> *************************
> Widely Deployed Software
> *************************
>
> (1) CRITICAL: Microsoft Exchange Calendar Properties Buffer
> Overflow (MS06-019)
> Affected:
> Microsoft Exchange Server 2000/2003
>
> Description: Microsoft Exchange, one of the most widely-deployed email
> servers around the globe, contains a buffer overflow. An
> unauthenticated
> attacker can trigger the overflow by sending a specially crafted
> "calendar" request, and exploit the overflow to execute arbitrary code
> on the Exchange server with "SYSTEM" privileges. The problem occurs in
> the module that processes "vcal" and "ical" mime content types, which
> are used by the Exchange server and email clients when
> sending calendar
> requests. The technical details have not been posted.
> However, this flaw
> can be exploited to create a worm; hence, it should be patched on a
> priority basis.
>
> Status: Apply the patch referenced in the Microsoft Bulletin MS06-019.
> Enterprises that are using Blackberry service or Goodlink Wireless
> service via Exchange may suffer disruption as users on mobile devices
> cannot send e-mail messages. In such cases, network or host intrusion
> prevention solutions should be used to block this attack.
>
> Council Site Actions: All of the reporting council sites are
> responding
> to this item. Most are in the process of updating their systems now. A
> few have already completed the updates. A few sites are still
> investigating how to update without breaking their existing email
> delegations on the gateways, such as Blackberries and other
> RIM devices.
>
> References:
> Microsoft Security Bulletin MS06-019
>
> Problems with Mobile Devices
>
> CERT Advisory
>
> Internet Calendaring and Scheduling Core Object Specification
>
> SecurityFocus BIDs
>
>
> **************************************************************
> ***********
>
> (4) HIGH: RealVNC Remote Authentication Bypass Vulnerability
> Affected:
> RealVNC Free Edition version 4.1.1 and prior
> RealVNC Personal and Enterprise Editions versions 4.2.2 and prior
>
> Description:
> RealVNC, a popular VNC (Virtual Network Computing) client and server,
> suffers from a vulnerability in the way it processes passwords. By
> passing a specially-crafted request, a remote attacker could
> bypass the
> authentication process and gain access to the vulnerable system.
> Technical details and a proof-of-concept exploit have been publicly
> released.
>
> Status: Vendor confirmed, updates released. System
> administrators should
> block the access to the ports being used for this software from the
> Internet.
>
> References:
> Initial Discovery at IntelliAdmin
>
vnc-411.html
> Proof-of-Concept Exploit
>
cept.html
> Posting by James Evans
>
> RealVNC Home Page
>
> VNC Protocol Description
>
> SecurityFocus BID
> Not yet available.
>
> **********************************************************************
>
> (5) HIGH: Adobe Macromedia Flash Player Remote Code Execution
> (MS06-020)
> Affected:
> Windows XP SP1 and SP2
> Windows ME/98/98SE with Internet Explorer 6 SP1 installed
>
> Description: This patch from Microsoft fixes remote code execution
> vulnerabilities in the Adobe Macromedia Flash player that ships by
> default with certain Windows versions. Adobe has previously issued
> updates for the affected versions of Flash player. A malicious flash
> player animation (".swf" file) can execute arbitrary code on
> an affected
> Windows system. The malicious SWF file can be posted on a webpage,
> shared folder, P2P folder or attached to an email message.
> Note that one
> of the Flash player vulnerabilities patched by this update has been
> publicly disclosed. Hence, this patch should be applied on a priority
> basis.
>
> Status: Apply the patch referenced in the Microsoft Security Bulletin
> MS06-020.
>
> Council Site Actions: All of the reporting council sites are
> responding
> to this item. Some have already upgraded their systems. A few are in
> the process of upgrading them now, or plan to upgrade in the near
> future.
>
> References:
> Microsoft Security Bulletin
>
> CERT Advisory
>
> Adobe Security Bulletin
>
> -03.html
> Previous @RISK Newsletter Posting
>
> SecurityFocus BID
>
>
> ******************************************************************
>
> (6) MODERATE: Sophos Antivirus CAB File Processing Overflow
> Affected:
> Sophos Anti-Virus for Windows, Mac OS, Unix, Linux, NetWare,
> OS/2, OpenVMS and DOS
> Sophos Anti-Virus Small Business Editions for Windows and Mac OS
> PureMessage for Windows/Exchange and UNIX
> PureMessage Small Business Edition
> MailMonitor for Windows, Notes/Domino and Exchange
>
> Description: Sophos Anti-virus products contain a heap-based overflow
> that can be triggered by specially crafted Microsoft Cabinet (".cab")
> files. The overflow can be exploited to execute arbitrary code on a
> system running the affected Sophos product if the option to
> inspect CAB
> files is enabled (disabled by default). Exploiting the mail
> gateways is
> easy as it does not require any user interaction. The
> antivirus library
> is also embedded in products sold by more than 20 vendors, and updates
> should be applied to any products listed at:
>
>
> Status: Sophos confirmed, updates available.
>
> References:
> TippingPoint Advisory
>
> Vendor Homepage
>
> SecurityFocus BID
>
>
> ****************************************************************
>
> *****************
> Update
> *****************
>
> (13) Microsoft Distributed Transaction Coordinator Heap Overflow
>
> Description: eEye has released technical details about a heap-based
> buffer overflow in the Microsoft Distributed Transaction Coordinator
> (MSDTC) RPC service that affects Windows NT 4.0, Windows 2000 SP2 and
> SP3 installations. Note that MS05-051 patched this overflow
> for Windows
> 2000 SP4, Windows XP and Windows 2003 systems. The patch is now
> available for Microsoft NT 4.0/2000 SP2/2000 SP3 systems for customers
> who have entered into a customer support agreement with Microsoft.
>
> References:
> eEye Advisory
>
>
>
> 06.19.1 CVE: CVE-2006-0034
> Platform: Windows
> Title: Windows MSDTC Heap Buffer Overflow
> Description: The Microsoft Distributed Transaction Coordinator (MSDTC)
> is a distributed transaction facility for the Windows platform. It is
> vulnerable to a remote heap buffer overflow issue because the
> destination buffer may be overrun during the string copy operation.
> See Microsoft advisory for details.
> Ref:
> ______________________________________________________________________
>
> 06.19.2 CVE: Not Available
> Platform: Windows
> Title: Windows MSDTC Invalid Memory Access Denial of Service
> Description: The Microsoft Distributed Transaction Coordinator (MSDTC)
> is prone to a denial of service issue. This vulnerability can be
> exploited remotely to disrupt the MSDTC service and any services that
> depend on MSDTC. Please see the attached advisory for details.
> Ref:
> ______________________________________________________________________
>
> 06.19.3 CVE: Not Available
> Platform: Windows
> Title: Microsoft Internet Explorer Position CSS Denial of Service
> Description: Microsoft Internet Explorer is affected by a denial of
> service vulnerability. This issue presents itself when a user hovers
> their mouse cursor over a table that has the CSS "position" attribute
> set. This results in an unhandled exception in "mshtml.dll", crashing
> the browser. Internet Explorer 6 is vulnerable to this issue.
> Ref:
> ______________________________________________________________________
>
> 06.19.5 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Kerio WinRoute Firewall Unspecified Remote Denial of Service
> Description: Kerio WinRoute Firewall is a network firewall and
> security application. Insufficient sanitization of SMTP and POP3
> messages exposes the application to a denial of service issue. Kerio
> WinRoute Firewall versions 6.2.1 and earlier are affected.
> Ref:
> ______________________________________________________________________
>
> 06.19.9 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: ICQ Banner Ad Cross-Application Scripting
> Description: ICQ is prone to a cross-application scripting
> vulnerability. The problem occurs in the handling of banner ad
> content. The content is downloaded by ICQ and then displayed in an
> Internet Explorer COM object as local data. This results in the
> potentially malicious remote content being rendered in the "My
> Computer" security zone. ICQ versions 5.04 and earlier are affected.
> Ref:
> ______________________________________________________________________
>
> 06.19.14 CVE: CVE-2006-2275
> Platform: Linux
> Title: Linux Kernel Multiple SCTP Remote Denial of Service
> Vulnerabilities
> Description: The Linux kernel SCTP module is susceptible to remote
> denial of service vulnerabilities. These issues are triggered when
> unexpected SCTP packets are handled by the kernel. The Linux kernel
> version 2.6.16 is vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.19.15 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel Lease_Init Local Denial of Service
> Description: The Linux kernel is prone to a local denial of service
> issue due to a design error in the "lease_init" function of the
> "fs/locks.c" file. Linux kernel versions earlier than 2.6.16.16 are
> affected.
> Ref:
> ______________________________________________________________________
>
> 06.19.16 CVE: Not Available
> Platform: Solaris
> Title: Solaris LibIKE IKE Exchange Denial of Service
> Description: Sun Solaris is vulnerable to a denial of service issue
> with the "libike" IKE implementation if a malformed payload is sent
> during an IKE exchange. Solaris 9 and 10 are vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.19.21 CVE: CVE-2006-0994
> Platform: Cross Platform
> Title: Sophos Anti-Virus CAB File Scanning Remote Heap Overflow
> Description: Sophos Anti-Virus is a commercially available virus
> scanning software. A remote heap overflow vulnerability exists in
> Sophos Anti-Virus Library when scanning CAB files. See advisory for
> further details.
> Ref:
> ______________________________________________________________________
>
> 06.19.27 CVE: Not Available
> Platform: Cross Platform
> Title: Symantec Enterprise Firewall / Gateway Security HTTP Proxy
> Internal IP Leakage
> Description: Symantec Enterprise Firewall and Gateway Security
> products are prone to an information disclosure weakness. The NAT/HTTP
> proxy component of the products may reveal the internal IP addresses
> of protected computers when handling certain specially crafted HTTP
> requests.
> Ref:
>
> /2006.05.10.html
> ______________________________________________________________________
>
> 06.19.28 CVE: CVE-2006-1458, CVE-2006-1459, CVE-2006-1460,
> CVE-2006-1461, CVE-2006-1462, CVE-2006-1463, CVE-2006-1464,
> CVE-2006-1465, CVE-2006-1453,CVE-2006-1454, CVE-2006-2238
> Platform: Cross Platform
> Title: QuickTime Multiple Integer and Buffer Overflow Vulnerabilities
> Description: QuickTime Player is a media player. It is vulnerable to
> multiple integer overflow and buffer overflow issues. See advisory for
> further details. QuickTime Player versions 7.0.4 and earlier are
> vulnerable.
> Ref:
> ______________________________________________________________________
