>
> **********************************************************************
>
> (2) HIGH: Ethereal Multiple Protocol Decoding Overflows
> Affected:
> Ethereal versions 0.7.7 - 0.10.12
>
> Description: Ethereal, a popular open source network sniffer and
> protocol analyzer for Unix/Windows platforms contains buffer overflow
> vulnerabilities in parsing the following protocols: SRVLOC, AgentX and
> SLIMP3. These buffer overflows can be exploited to execute arbitrary
> code with the privileges of the ethereal process (typically
> "root" when
> ethereal is being used as a sniffer). To exploit these flaws, an
> attacker has to either inject the malicious packets into the network
> traffic being sniffed by ethereal, or entice a client to open a
> specially crafted packet capture file. The technical details regarding
> the buffer overflows and an exploit for SLIMP3 protocol decoder have
> been posted.
>
> Status: Ethereal has released version 0.10.13 that also fixes DoS
> vulnerabilities in other protocol decoders in addition to the buffer
> overflows.
>
> Council Site Actions: Most of the council sites are responding to this
> item on some level. A few sites have notified their users and
> recommended that they upgrade to the fixed version. The other sites
> will distribute the patches during their next regularly
> scheduled system
> update process. One site commented they the seldom use Ethereal on
> their workstations, so their SOP is to update to the latest
> version each
> time they use it.
>
> References:
> Ethereal Advisory
>
> iDefense Advisory
>
> SLIMP3 Exploit
>
> SecurityFocus BIDs
>
>
>
> ****************************************************************
>
>
> ****************************************************************
>
> (4) MODERATE: Multiple Anti-virus Vendor Detection Bypass
> Affected:
> Multiple AV vendors including McAfee, Trend Micro, Kaspersky,
> Sophos, CA, Panda.
>
> Description: Multiple anti-virus engines reportedly contain a
> vulnerability that can lead to bypassing detection of malware
> in ".bat",
> ".html" and ".eml" files. The problem occurs because the detection
> engines stop processing these files if they are tagged with a fake
> executable file header. Note that with the increase in client-side
> attacks, bypassing malicious HTML detection may lead to spread of
> spyware and other malware on desktop systems. Multiple proof
> of concept
> examples have been posted.
>
> Status: No official statement is available from the AV vendors at this
> time. The advisory also lists certain versions of the AV software that
> are not reportedly vulnerable.
>
> Council Site Actions: All council sites are waiting for further
> information from their anti-virus vendor. Most sites use automated
> updates for the engine and dat files.
>
> References:
> Posting by Andrey Bayora
>
> 0504.html
>
>
> Posting by Andreas Marx
>
> SecurityFocus BID
> Not posted yet.
>
> ****************************************************************
>
> ****************
> Exploits
> ****************
>
> (5) Windows Plug and Play Overflow (MS05-047)
>
> Multiple exploits have been posted for the Windows Plug and Play
> overflow patched by MS05-047.
>
> Council Site Updates: Most of the council site have already
> distributed
> the patch or will in the near future.
>
> References:
>
>
> Previous @RISK Newsletter Posting
>
>
> ****************************************************************
>
>
> 05.43.3 CVE: Not Available
> Platform: Linux
> Title: Squid FTP Server Response Denial of Service
> Description: Squid is a popular caching proxy server. It is reported
> to be vulnerable to a remote denial of service issue due to improper
> handling of ftp server responses. Squid versions 2.5 and earlier are
> reported to be vulnerable.
> Ref:
> ______________________________________________________________________
>
>
> 05.43.12 CVE: CAN-2005-3184
> Platform: Cross Platform
> Title: Ethereal Stack Buffer Overflow
> Description: Ethereal is a network analyzer. It is vulnerable to a
> remote buffer overflow issue when dissecting Service Location Protocol
> (SRVLOC) packets. Ethereal versions 0.10.13 and ealier are vulnerable.
> Ref:
>
> lnerabilities&flashstatus=true
> ______________________________________________________________________
>
>
> 05.43.19 CVE: CAN-2005-3241, CAN-2005-3242, CAN-2005-3243,
> CAN-2005-3244, CAN-2005-3246, CAN-2005-3245, CAN-2005-3247,
> CAN-2005-3248, CAN-2005-3249, CAN-2005-3184
> Platform: Cross Platform
> Title: Ethereal Multiple Protocol Dissector Vulnerabilities
> Description: Ethereal is a multi-platform network protocol sniffer and
> analyzer. Several vulnerabilities in Ethereal have been disclosed by
> the vendor. The reported issues are in various protocol dissectors
> like BER, SigComp UDVM, SCSI, sFlow, RTnet, ISAKMP, FC-FCS, RSVP, ISIS
> LSP, ONC RPC, SLIMP3, AgentX, SRVLOC, IrDA, SMB and X11. Ethereal
> versions 0.7.7 through 0.10.12 are affected.
> Ref:
> ______________________________________________________________________
