Archive for Vulnerability
Author: Dave Lewis
March 27, 2008 at 7:44 am · Filed under Patches, Vulnerability
Out today are multiple vulnerabilities from Cisco. There are patches available from Cisco to tackle data manipulation and denial of service issues in their IOS.
From Secunia:
Description:
Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, or to cause a DoS (Denial of Service).
1) A memory leak exists in the handling of completed PPTP sessions, which can be exploited to exhaust memory on an affected system.
2) An error exists in the handling of PPTP sessions when virtual access interfaces are not removed from the interface descriptor block (IDB) and are not reused. This can result in an exhaustion of the interface descriptor block (IDB) limit.
Vulnerabilities #1 and #2 are reported in Cisco IOS versions prior to 12.3 with VPDN enabled.
3) Some errors exist in the Data-Link-Switching (DLSw) feature when processing UDP and IP protocol 91 packets. This can be exploited to cause a reload of the system or a memory leak.
4) An error exists in the processing of IPv6 packets, which can be exploited to prevent the interface from receiving additional traffic or to cause the device to crash (if RSVP service is configured on the interface) by sending a specially crafted IPv6 packet to the device.
Successful exploitation of this vulnerability requires that IPv6 and certain IPv4 UDP services are enabled.
5) An error exists in the implementation of Multicast Virtual Private Networks (MVPN), which can be exploited to create extra multicast states on the core routers via specially crafted Multicast Distribution Tree (MDT) Data Join messages. This can also be exploited to receive multicast traffic from VPNs that are not connected to the same Provider Edge (PE).
Successful exploitation of the multicast traffic leak requires that the attacker knows or guesses the Border Gateway Protocol (BGP) peering IP address of a remote PE router and the address of the multicast group that is used in other MPLS VPNs.
Ger yer patch on.
Article Link
Author: Dave Lewis
March 20, 2008 at 8:01 am · Filed under Vulnerability
Adobe Flash is back in the news with a new vulnerability that affects how files are parsed.
From Secunia:
Description:
cocoruder has reported some vulnerabilities in Adobe Flash, which can be exploited by malicious people to compromise a user’s system.
The vulnerabilities are caused due to unspecified errors when parsing specially crafted FLA files.
Successful exploitation may allow execution of arbitrary code when opening a malicious FLA file.
Solution:
According to the vendor, the vulnerabilities will be fixed in the next major release of Flash Professional.
Do not open untrusted FLA files.
For the Firefox readers you might want to check out the add-on “noscript“. If you are using IE just breathe into a paper bag slowly. Be aware, surf with care.
Article Link
Author: Dave Lewis
March 19, 2008 at 7:18 am · Filed under Apple, Vulnerability
Apple’s OS X is in the news again this morning with the release of security vulnerabilities aplenty. Time to patch my workhorse MacBook.
From Secunia:
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) Multiple boundary errors in AFP client when processing “afp://” URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server.
Successful exploitation may allow execution of arbitrary code.
2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used.
3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow.
5) An error in NSApplication in AppKit can potentially be exploited to execute code with escalated privileges by sending a maliciously crafted messages to privileged applications in the same bootstrap namespace.
6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed.
Successful exploitation may allow execution of arbitrary code.
7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server.
…and it goes on like this.
As well, there was a release concerning the Safari browser.
Get your patch on.
Article Link
Author: Dave Lewis
March 18, 2008 at 6:50 am · Filed under Virtual, Vulnerability
The VMWare folks released patches yesterday to deal with a privilege escalation problem and a security bypass issue as well as five other problems.
From VMWare Advisory:
Problem description:
a. Host to guest shared folder (HGFS) traversal vulnerability
On Windows hosts, if you have configured a VMware host to guest shared folder (HGFS), it is possible for a program running in the guest to gain access to the host’s file system and create or modify executable files in sensitive locations.
NOTE: VMware Server is not affected because it doesn’t use host to guest shared folders. No versions of ESX Server, including ESX Server 3i, are affected by this vulnerability. Because ESX Server is based on a bare-metal hypervisor architecture and not a hosted architecture, and it doesn’t include any shared folder abilities. Fusion and Linux based hosted products are unaffected.
and…
b. Insecure named pipes
An internal security audit determined that a malicious Windows user could attain and exploit LocalSystem privileges by causing the authd process to connect to a named pipe that is opened and controlled by the malicious user.
The same internal security audit determined that a malicious Windows user could exploit an insecurely created named pipe object to escalate privileges or create a denial of service attack. In this situation, the malicious user could successfully impersonate authd and attain privileges under which Authd is executing.
For the rest of the issues please read the full advisory over on VMWare dot com.
Tags: VMWare, VMWare Vulnerabilities
Author: Dave Lewis
March 12, 2008 at 6:38 am · Filed under Patches, Vulnerability
Now that the dust is settling from yesterday’s “Patch Tuesday”, Office is the main culprit this time. There is a report from US-CERT that there is a trojan that leverages a hole in Excel making the rounds.
From US-CERT:
US-CERT is aware of public reports of a trojan that may exploit a vulnerability in Microsoft Excel. This trojan is circulating through email messages that contain attached Excel files. Known file names for these attachments are OLYMPIC.XLS and SCHEDULE.XLS. These files may also contain Windows binary executables that can compromise an affected system.
From vnunet:
The four bulletins in yesterday’s Security Update addressed 12 vulnerabilities in the popular software.
Each of the bulletins fix vulnerabilities which could allow an attacker to remotely execute code on the target system. Microsoft has rated all four as ‘critical’, the highest of its four alert levels.
The bulletins address flaws in Outlook, Excel and Office web components. The update applies to Office XP, 2000, 2003 and 2007. Mac versions of Office 2004 and 2008 were also updated, each receiving fixes rated ‘important’.
XP and Vista ducked the spotlight this time.
Article Link
Tags: Excel trojan, Microsoft Patches, Patch Tuesday, OLYMPIC.XLS, SCHEDULE.XLS
Author: Dave Lewis
February 27, 2008 at 8:07 am · Filed under Malware, Vulnerability
Symantec’s Mail Security products have some issues again. This time the problem lies within a specially crafted .RAR file. I’m wondering if this is a case of a corrupted .rar file or something that has been packed with UPX or MEW. Details are few.
From Secunia:
Description:
Two vulnerabilities have been reported in various Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
1) A boundary error in Symantec’s Decomposer engine can be exploited to cause a stack-based buffer overflow when handling a specially crafted .RAR file.
Successful exploitation allows execution of arbitrary code.
2) An error in Symantec’s Decomposer engine can be exploited to cause the process to consume large amounts of memory when handling a specially crafted .RAR file.
The vulnerabilities affect all builds of the following products:
* Symantec AntiVirus for Network Attached Storage version 4.3.16.39 and prior
* Symantec AntiVirus Scan Engine version 4.3.16.39 and prior
* Symantec AntiVirus Scan Engine for Caching version 4.3.16.39 and prior
* Symantec AntiVirus Scan Engine for Clearswift version 4.3.16.39 and prior
* Symantec AntiVirus Scan Engine for Messaging version 4.3.16.39 and prior
* Symantec AntiVirus Scan Engine for MS ISA version 4.3.16.39 and prior
* Symantec AntiVirus Scan Engine for MS SharePoint version 4.3.16.39 and prior
* Symantec AntiVirus/Filtering for Domino MPE(AIX, Linux, Solaris) all versions
* Symantec Mail Security for Microsoft Exchange version 4.6.5.12 and prior
* Symantec Mail Security for Microsoft Exchange version 5.0.4.363 and prior
* Symantec Scan Engine version 5.1.4.24 and prior
Article Link
Original Advisory 1
Original Advisory 2
Tags: Symantec, Symantec RAR Files, Symantec Decomposer
Author: Dave Lewis
February 25, 2008 at 9:48 am · Filed under Vulnerability
From US-CERT:
VMware has released a security alert in response to a vulnerability in Windows-hosted VMware Workstation, VMware Player, and VMware ACE. This vulnerability exists in the host-to-guest shared folders feature and allows applications running in the guest operating system to access the host operating system’s file system. Exploitation of this vulnerability may allow an attacker to circumvent the controls on the guest system and gain read and write access to the host file system.
Article Link
VMWare Advisory
Tags: VMWare Vulnerabilities, VMWare Security, VMWare
Author: Dave Lewis
February 15, 2008 at 8:42 am · Filed under Linux, Vulnerability
From Search Security.com:
When a vulnerability researcher discloses a flaw in a widely-used operating system or application, some IT professionals question the motive. Such has been the case with a Linux Kernel flaw that was disclosed last week. Wojciech Purczynski, a researcher with Singapore-based security firm COSEINC, discovered the flaw, and a researcher using the online name “Qaaz” followed it up with attack code. Qaaz declined an interview request, but Purczynski did answer some questions in an email exchange. In this Q&A, he explains how he reported the security hole and why Linux users should take his findings seriously.
For the email interview read on.
Article Link
Tags: Kernel Exploit, Kernel Flaw, Linux Kernel Security
Author: Dave Lewis
February 14, 2008 at 8:25 am · Filed under VoIP, Vulnerability
There comes word today of some rather nasty vulnerabilities that effect Cisco IP phones. Some of the affected Cisco (CSCO) devices are:
The following Cisco Unified IP Phone devices running Skinny Client Control Protocol (SCCP) firmware:
7906G, 7911G, 7935, 7936, 7940, 7940G, 7941G, 7960, 7960G, 7961G, 7970G, 7971G
The following Cisco Unified IP Phone devices running Session Initiation Protocol (SIP) firmware:
7940, 7940G, 7960, 7960G
The version of firmware running on an IP Phone can be determined via the Settings menu on the phone or via the phone HTTP interface.
There are numerous vulnerabilities involved here. I have listed the lot after the jump.
More after the jump »
Author: Dave Lewis
February 6, 2008 at 8:00 am · Filed under VoIP, Vulnerability
For those Skype users out there we get word this morning of a problem that can result in system access from a remote attacker. As a result Skype has released a new version of their software client to address the problem. This problem is apparently restricted to the Windows version.
From Secunia:
Description:
An update has been released for Skype, which implements security enhancements to prevent compromise of users’ systems.
Skype uses the Internet Explorer web control to render HTML from certain websites (e.g. DailyMotion, Metacafe, and SkypeFind). As the content is rendered in the “Local Machine” security zone, this allows execution of arbitrary script code on a user’s system via script insertion vulnerabilities present in these websites.
Various vulnerabilities have been discovered in these sites, which provide vectors when a user e.g. uses the Skype video gallery browser section or finds a video uploaded to the DailyMotion gallery with a specially crafted video title.
Successful exploitation requires that a displayed website is vulnerable to script insertion.
The vulnerability is reported in the following Skype for Windows versions:
- All versions including 3.5.*
- Version 3.6.*.244 and prior
Article Link
Tags: Skype, Skype Cross Zone Scripting, Skype Security
« Previous entries ·
Next entries »
