ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 4 No. 48



> *************************
> Widely Deployed Software
> *************************
> 
> ****************************************************************
> 
> (2) HIGH: Panda Antivirus ZOO File Decompression Overflow
> Affected:
> Possibly all Panda anti-virus products
> Third-party products that use Panda's anti-virus library
> 
> Description: Panda anti-virus products are deployed on a number of
> desktop systems as well a email gateways. The Panda anti-virus library
> contains a heap-based overflow that can be triggered by a specially
> crafted ZOO file (See the references for zoo compression format). The
> overflow can be exploited to execute arbitrary code. Note that for
> exploiting the gateway systems no user interaction is required. The
> technical details required to craft an exploit have been publicly
> posted.
> 
> Status: Panda has not released any updates so far. A workaround is to
> disable examining .zoo files.
> 
> Council Site Actions: The affected software and/or 
> configuration are not
> in production or widespread use, or are not officially 
> supported at any
> of the council sites. They reported that no action was necessary.
> 
> References:
> Posting by Alex Wheeler
> http://archives.neohapsis.com/archives/bugtraq/2005-11/0354.html   
> http://www.rem0te.com/public/images/panda.pdf 
> Vendor Homepage
> http://www.pandasoftware.com/
> Zoo File Format
> http://apple2.org.za/gswv/a2zine/GS.WorldView/Resources/The.Ma
> cShrinkIt.Project/ARCHIVES.TXT 
> SecurityFocus BID
> http://www.securityfocus.com/bid/15616 
> 
> ****************************************************************
> 
> (3) MODERATE: Sun Java JRE Sandbox Security Bypass
> Affected:
> JDK and JRE version 5.0 Update 3 and prior for Windows, 
> Solaris and Linux
> SDK and JRE 1.3.1_15 and prior
> SDK and JRE 1.4.2_08 and prior
> 
> Description: The Sun Java Runtime Environment (JRE) enables applets on
> websites to run on a client's browser. The Java Security Manager
> controls the resources a downloaded applet can access 
> ("sandbox" model).
> Multiple vulnerabilities in the Sun JRE can be exploited by a 
> malicious
> applet to break out of this "sandbox", and access any local resources.
> As a result, if a user browses a webpage containing the malicious
> applet, the applet may be able to execute arbitrary commands on the
> client system with the privileges of the logged-on user. Note that
> applets are automatically downloaded and executed in typical browser
> configurations. The technical details about the flaws have not been
> publicly posted yet.
> 
> Status: Sun confirmed. Upgrade to SDK and JRE 1.3.1_16 , SDK and JRE
> 1.4.2_09 or JDK and JRE 5.0 Update 4. You can download the 
> software from
> http://www.java.com/en/download/manual.jsp
> 
> Council Site Actions:  All of the council sites are responding to this
> item. They all plan to distribute the patch during their next 
> regularly
> scheduled system update process. One site commented that they 
> will also
> "lock down" desktops that are running applications requiring older,
> broken versions of Java.
> 
> References:
> Sun Advisories
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102050-1 
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102003-1  
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102017-1  
> Applet Security
> http://java.sun.com/docs/books/tutorial/security1.2/overview/i
> ndex.html 
> SecurityFocus BID
> http://www.securityfocus.com/bid/15615 
> 
> ****************************************************************
> 
> **********
> Exploits
> **********
> 
> (4) Windows MSDTC Buffer Overflow (MS05-051)
> 
> References:
> Exploit Code 
> http://www.frsirt.com/exploits/20051127.55k7-msdtc.c.php
> http://www.frsirt.com/exploits/20051201.MS05-051msdtc.cpp.php  
> Previous @RISK Newsletter Posting
> http://www.sans.org/newsletters/risk/display.php?v=4&i=41#widely2 
> 
> Council Site Actions: Most council sites have already 
> deployed the patch
> or will soon do so.  One site commented that they have used 
> the exploit
> code to test some of their systems running the English version of
> Windows 2000 Professional, but the systems have thus far not responded
> in a manner that concerned them(i.e., the exploit did not 
> cause a denial
> of service or provide access to the system).
> 
> *******************************************************************
> 
> (5) Windows Metafile Handling Overflow (MS05-053)
> 
> References:
> http://www.frsirt.com/exploits/20051130.MS05-053.c.php  
> http://www.frsirt.com/exploits/20051129.MS05-053.c.php  
> Previous @RISK Newsletter Posting
> http://www.sans.org/newsletters/risk/display.php?v=4&i=45#widely1 
> 
> Council Site Actions: Most of the council sites have already patched
> their systems or will do so shortly.
> 
> ****************************************************************
> 
> 05.48.1 CVE: Not Available
> Platform: Windows
> Title: Windows SynAttackProtect Predictable Hash Remote Denial of
> Service
> Description: Microsoft Windows allows administrators to defend against
> TCP/IP SYN attacks by adding the "SynAttackProtect" value to the
> "HKLMSYSTEMCurrentControlSetServicesTcpipParameters" registry key. The
> vulnerability arises due to a design error in the function responsible
> for the hash table management. Reports indicate that the affected
> function used by the TCP/IP stack creates a predictable hash as only a
> few fields of the incoming SYN packet are employed in the hash
> creation. For a list of vulnerable versions please visit the reference
> link provided.
> Ref: http://www.securityfocus.com/bid/15613 
> ______________________________________________________________________
> 
> ______________________________________________________________________
> 
> 05.48.5 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: pcAnywhere Authentication Denial of Service
> Description: Symantec pcAnywhere is a remote host control application.
> It is vulnerable to a denial of service due to a buffer overflow prior
> to authentication. Symantec pcAnywhere versions 11.5.1 and earlier are
> vulnerable.
> Ref: 
> http://www.symantec.com/avcenter/security/Content/2005.11.29.html 
> ______________________________________________________________________
> 
> 
> 05.48.7 CVE: CVE-2005-3275
> Platform: Linux
> Title: Linux Kernel NAT Handling Memory Corruption Denial of Service
> Description: Linux Kernel is vulnerable to a denial of service issue.
> An attacker can exploit this by causing two packets for the same
> protocol to be NATed at the same time, resulting in a memory
> corruption. Please refer the links below for a list of affected
> versions.
> Ref: http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.32 
> http://www.securityfocus.com/bid/15531/info   
> ______________________________________________________________________
> 
> 05.48.11 CVE: Not Available
> Platform: Unix
> Title: Opera Web Browser Arbitrary Command Execution
> Description: Opera Web Browser is affected by an arbitrary command
> execution vulnerability. This issue arises due to insufficient
> sanitization of user-supplied data. A remote attacker could exploit
> this to gain unauthorized access. Opera 8.50 and prior versions
> running on Unix and Linux platforms are vulnerable to this issue.
> Ref: http://www.securityfocus.com/bid/15521/info 
> ______________________________________________________________________
> 
> 
> 05.48.22 CVE: Not Available
> Platform: Cross Platform
> Title: PHP MB_Send_Mail TO Argument Header Injection
> Description: The PHP "mb_send_mail()" function is used to send encoded
> email messages. PHP is susceptible to a header injection vulnerability
> when sending email. This issue is due to insufficient sanitization of
> user-supplied input to the "mb_send_mail()" function. This may allow
> attackers to utilize vulnerable Web applications as an anonymous email
> proxy. For a list of vulnerable versions please visit the reference
> link provided.
> Ref: http://www.securityfocus.com/bid/15571 
> ______________________________________________________________________
> 
> 
> 05.48.29 CVE: Not Available
> Platform: Cross Platform
> Title: Panda Software Antivirus Library ZOO Archive Heap Overflow
> Description: Panda Software Antivirus products are vulnerable to a
> heap overflow issue exposed when the antivirus library attempts to
> decompress ZOO archive files. Successful exploitation will result in
> execution of arbitrary code in the context of an affected application.
> Ref: http://www.securityfocus.com/bid/15616 
> ______________________________________________________________________
> 
> 05.48.32 CVE: Not Available
> Platform: Cross Platform
> Title: Opera Web Browser JNI Routine Handling Remote Denial of Service
> Description: Opera Web Browser is prone to a remote denial of service
> vulnerability. The issue presents itself when the browser handles a
> Java applet containing a Java Native Interface (JNI) routine
> implementing the com.opera.JSObject class. Opera version 8.50 is
> reportedly vulnerable.
> Ref: http://www.securityfocus.com/bid/15648 
> ______________________________________________________________________
> 
> 
> 05.48.34 CVE: Not Available
> Platform: Cross Platform
> Title: Perl Unspecified Format String Vulnerability
> Description: Perl is vulnerable to a format string issue due to a
> failure of the programming language to properly handle format
> specifiers. An attacker may leverage this issue to gain unauthorized
> remote access.
> Ref: 
> http://lists.immunitysec.com/pipermail/dailydave/2005-November
> /002694.html 
> ______________________________________________________________________
> 
> 05.48.35 CVE: Not Available
> Platform: Cross Platform
> Title: Sun Java Runtime Environment Multiple Privilege Escalation
> Vulnerabilities
> Description: Sun JRE is susceptible to various privilege escalation
> vulnerabilities. These issues can allow remote Java applications to
> read/write local files and execute arbitrary applications in the
> context of an affected user. Please refer to the advisory below for
> details.
> Ref: http://www.securityfocus.com/bid/15615 
> ______________________________________________________________________
> 




 




Copyright © Lexa Software, 1996-2009.