ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 3



> 
> 
> ************************
> Widely Deployed Software
> ************************
> 
> (1) HIGH: F-Secure Anti-virus ZIP Processing Overflow
> Affected:
> F-Secure Anti-virus for desktops as well as gateway systems
> 
> Description: F-Secure Anti-virus software deployed on client 
> as well as
> gateway systems contains a buffer overflow in processing specially
> crafted zip archives. The overflow may be exploited to 
> execute arbitrary
> code to completely compromise the system running the AV software. In
> addition, the software also contains a vulnerability in processing zip
> and rar archives that can be exploited to bypass scanning of these
> archives containing malware. The technical details required to craft
> such malicious archives have not been posted yet.
> 
> Status: F-Secure has released hotfixes for its entire product line.
> Gateway systems should be patched on a priority basis.
> 
> Council Site Actions: The affected software and/or 
> configuration are not
> in production or widespread use, or are not officially 
> supported at any
> of the council sites. They reported that no action was necessary.
> 
> References:
> F-Secure Advisory
> http://www.f-secure.com/security/fsc-2006-1.shtml  
> Posting by Zoller
> http://www.zoller.lu/  
> SecurityFocus BID
> http://www.securityfocus.om/bid/16309 
> 
> ****************************************************************
> ****************************************************************
> 
> (3) HIGH: AOL You've Got Pictures ActiveX Control Overflow
> Affected:
> AOL versions 8.0, 8.0 Plus, 9.0 Classic
> 
> Description: AOL You've Got Pictures service provides 
> sharing, printing,
> organizing and storing photos for AOL members. The Picture Finder Tool
> ActiveX control installed by this program contains a buffer overflow
> that can be exploited by a malicious webpage to execute arbitrary code
> on an AOL user's system. No technical details regarding how to trigger
> the overflow have been publicly posted.
> 
> Status:  Upgrade to AOL 9.0 Optimized or AOL 9.0 Security Edition. AOL
> has also released a hot fix. AOL automatically patched a 
> number of user
> systems beginning October 2005, and commented that the 
> vulnerability may
> not be as widespread at this time.
> 
> Council Site Actions: All of the responding council sites are 
> currently
> blocking AOL traffic at their network perimeters and they 
> also restrict
> ActiveX controls. Thus they felt no action was necessary.
> 
> References:
> CERT Advisory
> http://www.kb.cert.org/vuls/id/715730  
> AOL Hotfix
> http://download.newaol.com/security/YGPClean.exe  
> SecurityFocus BID
> http://www.securityfocus.om/bid/16262 
> 
> ****************************************************************
> 
> **************************************************************
> *********
> 
> (5) MODERATE: Oracle Critical Patch Update January 2006
> Affected:
> Oracle Database, Oracle Enterprise Manager, Oracle Application Server,
> Oracle Collaboration Suite, Oracle E-business Suite, PeopleSoft
> Enterprise Portal and JDEdwards Enterprise Tools (For the affected
> version information, please refer to the Oracle advisory)
> 
> Description: Oracle has released a critical patch update that 
> addresses
> more than 80 vulnerabilities in various Oracle applications. A number
> of SQL injection vulnerabilities as well as arbitrary file overwrite
> vulnerabilities have been patched that are easy to exploit. In certain
> cases, the discoverers have released complete technical 
> details required
> for exploitation. Please note that the Oracle Voyager worm code can be
> modified to include exploits for these flaws. Such a modification has
> already been done for an older vulnerability.
> 
> Status: Patch the Oracle installations on an expedited basis. General
> Oracle security hardening procedures can be found at:
> http://www.sans.org/top20/#c4
> 
> Council Site Actions: All reporting council sites are 
> responding to this
> item.  They have already either installed the patches or are in the
> process of QA'ing the patches and doing regression testing and plan to
> deploy them as soon as possible as QA. Most of the council 
> sites do not
> have Oracle servers that are directly accessible from the Internet or
> partner sites, thus the threat is somewhat reduced.
> 
> References:
> Oracle Advisory
> http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html  
> Postings by Red Database Security
> http://archives.neohapsis.com/archives/bugtraq/2006-01/0311.html   
> http://archives.neohapsis.com/archives/bugtraq/2006-01/0312.html 
> http://archives.neohapsis.com/archives/bugtraq/2006-01/0313.html  
> http://archives.neohapsis.com/archives/bugtraq/2006-01/0315.html  
> http://archives.neohapsis.com/archives/bugtraq/2006-01/0316.html  
> Imperva Advisory
> http://archives.neohapsis.com/archives/bugtraq/2006-01/0310.html 
> SecurityFocus BID
> http://www.securityfocus.om/bid/16287 
> 
> ****************************************************************
> 
> 06.3.1 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer Malformed IMG and XML Parsing
> Denial of Service
> Description: Microsoft Internet Explorer is affected by a denial of
> service vulnerability. This issue arises because the application fails
> to properly parse certain specially crafted IMG element in a malformed
> XML block.  A null pointer dereference condition arises and causes the
> application to crash.
> Ref: http://www.securityfocus.com/bid/16240 
> ______________________________________________________________________
> 
> ______________________________________________________________________
> 
> 06.3.9 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: F-Secure Multiple Archive Handling Vulnerabilities
> Description: F-Secure is vulnerable to multiple issues when handling
> archives of various formats. These issues could allow a remote
> attacker to run arbitrary code in a vulnerable system. Please refer to
> the link below for a list of vulnerable versions.
> Ref: http://www.f-secure.com/security/fsc-2006-1.shtml 
> ______________________________________________________________________
> 
> 06.3.10 CVE: CVE-2005-3356
> Platform: Linux
> Title: Linux Kernel mq_open System Call Unspecified Denial of Service
> Description: Linux kernel is vulnerable to a local denial of service
> issue in the mq_open system call.  Successful exploitation results in
> a system crash. This issue affects Linux kernel versions 2.6.9 and
> earlier.
> Ref: http://rhn.redhat.com/errata/RHSA-2006-0101.html 
> ______________________________________________________________________
> 
> 06.3.11 CVE: CVE-2005-4605
> Platform: Linux
> Title: Linux Kernel ProcFS Kernel Memory Disclosure
> Description: The Linux kernel is vulnerable to a local memory
> disclosure issue due to the procfs code (proc_misc.c) that allows
> attackers to read sensitive kernel memory via unspecified vectors in
> which a signed value is added to an unsigned value. Linux Kernel
> versions before 2.6.15 are vulnerable.
> Ref: 
> http://www.redhat.com/archives/fedora-announce-list/2006-Janua
> ry/msg00014.html 
> ______________________________________________________________________
> 
> 06.3.12 CVE: CVE-2006-0095
> Platform: Linux
> Title: Linux Kernel DM-Crypt Local Information Disclosure
> Description: The Linux kernel contains support for a Device Mapper,
> which allows administrators to create logical block devices from
> existing devices. It is susceptible to a local information disclosure
> vulnerability due to a failure of the module to properly erase
> sensitive memory buffers prior to freeing the memory.This issue
> affects the Linux Kernel version series 2.6.
> Ref: 
> http://marc.theaimsgroup.com/?l=linux-kernel&m=113641114812886&w=2 
> ______________________________________________________________________
> 
> 06.3.13 CVE: CVE-2006-0096
> Platform: Linux
> Title: Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access
> Description: The Linux kernel contains support for Sangoma S502/S508
> series multi-protocol PC interface cards. These cards provide Frame
> Relay WAN networking support.
> The Linux kernel is susceptible to a local access validation
> vulnerability in the SDLA driver. For more information, please follow
> the reference link.
> Ref: http://www.securityfocus.com/bid/16304 
> ______________________________________________________________________
> 
> 06.3.14 CVE: CVE-2005-2708
> Platform: Linux
> Title: Linux Kernel SEARCH_BINARY_HANDLER Local Denial of Service
> Description: Linux kernel is vulnerable to a local denial of service
> issue because the "search_binary_handler" function of "exec.c" does
> not check a return code for a function call when virtual memory is
> low. Linux kernel 2.4 versions on 64-bit x86 architectures before
> 2.4.33-pre1 are vulnerable.
> Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161925 
> ______________________________________________________________________
> 
> 06.3.16 CVE: CVE-2006-0226
> Platform: BSD
> Title: FreeBSD IEEE 802.11 Network Subsystem Remote Buffer Overflow
> Description: FreeBSD is susceptible to a remote, kernel-level buffer
> overflow vulnerability due to improper bounds check on user-supplied
> network data. This issue is due to an integer overflow in the handling
> of corrupt 802.11 beacon or probe response frames and it occurs when
> scanning for existing wireless networks. The integer overflow results
> in a "memcpy()" operation copying attacker-supplied data past the end
> of an insufficiently sized kernel memory buffer. FreeBSD version 6.0
> is affected.
> Ref: http://www.securityfocus.com/bid/16296 
> ______________________________________________________________________
> 
> 
> 06.3.18 CVE: CVE-2005-4153
> Platform: Unix
> Title: GNU Mailman Large Date Data Denial of Service
> Description: Mailman is software to help manage email discussion
> lists, much like Majordomo and SmartList. The application is exposed
> to a denial of service issue when it attempts to parse very large
> numbers of dates contained in email messages. All current versions are
> affected.
> Ref: http://www.securityfocus.com/bid/16248 
> ______________________________________________________________________
> 
> 06.3.28 CVE: Not Available
> Platform: Cross Platform
> Title: CMU SNMP SNMPTRAPD Daemon Remote Format String
> Description: CMU SNMP a popular implementation of Simple Network
> Management Protocol. A remote format string vulnerability affects the
> CMU SNMP's snmptrapd daemon due to a failure of the application to
> properly sanitize user-supplied input data prior to using it in a
> formatted-printing function. All current versions are vulnerable.
> Ref: http://www.securityfocus.com/archive/1/422086 
> ______________________________________________________________________
> 
> 
> 06.3.30 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Thunderbird File Attachment Spoofing
> Description: Mozilla Thunderbird is an email client. It is affected by
> a file attachment spoofing issue which presents itself when an
> attacker crafts a malicious email attachment with a long filename
> containing white spaces and a "Content-Type" header that does not
> match the file's extension. Thunderbird versions prior to 1.5 are
> affected.
> Ref: http://www.securityfocus.com/bid/16271 
> ______________________________________________________________________
> 
> 
> 06.3.33 CVE: Not Available
> Platform: Cross Platform
> Title: Oracle January Security Update Multiple Vulnerabilities
> Description: Oracle has released a Critical Patch Update advisory for
> January 2006 to address multiple vulnerabilities in various Oracle
> products. The issues identified by the vendor affect all security
> properties of the Oracle products and present local and remote
> threats. The most severe of the vulnerabilities could possibly expose
> affected computers to complete compromise. Please see the referenced
> advisory for details on obtaining and applying the appropriate
> updates.
> Ref: 
> http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html 
> ______________________________________________________________________
> 
> 06.3.34 CVE: Not Available
> Platform: Cross Platform
> Title: Cisco IOS HTTP Service CDP Status Page HTML Injection
> Description: Cisco IOS includes an HTTP service that provides router
> management services. It is reportedly prone to an HTML injection
> vulnerability due to insufficient sanitization of user-supplied data.
> Cisco IOS version 11.2(8.11)SA6 is vulnerable, however, other versions
> of IOS 11 are likely affected as well.
> Ref: http://www.idefense.com/intelligence/vulnerabilities/display.php?
> id=372
> http://www.securityfocus.com/archive/1/422433 
> ______________________________________________________________________
> 
> 06.3.35 CVE: Not Available
> Platform: Cross Platform
> Title: Cisco CallManager CCMAdmin Remote Privilege Escalation
> Description: Cisco CallManager is the software based call processing
> component of the Cisco IP Telephony solution. It is affected by a
> remote privilege escalation issue due to a failure of the application
> to properly enforce access controls. It is exploitable when Multi
> Level Administration is enabled and users are granted read-only
> administrative access via the CCMAdmin Web interface. Please see
> attached advisory for a list of affected versions.
> Ref: http://www.securityfocus.com/bid/16282 
> ______________________________________________________________________
> 
> 06.3.36 CVE: Not Available
> Platform: Cross Platform
> Title: Oracle Database SYS.KUPV$FT Multiple SQL Injection
> Vulnerabilities
> Description: Oracle 10g is vulnerable to multiple SQL injection issues
> due to insufficient sanitization of user-supplied data. Oracle 10g
> Release 1 and earlier versions are reported to be vulnerable.
> Ref: 
> http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html 
> ______________________________________________________________________
> 
> 06.3.37 CVE: Not Available
> Platform: Cross Platform
> Title: Cisco CallManager Multiple Remote Denial of Service
> Vulnerabilities
> Description: Cisco CallManager is the software based call processing
> component of the Cisco IP Telephony solution. It is susceptible to
> multiple remote denial of service vulnerabilities. CallManager does
> not properly handle multiple connections correctly on TCP port 2000
> which can ultimately lead to memory and CPU resources being consumed.
> It also has an issue with multiple connections to TCP ports 2001, 2002
> and 7727 that can fill up the Windows message queue. This can prevent
> CallManager from communicating with Windows Service Manager ultimately
> causing CallManager to restart.
> Ref: 
> http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml 
> ______________________________________________________________________
> 
> 
> 06.3.40 CVE: Not Available
> Platform: Cross Platform
> Title: Kerio WinRoute Firewall Multiple Denial of Service
> Vulnerabilities
> Description: Kerio WinRoute Firewall is an enterprise level firewall
> that is also capable of proxying networks. It is prone to multiple
> denial of service vulnerabilities due to an improper sanitization of
> user-supplied input. Please follow the reference link for more
> information.
> Ref: http://www.securityfocus.com/bid/16314/info 
> ______________________________________________________________________

> 06.3.85 CVE: Not Available
> Platform: Network Device
> Title: Cisco IOS SGBP Remote Denial of Service
> Description: Cisco IOS includes support for Stack Group Bidding
> Protocol (SGBP) which allows devices participating in Multichassis
> Multilink PPP (MMP) to locate each other and negotiate for a
> connection termination point. Cisco IOS SGBP is prone to a remote
> denial of service vulnerability. The issue presents itself when a
> device handles a specially crafted UDP packet over port 9900. Please
> refer to the attached advisory for a list of vulnerable versions.
> Ref: http://www.securityfocus.com/bid/16303 
> ______________________________________________________________________
> 



 




Copyright © Lexa Software, 1996-2009.