ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 45



> 
> Windows laptops with wireless cards that use Broadcom device drivers
> (Broadcom chips are used in machines from HP, Dell, Gateway, and
> eMachines) are directly vulnerable to the attack that has 
> gotten so much
> press on Macintosh wireless.  You are vulnerable if your wireless card
> is turned on, even if you are not connected to a wireless 
> access point.
> Also this week, Firefox users should move to version 1.5.0.8 
> or version
> 2 right away, and, separately, updates should be installed 
> for OpenView
> Configuration Manager V. 1.0.
>                                          Alan
> ****************************
> Widely Deployed Software
> ****************************
> 
> (1) HIGH: Broadcom Wireless Device Driver Buffer Overflow
> Affected:
> Broadcom BCMWL5.SYS Driver version 3.50.21.10 and possibly prior
> 
> Description: The Broadcom BCWML5.SYS device driver, used to control
> Broadcom wireless cards, contains a buffer overflow vulnerability. By
> sending an overly-long SSID in a probe response, an attacker could
> exploit this buffer overflow and take complete control of the 
> vulnerable
> system. No authentication is required, and attackers need 
> only be within
> wireless range of the vulnerable system. This driver is primarily
> designed for Microsoft Windows systems, but it is believed to be
> compatible with the "NdisWrapper" cross-platform driver framework,
> making it possible to run this driver under Linux on the 
> Intel platform.
> This vulnerability was discovered as part of a project to 
> discover bugs
> in various operating systems' kernels. A working exploit is available
> for this vulnerability. This vulnerability is similar to one 
> discovered
> for Mac OS X and documented in an earlier issue of @RISK.
> 
> Status: Some vendors have supplied patches for this vulnerability for
> their wireless cards.
> 
> References:
> Month of Kernel Bugs Security Advisory
> http://projects.info-pull.com/mokb/MOKB-11-11-2006.html
> Metasploit Exploit Module
> http://metasploit.com/svn/framework3/trunk/modules/exploits/wi
> ndows/driver/broadcom_wifi_ssid.rb
> Broadcom Wireless Home Page
> http://www.broadcom.com/products/Wireless-LAN
> Wikipedia Entry on Device Drivers
> http://en.wikipedia.org/wiki/Device_Driver
> NdisWrapper Home Page
> http://ndiswrapper.sourceforge.net/
> Previous @RISK Entry
> http://www.sans.org/newsletters/risk/display.php?v=5&i=31#vuln
> erabilities1
> 
> ****************************************************************
> 
> (2) HIGH: Mozilla Products Multiple Vulnerabilities
> Vulnerable:
> Mozilla Firefox versions prior to 1.5.0.8
> Mozilla Thunderbird versions prior to 1.5.0.8
> Mozilla SeaMonkey versions prior to 1.0.6
> 
> Description: Several products based on the Mozilla suite of
> applications, including the Mozilla Firefox web browser, the Mozilla
> Thunderbird email client, and the Mozilla SeaMonkey integrated suite,
> contain multiple vulnerabilities. These vulnerabilities could allow a
> malicious web page or email message to execute arbitrary code with the
> privileges of the current user, or execute arbitrary JavaScript code.
> Several denial-of-service cases are also reported. Note that 
> all of the
> affected applications are open source; technical details can 
> be obtained
> via source code analysis.
> 
> Status: Mozilla Foundation confirmed, updates available.
> 
> Council Site Actions:  Only two of the reporting council sites are
> responding to this item. One site is already distributing the updates.
> The other site plans to update their IT maintained systems later this
> month. Most of their non-IT-supported users have the product 
> configured
> to automatically check and install updates.
> 
> References:
> Mozilla Security Advisories
> http://www.mozilla.org/security/announce/2006/mfsa2006-67.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-65.html
> SANS Internet Storm center Handler's Diary Entry
> http://isc.sans.org/diary.php?storyid=1834
> SecurityFocus BID
> http://www.securityfocus.com/bid/20957
> 
> ****************************************************************
> 
> (4) MODERATE: ProFTPD Unspecified Remote Code Execution
> Vulnerable:
> ProFTPD version 1.3 and possibly prior
> 
> Description: ProFTPD, a popular multiplatform open source FTP server,
> contains an unspecified vulnerability. Attackers could exploit this
> vulnerability to execute arbitrary code with the privileges of the
> server process. The exact nature of this vulnerability is currently
> unknown, though it is believed to involve the "CommandBufferSize"
> configuration directive. Although technical details for this
> vulnerability have not been publicly posted, because ProFTPD is open
> source, technical details can be obtained via source code analysis.
> 
> Council Site Actions: Have seen conflicting severity ratings for this
> (Moderate Critical), still reviewing
> 
> References:
> ProFTP Home Page
> http://www.proftpd.net/
> SecurityFocus BID
> http://www.securityfocus.com/bid/20992
> 
> ****************************************************************
> 
> (5) MODERATE: Citrix MetaFrame IMA Management Module Multiple 
> Vulnerabilities
> Vulnerable:
> Citrix MetaFrame XP versions 1.0 and 2.0
> Citrix MetaFrame Presentation Server versions 3.0 and 4.0
> 
> Description: Citrix MetaFrame contains multiple 
> vulnerabilities: (1) By
> sending a specially-crafted authentication messages to the server, an
> attacker could trigger a heap overflow. This overflow can be exploited
> to execute arbitrary code with the privileges of the server 
> process. (2)
> Specially-crafted messages sent to the server can cause the server to
> crash, leading to a denial-of-service condition.
> 
> Status: Citrix confirmed, updates available.
> 
> Council Site Actions: Only one of the reporting council sites is
> responding to this item. Their desktop support team is currently
> investigating the impact at their organization.
> 
> References:
> Zero Day Initiative Advisory
> http://www.zerodayinitiative.com/advisories/ZDI-06-038.html
> Citrix Security Advisory
> http://support.citrix.com/article/CTX111186
> SecurityFocus BID
> http://www.securityfocus.com/bid/20986
> 
> ****************************************************************
> 
> (6) LOW: OpenSSH Authentication Signature Weakness
> Affected:
> OpenSSH versions prior to 4.5
> 
> Description: OpenSSH, an open source implementation of the 
> SSH protocol,
> contains a weakness in its authentication mechanisms. It may 
> be possible
> to authenticate to an OpenSSH process with an invalid key 
> signature. It
> is currently believed that this vulnerability is not 
> exploitable without
> the presence of other vulnerabilities. OpenSSH is open source 
> software;
> technical details for this vulnerability may be obtained via 
> source code
> analysis.
> 
> Status: OpenSSH confirmed, updates available.
> 
> References:
> OpenSSH Home Page
> http://www.openssh.com/
> OpenSSH 4.5 Release Notes (including vulnerability announcement)
> http://www.openssh.com/txt/release-4.5
> SecurityFocus BID
> http://www.securityfocus.com/bid/20956
> 

> 
> 06.45.1 CVE: Not Available
> Platform: Windows
> Title: Microsoft Internet Explorer 6 Unspecified Code Execution
> Description: Microsoft Internet Explorer is reportedly prone to an
> unspecified vulnerability that results in arbitrary code execution.
> Researchers report that minimal user interaction is required to carry
> out a successful attack. Successfully exploiting this issue allows
> remote attackers to execute arbitrary machine code in the context of
> the vulnerable application. All versions of Internet Explorer 6 are
> reported vulnerable to this issue.
> Ref: http://www.securityfocus.com/bid/20886
> ______________________________________________________________________
> 
> 06.45.2 CVE: Not Available
> Platform: Windows
> Title: Microsoft Windows GDI Kernel Local Privilege Escalation
> Description: Microsoft Windows is exposed to a local privilege
> escalation issue because data structures mapped to global memory by
> the GDI Kernel can be re-mapped as read-write by other processes.
> Please refer to the link below for further details.
> Ref: http://projects.info-pull.com/mokb/MOKB-06-11-2006.html
> ______________________________________________________________________
> 
> 06.45.3 CVE: Not Available
> Platform: Windows
> Title: Citrix Presentation Server IMA Service Multiple Remote
> Vulnerabilities
> Description: Citrix Presentation Server uses the IMA (Independent
> Management Architecture) service for inter-server and management
> communications. It is affecetd by buffer overflow issues in the
> "IMA_SECURE_DecryptData1()" decryption routine of the "ImaSystem.dll".
> It is also affected by a unspecified denial of service issue.
> Ref: http://support.citrix.com/article/CTX111186
> ______________________________________________________________________
> 
> 06.45.4 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Microsoft XML Core Service XMLHTTP ActiveX Control Remote Code
> Execution
> Description: Microsoft XML Core Service is vulnerable to a remote code
> execution issue due to a memory corruption error in the XMLHTTP
> ActiveX control when processing specially crafted arguments passed to
> the "setRequestHeader()" function. See the advisory for further
> details.
> Ref: http://www.microsoft.com/technet/security/advisory/927892.mspx
> ______________________________________________________________________
> 
> 06.45.6 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: America Online ICQ ActiveX Control Remote Code Execution
> Description: The America Online ICQ ActiveX Control is a conferencing
> application for Microsoft Windows. It is prone to a remote code
> execution vulnerability. An attacker could exploit this issue simply
> by sending a message to a victim ICQ user. The issue resides in the
> "DownloadAgent" function URI parameter of the
> ICQPhone.SipxPhoneManager ActiveX control. The
> ICQPhone.SipxPhoneManager ActiveX control with a CLSID of
> 54BDE6EC-F42F-4500-AC46-905177444300 is affected.
> Ref: http://www.securityfocus.com/bid/20930
> ______________________________________________________________________
> 
> 06.45.17 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel Multiple IPV6 Packet Filtering Bypass
> Vulnerabilities
> Description: The Linux kernel is prone to multiple IPv6 packet
> filtering bypass vulnerabilities because of improper handling of
> fragmented packets. These issues could be exploited by an attacker to
> bypass ip6_table filtering rules.
> Ref: 
> http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-
> 2.6.19-rc4
> ______________________________________________________________________
> 
> 06.45.19 CVE: CVE-2006-5679
> Platform: BSD
> Title: FreeBSD UFS Filesystem Local Integer Overflow
> Description: FreeBSD UFS filesystem is vulnerable to a local integer
> overflow via a crafted UFS filesystem that causes invalid or large
> size parameters to the "kmem_alloc" function. FreeBSD version 6.1 is
> vulnerable.
> Ref: http://secunia.com/advisories/22736/
> ______________________________________________________________________
> 
> 06.45.21 CVE: Not Available
> Platform: Solaris
> Title: Sun Solaris 10 UFS Local Denial of Service
> Description: Sun Solaris 10 is prone to a local denial of service
> issue because the kernel fails to handle corrupted data structures
> during the mount operation which results in a kernel page fault and
> subsequently leads to a loss of data or corruption of the local
> filesystem. Solaris 10 on the ia32/x86 architecture is susceptible,
> while previous versions may be affected as well.
> Ref: http://projects.info-pull.com/mokb/MOKB-04-11-2006.html
> ______________________________________________________________________
> 
> 06.45.29 CVE: Not Available
> Platform: Cross Platform
> Title: OpenSSH Privilege Separation Key Signature Weakness
> Description: OpenSSH is susceptible to a weakness that may allow
> attackers to authenticate without proper key signatures. This issue is
> due to a design error between privileged processes and their child
> processes. OpenSSH versions 4.4 and prior are vulnerable.
> Ref: http://www.securityfocus.com/bid/20956
> ______________________________________________________________________
> 
> 06.45.30 CVE: CVE-2006-5463,CVE-2006-5464,CVE-2006-5747,CVE-2006-5748
> Platform: Cross Platform
> Title: Mozilla Client Products Multiple Remote Vulnerabilities
> Description: The Mozilla Foundation has released two security
> advisories specifying security vulnerabilities in Mozilla Firefox,
> SeaMonkey, and Thunderbird. Please refer to the links below for
> further details.
> Ref: http://www.mozilla.org/security/announce/2006/mfsa2006-65.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-67.html
> ______________________________________________________________________
> 
> 06.45.33 CVE: Not Available
> Platform: Cross Platform
> Title: GNU GV Stack Buffer Overflow
> Description: GNU GV is a PostScript and PDF file viewer. It is prone
> to a stack based buffer overflow issue because it fails to bounds
> check user-supplied data before copying it into an insufficiently
> sized memory buffer. GNU GV version 3.6.2 is susceptible, while others
> may also be affected.
> Ref: http://www.securityfocus.com/bid/20978
> ______________________________________________________________________



 




Copyright © Lexa Software, 1996-2009.