LANDesk Security and Patch Bulletin: Security Update Report for Week Ending 02 May 2008

Version 1

    Security Update for the Week Ending 2 May 2008

     

     

     

     

    Windows / 3rd party (Some also impact Apple OSes)

     

     

    Akamai Vulnerabilities

     

     

    LANDesk Solution: No solution from vendor is available

     

     

     

     

     

    Akamai Download Manager Code Execution Vulnerability

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      System access

     

     

    Released:    2008-05-01

     

     

     

     

     

    A vulnerability has been reported in Akamai Download Manager, which can be exploited by malicious people to compromise a user's system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30037/

     

     

     

     

     

    IBM Vulnerabilities

     

     

    LANDesk Solution: No solution from vendor is available

     

     

     

     

     

     

     

     

    A highly critical vulnerability has been reported in IBM Lotus Expeditor, which can be exploited by malicious people to compromise a user's system.

     

     

     

     

     

    The problem is that the application registers the "cai" URI handler, which allows launching rcplauncher.exe with arbitrary command line arguments. This can be exploited to execute arbitrary programs via the "-launcher" argument.

     

     

     

     

     

    The vulnerability affects Lotus Expeditor Client for Desktop versions 6.1.0, 6.1.1, and 6.1.2 on Windows systems using Internet Explorer.

     

     

     

     

     

    A patch has been released by the vendor; please contact IBM support for access.

     

     

     

     

     

    --

     

     

    HP Vulnerabilities

     

     

    LANDesk Solution: we are analyzing the patch for this vulnerability.

     

     

     

     

     

    Some vulnerabilities have been reported in HP Software Update, which can be exploited by malicious people to disclose certain information or compromise a vulnerable system.

     

     

     

     

     

    A highly critical boundary error in the HPeSupportDiags.HPIniFileUtil.1 ActiveX control (HPeDiag.dll) when handling the "GetXmlFromIni()" method can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code.

     

     

     

     

     

    Insecure methods in certain ActiveX controls (e.g.

     

     

    HPeSupportDiags.HPRegUtil.1, HPeSupportDiags.HPFileUtil.1, HPeSupportDiags.HPSystemBoardInfo.1,

     

     

    HPeSupportDiags.HPOperatingSystem.1) can be exploited to, for example, read registry entries, read text files, or retrieve system and OS information.

     

     

     

     

     

    The vulnerabilities are reported in versions 4.000.009.002 and prior.

     

     

    The vendor has released version 4.000.010.008 to fix the vulnerabilities.

     

     

     

     

     

    --

     

     

     

     

     

    UNIX/Linux:--

     

     

     

     

     

    Fedora update for poppler

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      DoS, System access

     

     

    Released:    2008-04-30

     

     

     

     

     

    Fedora has issued an update for poppler. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30033/

     

     

     

     

     

    --

     

     

     

     

     

    Red Hat update for thunderbird

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      DoS, System access

     

     

    Released:    2008-05-01

     

     

     

     

     

    Red Hat has issued an update for thunderbird. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30029/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for xine-lib

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      System access

     

     

    Released:    2008-04-30

     

     

     

     

     

    Fedora has issued an update for xine-lib. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30021/

     

     

     

     

     

    --

     

     

     

     

     

    GNOME PeerCast "HTTP::getAuthUserPass()" Buffer Overflow Vulnerability

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      DoS, System access

     

     

    Released:    2008-04-30

     

     

     

     

     

    Nico Golde has reported a vulnerability in GNOME PeerCast, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30020/

     

     

     

     

     

    --

     

     

     

     

     

    Debian update for iceape

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      System access

     

     

    Released:    2008-04-29

     

     

     

     

     

    Debian has issued an update for iceape. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30012/

     

     

     

     

     

    --

     

     

     

     

     

    Red Hat update for java-1.5.0-bea

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass, DoS, System access

     

     

    Released:    2008-04-28

     

     

     

     

     

    Red Hat has issued an update for java-1.5.0-bea. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user's system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30003/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for KDE4

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      DoS, System access

     

     

    Released:    2008-04-30

     

     

     

     

     

    Fedora has issued an update for KDE4. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30001/

     

     

     

     

     

    --

     

     

     

     

     

    Red Hat update for java-1.4.2-bea

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass, DoS, System access

     

     

    Released:    2008-04-28

     

     

     

     

     

    Red Hat has issued an update for java-1.4.2-bea. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions and potentially compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29999/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for wordpress

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass, Cross Site Scripting, System access

     

     

    Released:    2008-04-30

     

     

     

     

     

    Fedora has issued an update for wordpress. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and to compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29994/

     

     

     

     

     

    --

     

     

     

     

     

    KDE KHTML PNG Processing Buffer Overflow Vulnerability

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      DoS, System access

     

     

    Released:    2008-04-28

     

     

     

     

     

    A vulnerability has been reported in KDE, which potentially can be exploited by malicious people to compromise a user's system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29980/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for squid

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      DoS

     

     

    Released:    2008-04-30

     

     

     

     

     

    Fedora has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30032/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for moin

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass, Cross Site Scripting

     

     

    Released:    2008-04-30

     

     

     

     

     

    Fedora has issued an update for moin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30031/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for perl-Imager

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      DoS, System access

     

     

    Released:    2008-04-30

     

     

     

     

     

    Fedora has issued an update for perl-Imager. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30030/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for perl

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      DoS, System access

     

     

    Released:    2008-04-30

     

     

     

     

     

    Fedora has issued an update for perl. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30025/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for lighttpd

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      DoS

     

     

    Released:    2008-04-30

     

     

     

     

     

    Fedora has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30023/

     

     

     

     

     

    --

     

     

     

     

     

    Imager Image-Based Fill Buffer Overflow Vulnerability

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      DoS, System access

     

     

    Released:    2008-04-29

     

     

     

     

     

    A vulnerability has been reported in Imager, which potentially can be exploited by malicious people to compromise an application using the library.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30011/

     

     

     

     

     

    --

     

     

     

     

     

    Slackware update for libpng

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      Exposure of sensitive information, DoS, System access

     

     

    Released:    2008-04-29

     

     

     

     

     

    Slackware has issued an update for libpng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, or potentially compromise an application using the library.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30009/

     

     

     

     

     

    --

     

     

     

     

     

    ZoneMinder Unspecified Code Execution Vulnerabilities

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      System access

     

     

    Released:    2008-04-28

     

     

     

     

     

    Some vulnerabilities have been reported in ZoneMinder, which potentially can be exploited by malicious users to compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29995/

     

     

     

     

     

    --

     

     

     

     

     

    rPath update for libpng

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      Exposure of sensitive information, DoS, System access

     

     

    Released:    2008-04-30

     

     

     

     

     

    rPath has issued an update for libpng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, or potentially compromise an application using the library.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29992/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for dbmail

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass

     

     

    Released:    2008-04-30

     

     

     

     

     

    Fedora has issued an update for dbmail. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29984/

     

     

     

     

     

    --

     

     

     

     

     

    IBM WebSphere Application Server Java Plugin Security Bypass

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass

     

     

    Released:    2008-05-01

     

     

     

     

     

    A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious people to bypass certain security restrictions.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29976/

     

     

     

     

     

    --

     

     

     

     

     

    HP-UX WBEM Services OpenPegasus PAM Module Buffer Overflows

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From local network

     

     

    Impact:      DoS, System access

     

     

    Released:    2008-04-30

     

     

     

     

     

    HP has acknowledged some vulnerabilities in HP-UX, which can potentially be exploited by malicious people to compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29986/

     

     

     

     

     

    --

     

     

     

     

     

    cPanel Cross-Site Request Forgery Vulnerabilities

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       From remote

     

     

    Impact:      Cross Site Scripting

     

     

    Released:    2008-05-01

     

     

     

     

     

    Some vulnerabilities have been reported in cPanel, which can be exploited by malicious people to conduct cross-site request forgery attacks.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30027/

     

     

     

     

     

    --

     

     

     

     

     

    Debian update for wordpress

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       From remote

     

     

    Impact:      Exposure of system information, Exposure of sensitive

     

     

    information

     

     

    Released:    2008-05-02

     

     

     

     

     

    Debian has issued an update for wordpress. This fixes a vulnerability, which can potentially be exploited by malicious people to disclose sensitive information.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30013/

     

     

     

     

     

    --

     

     

     

     

     

    miniBB "whatus" Cross-Site Scripting Vulnerability

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       From remote

     

     

    Impact:      Cross Site Scripting

     

     

    Released:    2008-04-29

     

     

     

     

     

    IRCRASH has discovered a vulnerability in miniBB, which can be exploited by malicious people to conduct cross-site scripting attacks.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30004/

     

     

     

     

     

    --

     

     

     

     

     

    Sun Solaris Apache Modules Cross-Site Scripting Vulnerabilities

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       From remote

     

     

    Impact:      Cross Site Scripting

     

     

    Released:    2008-04-28

     

     

     

     

     

    Sun has acknowledged some vulnerabilities in Solaris, which can be exploited by malicious people to conduct cross-site scripting attacks.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29988/

     

     

     

     

     

    --

     

     

     

     

     

    Debian update for asterisk

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       From local network

     

     

    Impact:      DoS

     

     

    Released:    2008-05-01

     

     

     

     

     

    Debian has issued an update for asterisk. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30042/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for asterisk

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       From local network

     

     

    Impact:      DoS

     

     

    Released:    2008-04-30

     

     

     

     

     

    Fedora has issued an update for asterisk. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30010/

     

     

     

     

     

    --

     

     

     

     

     

    Linux Kernel Multiple Vulnerabilities

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       Local system

     

     

    Impact:      Privilege escalation, DoS

     

     

    Released:    2008-05-02

     

     

     

     

     

    Some vulnerabilities have been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of

     

     

    Service) or to potentially gain escalated privileges.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30044/

     

     

     

     

     

    --

     

     

     

     

     

    Debian update for kernel

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       Local system

     

     

    Impact:      Security Bypass, Privilege escalation, DoS

     

     

    Released:    2008-05-02

     

     

     

     

     

    Debian has issued an update for the kernel. This fixes some vulnerabilities and security issues, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), or to potentially gain escalated privileges.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30018/

     

     

     

     

     

    --

     

     

     

     

     

    Gentoo update for kde

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       Local system

     

     

    Impact:      Privilege escalation, DoS

     

     

    Released:    2008-04-29

     

     

     

     

     

    Gentoo has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29977/

     

     

     

     

     

    --

     

     

     

     

     

    util-linux-ng "login" Audit Log Injection Weakness

     

     

     

     

     

    Critical:    Not critical

     

     

    Where:       From remote

     

     

    Impact:      Manipulation of data

     

     

    Released:    2008-04-29

     

     

     

     

     

    A weakness has been reported in util-linux-ng, which can be exploited by malicious people to manipulate certain data.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30014/

     

     

     

     

     

    --

     

     

     

     

     

    GraphicsMagick Insecure File Extension Processing

     

     

     

     

     

    Critical:    Not critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass

     

     

    Released:    2008-05-02

     

     

     

     

     

    A security issue has been reported in GraphicsMagick, which can be exploited by malicious people to bypass certain security restrictions.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30008/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for util-linux-ng

     

     

     

     

     

    Critical:    Not critical

     

     

    Where:       From remote

     

     

    Impact:      Manipulation of data

     

     

    Released:    2008-04-30

     

     

     

     

     

    Fedora has issued an update for util-linux-ng. This fixes a weakness, which can be exploited by malicious people to manipulate certain data.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29982/

     

     

     

     

     

     

     

     

    Other:--

     

     

     

     

     

    ALAXALA Networks AX Series BGP UPDATE Message Processing Denial of Service

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      DoS

     

     

    Released:    2008-05-02

     

     

     

     

     

    A vulnerability has been reported in ALAXALA Networks AX series, which can be exploited by malicious people to cause a DoS (Denial of Service).

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30054/

     

     

     

     

     

    --

     

     

     

     

     

    Nortel Multimedia Communication Server PC Client Buffer Overflow

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      DoS

     

     

    Released:    2008-05-01

     

     

     

     

     

    A vulnerability has been reported in Nortel Multimedia Communication Server (MCS), which can be exploited by malicious people to cause a DoS (Denial of Service).

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30038/

     

     

     

     

     

    --

     

     

     

     

     

    Hitachi GR Series BGP UPDATE Message Processing Denial of Service

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      DoS

     

     

    Released:    2008-05-02

     

     

     

     

     

    A vulnerability has been reported in Hitachi GR series routers, which can be exploited by malicious people to cause a DoS (Denial of Service).

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30028/

     

     

     

     

     

    --

     

     

     

     

     

    Motorola Surfboard Cable Modem Web Interface Cross-Site Request Forgery

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       From remote

     

     

    Impact:      Cross Site Scripting

     

     

    Released:    2008-04-30

     

     

     

     

     

    Rook Security has reported a vulnerability in Motorola Surfboard Cable Modem, which can be exploited by malicious people to conduct cross-site request forgery attacks.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30026/

     

     

     

     

     

     

     

     

    --

     

     

    VIRUS ALERTS:

     

     

     

     

     

    During the past week Secunia collected 230 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale.