This bulletin summary lists 12 released Microsoft security bulletins for February, 2013.
ca4f180fcc30f1a0c1312bb662c5ff4944c9af058711a83d03b97cbe6ff25737BlackNova Traders, a web-based game similar to the BBS game TradeWars, suffers from a remote SQL injection vulnerability.
28605edf410233103f0f7af8034f289dd39d1d7fabc070d6319ec0488810bf6cstrongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
d46f91e8a8f6bd9102156d1ee6efb61bd15b3a8b8b5c619bc91c1c61474727b6Red Hat Security Advisory 2013-0253-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that an excessive amount of information was logged when invalid tokens were requested, resulting in large log files. An attacker could use this flaw to consume an excessive amount of disk space by requesting a large number of invalid tokens. The CVE-2013-0247 issue was discovered by Dan Prince of Red Hat.
3609debda144b85ffbeb2e910d12baa8f24886fd4bf2b73e852a613dada75eb1Ubuntu Security Notice 1716-1 - It was discovered that gnome-screensaver did not start automatically after logging in. This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an unlocked session.
c2a128c3f51b44d4c83326e6592e43fa51214b47348406805d460874c5902ba7Ubuntu Security Notice 1717-1 - Sumit Soni discovered that PostgreSQL incorrectly handled calling a certain internal function with invalid arguments. An authenticated attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service.
20cf4f803d114437c08a6861881b9d0d7260a4f3222f7384bb0040444ef5a824Ubuntu Security Notice 1719-1 - It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. Various other issues were also addressed.
6de26ef41062f19fa61e79d4002edf1eee71915e490a7fd9a002c826f84ae65aSecunia Security Advisory - A vulnerability has been reported in VirusScan Enterprise and Host Intrusion Prevention, which can be exploited by malicious, local users to potentially gain escalated privileges.
7b050158066c31453c80ebb37f6571a5144f11028aee3494326f8865aaf4bf95Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.
908c252e9e4c85d926b4ea189e18fa5aa19e4536830d399983ceddc3978dcaefSecunia Security Advisory - SUSE has issued an update for opera. This fixes multiple vulnerabilities, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system.
5db6bb4c8dea5aaeb9c3f3e8bbab27563200633b4f24cd7256e2411814fb4dbbSecunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.
8d996bb5f9d4404e6146182e394f4494a2005b337524497e2a1c7c3f6707b22dSecunia Security Advisory - A vulnerability has been reported in Microsoft .NET Framework, which can be exploited by malicious people to compromise a user's system.
c86c583fc2f5899875547d8e6356bc5ca526987e28c341d781626d87ea330dc5Secunia Security Advisory - Microsoft has acknowledged multiple vulnerabilities in Microsoft FAST Search Server 2010 for SharePoint, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
6d694a174e316a4fd22309b3a0346e0013f211192808344f1157db0ef360fb82Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
9856f6722a91178b5c4bd2802c71f64b0d0c0a0f070332760b1700a5a055c840Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.
1c5db0b63458cadb955529e474231a1a030f04ac0156a146f4ac3a3c80b92f04Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Flash Player and AIR, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.
ef5c229dfc8c9d191724d0c78188027e34f1a64dbe15c12b8876456cfdd264eeSecunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
e9bd7d8d1d042882e7f0e41baaaba92bb805622e4b2e6963394119a865874d4dSecunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service).
bc1cb1a66861cb01447e1f729a022548895c441cf333e9e15163a6b5861c0cb3Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
8580800ae4bda757870fdb5d48db2174cf25daa8caede8ad8890b9eb01387af0Secunia Security Advisory - A vulnerability has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
82a68d048e4bfd25c7f565d1220455b79b5f5b928571b84342f991dd46af773dSecunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to cause a DoS (Denial of Service).
5917d54b06aec6a14a258ad2eb2ffa9e6ae65488dc8303dc3126afbc5980279aSecunia Security Advisory - SUSE has issued an update for gnutls. This fixes a vulnerability, which can be exploited by malicious people to potentially cause a DoS (Denial of Service) in an application using the library.
2383e2bf6443f36b67ca12f5a36d7ecb319121023ea637cdc21fa6101b152fadBluefog is a tool that can generate an essentially unlimited number of phantom Bluetooth devices. It can be used to test Bluetooth scanning and monitoring systems, make it more difficult for attackers to lock onto your devices, or otherwise complicate the normal operation of Bluetooth devices. Technically, Bluefog can work with just one Bluetooth adapter, but it works much better when you connect multiple adapters. Up to four radios are currently supported simultaneously.
e6482eaf54e126116978d4f8508615c1b1bf12c2da74b5d55ef7bf05cb74bde8The Huawei Mobile Partner application suffers from having extremely loose access permissions allowing for anyone to replace the files with malicious binaries. Version 23.007.09.00.203 is affected.
293dca6309dc7013be9f809e31e314d539fdfa96c54c16f41c22d76ba79ed4d6PHPkit is a simple PHP based backdoor, leveraging include() and php://input to allow the attacker to execute arbitrary PHP code on the infected server. The actual backdoor contains no suspicious calls such as eval() or system(), as the PHP code is executed in memory by include().
9ae6f1db9ff8c94146491368c999d0b4d6a0a9cfe7316a6f72a899025250bf36
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed