ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 47



> 
> *************************
> Widely Deployed Software
> *************************
>  
> ****************************************************************
>  
> (2) HIGH: Acer Notebooks ActiveX Control Arbitrary Command Execution
> Affected:
> All Acer Notebooks running Windows
> 
> Description: Acer, a Taiwan based company, is a leading Notebook
> producer with a dominant presence in the Europe, Asia and 
> Africa (EMEA)
> market. Acer Notebooks ship with "LunchApp.APlunch" ActiveX 
> control that
> is marked as safe for scripting. This ActiveX control supports "Run"
> method that can be used to run any command (with arbitrary parameters)
> on an Acer notebook remotely. A specially crafted webpage or an HTML
> email can exploited this flaw to compromise Acer Notebooks. The
> discoverer has posted a proof-of-concept exploit, and tested the
> presence of this ActiveX control on an older as well as a more recent
> Acer model.
> 
> Status: Acer has not confirmed. A workaround is to set the 
> kill bit for
> the LunchApp.APlunch ActiveX control's UUID:
> D9998BD0-7957-11D2-8FED-00606730D3AA.
> 
> Council Site Actions: The affected software and/or 
> configuration are not
> in production or widespread use, or are not officially 
> supported at any
> of the council sites. They reported that no action was necessary.
> 
> References:
> Advisory by Tan Chew Keong (includes PoC exploit)
> http://vuln.sg/acerlunchapp-en.html
> Setting Killbit for an ActiveX Control
> http://support.microsoft.com/kb/240797
> Acer Home Page
> http://global.acer.com/ 
> SecurityFocus BID
> http://www.securityfocus.com/bid/21207 
>  
> ****************************************************************
>   
> (3) MODERATE: Computer Associates BrightStor ARCserve Backup 
> Buffer Overflow
> Affected:
> BrightStor ARCserver Backup version 11.5 and possibly prior
> 
> Description: Computer Associates BrightStor ARCserve Backup products
> provide backup services for Windows, NetWare, Linux and UNIX. The
> products contains a buffer overflow that can be triggered by 
> a specially
> crafted RPC request to the port 6502/tcp. The flaw can be exploited to
> execute arbitrary code with SYSTEM privileges. The technical details
> have not been publicly posted yet.
> 
> Status: CA is aware of this issue and is working on a fix. A 
> workaround,
> in the meanwhile, is to block the requests to port 6502/tcp at the
> network perimeter.
> 
> Special Note: CA backup products have been reported to 
> contain multiple
> vulnerabilities for the past few years. SANS recommends you 
> to block all
> the ports that are opened by the software at the network perimeter. A
> list of the ports to block may be found at:
> http://www.ca.com/at/local/partner/techtalk_mar05_faq.pdf
> http://supportconnectw.ca.com/public/ca_common_docs/brightstor
> winxpsp2matrix.asp
> 
> Council Site Actions: The affected software and/or 
> configuration are not
> in production or widespread use, or are not officially 
> supported at any
> of the council sites. They reported that no action was necessary.
> 
> References:
> Posting by LSsec Security
> http://archives.neohapsis.com/archives/bugtraq/2006-11/0418.html 
> Posting by James K Williams, CA
> http://archives.neohapsis.com/archives/bugtraq/2006-11/0443.html 
> Product Page
> http://www3.ca.com/Solutions/ProductList.asp?ID=4536&TYPE=P 
> SecurityFocus BID
> http://www.securityfocus.com/bid/21140
>  
> ************************************************************
> ****************************************************************
> 
> ****************
> Other Software
> ****************
> 
> (5) HIGH: GNU Radius Format String Vulnerability
> Affected:
> GNU Radius versions prior to 1.4
> 
> Description: GNU Radius is a server for user authentication and
> accounting. The server supports SQL databases for authentication and
> accounting. The Radius server contains a format string vulnerability
> when it is compiled with a SQL back-end, and the SQL accounting is
> turned on. The flaw can be exploited by unauthenticated attackers to
> execute arbitrary code on the server with typically root 
> privileges. The
> technical details can be extracted by examining the fixed and the
> vulnerable versions of the server code.
> 
> Status: GNU has released version 1.4 to fix this flaw. Note that the
> FreeBSD and Gentoo Linux versions are vulnerable in their default
> configuration.
> 
> References:
> iDefense Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=443 
> GNU Radius Homepage
> http://www.gnu.org/software/radius/ 
> SecurityFocus BID
> Not yet available.
> 
> **************************************************************
> *********
> 
> (7) HIGH: NetGear WG311v1 Wireless Driver SSID Buffer Overflow
> Affected:
> NetGear WG311v1 wireless driver version 2.3.1 10 and possibly prior
> 
> Description: The NetGear WG311v1 device driver, used to 
> control NetGear
> wireless cards, contains a buffer overflow vulnerability. By sending a
> specially-crafted 802.11 (WiFi) frame containing an overly long SSID,
> an attacker could exploit this buffer overflow and take 
> complete control
> of the vulnerable system. No authentication is required, and attackers
> need only be within wireless range of the vulnerable system. Because
> this vulnerability lies within the processing of probe 
> response packets,
> the victim does not need to explicitly connect to a malicious wireless
> network to be exploited. This driver is primarily designed 
> for Microsoft
> Windows systems, but it is believed to be compatible with the
> "NdisWrapper" cross-platform driver framework, making it 
> possible to run
> this driver under Linux (and possibly other operating systems) on the
> Intel platform. This vulnerability was discovered as part of a project
> to discover bugs in various operating systems' kernels. A working
> exploit is available for this vulnerability. This vulnerability is
> similar to several discovered for other NetGear wireless 
> device drivers
> that were documented in a previous issue of @RISK.
> 
> Status: NetGear has not confirmed, no updates available.
> 
> References:
> Month of Kernel Bugs Advisory
> http://projects.info-pull.com/mokb/MOKB-22-11-2006.html
> Metasploit Module
> http://metasploit.com/svn/framework3/trunk/modules/auxiliary/d
> os/wireless/netgear_wg311pci.rb
> NetGear Home Page
> http://www.netgear.com
> Wikipedia Entry on Device Drivers
> http://en.wikipedia.org/wiki/Device_driver
> Ndis Home Page
> http://ndiswrapper.sourceforge.net
> Previous @RISK Entry
> http://www.sans.org/newsletters/risk/display.php?v=5&i=46#other1
> SecurityFocus BID
> http://www.securityfocus.com/bid/21251
> 
> **************************************************************
> 
> 06.47.10 CVE: Not Available
> Platform: Linux
> Title: Apache mod_auth_kerb Off By One Denial of Service
> Description: The mod_auth_kerb module is prone to an off by one buffer
> overflow condition that results in a denial of service condition.
> mod_auth_kerb versions 5.0, 5.1, and 5.2 are vulnerable.
> Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206736
> ______________________________________________________________________
> 
> 06.47.14 CVE: CVE-2006-3093
> Platform: Cross Platform
> Title: Acrobat Reader DLL Multiple Denial Of Service Vulnerabilities
> Description: Adobe Acrobat Reader is a document viewer for PDF and
> PostScript files. It is vulnerable to multiple unspecified denial of
> service issues. See the advisory for further details.
> Ref: http://www.securityfocus.com/bid/21155/info
> ______________________________________________________________________
> 
> 06.47.52 CVE: Not Available
> Platform: Network Device
> Title: NetGear MA521 Wireless Driver Long Beacon Probe Buffer Overflow
> Description: NetGear MA521 Wireless device is affected by a stack
> based buffer overflow issue because the driver fails to bounds check
> user-supplied data before copying it into an insufficiently sized
> memory buffer. Version 5.148.724.2003 of the MA521nd5.SYS driver is
> affected.
> Ref: http://www.kb.cert.org/vuls/id/395496
> ______________________________________________________________________
> 
> 06.47.53 CVE: Not Available
> Platform: Network Device
> Title: NetGear WG111v2 Wireless Driver Long Beacon Buffer Overflow
> Description: NetGear WG111v2 Wireless device is vulnerable to a stack
> based buffer overflow issue when the driver attempts to process 802.11
> Beacon frames containing excessively long information elements.
> Netgear version 5.1213.6.316 of the WG111v2.SYS driver is vulnerable.
> Ref: http://www.kb.cert.org/vuls/id/445753
> ______________________________________________________________________
> 



 




Copyright © Lexa Software, 1996-2009.