ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА














     АРХИВ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 40



> 
> This is a week for security flaws in security vendors' 
> software: McaFee,
> Symantec, Computer Associates and TrendMicro. If you thought you were
> seeing an increasing number of flaws in security vendor's 
> products, you
> are correct.  The flaws may have always been there, but the trend
> attacker community has targeted these products because they 
> (and back-up
> products) are so often trusted and so rarely updated.  They provide
> fertile territory for circumventing firewalls.
> 
> One of the more interesting elements of this issue is the Xerox
> vulnerability and the lack of any way to fix them. Printers, 
> especially
> dual-homed printers are one of the most effective attack vectors for
> penetrating sensitive areas of companies.  Most printers with network
> interface cards have multiple vulnerabilities, but most sited 
> don't even
> try to patch them.
>                              Alan
> 

> *************************
> Widely Deployed Software
> *************************
> 
> (1) CRITICAL: McAfee ePolicy Orchestrator/ProtectionPilot 
> Remote Buffer Overflow
> Affected:
> McAfee ePolicy Orchestrator versions 3.0 SP2a and prior
> McAfee ProtectionPilot versions 1.1.1 patch 2 and prior
> 
> Description: The web server component used in both McAfee ePolicy
> Orchestrator (used to monitor and maintain enterprise policy) 
> and McAfee
> Protection Pilot (used to monitor and maintain threat protection
> software) contains an exploitable buffer overflow. By sending a
> specially-crafted request to this server component, an attacker could
> trigger this buffer overflow and execute arbitrary code with the
> privileges of the process - often SYSTEM. Note that multiple working
> exploits have been publicly posted for these vulnerabilities. 
> Users are
> advised to block access to port 81/TCP at the network perimeter, if
> possible.
> 
> Status: McAfee confirmed, updates available.
> 
> Council Site Actions:  Only one of the responding council 
> sites is using
> the affected software and they plan to deploy the patch during their
> next regularly scheduled system maintenance cycle.
> 
> Technical Explanation by BackTrack
> http://www.remote-exploit.org/advisories/mcafee-epo.pdf
> Proofs-of-Concept
> http://www.milw0rm.com/exploits/2467
> http://downloads.securityfocus.com/vulnerabilities/exploits/20228.py
> McAfee Home Page
> http://www.mcafee.com/
> SecurityFocus BID
> http://www.securityfocus.com/bid/20288
> 
> ****************************************************************
> 
> (2) HIGH: Computer Associates Multiple Products Multiple 
> Vulnerabilities
> Affected:
> BrightStor ARCserve Backup R11.5 Client
> BrightStor ARCserve Backup R11.5 Server
> BrightStor Enterprise Backup 10.5
> BrightStor ARCserve Backup v9.01
> CA Server Protection Suite r2
> CA Business Protection Suite r2
> 
> Description: Several Computer Associates products suffer from multiple
> vulnerabilities: (1) An exploitable heap overflow exists in 
> the Message
> Engine RPC service. (2) An exploitable stack-based buffer overflow
> exists in the Discovery Service, running on ports 41524/UDP and
> 41523/TCP. By exploiting either or both of these vulnerabilities, an
> attacker could execute arbitrary code with the privileges of the
> vulnerable process - often SYSTEM. No authentication is required to
> exploit either of these vulnerabilities. Some technical 
> details for both
> of these vulnerabilities have been publicly posted.
> 
> Status: Computer Associates confirmed, updates available.
> 
> References:
> Zero Day Initiative Advisories
> http://zerodayinitiative.com/advisories/ZDI-06-030.html
> http://zerodayinitiative.com/advisories/ZDI-06-031.html
> Computer Associates Security Notice
> http://supportconnectw.ca.com/public/storage/infodocs/basbr-se
> cnotice.asp
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/20364
> http://www.securityfocus.com/bid/20365
> 
> 
> ****************************************************************
> 
> (3) HIGH: Symantec Automated Support Tool ActiveX Control 
> Remote Buffer Overflow
> Affected:
> The following products are known to include a vulnerable 
> version of the
> ActiveX control. Other products may also be vulnerable.
> Symantec Norton SystemWorks versions 2005/2006
> Symantec Norton Internet Security versions 2005/2006
> Symantec Norton AntiVirus versions 2005/2006
> Symantec Automated Support Assistant
> 
> Description: The Symantec Automated Support Tool ActiveX control, used
> by multiple Symantec products to provide diagnostic information for
> problem resolution, contains an exploitable buffer overflow. 
> A specially
> crafted web page that instantiates this control could exploit this
> buffer overflow and execute arbitrary code with the privileges of the
> current user. Note that re-usable exploit code to leverage these flaws
> is publicly available. Flaws similar to these have been 
> widely exploited
> in the past.
> 
> Status: Symantec confirmed, updates available.
> 
> Council Site Actions:  Two of the responding council sites 
> are using the
> affected software. The first site is already in the process 
> of patching
> their systems.  The second site has a few hundred 
> installations, but on
> systems that are not supported by their central IT 
> department. They have
> no immediate plans to respond because they have no realistic way to
> identify the affected user population.
> 
> References:
> Symantec Security Advisory
> http://securityresponse.symantec.com/avcenter/security/Content
> /2006.10.05.html
> Symantec Home Page
> http://www.symantec.com
> SecurityFocus BID
> http://www.securityfocus.com/bid/20348
> 
> ****************************************************************
> 
> (5) MODERATE: Trend Micro OfficeScan ActiveX Format String 
> Vulnerability
> Affected:
> The following products are known to include a vulnerable 
> version of the
> ActiveX control. Other products may also be vulnerable.
> Trend Micro OfficeScan Corporate Edition version 7.3
> 
> Description: Tend Micro OfficeScan Corporate Edition, a popular
> antivirus and anti-spyware suite, contains an  exploitable 
> format string
> vulnerability. By sending a specially-crafted string to the Remote
> Client Install search function of the ActiveX component, an attacker
> could exploit this vulnerability and potentially execute 
> arbitrary code
> with the privileges of the OfficeScan process. Note that some 
> technical
> details for this vulnerability have been publicly posted.
> 
> Status: Trend Micro, confirmed, updates available.
> 
> Council Site Actions: affected software and/or configuration 
> are not in
> production or widespread use, or are not officially supported 
> at any of
> the council sites. They reported that no action was necessary.
> 
> Layered Defense Security Advisory
> http://www.layereddefense.com/TREND01OCT.html
> Trend Micro Home Page
> http://www.trendmicro.com
> SecurityFocus BID
> http://www.securityfocus.com/bid/20284
> 
> ****************************************************************
> ****************************************************************
> 
> (7) LOW: Xerox Multiple Product Authentication Bypass and 
> Code Injection
> Affected:
> Xerox WorkCentre and WorkCentre Pro models 232, 238, 245, 
> 255, 265, and 275
> 
> Description: Xerox WorkCentre and WorkCentre Pro multi-function
> copier/printers contain an exploitable authentication-bypass
> vulnerability. By sending a specially-crafted request to the
> administration web interface, an attacker could bypass the configured
> authentication systems and potentially gain complete control of the
> vulnerable system.
> 
> Status: Xerox confirmed, updates available.
> 
> Council Site Actions: Only one of the responding council 
> sites is using
> the affected software/models.  They sent the vulnerability information
> to their printer support group.  They have a dozen or so 
> Xerox systems,
> but they do not have accurate information about device ownership or
> location. They considered passing along the information by e-mail to
> departmental system administrators, but this is of limited 
> value because
> many departments do not consider the device to be computing equipment,
> and the person who maintains the device does not maintain any
> (other)computer systems.
> 
> References:
> Xerox Security Advisory
> http://www.xerox.com/downloads/usa/en/c/cert_XRX06_005.pdf
> SecurityFocus BID
> http://www.securityfocus.com/bid/20334
> 
> ****************************************************************
> 
> CORRECTION: In the previous issue of @RISK, item 3 "OpenSSL 
> ASN.1 Remote
> Buffer Overflow" was incorrect. The vulnerability described was not in
> the processing of ASN.1 data, but in the OpenSSL 
> SSL_Get_Shared_Ciphers
> function. OpenSSL developers have stated that this function is not
> widely used.
> 
> 06.40.1 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Trend Micro OfficeScan ATXCONSOLE.OCX ActiveX Control Format
> String
> Description: Trend Micro OfficeScan is an antivirus solution for
> Windows. It is prone to a remote format string vulnerability. This
> issue affects the "ATXCONSOLE.OCX" ActiveX control, which ships as
> part of the management console of OfficeScan. Trend Micro OfficeScan
> Corporate Edition version 7.3 is reported to be vulnerable.
> Ref: http://www.securityfocus.com/bid/20284
> ______________________________________________________________________
> 
> 06.40.6 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Trend Micro OfficeScan Client Removal and File Deletion
> Vulnerabilities
> Description: Trend Micro OfficeScan is prone to a denial of service
> via software removal, and arbitrary file deletion vulnerabilities. A
> successful exploit allows a remote attacker to forcibly remove the
> OfficeScan client or delete arbitrary files from an OfficeScan server.
> Trend Micro OfficeScan Corporate Edition version 7.3 and prior are
> reported vulnerable.
> Ref: http://www.securityfocus.com/bid/20330
> ______________________________________________________________________
> 
> 06.40.10 CVE: CVE-2006-2937
> Platform: Cross Platform
> Title: OpenSSL ASN.1 Structures Denial of Service
> Description: OpenSSL is prone to a denial of service vulnerability.
> This issue exists when the library parses certain unspecified "ASN.1"
> structures and fails to properly handle error conditions. This may
> result in an infinite loop consuming excessive systems resources.
> Ref: http://www.securityfocus.com/bid/20248
> ______________________________________________________________________
> 
> 06.40.11 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox Unspecified Javascript Remote Code Execution
> Description: Mozilla Firefox is prone to an unspecified remote denial
> of service vulnerability that was initially reported to be a remote
> code execution vulnerability. Little information is available at this
> time. All known versions are reported to be vulnerable.
> Ref: http://www.securityfocus.com/bid/20282
> ______________________________________________________________________
> 
> 06.40.12 CVE: Not Available
> Platform: Cross Platform
> Title: McAfee EPolicy Orchestrator and ProtectionPilot HTTP Server
> Remote Buffer Overflow Vulnerability
> Description: The HTTP server component of McAfee ePolicy Orchestrator
> and ProtectionPilot is exposed to a remote stack buffer overflow issue
> that can lead to complete system compromise. McAfee ePolicy
> Orchestrator version 3.5.0 and ProtectionPilot version 1.1.0 are
> affected.
> Ref:
> http://metasploit.com/projects/Framework/exploits.html#mcafee_
> epolicy_source
> ______________________________________________________________________
> 
> 06.40.13 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox Multiple Unspecified Javascript Vulnerabilities
> Description: Mozilla Firefox is prone to multiple unspecified
> Javascript issues due to failure of the application to properly
> sanitize user-supplied input. Please see the attached advisory for
> details.
> Ref: http://www.securityfocus.com/bid/20294
> ______________________________________________________________________
> 
> 06.40.71 CVE: Not Available
> Platform: Network Device
> Title: Xerox Multiple Product Arbitrary Command Execution
> Description: Multiple Xerox products are vulnerable to an arbitrary
> command issue. These include ESS/Network Controller and MicroServer
> Web Server. This occurs because the device allows an attacker to
> inject commands through the tcp/ip hostname resulting in the execution
> of arbitrary commands.
> Ref: http://www.xerox.com/downloads/usa/en/c/cert_XRX06_005.pdf
> ______________________________________________________________________
> 
> 06.40.72 CVE: Not Available
> Platform: Network Device
> Title: Linksys SPA921 VoIP Phone HTTP Server Denial of Service
> Vulnerabilities
> Description: Linksys SPA921 VoIP phones are susceptible to a denial of
> service vulnerability because the devices fail to properly handle
> large user supplied input values in HTTP traffic. A long username or
> password in a basic HTTP authentication field will also crash and
> reboot the phone.
> Ref: http://www.securityfocus.com/bid/20346
> ______________________________________________________________________
> 
> 06.40.74 CVE: Not Available
> Platform: Hardware
> Title: PolyCom IP-301 VoIP Desktop Phone HTTP Server Denial of Service
> Description: PolyCom IP-301 is a voice over IP (VoIP) desktop
> telephone. It is affected by multiple denial of service issues. Please
> see the attached advisory for details.
> Ref: http://www.securityfocus.com/bid/20351/info
> ______________________________________________________________________
> 
> 06.40.75 CVE: Not Available
> Platform: Hardware
> Title: GrandStream GXP-2000 VoIP Phone Denial of Service
> Description: GrandStream GXP-2000 is a voice over IP (VoIP) desktop
> telephone. It is exposed to a denial of service issue because the
> device fails to properly handle excessive amounts of UDP traffic.
> Firmware 1.1.0.5 is affected.
> Ref: http://www.securityfocus.com/bid/20356
> ______________________________________________________________________



 




Copyright © Lexa Software, 1996-2009.