ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 42



> 
> *************************
> Widely Deployed Software
> *************************
> 
> (1) CRITICAL: Novell eDirectory Multiple Buffer Overflows
> Affected:
> Novell eDirectory versions 8.x prior to 8.8.1 FTF1
> 
> Description: Novell's eDirectory, a multi-platform directory service
> with millions of installations worldwide, allows businesses to manage
> identities and secure access to network resources. In addition to LDAP
> protocol, the eDirectory product also supports Netware Core Protocol
> (NCP) over IP.
> (a) Novell's iMonitor provides monitoring and diagnostic 
> capability for
> Novell eDirectory via HTTP. iMonitor server, that listens on port
> 8008/tcp by default, is automatically started along with the 
> eDirectory
> services on Windows platforms. This server contains a 
> stack-based buffer
> overflow that can be triggered by an HTTP "Host" header longer than 64
> bytes. The overflow can be exploited to execute arbitrary code with
> SYSTEM/root privileges. Note that exploit code for similar flaws
> previously discovered is publicly available.
> (b) The NCP functionality of eDirectory as well as the LDAP server
> contain heap-based buffer overflows. An unauthenticated attacker can
> exploit these flaws to execute arbitrary code on the 
> eDirectory server.
> The technical details about the flaws have been publicly posted.
> 
> Status: Novell has released version 8.8.1 FTF1 to address the buffer
> overflows in LDAP and NCP services. Version 8.7.3.8 FTF1 addresses the
> iMonitor buffer overflow.
> 
> References:
> Posting by Ryan smith and Michael Ligh
> http://www.mnin.org/advisories/2006_novell_httpstk.pdf 
> iDefense Advisories
> http://archives.neohapsis.com/archives/bugtraq/2006-10/0368.html 
> http://archives.neohapsis.com/archives/bugtraq/2006-10/0367.html 
> http://archives.neohapsis.com/archives/bugtraq/2006-10/0369.html 
> Product Homepage
> http://www.novell.com/products/edirectory/ 
> iMonitor Information
> http://www.novell.com/documentation/ndsedir86/taoenu/data/a5hgofu.html
> Novell NCP Protocol
> http://www.javvin.com/protocolNCP.html 
> SecurityFocus BID
> http://www.securityfocus.com/bid/20663
> http://www.securityfocus.com/bid/20664
> http://www.securityfocus.com/bid/20655 
> 
> **************************************************************
> *********
> 
> (2) HIGH: Oracle Critical Patch Update October 2006
> Affected:
> A number of Oracle products including: Oracle Database Server, Oracle
> Application Express, Oracle Application Server, Oracle Collaboration
> Suite, Oracle E-Business Suite, Oracle Pharmaceutical Applications and
> Oracle PeopleSoft/JDE Tools.  ( For specific versions of the affected
> products, please consult the Oracle advisory.)
> 
> Description: Oracle has released a cumulative security patch 
> for a wide
> range of products on October 17, 2006. This critical update 
> patches over
> 100 vulnerabilities that can be exploited via HTTP or Oracle Net
> protocol. Oracle Application Express is the most severely affected
> product according to the CVSS ratings for its vulnerabilities 
> (computed
> by Oracle). Although Oracle's advisory has reported low CVSS scores on
> a large number of database flaws (i.e. the flaws are moderate or low
> severity), NGSSoftware points out that some of the database flaws can
> be exploited without a valid userid/password. Hence, Oracle 
> Database and
> Application Express patches should be applied on a priority basis.
> 
> Status: Apply the Oracle Critical Patch Update for October 2006.
> NGSSoftware also reports that updates are not available for some
> platforms.
> 
> Council Site Actions: Most of the reporting council sites are taking
> action on this item and plan to role out the patches at some point in
> the future. A few sites will use the next regularly scheduled system
> maintenance window. Other sites are processing through their 
> normal, but
> rigorous Oracle patch regression testing process, and will deploy the
> patches once testing is complete and successful.
> 
> References:
> Oracle Advisory
> http://www.oracle.com/technology/deploy/security/critical-patc
> h-updates/cpuoct2006.html 
> Posting by NGSSoftware
> http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analy
> sis.pdf   
> SecurityFocus BID
> http://www.securityfocus.com/bid/20588 
> 
> **************************************************************
> *********
> 
> (4) MODERATE: ClamAV PE File Processing Overflow
> Affected:
> ClamAV versions prior to 0.88.5
> 
> Description: ClamAV is an open-source antivirus software 
> designed mainly
> for scanning emails on UNIX mail gateways. The software 
> includes a virus
> scanning library - libClamAV. This library is used by many third party
> email, web, FTP scanners as well as mail clients. The library contains
> a heap-based buffer overflow that can be triggered by 
> specially crafted
> executable (PE) files. The attacker can send the malicious files via
> email, web, FTP or a file share, and exploit the heap-based overflows
> to execute arbitrary code on the system running the ClamAV 
> library. The
> technical details can be obtained by comparing the fixed and the
> affected versions of the software. Note that for compromising the
> mail/web/FTP gateways no user interaction is required.
> 
> Council Site Actions: Only one of the reporting council sites is using
> the affected software and only on a very limited basis.  They 
> are in the
> process of applying the DSA-1196-1 update.
> 
> References:
> http://sourceforge.net/project/shownotes.php?release_id=455799  
> Third Party Software Using ClamAV
> http://www.clamav.net/whos.html#pagestart (Includes Mac OS X server)
> http://www.clamav.net/3rdparty.html#pagestart
> SecurityFocus BID
> http://www.securityfocus.com/bid/20535 
> 
> **************************************************************
> 
> 06.42.1 CVE: Not Available
> Platform: Windows
> Title: Microsoft Class Package Export Tool Clspack.exe Local Buffer
> Overflow
> Description: Microsoft Class Package Export Tool is a utility for MS
> windows. It is exposed to a local buffer overflow issue due to a
> failure of the application to properly size attacker-supplied data
> before copying it into an insufficiently sized memory buffer. Version
> 5.0.2752.0 is affected.
> Ref: http://www.securityfocus.com/bid/20561
> ______________________________________________________________________
> 
> 06.42.2 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft PowerPoint Unspecified Remote Denial of Service
> Description: Microsoft PowerPoint is vulnerable to an unspecified
> remote denial of service issue. This issue is due to a failure of the
> application to properly handle specially-crafted files. Powerpoint
> 2003 is vulnerable.
> Ref:
> http://blogs.technet.com/msrc/archive/2006/10/12/poc-published
> -for-ms-office-2003-powerpoint.aspx
> ______________________________________________________________________
> 
> 06.42.13 CVE: Not Available
> Platform: Cross Platform
> Title: McAfee Network Agent Remote Denial of Service
> Description: McAfee Network Agent is prone to a remote denial of
> service issue when it receives excessive amounts of data to TCP port
> 6646. McAfee Network Agent version 1.0.178.0 is affected.
> Ref: http://www.securityfocus.com/bid/20496
> ______________________________________________________________________
> 
> 06.42.14 CVE: CVE-2006-4154
> Platform: Cross Platform
> Title: Apache Mod_TCL Remote Format String
> Description: Apache mod_tcl is a module for Apache 2.x servers that
> implements a TCL interpreter. It is prone to a remote format string
> vulnerability due to improper sanitization of user-supplied input
> prior to including it in the format-specifier argument of a
> formatted-printing function. Apache mod_tcl version 1.0 is vulnerable
> to this issue.
> Ref: http://www.securityfocus.com/bid/20527
> ______________________________________________________________________
> 
> 06.42.15 CVE: Not Available
> Platform: Cross Platform
> Title: Clam Anti-Virus PE Rebuilding Heap Buffer Overflow
> Description: ClamAV is prone to a heap buffer overflow vulnerability
> because it fails to properly bounds check user-supplied data before
> copying it to an insufficiently sized memory buffer. ClamAV version
> 0.88.4 is affected.
> Ref: http://www.securityfocus.com/bid/20535
> ______________________________________________________________________
> 
> 06.42.16 CVE: CVE-2006-5295
> Platform: Cross Platform
> Title: Clam Anti-Virus CHM Unpacker Denial of Service
> Description: ClamAV is an anti-virus application for Windows and
> Unix-like operating systems. It is exposed to a denial of service
> vulnerability. This is due to an unspecified failure in the CHM
> unpacker that leads to a crash. Version 0.88.4 of Clam Anti-Virus is
> affected.
> Ref: http://www.securityfocus.com/archive/1/448845
> ______________________________________________________________________
> 
> 06.42.18 CVE: Not Available
> Platform: Cross Platform
> Title: NVidia Binary Graphics Driver For Linux Buffer Overflow
> Description: The Nvidia binary graphics driver is exposed to a  buffer
> overflow vulnerability. NVidia Driver for Linux versions 8774 and 8762
> are affected.
> Ref: http://www.securityfocus.com/bid/20559
> ______________________________________________________________________
> 
> 06.42.20 CVE: Not Available
> Platform: Cross Platform
> Title: HP dtmail Attachment Argument Buffer Overflow
> Description: HP dtmail is a desktop email application. A buffer
> overflow vulnerability exists in dtmail when processing an overly-long
> argument to the "-a" flag of the application. The problem occurs due
> to insufficient bounds checking when copying a filename argument into
> an internal memory buffer. This vulnerability exists in dtmail version
> 5.1b.
> Ref: http://www.securityfocus.com/bid/20580
> ______________________________________________________________________
> 
> 06.42.21 CVE: Not Available
> Platform: Cross Platform
> Title: Oracle October 2006 Security Update Multiple Vulnerabilities
> Description: Oracle has released a Critical Patch Update advisory for
> October 2006 to address multiple vulnerabilities. This Critical Patch
> Update addresses the vulnerabilities for supported releases. The
> Oracle advisory describes 101 vulnerabilities in all. Please visit the
> reference link for more information.
> Ref:
> http://www.oracle.com/technology/deploy/security/critical-patc
> h-updates/cpuoct2006.html
> ______________________________________________________________________
> 
> 06.42.22 CVE: CVE-2006-4819
> Platform: Cross Platform
> Title: Opera Web Browser URI Tag Parsing Heap Buffer Overflow
> Description: Opera Web Browser is a web client available for multiple
> platforms. It is exposed to a heap buffer overflow issue because it
> fails to sufficiently bounds check user-supplied data before copying
> it to the heap. Specifically, when the application parses a tag which
> contains a URI it copies the URI to a 256 byte buffer on the heap. URI
> data in excess of 256 bytes will overwrite neighboring memory. Opera
> versions 9.01 and earlier are affected.
> Ref: http://www.securityfocus.com/bid/20591
> ______________________________________________________________________
> 
> 06.42.23 CVE: CVE-2006-5330
> Platform: Cross Platform
> Title: Flash Player Plugin HTTP Header Injection Weakness
> Description: The Flash Player plugin is an addon to enable web
> browsers to display Flash content. It is vulnerable to an injection of
> arbitrary HTTP headers due to insufficient sanitization of
> user-supplied input to the "XML.addRequestHeader()" and
> "XML.contentType" parameters. Adobe Flash Player plugin versions
> 9.0.16 for Windows and 7.0.63 for Linux are vulnerable.
> Ref: http://download2.rapid7.com/r7-0026/
> ______________________________________________________________________
> 
> 06.42.108 CVE: Not Available
> Platform: Hardware
> Title: Cisco 2700 Series Wireless Location Appliance Default
> Administrator Password
> Description: The Cisco 2700 Series Wireless Location Appliance is an
> internet connectivity device. It is exposed to a default
> administrative password issue. Cisco 2700 Series Wireless Location
> Appliance versions earlier than 2.1.34.0 are affected.
> Ref: 
> ______________________________________________________________________
> 
> 06.42.109 CVE: Not Available
> Platform: Hardware
> Title: Kerio WinRoute Firewall Denial of Service Vulnerability
> Description: Kerio WinRoute Firewall is a network appliance designed
> for home and small office setups. It is exposed to a remote denial of
> service vulnerability. This issue occurs when the device fails to
> properly handle malformed DNS responses. Versions 6.2.2 and earlier
> are affected.
> Ref: http://www.securityfocus.com/bid/20584
> ______________________________________________________________________
> 
> 06.42.110 CVE: Not Available
> Platform: Hardware
> Title: eXtensible Open Router Platform OSPFv2 Remote Denial of Service
> Description: The eXtensible Open Router Platform is prone to a remote
> denial of service issue because the software fails to properly handle
> malformed OSPF link state advertisements. eXtensible Open Router
> Platform versions 1.2 and 1.3 are affected.
> Ref: http://www.securityfocus.com/bid/20597



 




Copyright © Lexa Software, 1996-2009.