Archive for May, 2013

SAS Integration Technologies Client 9.31_M1 (SASspk.dll) Stack-based Overflow

SAS Integration Technologies provides you with software that enables you to build a secure client/server infrastructure on which to implement SAS distributed processing solutions. With SAS Integration Technologies, you can integrate SAS with other applications in your enterprise; provide proactive delivery of information from SAS throughout the enterprise; extend the capabilities of SAS to meet your organization’s specific needs; and develop your own distributed applications that leverage the analytic and reporting powers of SAS. The SAS Deployment Manager is used for post-installation configuration tasks such as configuring some products, applying hot fixes, updating metadata, and uninstalling SAS software.

The SASspk module (SASspk.dll) version 9.310.0.11307, has a function called ‘RetrieveBinaryFile()’ which has one parameter called ‘bstrFileName’ which takes arguments as strings as defined in the function itself as ISPKBinaryFile from the SASPackageRetrieve library. Stack-based buffer overflow was discovered in one of the fuzzing processes that could allow arbitrary code execution by an attacker when exploiting the non-sanitized ‘bstrFileName’ parameter.

SAS Stack-based Buffer Overflow Vulnerability

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5142.php
Vendor: http://support.sas.com/kb/49/961.html

WordPress Newsletter Plugin 3.2.6 (alert) Reflected XSS Vulnerability

The plugin suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the ‘alert’ GET parameter in the ‘page.php’ script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

newsletter_xss

Advisory ID: ZSL-2013-5141
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php

WordPress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability

Securimage-WP suffers from a XSS issue in ‘siwp_test.php’ that uses the ‘PHP_SELF’ variable. The vulnerability is present because there isn’t any filtering to the mentioned variable in the affected script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

securimage_wp_xss2

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5140.php

Securimage 3.5 URI-based Cross-Site Scripting Vulnerability

Securimage suffers from a XSS issue in ‘example_form.php’ that uses the ‘REQUEST_URI’ variable. The vulnerability is present because there isn’t any filtering to the mentioned variable in the affected script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5139.php

securimage