----------------------------------------------------------------------


Use WSUS to deploy 3rd party patches

Public BETA
http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
Perforce P4Web Client Two Vulnerabilities

SECUNIA ADVISORY ID:
SA38821

VERIFY ADVISORY:
http://secunia.com/advisories/38821/

DESCRIPTION:
Two vulnerabilities have been reported in Perforce P4Web Client,
which can be exploited by malicious users to bypass certain security
restrictions.

1) An error in the web interface when controlling access to certain
functionality can be exploited to e.g. perform certain actions with
escalated privileges.

2) An error in the handling of workspaces can be exploited to
overwrite arbitrary files via directory traversal attacks.

Successful exploitation of vulnerability #2 potentially allows
overwriting files with system privileges, but may be dependent on
vulnerability #1.

SOLUTION:
Grant only trusted users network access to the affected service.

PROVIDED AND/OR DISCOVERED BY:
McAfee, including Stuart McClure, Shanit Gupta, Carric Dooley, Vitaly
Zaytsev, Xiao Bo Chen, Kris Kaspersky, Michael Spohn, and Ryan Permeh.

ORIGINAL ADVISORY:
McAfee:
http://resources.mcafee.com/forms/Aurora_VDTRG_WP

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------