ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 4 No. 52



ïÎ ÎÅÓËÏÌØËÏ ÕÓÔÁÒÅÌ (ÏÔ 30 ÄÅËÁÂÒÑ) É ÎÅ ÚÎÁÅÔ Ï ÐÁÔÞÁÈ 
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx É 
http://www.phpbb.com/phpBB/viewtopic.php?t=352966


> 
> ***************************
> Widely Deployed Software
> ***************************
> 
> (1) CRITICAL: Microsoft Windows Metafile Processing Buffer Overflow
> Affected:
> All Windows platforms
> 
> Description: A Windows metafile (WMF) is a 16-bit file format to store
> and display graphics, which is supported on all Windows platforms. A
> 0-day buffer overflow vulnerability has been reported in the
> "SHIMGVW.DLL" library responsible for processing Windows metafiles. A
> malicious webpage, shared folder or an HTML email containing 
> a specially
> crafted metafile can exploit the buffer overflow to execute arbitrary
> code on a Windows system. Exploit code has been publicly posted. The
> flaw is being actively exploited to install spyware and Trojans on
> client systems. F-Secure reports detecting 57 different malicious WMF
> files in the wild so far.
> 
> Status: Microsoft is aware of the problem. However, no patches are
> available as of now. The anti-virus companies have updated their
> signatures to detect the malicious WMF files as well as 
> malware that is
> installed a successful exploitation. Please update the AV software and
> re-scan your systems. Network-based Intrusion Prevention/Detection
> systems can be used to block the download of malicious WMF file via
> HTTP/SMTP/SMB etc. Another suggested workaround is to unregister the
> SHIMGVW.DLL. Steps for this are outlined in the SANS Handler's Diary.
> Even while using Firefox/Mozilla browsers, users should 
> decline to open
> a WMF file when prompted.
> 
> Council Site Responses:  The great majority of council site 
> systems will
> obtain the update through the public Microsoft Update site, or through
> their local WSUS server, whenever Microsoft happens to release a patch
> for this.
> 
> References:
> Microsoft Advisory
> http://www.microsoft.com/technet/security/advisory/912840.mspx  
> SANS Handler's Diary
> http://isc.sans.org/diary.php?storyid=972 
> http://isc.sans.org/diary.php?storyid=977 
> F-Secure Weblog With the Latest Exploit Updates
> http://www.f-secure.com/weblog/ 
> Exploit Code
> http://metasploit.com/projects/Framework/exploits.html#ie_xp_p
> fv_metafile 
> WMF File Format
> http://www.fileformat.info/format/wmf/egff.htm 
> SecurityFocus BID
> http://www.securityfocus.com/bid/16074 
> 
> ****************************************************************
> 
> *****************
> Exploits
> *****************
> 
> (2) phpBB Remote Command Execution
> 
> Exploit code has been released for the widely deployed bulletin board
> phpBB targeting versions 2.0.17 and prior.
> 
> Council Site Actions: The one site that responded stated they 
> have just
> a few web sites using phpBB that are directly exposed to the Internet.
> Theses sites are not used for critical applications and are not
> supported by their central IT department. They have not seen any
> compromises from this exploit, and suspect that the PHP versions and
> configurations are different from what the exploit requires.
> 
> References:
> http://www.frsirt.com/exploits/20051224.r57phpbb2017.pl.php   
> Previous @RISK Newsletter Posting
> http://www.sans.org/newsletters/risk/display.php?v=4&i=44#widely2
> phpBB 2.0.18 Download Page
> http://www.phpbb.com/downloads.php 
>   
> 
> ****************************************************************
> 
> 05.52.1 CVE: Not Available
> Platform: Windows
> Title: Microsoft Internet Explorer HTML Parsing Denial of Service
> Vulnerabilities
> Description: Microsoft Internet Explorer is affected by multiple
> denial of service vulnerabilities. These issues arise because the
> application fails to properly parse certain malformed HTML content. It
> is conjectured that these issues are triggered due to null pointer
> dereference errors. Microsoft Internet Explorer versions 6.0 SP2 and
> earlier are reported to be affected.
> Ref: http://www.securityfocus.com/bid/16070/exploit 
> ______________________________________________________________________
> 
> 05.52.2 CVE: Not Available
> Platform: Windows
> Title: Windows Graphics Rendering Engine Unspecified Code Execution
> Description: Microsoft Windows WMF graphics rendering engine is
> vulnerable to a remote code execution issue when a user views a
> crafted WMF formatted file. Microsoft Windows XP and earlier versions
> are vulnerable.
> Ref: http://www.securityfocus.com/bid/16074/info 
> ______________________________________________________________________
> 
> 05.52.3 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: RARLAB WinRAR File Name Potential Buffer Overflow
> Description: RARLAB WinRAR is a compression utility capable of reading
> and writing files using several different archival formats. A
> client-side buffer overflow vulnerability has been reported in the
> file name processing functionality of WinRAR, due to a failure of the
> application to properly validate the length of user-supplied strings
> prior to copying them into static process buffers. WinRAR version 3.51
> is reportedly vulnerable.
> Ref: http://www.securityfocus.com/archive/1/420006 
> ______________________________________________________________________
> 
> 
> 05.52.8 CVE: CVE-2005-3858
> Platform: Linux
> Title: Linux Kernel IP6_Input_Finish Remote Denial Of Service
> Description: Linux kernel is prone to a remote denial of service
> vulnerability. This issue presents itself when certain unspecified,
> malformed IPv6 packets are processed by the "ip6_input_finish()"
> function. In certain circumstances, SKB network buffers will not be
> freed, resulting in leaked kernel memory. Successful exploitation will
> result in a crash of the kernel, effectively denying service to
> legitimate users. Linux kernel versions 2.6.12.5 and prior in the 2.6
> series are vulnerable to this issue.
> Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.6 
> ______________________________________________________________________
> 
> 05.52.9 CVE: CVE-2005-3848
> Platform: Linux
> Title: Linux Kernel ICMP_Push_Reply Remote Denial of Service
> Description: Linux kernel is prone to a remote denial of service
> vulnerability. This issue presents itself when certain unspecified,
> malformed ICMP packets are processed by the "imcp_push_reply()"
> function. Linux kernel versions 2.6.12.5 and prior in the 2.6 series
> are vulnerable to this issue.
> Ref: http://www.securityfocus.com/advisories/9913 
> ______________________________________________________________________
> 
> 05.52.11 CVE: CVE-2005-4268
> Platform: Unix
> Title: cpio Potential Buffer Overflow
> Description: cpio is an open-source file compression/decompression
> utility. cpio is vulnerable to a potential buffer overflow issue. This
> issue exists in the file name processing functionality of the
> application and arises when the affected application processes a
> specially-crafted file name of a file to be compressed.
> Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669 
> ______________________________________________________________________
> 
> 05.52.18 CVE: Not Available
> Platform: Cross Platform
> Title: Ethereal GTP Protocol Dissector Denial of Service
> Description: The Ethereal GTP protocol dissector is prone to a
> remotely exploitable denial of service vulnerability. Due to an
> unspecified error, the GTP protocol dissector may enter into an
> infinite loop. The issue may be exploited by causing Ethereal to
> process a malformed packet. Successful exploitation will cause a
> denial of service condition in the Ethereal application.
> Ref: http://www.ethereal.com/appnotes/enpa-sa-00022.html 
> ______________________________________________________________________
> 
> 
> 05.52.58 CVE: Not Available
> Platform: Network Device
> Title: Cisco Downloadable RADIUS Policies Information Disclosure
> Description: Cisco PIX and VPN 3000 concentrators are commercial
> network security devices. These devices, when managed by Cisco Secure
> Access Control Servers, are vulnerable to an information disclosure
> vulnerability due to a design flaw that communicates sensitive
> information over an unencrypted communications channel.
> Ref: http://www.cisco.com/warp/public/707/advisory.html 
> ______________________________________________________________________
> 




 




Copyright © Lexa Software, 1996-2009.