ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА














     АРХИВ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 29



> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Anyone using Oracle should already have installed the July updates.
> Cisco MARS users should upgrade to 4.2.1. And Internet Explorer users
> may want to set the kill bit for ActiveX UUID because Microsoft hasn't
> confirmed the existence of the memory corruption flaw posted by HD
> Moore.  Also, there were more problems discovered in wireless 
> routers -
> this time in D-Link routers.
> 
> 
> *****************************
> Widely-Deployed Software
> *****************************
> (1) HIGH: Oracle Critical Patch Update July 2006
> Affected:
> The following Oracle products:
> Oracle Database, Oracle Enterprise Manager,  Oracle 
> Application Server,
> Oracle Collaboration Suite, Oracle E-business Suite, PeopleSoft
> Enterprise Portal Solutions, JD Edwards Enterprise Tools, Oracle
> Pharmaceutical Applications, Oracle Developer Suite, Oracle Workflow,
> Oracle Application Server Portal
> (For vulnerable versions please refer to the Oracle Advisory)
> 
> Description: Oracle has released a security update for 
> multiple products
> that patches over 60 vulnerabilities. According to the Oracle advisory
> a number of these flaws can be easily exploited via HTTP or SQL
> protocol. One of the discoverers has posted the technical 
> details about
> four of these vulnerabilities.
> 
> Council Site Actions:  Most of the reporting council sites are
> responding to this item and plan to deploy the patches during 
> their next
> regularly scheduled systems update cycle. One site is currently
> regression testing the updates.
> 
> References:
> Oracle Advisory
> http://www.oracle.com/technology/deploy/security/critical-patc
h-updates/cpujul2006.html 
> Red Database Security Advisories
> http://www.red-database-security.com/advisory/oracle_sql_injec
tion_dbms_stats.html 
> http://www.red-database-security.com/advisory/oracle_sql_injec
tion_dbms_upgrade.html 
> http://www.red-database-security.com/advisory/oracle_sql_injec
tion_dbms_cdc_impdp.html
> http://www.red-database-security.com/advisory/oracle_sql_injec
tion_kupw$worker.html 
> SecurityFocus BID
> http://www.securityfocus.com/bid/19054
> 
> *********************************************************************
> 
> (2) HIGH: Internet Explorer WebViewFolderICon ActiveX Control Memory
>           Corruption (0-day)
> Affected:
> Internet Explorer version 6.0 
> Possibly all versions of IE
> 
> Description: Internet Explorer contains a memory corruption flaw that
> is triggered when "SetSlice" method is invoked on "WebViewFolderIcon"
> ActiveX object. A malicious webpage can exploit the flaw to 
> potentially
> execute arbitrary code on a user's system. The technical details
> required to craft an exploit have been publicly posted.
> 
> Status: Microsoft has not confirmed, no updates available. Set the
> killbit for ActiveX UUID "{E5DF9D10-3B52-11D1-83E8-00A0C90DC849}" as a
> workaround.
> 
> Council Site Actions:  All reporting council sites are waiting on
> additional information and a patch from the vendor.   They will most
> likely deploy the patch during a regularly scheduled systems 
> maintenance
> cycle.
> 
> References:
> Browser Fun Blog Posting by HD Moore
> http://browserfun.blogspot.com/2006/07/mobb-18-webviewfolderic
on-setslice.html
> Browser Fun Blog by HD Moore
> http://browserfun.blogspot.com/
> Microsoft Support Document on Disabling ActiveX Controls ("killbits")
> http://support.microsoft.com/kb/240797
> SecurityFocus BID
> Not yet available.
> 
> **************************************************************
> ***************
> 
> (4) HIGH: Wireshark Ethereal Multiple Protocol Decoding 
> Vulnerabilities
> Affected:
> Ethereal versions prior to 0.99.2
> 
> Description: Wireshark (formerly Ethereal) is a popular open source
> network sniffer and protocol analyzer for Unix and Windows platforms.
> The software contains format string, off-by-one or buffer overflow
> vulnerabilities in parsing the following protocols: ANSI MAP, 
> CheckPoint
> FW-1, MQ, XML, NCP NMAS, NCP NDPS, NTP and NFS. Many of these 
> flaws can
> be exploited to execute arbitrary code with the privileges of the
> ethereal process (typically "root" when ethereal is being used as a
> sniffer). To exploit these flaws, an attacker has to either inject the
> malicious packets into the network traffic being sniffed by ethereal,
> or entice a client to open a specially crafted packet capture 
> file. The
> technical details can be obtained by examining the fixed 
> code. Note that
> any network applications based on ethereal protocol decoder 
> modules may
> also be affected.
> 
> Status: Wireshark has confirmed the flaws and released version 0.99.2
> 
> Council Site Actions:  Ethereal is used minimally at most 
> council sites,
> but is not supported by their central IT departments.  Most sites will
> advise their users to upgrade.  One site has already pushed manual
> updates to the small number of affected users.
> 
> References:
> Wireshark Advisory
> http://www.wireshark.org/security/wnpa-sec-2006-01.html
> Wireshard Homepage
> http://www.wireshark.org/
> SecurityFocus BID
> http://www.securityfocus.com/bid/19051
> 
> 06.29.1 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Powerpoint Multiple Unspecified Vulnerabilities
> Description: Microsoft PowerPoint is prone to multiple remote
> vulnerabilities. Please check the attached advisory for details.
> Microsoft PowerPoint 2003 is affected.
> Ref: http://www.securityfocus.com/bid/18993/info
> ______________________________________________________________________
> 
> 06.29.2 CVE: CVE-2006-3655, CVE-2006-3656, CVE-2006-3660
> Platform: Microsoft Office
> Title: Microsoft Powerpoint Multiple Unspecified Vulnerabilities
> Description: Microsoft PowerPoint is prone to multiple remote
> vulnerabilities which may allow remote attackers to cause crashes, or
> to execute arbitrary machine code in the context of the affected
> application. PowerPoint versions 2003 and prior are reported to be
> vulnerable.
> Ref: http://www.securityfocus.com/bid/18993
> ______________________________________________________________________
> 
> 06.29.3 CVE: CVE-2006-3730
> Platform: Other Microsoft Products
> Title: Internet Explorer WebViewFolderIcon Denial of Service
> Description: Internet Explorer is prone to a denial of service issue
> when the browser processes a malicious "WebViewFolderIcon" object.
> Microsoft Internet Explorer versions 6.0 SP1 and 6.0 are vulnerable.
> Ref:
> http://browserfun.blogspot.com/2006/07/mobb-18-webviewfolderic
on-setslice.html
> ______________________________________________________________________
> 
> 06.29.4 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer DXImageTransform Properties Denial of Service
> Description: Internet Explorer is prone to a denial of service issue
> which exists at the "StartColorStr" and "EndColorStr" properties of
> the "DXImageTransform.Microsoft.Gradient" ActiveX object. Internet
> Explorer 6 SP2 is affected.
> Ref:
> http://browserfun.blogspot.com/2006/07/mobb-17-gradient-startc
olorstr.html
> ______________________________________________________________________
> 
> 06.29.5 CVE: CVE-2006-2492,CVE-2006-3653,CVE-2006-3654
> Platform: Other Microsoft Products
> Title: Microsoft Works Spreadsheet Multiple Remote Vulnerabilties
> Description: Microsoft Works is vulnerable to multiple unspecified
> buffer overflow issues when it attempts to import malicious files.
> Microsoft Works version 8.0 is vulnerable.
> Ref: http://www.frsirt.com/english/advisories/2006/2813
> ______________________________________________________________________
> 
> 06.29.6 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer MHTMLFile Denial of Service
> Description: Internet Explorer is exposed to a denial of service
> issue. The problem occurs when the application is used to view a
> malicious URI or web page consisting of a malformed MHTMLfile element.
> Internet Explorer version 6 SP2 is affected.
> Ref: http://www.securityfocus.com/bid/19013
> ______________________________________________________________________
> 
> 06.29.7 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer DataSourceControl Denial of Service
> Description: Internet Explorer is prone to a denial of service issue
> in the "getDataMemberName()" properties of the "DataSourceControl"
> ActiveX control object. Internet Explorer 6 SP2 is affected.
> Ref:
> http://browserfun.blogspot.com/2006/07/mobb-19-datasourcecontrol.html
> ______________________________________________________________________
> 
> 06.29.8 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer OVCtl Denial of Service
> Description: Microsoft Internet Explorer is prone to a denial of
> service issue which is triggered when the browser processes the
> "NewDefaultItem" method of the "OVCtl" object. All current versions
> are affected.
> Ref:
> http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaul
titem.html
> ______________________________________________________________________
> 
> 06.29.9 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer Content-Type Denial of Service
> Description: Microsoft Internet Explorer is prone to a denial of
> service vulnerability. The vulnerability presents itself when the
> browser processes excessively large "Content-Type" HTTP response
> headers consisting of more than approximately 1M bytes. This crash
> reportedly occurs due to a flaw in the "wininet.dll" library.
> Ref: http://www.securityfocus.com/bid/19092
> ______________________________________________________________________
> 
> 06.29.10 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: RARLAB WinRAR LHA Filename Handling Buffer Overflow
> Description: RARLAB WinRAR is a compression utility capable of reading
> and writing files using several different archival formats. It is
> susceptible to a remote buffer overflow vulnerability, which is caused
> by a failure of the application to properly bounds check user-supplied
> input prior to copying it to an insufficiently-sized memory buffer.
> Versions from 3.0 to 3.60 beta 6 are reported as vulnerable.
> Ref: http://www.securityfocus.com/bid/19043
> ______________________________________________________________________
> 
> 06.29.19 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Various Citrix Applications MFEvent.DLL Privilege Escalation
> Description: Various Citrix applications contain an error that allows
> an authenticated user to escalate privileges. Citrix Metaframe, Citrix
> MetaFrame Presentation Server and Citrix Presentation Server are
> affected.
> Ref: http://www.securityfocus.com/bid/19056/info
> ______________________________________________________________________
> 
> 06.29.24 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel PROC Filesystem Local Privilege Escalation
> Description: The Linux kernel is susceptible to a local privilege
> escalation issue due to a race condition in the "proc" filesystem. The
> exploit demonstrating this issue accesses "/proc/*/environ" files,
> setting setuid permissions. The 2.6 series of the Linux kernel is
> vulnerable to this issue.
> Ref: http://www.securityfocus.com/bid/18992
> ______________________________________________________________________
> 
> 06.29.36 CVE: Not Available
> Platform: Cross Platform
> Title: Asterisk IAX2 Request Flood Remote Denial of Service
> Description: Asterisk is a private branch exchange (PBX) application.
> It is susceptible to a remote denial of service vulnerability. The
> software is unable to efficiently handle numerous unauthenticated call
> requests. Asterisk versions prior to 1.2.10 are vulnerable to this
> issue.
> Ref: http://www.securityfocus.com/bid/19009
> ______________________________________________________________________
> 
> 06.29.39 CVE: CVE-2006-3627 - CVE-2006-3632
> Platform: Cross Platform
> Title: Wireshark Protocol Dissectors Multiple Vulnerabilities
> Description: Wireshark is a network packet analyzer and the successor
> to Ethereal. It is prone to multiple vulnerabilities which may permit
> attackers to execute arbitrary code, which can facilitate a compromise
> of an affected computer or cause a denial of service condition to
> legitimate users of the application. Versions 0.99.1 and prior are
> reported as vulnerable.
> Ref: http://www.wireshark.org/security/wnpa-sec-2006-01.html
> ______________________________________________________________________




 




Copyright © Lexa Software, 1996-2009.