ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 39



> 
> *************************
> Widely Deployed Software
> *************************
> 
> (0) CRITICAL: IE WebViewFolderIcon ActiveX Control Remote 
> Code Execution
> Affected:
> Windows 2000 SP4/XP SP1/XP SP2
> 
> Description: The 0-day vulnerability in WebViewFolderIcon ActiveX
> Control discussed in a previous issue of the @RISK newsletter is now
> getting exploited in the wild. Security researchers last week publicly
> posted exploit code that can be used to compromise a Windows 
> system when
> an IE user browses a malicious webpage.
> 
> Status: Microsoft confirmed, no updates yet available. A workaround is
> to set the kill bits for the following UUIDs:
> "844F4806-E8A8-11d2-9652-00C04FC30871" and
> "E5DF9D10-3B52-11D1-83E8-00A0C90DC849".
> 
> References:
> Microsoft Security Advisory
> http://www.microsoft.com/technet/security/advisory/926043.mspx 
> SANS Handler's Diary Discussion
> http://www.incidents.org/diary.php?storyid=1749
> Previous @RISK Newsletter Posting
> http://www.sans.org/newsletters/risk/display.php?v=5&i=29#widely2
> Patch from ZERT and Determina (third-party patches, not 
> tested by Microsoft)
> http://www.determina.com/security.research/
> http://isotf.org/zert/
> How to Killbit ActiveX Controls
> http://support.microsoft.com/kb/240797
> Exploit Code
> http://www.milw0rm.com/exploits/2440
> http://www.milw0rm.com/exploits/2448
> 
> **************************************************************
> **********
> 
> (1) HIGH: Microsoft PowerPoint Remote Code Execution 
> Affected:
> Microsoft PowerPoint 2000/2002/2003
> Microsoft PowerPoint 2004/v.X for Mac
> 
> Description: Microsoft PowerPoint is vulnerable to a
> remotely-exploitable code execution vulnerability. A specially-crafted
> PowerPoint file, when opened, can execute arbitrary code with the
> privileges of the current user. No technical details for this
> vulnerability have been publicly posted but a Trojan has been seen in
> the wild. The Trojan is currently identified as 
> "Trojan.PPDropper.F" by
> some antivirus software. It is believed that this issue is related to
> the issue disclosed in a previous @RISK entry (see the references
> below). The currently-known variant has been seen to connect 
> to the host
> "mylostlove1.6600.org", though other variants may connect elsewhere.
> Users are advised to monitor network access logs to see if 
> this host is
> being actively contacted.
> 
> Status: Microsoft confirmed, no updates available. 
> 
> Council Site Actions:  All of the responding council sites are waiting
> on a patch from the vendor. They will deploy during their 
> next regularly
> schedule system update cycle.
> 
> References:
> Microsoft Security Advisory
> http://www.microsoft.com/technet/security/advisory/925984.mspx
> Previous @RISK Entry
> http://www.sans.org/newsletters/risk/display.php?v=5&i=38&rss=
Y#widely3
> SANS Internet Storm Center Handler's Diary Entry
> http://isc.sans.org/diary.php?storyid=1740
> SecurityFocus BID
> http://www.securityfocus.com/bid/20226
> 
> ****************************************************************

> ****************************************************************
> 
> (3) HIGH: OpenSSL ASN.1 Remote Buffer Overflow
> Affected:
> OpenSSL version 0.9.8c and prior
> OpenSSL version 0.9.7k and prior
> 
> Description: OpenSSL, an open source implementation of the Secure
> Sockets Layer, contains a remotely-exploitable buffer overflow in its
> handling of ASN.1-encoded data. OpenSSL is used in a wide variety of
> applications; including many applications designed for 
> security, and is
> installed by default on most UNIX, Linux, BSD, and Mac OS X 
> systems. By
> sending a specially-crafted request to a vulnerable application using
> OpenSSL, an attacker could trigger this buffer overflow and execute
> arbitrary code with the privileges of the vulnerable application. Note
> that, because OpenSSL is open source, technical details for this
> vulnerability may be easily obtained via source code analysis.
> 
> Status: OpenSSL confirmed, updates available.
> 
> Council Site Actions:  Two of the responding council sites 
> are using the
> affected software and are in the process of investigating how this
> vulnerability affects them.
> 
> References: OpenSSL Security Advisory
> http://www.openssl.org/news/secadv_20060928.txt Wikipedia 
> Article on the
> Secure Sockets Layer http://en.wikipedia.org/wiki/Secure_Sockets_Layer
> Wikipedia Article on ASN.1 http://en.wikipedia.org/wiki/ASN.1 OpenSSL
> Home Page http://www.openssl.org SecurityFocus BID
> http://www.securityfocus.com/bid/20249
> 
> ****************************************************************
> 
> (4) MODERATE: GNU gzip Multiple Remote Vulnerabilities
> Affected:
> GNU gzip versions 1.3.5 and prior
> 
> Description: GNU gzip, the GNU project's popular compression tool,
> contains multiple remotely-exploitable vulnerabilities. A specially
> crafted gzip-compressed file could trigger these vulnerabilities and
> execute arbitrary code with the privileges of the current 
> user. The gzip
> program is installed on all Linux, BSD, and Mac OS X systems, and is
> common on most UNIX systems. On these systems, it is generally the
> preferred compression method. Note that, because gzip is open source,
> technical details for this vulnerability may be easily obtained via
> source code analysis.
> 
> Status: Some vendors, notably FreeBSD, have released patches for the
> versions of gzip included in their operating system distributions.
> 
> Council Site Actions:  Only one of the responding council 
> sites is using
> the affected software.  Their Red Hat Linux systems will be 
> updated via
> the Up2Date cycle.  They are still investigating whether the
> vulnerability affects them on other O/S platforms.
> 
> References:
> Red Hat Security Advisory
> http://rhn.redhat.com/errata/RHSA-2006-0667.html
> GNU gzip Home Page
> http://www.gnu.org/software/gzip/gzip.html
> GNU Project Home Page
> http://www.gnu.org/
> SecurityFocus BID
> http://www.securityfocus.com/bid/20101
> 
> ****************************************************************
> 
> (5) MODERATE: Mozilla Firefox Unconfirmed Remote Code Execution
> Affected:
> Mozilla Firefox versions 1.5.8 and possibly prior
> 
> Description: An unconfirmed remote code execution vulnerability in
> Mozilla Firefox has been reported. A specially-crafted web page
> containing JavaScript could result in arbitrary code 
> execution with the
> privileges of the current user. No technical details for this
> vulnerability have been publicly posted.
> 
> Status: Mozilla has not confirmed, no updates available.
> 
> References:
> Story on ZDNet
> http://news.zdnet.com/2100-1009-6121608.html
> Mozilla Firefox Home Page
> http://www.mozilla.com/firefox
> SecurityFocus BID
> http://www.securityfocus.com/bid/20282
> 
> ****************************************************************
> 
> (7) LOW: OpenSSH Remote Race Condition
> Affected:
> OpenSSH version 4.3 and prior
> Portable OpenSSH versions 4.3 and prior
> 
> Description: OpenSSH, a popular implementation of the Secure Shell
> protocol, contains a remotely-exploitable race condition. OpenSSH
> servers configured to use GSSAPI (General Security Services 
> Application
> Programming Interface) services are vulnerable to this race condition.
> By sending specially-crafted traffic to a vulnerable system, 
> an attacker
> could theoretically execute arbitrary code with root privileges
> (Portable OpenSSH) or cause a denial-of-service condition (OpenSSH).
> Note that this vulnerability is currently believed to be only
> theoretical; it is not believed to be practically exploitable under
> normal conditions.
> 
> References:
> OpenSSH Release Announcement
> http://www.openssh.com/txt/release-4.4
> OpenSSH Home Page
> http://www.openssh.com/
> Wikipedia Entry on GSSAPI
> http://en.wikipedia.org/wiki/Generic_Security_Services_Applica
> tion_Program_Interface
> SecurityFocus BID
> http://www.securityfocus.com/bid/20241
> 
> ______________________________________________________________________
> 
> 06.39.2 CVE: CVE-2006-4694
> Platform: Microsoft Office
> Title: Microsoft PowerPoint Unspecified Remote Code Execution
> Description: Microsoft PowerPoint is prone to an unspecified remote
> code execution vulnerability. This issue can allow remote attackers to
> execute arbitrary code on a vulnerable computer by supplying a
> malicious PowerPoint document to a user. This issue is being actively
> exploited in the wild as Trojan.PPDropper.F. This vulnerability is
> currently known to affect Microsoft Office 2000, Office XP and Office
> 2003.
> Ref: http://www.microsoft.com/technet/security/advisory/925984.mspx
> ______________________________________________________________________
> 
> 06.39.24 CVE: CVE-2006-3738
> Platform: Unix
> Title: OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow
> Description: OpenSSL is an open source implementation of the SSL
> protocol. It is exposed to a buffer overflow issue due to a failure of
> the library to properly bounds check user-supplied input prior to
> copying it to an insufficiently sized memory buffer.
> Ref: http://www.openssl.org/news/secadv_20060928.txt
> ______________________________________________________________________
> ______________________________________________________________________
> 
> 06.39.27 CVE: Not Available
> Platform: Cross Platform
> Title: CA eTrust Security Command Center and eTrust Audit Multiple
> Vulnerabilities
> Description: CA eTrust Security Command Center (eSCC) is security
> system management application. eTrust Audit is a system auditing
> application for the enterprise. These applications are prone to
> multiple unspecified information disclosure and replay
> vulnerabilities. Multiple versions are reportedly vulnerable; please
> see the advisory for further details.
> Ref: http://www.securityfocus.com/bid/20139
> ______________________________________________________________________
> 
> 06.39.29 CVE: Not Available
> Platform: Cross Platform
> Title: Portable OpenSSH GSSAPI Remote Code Execution
> Description: OpenSSH is a freely available, open-source implementation
> of the Secure Shell protocol. Portable OpenSSH is the same code base
> with portability enhancements to enable the applications to run on a
> variety of platforms. Portable OpenSSH is susceptible to a remote code
> execution vulnerability. The issue derives from a race condition in a
> vulnerable signal handler.
> Ref: http://www.openssh.com/txt/release-4.4
> ______________________________________________________________________
> 
> 06.39.30 CVE: Not Available
> Platform: Cross Platform
> Title: Portable OpenSSH GSSAPI Authentication Abort Information
> Disclosure
> Description: Portable OpenSSH is susceptible to an information
> disclosure weakness. The issue derives from a GSSAPI authentication
> abort which can be used to determine the existence and validity of
> usernames on unspecified platforms. Portable OpenSSH versions 4.3p1
> and prior exhibit this weakness.
> Ref: http://www.securityfocus.com/bid/20245
> ______________________________________________________________________
> 
> 06.39.31 CVE: CVE-2006-4343
> Platform: Cross Platform
> Title: OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service
> Description: OpenSSL is an implementation of the SSL protocol. It is
> affected by a denial of service issue which affects the SSLv2 client
> code.
> Ref: http://www.securityfocus.com/bid/20246
> ______________________________________________________________________
> 
> 06.39.32 CVE: CVE-2006-2940
> Platform: Cross Platform
> Title: OpenSSL Public Key Processing Denial of Service
> Description: OpenSSL is an open source implementation of the SSL
> protocol. It is vulnerable to a denial of service issue when an
> attacker uses malicious public key data to connect to a vulnerable
> server. See the advisory for further details.
> Ref: http://www.openssl.org/news/secadv_20060928.txt
> ______________________________________________________________________



 




Copyright © Lexa Software, 1996-2009.