======================================================================
Secunia Research 21/04/2010
- imlib2 "IMAGE_DIMENSIONS_OK()" Logic Error -
======================================================================
Table of Contents
Affected Software....................................................1
Vulnerability ID: HTB22522
Reference: http://www.htbridge.ch/advisory/application_logic_error_in_dt_centrepiece.html
Product: DT Centrepiece
Vendor: DT Services ( http://www.dt.net.nz/ )
Vulnerable Version: 4.5 and Probably Prior Versions
Vendor Notification: 22 July 2010
Vulnerability Type: Application Logic Error
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Reference: http://www.htbridge.ch/advisory/ip_address_spoofing_in_e107.html
Product: e107 Website System
Vendor: e107
Vulnerable Version: 0.7.19 and Probably Prior Versions
Vendor Notification: 05 April 2010
Vulnerability Type: Application Logic Error
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low
Credit: High-Tech Bridge SA (http://www.htbridge.ch/)
Vulnerability Details:
sensitive information. All the vulnerabilities require an attacker to
first intercept a secure e-mail message as a condition for successful
exploitation. Attackers can obtain secure e-mail messages by
monitoring a network or a compromised user e-mail account.
The IronPort Encryption Appliance contains a logic error that could
allow an attacker to obtain the unique, per-message decryption key
that is used to protect the content of an intercepted secure e-mail
message without user interaction. Using the decryption key, an
attacker could decrypt the contents of the secure e-mail message.
This vulnerability is documented in IronPort bug 8062 and has been
(WINS). Authentication is not required to exploit this vulnerability.
The specific flaw exists within the wins.exe service distributed with
Microsoft Windows 2003 Server. This service is designed to resolve
NetBIOS requests and accepts connections on port 42. Due to a logic
error when handling a socket send exception, certain user-supplied
values remain within a stack frame and are re-used in another context. A
remote attacker can abuse this flaw to cause a call to
LeaveCriticalSection to operate upon a controlled location in memory.
Such a condition could lead to remote code execution under the context
of the SYSTEM user.
In Motion Ltd.'s BlackBerry Enterprise Server could allow an attacker to
execute arbitrary code with the privileges of the affected service,
which is usually SYSTEM.
The vulnerability occurs when parsing a data stream inside of a PDF
file. Due to a logic error, it is possible to allocate an array of
object pointers that is never initialized. This array is located on the
heap. When the object that contains this array is destroyed, each
pointer in the array is deleted. Since the memory is never properly
initialized, whatever content was previously there is used. It is
possible to control the chunk of memory that gets allocated for this
processing smb:// URLs. If a user were tricked into viewing a malicious
website and had smbclient installed, a remote attacker could execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2006-5925)
Jakub Wilk discovered a logic error in Elinks, leading to a buffer
overflow. If a user were tricked into viewing a malicious website, a remote
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-7224)
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. A remote
attacker could send a crafted NTP mode 7 packet with a spoofed IP address
of an affected server and cause a denial of service via CPU and disk
resource consumption.
Vulnerability ID: HTB22523
Reference: http://www.htbridge.ch/advisory/application_logic_error_in_dt_centrepiece_1.html
Product: DT Centrepiece
Vendor: DT Services ( http://www.dt.net.nz/ )
Vulnerable Version: 4.5 and Probably Prior Versions
Vendor Notification: 22 July 2010
Vulnerability Type: Application Logic Error in the Authentication Mechanism
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Database matching order permits host-based |
| | authentication to be ignored |
|--------------------+---------------------------------------------------|
| Nature of Advisory | Logic error |
|--------------------+---------------------------------------------------|
| Susceptibility | Remote Unauthenticated Sessions |
|--------------------+---------------------------------------------------|
| Severity | Moderate |
|--------------------+---------------------------------------------------|
Reference: http://www.htbridge.ch/advisory/reset_admin_password_in_sweetrice_cms.html
Product: SweetRice CMS
Vendor: basic-cms.org ( http://www.basic-cms.org/ )
Vulnerable Version: 0.6.7
Vendor Notification: 21 October 2010
Vulnerability Type: Logic error
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability Details:
