ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 13



> 
> *************************
> Widely Deployed Software
> *************************
> 
> (1) HIGH: Symantec Veritas NetBackup Multiple Buffer Overflows
> Affected:
> Both server and client software is affected for the following products
> on all platforms.
> NetBackup Enterprise Server/NetBackup Server versions 5.0, 
> 5.1 and 6.0 
> NetBackup DataCenter and BusinesServer version 4.5FP and 4.5MP
> 
> Description: Veritas NetBackup software offers a backup and recovery
> solution for mid to large size enterprises. The backup server, as well
> as, client contains stack-based buffer overflows that can be triggered
> by sending specially crafted requests to the volume manager daemon
> (13701/tcp), the Catalog daemon (13721/tcp) or the Sharepoint services
> daemon (13724/tcp). The problem arises because user-supplied input is
> copied to the process stack without any bounds checking. The buffer
> overflows can be easily exploited to execute arbitrary code. The
> technical details required to craft an exploit have been publicly
> posted. If the backup software is installed on a large number of
> enterprise desktop systems (a typical configuration that enables users
> to back up their important data), the vulnerabilities can be leveraged
> to compromise a large number of systems.
> 
> Status: Veritas has released patches for all the affected software. A
> workaround is to block ports 13701/tcp, 13721/tcp and 13724/tcp at the
> network perimeter. The overflows in the backup software have 
> been widely
> exploited during last year, and as a general security practice it is
> recommended to also block the other ports used by this software at the
> network perimeter. The list of ports is available here:
> http://seer.support.veritas.com/docs/279553.htm
> 
> Council Site Actions: More than half of the council sites are 
> using the
> affected software.  Most of these sites plan to deploy the patches
> during their next regularly scheduled system maintenance.   One site
> commented that they just finished migrating to Legato and used this
> vulnerability as an excuse to turn the old system off. They had been
> running the old system. "just in case", off.  Another site 
> said that as
> a result of this vulnerability, they built a test server that same day
> in preparation for a full version upgrade of Veritas.
> 
> References:
> Veritas Advisory
> http://support.veritas.com/docs/281521 
> ZDI Advisories
> http://www.zerodayinitiative.com/advisories/ZDI-06-005.html 
> http://www.zerodayinitiative.com/advisories/ZDI-06-006.html 
> Securiteam Advisory
> http://www.securiteam.com/securitynews/5JP0L2KI0A.html 
> Product Homepages and Information
> http://eval.veritas.com/mktginfo/products/White_Papers/Data_Pr
> otection/nbu_6_tech_overview_wp_060105.pdf
> http://www.veritas.com/Products/www?c=product&refId=58 
> http://www.veritas.com/Products/www?c=product&refId=2 
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/17264 
> 
> **************************************************************
> 
> 06.13.1 CVE: Not Available
> Platform: Windows
> Title: Windows Help Image Processing Heap Overflow
> Description: winhlp32.exe is the Microsoft Windows Help File viewer.
> It is vulnerable to a heap overflow issue when handling a specially
> crafted Windows Help (.hlp) file containing a malicious image. See the
> advisory for a list of vulnerable Windows operating systems.
> Ref: http://www.open-security.org/advisories/15
> http://www.securityfocus.com/bid/17325/info
> ______________________________________________________________________
> 
> 06.13.3 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Office XP Array Index Denial of Service
> Description: Microsoft Office is prone to a denial of service
> condition when handling malformed files. Specifically, when .xls or
> .xlw files containing a malformed array index is opened using Excel,
> Word, or PowerPoint, an exception will be thrown by the "mso.dll"
> library. Office XP is vulnerable to this issue; other versions may
> also be affected.
> Ref: http://www.securityfocus.com/bid/17252/exploit
> ______________________________________________________________________
> 
> 06.13.4 CVE: CVE-2005-0922, CVE-2005-0923
> Platform: Third Party Windows Apps
> Title: Symantec Norton Antivirus Remote Denial of Service
> Description: Symantec Norton Antivirus is vulnerable to a remote
> unspecified denial of service issue when handling a malicious file
> with the Auto-Protect module. See the reference for a list of
> vulnerable versions.
> Ref: http://secunia.com/advisories/14741/
> ______________________________________________________________________
> 
> 06.13.20 CVE: CVE-2006-0052
> Platform: Cross Platform
> Title: GNU Mailman Attachment Scrubber Malformed MIME Message Denial
> of Service
> Description: GNU Mailman is prone to denial of service attacks. This
> issue affects the attachment scrubber utility. The issue is caused by
> improper exception handling in the "Scrubber.py" script. The specific
> issue is caused when the script handles an email that includes a
> single malformed multipart MIME-encoded part. GNU Mailman version 2.5
> when used in conjunction with Python email is vulnerable.
> Ref: http://www.securityfocus.com/bid/17311/references
> ______________________________________________________________________
> 
> 06.13.21 CVE: CVE-2006-1059
> Platform: Cross Platform
> Title: Samba Machine Trust Account Local Information Disclosure
> Description: Samba is susceptible to a local information disclosure
> vulnerability. This issue is due to a design error that potentially
> leads to sensitive information being written to log files. This occurs
> when the debugging level has been set to 5 or higher. Samba versions
> 3.0.21 through to 3.0.21c that use the "winbindd" daemon are
> susceptible to this issue.
> Ref: http://www.samba.org/samba/security/CAN-2006-1059.html
> ______________________________________________________________________



 




Copyright © Lexa Software, 1996-2009.