ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 4 No. 50



> *************************
> Widely Deployed Software
> *************************
> 
> (1) CRITICAL: Microsoft Internet Explorer Cumulative Security 
> Update (MS05-054)
> Affected:
> Internet Explorer versions 5.01, 5.5 and 6.0
> 
> Description: Microsoft released a cumulative security update for
> Internet Explorer that fixes the following vulnerabilities.
> 
> (a) Internet Explorer contains a remote code execution flaw 
> in handling
> the JavaScript "window()" function invoked via the "onload" event.
> Exploit code for this flaw has been posted since November 21, 
> 2005. The
> vulnerability has also been exploited in the wild by Trojans Clunky-B
> and Delf.DH.
> 
> (b) Internet Explorer contains a heap memory corruption issue in
> instantiating COM objects as ActiveX controls. Microsoft has been
> identifying and setting kill bits for many COM objects since the past
> few Internet Explorer updates.
> 
> (c) Internet Explorer contains vulnerability while displaying "file
> download" dialogue box that can be exploited to execute arbitrary code
> on a client system. The problem arises because a malicious webpage can
> hide the "file download" dialogue box behind another browser window.
> When the user clicks on the other browser window, the clicks could be
> interpreted by the file download dialogue box to download and run the
> malware on the user's system. Note that a fair amount of user
> interaction would be required to exploit the flaw. (d) The update has
> also set the kill bit for Microsoft MciWndx and 
> First4Internet XCP (Sony
> BMG) ActiveX controls.
> 
> Status: Apply the update referenced in the Microsoft Security Bulletin
> MS05-054 on an expedited basis as one of the flaws is being actively
> exploited. A general workaround to prevent complete compromise of
> systems running Internet Explorer is to run Internet Explorer with
> limited privileges. Microsoft "DropMyRights" tool can be used for such
> purposes.
> 
> Council Site Actions: All of the reporting council sites are 
> responding
> to this issue.  Some are treating this as a high priority update and
> pushing out as soon as the QA process is finished. Other sites plan to
> deploy during their next regularly scheduled maintenance window (after
> QA). One site has already completed their deployment of the update.
> 
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx 
> Previous @RISK Posting (IE window() Flaw)
> http://www.sans.org/newsletters/risk/display.php?v=4&i=47#exploit1  
> Trojan Clunky-B Information
> http://www.sophos.com/virusinfo/analyses/trojclunkyb.html 
> Trojan Delf.DH Information
> http://vil.nai.com/vil/content/v_130621.htm 
> Secunia Advisory (IE Dialogue Box Spoofing)
> http://secunia.com/secunia_research/2005-7/advisory/ 
> http://secunia.com/secunia_research/2005-21/advisory/  
> Microsoft DropMyRights Tool
> http://msdn.microsoft.com/library/en-us/dncode/html/secure1115
2004.asp 
> SecurityFocus BIDs
> http://www.securityfocus.om/bid/15823 
> http://www.securityfocus.om/bid/15825 
> http://www.securityfocus.om/bid/15827 
> 
> ****************************************************************
> 
> ************
> Exploit Code
> ************
> 
> (3) HP Openview Network Node Manager Remote Code Execution
> 
> Council Site Actions: Only three of the responding council sites are
> using the affected software and all of these sites have 
> already deployed
> the patches.
> 
> References:
> Exploit Code
> http://www.frsirt.com/exploits/20051208.openview_connectednode
> s_exec.pm.php 
> Previous @RISK Newsletter Posting
> http://www.sans.org/newsletters/risk/display.php?v=4&i=34#other1 
> 
> ****************************************************************
> ______________________________________________________________________
> 
> 05.50.1 CVE: CAN-2005-2829
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer Dialog Manipulation
> Description: Microsoft Internet Explorer is prone to a remote code
> execution vulnerability through manipulation of custom dialog boxes.
> This issue arises when a user visits a malicious web site designed to
> exploit this flaw. A custom dialog box can be displayed that asks a
> user to enter certain keystrokes. The custom dialog is then able to
> pass the keystrokes to a download dialog, potentially allowing a
> remote file to be executed on the computer. The flaw exists because
> the download dialog accepts keystrokes passed to it from the custom
> dialog. Internet Explorer versions 6.0 SP1 and earlier are reported to
> be vulnerable.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx 
> ______________________________________________________________________
> 
> 05.50.2 CVE: CAN-2005-2830
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer HTTPS Proxy Information Disclosure
> Description: Microsoft Internet Explorer is prone to an information
> disclosure vulnerability when using an authenticating proxy server for
> HTTPS communications. If the authenticating proxy server uses Basic
> Authentication, an attacker on the same network could potentially
> access the user's authentication credentials. In order to exploit this
> vulnerability, the attacker would have to be able to capture traffic
> between the user and the authenticating proxy server during HTTPS
> communications.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx 
> ______________________________________________________________________
> 
> ______________________________________________________________________
> 
> 05.50.6 CVE: CVE-2005-3651
> Platform: Cross Platform
> Title: Ethereal OSPF Protocol Dissection Stack Buffer Overflow
> Description: Ethereal is a multi-platform network protocol sniffer and
> analyzer. A remote buffer overflow vulnerability reportedly affects
> Ethereal. This issue is due to a failure of the application to
> securely copy network-derived data into sensitive process buffers. The
> specific issue exists in the OSPF (Open Shortest Path First) protocol
> dissector. Ethereal versions 0.10.13 and prior are vulnerable.
> Ref: http://www.securityfocus.com/archive/1/419076 
> ______________________________________________________________________
> 
> 05.50.10 CVE: Not Available
> Platform: Cross Platform
> Title: Lyris ListManager Command Execution
> Description: Lyris ListManager is a mailing list manager application.
> It is prone to a CRLF injection vulnerability when using the web
> interface to subscribe a new user to a mailing list. The "pw"
> parameter is not properly sanitized; arbitrary mailing list
> administration commands may be executed using CRLF sequences appended
> to this parameter. Lyris ListManager versions 5.0 through 8.8a are
> vulnerable; other versions may also be affected.
> Ref: http://www.securityfocus.com/bid/15786/discuss 
> ______________________________________________________________________
> ______________________________________________________________________
> 
> 05.50.18 CVE: Not Available
> Platform: Cross Platform
> Title: Opera Web Browser Long Title Element Bookmark Denial of Service
> Description: Opera is a web browser available for a number of
> platforms. It is prone to a denial of service vulnerability when a web
> page with a long title element is bookmarked. This issue occurs if the
> Input Method Editor (IME) is installed. Opera Web Browser versions
> 8.50 and earlier are reported to be vulnerable.
> Ref: http://www.opera.com/support/search/supsearch.dml?index=821 
> ______________________________________________________________________
> 
> 05.50.20 CVE: Not Available
> Platform: Cross Platform
> Title: Alt-N MDaemon WorldClient Denial of Service
> Description: MDaemon is an email application. It is vulnerable to a
> denial of service issue due to insufficient sanitization of
> user-supplied input in the "Subject" header field. Alt-N MDaemon
> version 8.1.3 is vulnerable.
> Ref: http://www.ipomonis.com/advisories.htm 
> ______________________________________________________________________
> 
> 
> 05.50.24 CVE: CAN-2005-2407
> Platform: Cross Platform
> Title: Opera Download Dialog File Execution
> Description: Opera Web Browser is vulnerable to remote code execution
> issue through manipulation of download dialog boxes. Opera Web Browser
> versions 8.01 and earlier are reported to be vulnerable.
> Ref: http://www.opera.com/docs/changelogs/linux/802/ 
> ______________________________________________________________________
> 
> 
> 05.50.53 CVE: CVE-2005-3352
> Platform: Web Application
> Title: Apache Mod_IMAP Referer Cross-Site Scripting
> Description: Mod_IMAP is an Apache module for server-side imagemap
> processing. It is prone to a cross-site scripting vulnerability due to
> insufficient sanitization of user-supplied input. This issue occurs
> when using the "Referer" directive with image maps. Apache versions
> 2.0.55 and earlier are vulnerable.
> Ref: http://httpd.apache.org/security/vulnerabilities_20.html 
> ______________________________________________________________________
> 




 




Copyright © Lexa Software, 1996-2009.