Multiple XSS Vulnerabilities and 27MHz Research

Two cross site scripting vulnerabilities were announced today in F5 Firepass 4100 SSL VPN and Apache 2.2.3 and 2.0.46 and above. In the F5 device, input passed to my.activation.php3 and my.logon.php3 is not properly sanitized before returning to the user. In Apache, input via the HTTP method is not properly sanitized before being sent to the user when a “413 Request Entity Too Large” error page is displayed. Both issues can be exploited to execute script or HTML code in a user’s browser session.

A security research team has demonstrated the ability to intercept communications between 27 Mhz keyboards and a computer. The team was able to reverse engineer the packets and break the trivial encryption to sniff commands entered between the keyboard and the computer. Reportedly this can be performed up to 10 m away. Maybe it’s time to take a look at your company’s security policy and see what’s in it about wireless keyboards and reevaluate those decisions.

Linksys XSS

Bit Defender Online Scanner is vulnerable to remote code execution. A vulnerable ActiveX control can be exploited to execute code on a users system. The vulnerability is reported in version 8.0. There is an updated version available.

Linksys WAG54GS has some cross site scripting issues. Two separate issues can result in either script code execution in a user’s browser, or result in administrative function being performed by others when a logged in administrator visits a malicious site. These vulnerabilities are present in 1.00.06

Perl and PHP Issues, Citrix XSS

Perl 5.8.8 contains a buffer overflow when processing certain regular expressions. The overflow can occur when switching between byte and Unicode characters. This affects currently installed versions of dev/lang. Users should apply their distributions’ updated version or rebuild the source with a patch applied.

PHP 5.2.4 is vulnerable to multiple issues. Successful exploitation could result in a denial of service condition, could allow an attacker to bypass security restrictions, or ultimately execute arbitrary code. PHP has released version 5.2.5 to address these issues.

Citrix NetScaler contains a XSS bug in the management interface. The vulnerability has been identified in version 8.0, build 47.8 and other versions may be affected. Users of this software should not remain logged in to the management interface while browsing other web sites.

Don’t Open that Jar:

A vulnerability in the handling of the jar: URI handler has been announced. The way that browsers, notably Firefox, handle the jar: handler allows for persistent cross site scripting. Any file with the MIME type of zip can be used to exploit this vulnerability, even without the .zip extension. There’s no workaround for this issue right now. Some options include never visiting jar: links in web pages, or installing the development version of NoScript extension for Firefox. The Firefox development team is working on a resolution, but one is not available at this time. For more information, visit the Mozilla bugs page at https://bugzilla.mozilla.org/show_bug.cgi?id=369814.

In other vulnerability news, a PoC has been released for a stack overflow in Adobe Shockwave. Sun Solaris’ version of Mozilla (1.7) is vulnerable to several issues and should be upgraded.