Here’s a collection of recent security vulnerabilities and alerts, which covers an SQL injection hole found in PHP Nuke, a reboot vulnerability found in Cisco’s PIX and ASA, a new version of ClamXav Mac GUI, a report from Microsoft with a report concluding that it has fewer flaws than other modern operating systems, various flaws in Trivoli and WebSphere that have been fixed, and a protocol weakness in Firefox that Mozilla is looking into.

  • SQL injection hole found in PHP Nuke

An SQL injection vulnerability has been found in the popular PHP Nuke CMS (Content Management System) that provides access to the underlying database. Sid parameters can be manipulated to send malicious SQL queries to the database to read password hashes or other stored data.

The mitigating factor is that magic_quotes_gpc must be off though. Hence a workaround would be to set the option in the php.ini file. A working exploit can be found at the milw0rm site here.

  • Cisco PIX and ASA TTL vulnerability causes reboot

A vulnerability exists in the Cisco PIX 500 Series Security Appliance (PIX) and the Cisco 5500 Series Adaptive Security Appliance (ASA) that may result in a reload of the device. This vulnerability is triggered during processing of a crafted IP packet when the Time-to-Live (TTL) decrement feature is enabled on the devices.

Cisco has released free software updates that address this vulnerability. This vulnerability is also fixed in software version 7.2(3)6 or 8.0(3) and later. A workaround would be to disable the TTl decrement feature using the “no set connection decrement-ttl” command.

  • ClamXav 1.1: Free virus scanner for Macs

A new version of ClamXav — version 1.1 has been released. ClanXav provides a Mac user interface for the open-source ClamAV antivirus scanner. ClamXav comes as a welcome alternative to Mac fans as they would have to use ClamAV on the commandn line otherwise.

According to heise Security:

The program also includes a background process called Sentry that can monitor specific folders and automatically check all files arriving in them. In the change log, the developers list many cosmetic changes to the software in its current version. They provide archives for Mac OS 10.5, 10.4 and 10.3.

You can see an overview of all the changes in ClamXav 1.1 here.

  • First year report: Microsoft says Vista has fewer flaws than other operating systems

It appears that Vista logged less than half the vulnerabilities that Windows XP did in the same period of time and has fewer flaws. The report was compiled by Jeff Jones, Security Strategy Director in Microsoft’s Trustworthy Computing group, and pits Vista against other modern operating systems like Red Hat Linux, Ubuntu, and the Mac OS X.

Excerpt from IT News Digest:

Jeff Jones, Security Strategy Director in Microsoft’s Trustworthy Computing group, has compiled a report on the vulnerability disclosures and security updates for the first year of Windows Vista… His report pits Windows Vista against Windows XP and other modern workstation operating systems, such as Red Hat rhel4ws, Ubuntu 6.06 LTS, and Apple Mac OS X 10.4 in their first years.

This understandably, has resulted in an uproar by some TechRepublic members. Check out what other TechRepublic members have to say here.

You can download the report here. (PDF)

  • Flaws in Tivoli and WebSphere fixed

According to a report from heise Security, a number of vulnerabilities and security issues involving IBM’s Tivoli and WebSphere have been fixed.

  1. The Tivoli Business Service Manager stores passwords in clear text
  2. IBM Tivoli Provisioning Manager for OS Deployment has a vulnerability that can be exploited to crash the integrated web server
  3. WebSphere Business Modeler has a flaw that allows unauthorised users to delete content from the repositories
  4. An update has been released for WebSphere Application Server to eliminate an undisclosed vulnerability

Check out the original article over here.

  • Mozilla confirms weakness in chrome protocol, looking into it

Mozilla has admitted to a weakness in the chrome protocol scheme that can result in potential disclosure of information. The issue arises because the directory traversal in a “flat” a chrome package allows escaping the extensions directory.  It is possible to read files in predictable locations on the disk.

As such, a malicious site that is visited is able to load images, scripts, or stylesheets from known locations on the disk.  This gives an attacker additional information about the target system.  Also, a system might be profiled for other nefarious purposes.

Mozilla is currently investigating this issue.  Additional details are available here.