fire

Tahir — Mon, 08 Sep 2008 07:30:46 +0000

The new JavaScript speed king, Google Chrome web browser is getting hammered by security researchers over security vulnerabilities ranging from crashing the browser to potentially running malicious code on the user’s computer. Here’s a quick round-up of what I have come across so far:

1. “Carpet bomb” – September 3, 2008. Security researcher Aviv Raff managed to discover this vulnerability hours after the browser was released. The vulnerability, when exploited could litter the user’s download directory with numerous irrelevant files or could potentially be used to exploit other vulnerabilities that may exist on the user’s machine.

Raff describes on his site how a specially-crafted java archive file (JAR), combined with a social engineering ploy could trick a user in to downloading and executing the file without any warning from the browser.

The vulnerability comes from Google’s use of an outdated version of WebKit, the open source browser engine toolkit used also by Apple’s Safari browser. The WebKit version used in Chrome is the same used in Safari 3.1, which had its own set of vulnerabilities.

2. URL Handler Crash – September 3, 2008. Rishi Narang discovered an issue in Chrome that can crash Chrome altogether when the user visits a specially-crafted URL, throwing the following (G)message:

Whoa! Google Chrome has crashed. Restart now?

3. ‘SaveAs’ Buffer Overflow – September 5, 2008. SVRT-Bkis, a security team from Vietnam discovered this vulnerability that can allow an attacker to take control of the user’s computer.

The vulnerability lies in the “Save page as…” function which causes a buffer overflow when saving pages with very long page titles. This aids the attackers to execute arbitrary code on users’ systems.

As of this writing, Google has patched this vulnerability.

4. “Tool tip” DoS – September 8, 2008. Exodus of BlackHat Security (Israel) has discovered that a large object title can crash Chrome. This works on the current version of Chrome (0.2.149.29 Built 1798). The PoC is here.

Update: Click here for an updated list of all publicly tracked Chrome issues.

Article updated - October 01 - 3PM +4GMT