ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 34



> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Two more Internet Explorer vulnerabilities this week; one of them (#1)
> was created by a Microsoft Hotfix; the second (#2) is like others that
> have been widely exploited. Also of note are the more than 60 new web
> application vulnerabilities found this week; that's a rate of 
> more than
> 2,500 web application vulnerabilities per year.
> 
> *************************
> Widely Deployed Software
> *************************
> 
> (1) HIGH: Microsoft Internet Explorer Compressed Page Remote 
> Buffer Overflow
> Affected:
> Windows 2000 with MS06-042 hotfix
> Windows XP SP1 with MS06-042 hotfix
> 
> Description: Microsoft Internet Explorer contains a 
> remotely-exploitable
> buffer overflow. A specially-crafted compressed web page could exploit
> this buffer overflow and execute code with the privileges of 
> the current
> user. This flaw was introduced along with the MS06-042 hotfix. Systems
> without this hotfix are not vulnerable. Technical details for this
> vulnerability are believed to be available. Note that Windows 
> XP SP2 is
> not vulnerable.
> 
> Status: Microsoft confirmed, updates available.
> 
> Council Site Actions:  All reporting council site are responding. One
> site has already pushed the patch and the other sites plan to deploy
> during their next maintenance window.
> 
> References:
> Microsoft Knowledge Base Article
> http://support.microsoft.com/kb/923762/en-us
> SANS Handler's Diary Entry
> http://isc.sans.org/diary.php?storyid=1588
> Previous @RISK Newsletter Entry Detailing MS06-042
> http://www.sans.org/newsletters/risk/display.php?v=5&i=32#widely2
> SecurityFocus BID
> http://www.securityfocus.com/bid/19667
> 
> ****************************************************************
> 
> (2) HIGH: Multiple Microsoft Internet Explorer COM Objects 
> Instantiation Vulnerabilities
> Affected:
> Windows 2000
> 
> Description: Microsoft Internet Explorer reportedly contains 
> heap-memory
> corruption vulnerabilities while instantiating certain COM objects as
> ActiveX controls. A specially-crafted web page that instantiates these
> COM objects could trigger the memory corruption, and 
> potentially execute
> arbitrary code on a client system. Note that re-usable exploit code to
> leverage these flaws is publicly available. Flaws similar to 
> these have
> been widely exploited in the past.
> 
> Status: Microsoft has not confirmed, no updates available. 
> Users may be
> able to mitigate the impact of these vulnerabilities by disabling the
> components via Microsoft's "kill bit" mechanism for the following
> CLSIDs: "{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}",
> "{4682C82A-B2FF-11D0-95A8-00A0C92B77A9}",
> "{8E71888A-423F-11D2-876E-00A0C9082467}",
> "{606EF130-9852-11D3-97C6-0060084856D4}",
> "{F849164D-9863-11D3-97C6-0060084856D4}".
> 
> Council Site Actions:  All council sites are waiting on additional
> information form the vendor.  Several sites commented that 
> they plan to
> deploy the patch during their next maintenance window.
> 
> References:
> XSec Security Advisory
> http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=16
> Microsoft Knowledge Base Article (outlines the "kill bit" mechanism)
> http://support.microsoft.com/kb/240797
> SecurityFocus BID
> http://www.securityfocus.com/bid/19572
> http://www.securityfocus.com/bid/19340
> 
> ****************************************************************
> ****************************************************************
> 
> (5) UPDATE: Microsoft PowerPoint Remote Code Execution
> 
> Description: This issue was outlined in @RISK volume 5, number 33. It
> was unknown at that time whether the issue was a new 0-day 
> vulnerability
> or related to the Microsoft issue patched on August 10th in Microsoft
> Security Bulletin MS06-012. According to new information from 
> Microsoft,
> this issue has been patched by the Microsoft Security 
> Bulletin MS06-012.
> Users who install the MS06-012 patch are not vulnerable to 
> this exploit.
> 
> References:
> Previous @RISK Entry
> http://www.sans.org/newsletters/risk/display.php?v=5&l=33#widely1
> Microsoft Security Response Center Blog Entry
> http://blogs.technet.com/msrc/archive/2006/08/23/449075.aspx
> 
> *****************************************************************
> 
> **************
> Other Software
> **************
> 
> (6) CRITICAL: Alt-N MDaemon Remote Buffer Overflow
> Affected:
> Alt-N MDaemon version 9.05 and prior
> 
> Description: Alt-N MDaemon, a popular mail server solution 
> for Microsoft
> Windows, contains a remotely-exploitable heap overflow. By sending a
> specially-crafted "USER" or "APOP" command to a vulnerable server, an
> attacker could exploit this heap overflow and execute arbitrary code
> with the privileges of the MDaemon process (possibly "SYSTEM").
> Attackers would not need to be authenticated to exploit this
> vulnerability.
> 
> Status: Alt-N confirmed, updates available.
> 
> Council Site Actions: The affected software and/or 
> configuration are not
> in production or widespread use, or are not officially 
> supported at any
> of the council sites. They reported that no action was necessary.
> 
> References:
> INFIGO Security Advisory
> http://archives.neohapsis.com/archives/bugtraq/2006-08/0419.html
> Alt-N Home Page
> http://www.altn.com
> SecurityFocus BID
> http://www.securityfocus.com/bid/19651
> 
> ****************************************************************
> 
> (9) MODERATE: WFTPD Remote Buffer Overflow 
> Affected:
> WFTPD version 3.23 and possibly prior
> 
> Description: WFTPD, a popular FTP server application for Microsoft
> Windows, contains a remotely-exploitable buffer overflow. By 
> sending an
> overlong SIZE command, an authenticated attacker could 
> execute arbitrary
> commands with the privileges of the WFTPD process. Note that 
> many WFTPD
> servers are configured to allow anonymous access. A proof-of-concept
> exploit for this vulnerability has been publicly posted.
> 
> Status: WFTPD has not confirmed, no updates available.
> 
> Council Site Actions: Only one of the council site responded and they
> are investigating to see if any one is using the software at 
> their site.
> 
> References:
> Posting by h07
> http://www.milw0rm.com/exploits/2233
> SecurityFocus BID
> http://www.securityfocus.com/bid/19617
> 
> ****************************************************************
> 
> (10) MODERATE: Multiple Wireshark Protocol Dissector Vulnerabilities
> Affected:
> Wireshark versions 0.7.9 - 0.99.3
> Note that Wireshark is the new name for the popular Ethereal 
> network protocol analyzer.
> 
> Description: Wireshark, the continuation of the Ethereal network
> protocol analyzer line, contains multiple vulnerabilities in its
> protocol dissector modules. These modules are used to decode captured
> protocol information for presentation to the user. Several modules
> contain exploitable buffer overflows. By sending specially-crafted
> traffic to a network with an active Wireshark listener, or by 
> sending a
> packet-capture file to be loaded into Wireshark, an attacker could
> execute arbitrary code with the privileges of the current user (often
> root). Note that, because Wireshark is open source, technical details
> for these vulnerabilities can easily be obtained by analyzing 
> the fixed
> code.
> 
> Status: Wireshark confirmed, updates available.
> 
> Council Site Actions: The affected software and/or 
> configuration are not
> in production or widespread use, or are not officially 
> supported at any
> of the council sites. They reported that no action was necessary.
> 
> References:
> Security Tracker Posting
> http://securitytracker.com/alerts/2006/Aug/1016736.html
> Wireshark Home Page
> http://www.wireshark.org
> SecurityFocus BID
> http://www.securityfocus.com/bid/19690b
> 

> 06.34.1 CVE: Not Available
> Platform: Windows
> Title: Microsoft Windows 2000 Multiple COM Object Instantiation Code
> Execution Vulnerabilities
> Description: Microsoft Windows 2000 is prone to multiple memory
> corruption vulnerabilities that are related to the instantiation of
> COM objects as ActiveX controls via Internet Explorer. This issue is
> similar to the one addressed by MS06-013. Internet Explorer version
> 6.0 SP1 is reported to be vulnerable on nearly all versions of Windows
> 2000.
> Ref: http://www.securityfocus.com/bid/19636
> ______________________________________________________________________
> 
> 06.34.2 CVE: Not Available
> Platform: Windows
> Title: Microsoft Internet Explorer Multiple COM Object Color Property
> Denial of Service Vulnerabilities
> Description: Microsoft Internet Explorer is prone to multiple denial
> of service vulnerabilities when instantiating multiple Visual Studio
> COM objects. This issue is triggered when attackers attempt to set the
> "Color" property of vulnerable COM objects.
> Ref: http://www.securityfocus.com/archive/1/443907
> ______________________________________________________________________
> 
> 06.34.3 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer TSUserEX.DLL ActiveX Control Memory
> Corruption
> Description: Internet Explorer is prone to a memory corruption
> vulnerability. This is related to the handling of the tsuserex.dll COM
> object ActiveX control, which results in the corruption of heap
> memory. See the advisory for further details.
> Ref: http://www.securityfocus.com/bid/19570
> ______________________________________________________________________
> 
> 06.34.4 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer Visual Studio COM Object Instantiation Denial
> of Service
> Description: Microsoft Internet Explorer is prone to a denial of
> service issue when instantiating multiple Visual Studio COM objects.
> All current versions are affected.
> Ref: http://www.securityfocus.com/archive/1/443499
> ______________________________________________________________________
> 
> 06.34.5 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer HTTP 1.1 and Compression Long URI
> Buffer Overflow
> Description: Microsoft Internet Explorer is vulnerable to a remote
> buffer overflow issue when HTML content containing overly long URIs
> pointing to web sites using the HTTP/1.1 protocol along with
> compression. This issue was introduced with the patches released with
> Microsoft advisory MS06-042. Internet Explorer 6 SP1 running on
> Microsoft Windows 2000 and Windows XP SP1 are vulnerable.
> Ref: http://www.microsoft.com/technet/security/advisory/923762.mspx
> ______________________________________________________________________
> 
> 06.34.7 CVE: CVE-2006-4266
> Platform: Third Party Windows Apps
> Title: Norton Personal Firewall SuiteOwners Registry Key Security
> Bypass
> Description: Norton Personal Firewall is vulnerable to a security
> bypass issue because a specific Norton registry key is not properly
> protected and allows for modification. Symantec Norton Personal
> Firewall 2006 versions 9.1.0.33 and earlier are vulnerable.
> Ref: http://www.matousec.com/info/advisories/Norton-DLL-faking-via-Sui
> teOwners-protection-bypass.php
> ______________________________________________________________________
> 
> 06.34.8 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: WFTPD Server Multiple Buffer Overflow Vulnerabilities
> Description: WFTPD is an FTP server. It is vulnerable to multiple
> buffer overflow issues with various FTP commands. WFTPD version 3.23
> is vulnerable.
> Ref: http://www.securityfocus.com/bid/19617
> ______________________________________________________________________
> 
> 06.34.9 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: WebAdmin Module for MDaemon Information Disclosure
> Description: The WebAdmin is a plugin module for the Mdaemon messaging
> and collaborative application suite. WebAdmin Module for MDaemon is
> prone to an information disclosure vulnerability because the
> application fails to sanitize user-supplied input. Versions 3.00 to
> 3.24 are reported vulnerable.
> Ref: http://www.securityfocus.com/bid/19620
> ______________________________________________________________________
> 
> 06.34.10 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: WebAdmin Module for MDaemon Unspecified Privilege Escalation
> Vulnerability
> Description: The WebAdmin is a plugin module for the MDaemon messaging
> and collaborative application suite. It is vulnerable to an
> unspecified privilege escalation issue. WebAdmin versions 3.00 to 3.24
> are vulnerable.
> Ref: http://files.altn.com/WebAdmin/Release/RelNotes_en.txt
> ______________________________________________________________________
> 
> 06.34.12 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Alt-N MDaemon Multiple Remote Pre-Authentication POP3 Buffer
> Overflow Vulnerabilities
> Description: Alt-N MDaemon is a mailserver. It is exposed to multiple
> remote buffer overflow issues due to improper boundary checking.
> MDaemon versions 8 and 9 are affected.
> Ref: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-08-04
> 
> 06.34.29 CVE: Not Available
> Platform: Cross Platform
> Title: RealVNC Clipboard Update Integer Overflow
> Description: RealVNC (Virtual Network Computing) allows users to
> access remote computers. Insufficient sanitization in the
> "readClientCutText()" function of the "rfb/SmsgReader.cxx" file and
> the "readServerCutText()" function in the "rfb/CMsgReader.cxx" file
> exposes the application to an integer overflow issue.
> Ref:
> http://archives.neohapsis.com/archives/fulldisclosure/2006-08/
> 0550.html
> ______________________________________________________________________
> 
> 06.34.30 CVE: CVE-2006-4227,CVE-2006-4226
> Platform: Cross Platform
> Title: MySQL Privilege Elevation and Security Bypass Vulnerabilities
> Description: MySQL is prone to a privilege elevation issue and to a
> security bypass issue. A user who has access to a database, but who is
> not granted privileges to create new databases, can bypass this
> restriction using CREATE DATABASE. The application incorrectly
> calculates arguments to the SUID routines in the context of the
> definer instead of the caller. A user with privileges to call SUID
> routines may be able to execute certain commands and code with the
> privileges of the definer, which can lead to privilege escalation.
> MySQL versions 5.0.24 and earlier are affected by these issues.
> Ref: http://bugs.mysql.com/bug.php?id=17647
> http://bugs.mysql.com/bug.php?id=18630
> ______________________________________________________________________
> 
> 06.34.34 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Multiple Undefined Vulnerabilities
> Description: PHP is prone to multiple undefined vulnerabilities.
> Successful exploits could allow an attacker to write files in
> unauthorized locations, cause a denial of service condition, and
> potentially execute code. These issues are reported to affect PHP
> versions 4.4.3 and 5.1.4; other versions may also be vulnerable.
> Ref: http://www.securityfocus.com/bid/19582
> ______________________________________________________________________
> 
> 06.34.36 CVE: Not Available
> Platform: Cross Platform
> Title: Apache HTTP Server Arbitrary HTTP Request Headers Security
> Weakness
> Description: IBM HTTP servers are prone to a HTTP request header
> security weakness. This issue occurs because the application fails to
> sanitize specially crafted HTTP Expect headers. In particular the
> application does not sanitize HTTP Expect headers when it is
> redirected to an error message. This issue resides in the
> "http.protocol.c" file.
> Ref: http://rhn.redhat.com/errata/RHSA-2006-0619.html
> 
> 06.34.39 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox FTP Denial of Service
> Description: Mozilla Firefox is prone to a denial of service
> vulnerability. The vulnerability exists when Mozilla Firefox attempts
> to connect to a malicious FTP site. After connecting to the FTP site a
> message with "220 Z  331 Z 500 DoS 500 Z" is sent back to the browser.
> Mozilla Firefox versions 1.5.0.6 and prior are vulnerable.
> Ref: http://www.securityfocus.com/bid/19678
> ______________________________________________________________________
> 
> 06.34.43 CVE: Not Available
> Platform: Cross Platform
> Title: Wireshark Multiple Vulnerabilities
> Description: Wireshark is an application for analyzing network
> traffic. It is exposed to multiple issues. Please refer to the link
> below for further details. Wireshark versions 0.99.2 and earlier are
> affected.
> Ref: http://www.wireshark.org/security/wnpa-sec-2006-02.html
> ______________________________________________________________________
> 
> 06.34.106 CVE: Not Available
> Platform: Network Device
> Title: AK-Systems Windows Terminals Remote Unauthorized Administrative
> Access
> Description: AK-Systems Windows Terminals are thin-client devices
> capable of remote Citrix and RDP (Remote Desktop Protocol) access to
> servers. It is vulnerable to a remote unauthorized administrative
> access issue due to a lack of authentication requirements for remote
> administrative access to affected devices. Devices with firmware
> version 1.2.5 ExVLP are vulnerable.
> Ref: http://www.securityfocus.com/bid/19659
> ______________________________________________________________________
> 
> 06.34.107 CVE: Not Available
> Platform: Network Device
> Title: Cisco VPN 3000 Concentrator FTP Arbitrary File Access
> Description: Cisco VPN 3000 concentrator products provide Virtual
> Private Network (VPN) services to remote users. Due to two unspecified
> vulnerabilities when FTP is enabled as a file management protocol,
> several commands may be used by unauthorized attackers. Please refer
> to the advisory for vulnerable versions.
> Ref: 
> http://www.cisco.com/en/US/products/products_security_advisory
> 09186a0080718330.shtml
> ______________________________________________________________________
> 
> 06.34.109 CVE: Not Available
> Platform: Hardware
> Title: Cisco Multiple Firewall Appliances Authentication Bypass
> Description: Multiple Cisco Firewall appliances are prone to an
> authentication bypass issue when passwords are set using the commands
> "passwd", "username" or "enable password". Please see the referenced
> advisory for details.
> Ref: http://www.securityfocus.com/bid/19681
> ______________________________________________________________________




 




Copyright © Lexa Software, 1996-2009.