ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 49



> 
> *****************************
> Widely-Deployed Software
> *****************************
> 
> (1) CRITICAL: Microsoft Word Multiple Unspecified Remote Code 
> Execution
>     Vulnerabilities (0day)
> Affected:
> Microsoft Word 2000
> Microsoft Word 2002
> Microsoft Office Word 2003
> Microsoft Word Viewer 2003
> Microsoft Word 2004 for Mac
> Microsoft Word v. X for Mac
> Microsoft Works 2004,2005, and 2006.
> 
> Description: Two zero-day vulnerabilities have been discovered in
> Microsoft Word. A specially-crafted Word document file could exploit
> these vulnerabilities to execute arbitrary code with the privileges of
> the current user. Word documents will not open without 
> prompting on all
> versions of Word after Word 2000. At least two trojans are known to be
> exploiting one of these vulnerabilities in the wild; the other
> vulnerability is being exploited on a more limited basis.
> 
> Status: Microsoft confirmed, no updates available. 
> 
> Council Site Actions:  All of the responding council sites are waiting
> for confirmation and a patch from Microsoft.  They plan to deploy the
> patch during their next regularly scheduled system maintenance window,
> or automatically through Microsoft's Automatic Update Feature.
> 
> References:
> Microsoft Security Advisory
> http://www.microsoft.com/technet/security/advisory/929433.mspx
> Microsoft Security Center Blog Entries
> http://blogs.technet.com/msrc/archive/2006/12/06/microsoft-sec
urity-advisory-929433-posted.aspx
> http://blogs.technet.com/msrc/archive/2006/12/10/new-report-of
> -a-word-zero-day.aspx 
> SecurityFocus BID
> http://www.securityfocus.com/bid/21451
> 
> ****************************************************************
> 
> (2) CRITICAL: Microsoft Windows Media Player ASX Playlist 
> Buffer Overflow
> Affected:
> Microsoft Windows Media Player version 10.0 and possibly prior
> 
> Description: A previously-known vulnerability that was originally
> considered to lead only to a denial-of-service condition is 
> now believed
> to be exploitable. Microsoft Windows Media Player fails to properly
> handle malformed "REF HREF" elements (used to link to other files) in
> ASX playlist files. It is believed that a specially-crafted ASX file
> could exploit this vulnerability to execute arbitrary code with the
> privileges of the current user. ASX files are opened without prompting
> by default. A simple proof-of-concept and technical details 
> are publicly
> available.
> 
> Status: Microsoft confirmed, no update available.
> 
> Council Site Actions: All of the responding council sites are waiting
> for confirmation and a patch from Microsoft.  They plan to 
> deploy during
> their next regularly scheduled system maintenance window, or
> automatically through Microsoft's Automatic Update Feature.
> 
> References:
> Microsoft Security Response Center Blog Entry
> http://blogs.technet.com/msrc/archive/2006/12/07/public-proof-
> of-concept-code-for-asx-file-format-isssue.aspx
> eEye Security Advisory
> http://research.eeye.com/html/alerts/zeroday/20061122.html
> IntelliAdmin Article
> http://www.intelliadmin.com/blog/2006/12/zero-day-flaw-reporte
d-in-windows.html
> Posting by Sehato (includes simple proof-of-concept)
> http://seclists.org/bugtraq/2006/Nov/0449.html
> SecurityFocus BID
> http://www.securityfocus.com/bid/21247
> 
> ****************************************************************
> 
> (3) CRITICAL: Adobe Download Manager AOM File Handler Buffer Overflow
> Affected:
> Adobe Download Manager Version 2.1 and prior
> 
> Description: Adobe Download Manager, used to download updates 
> for Adobe
> software, contains a buffer overflow vulnerability that can 
> be triggered
> by a specially-crafted AOM file. AOM files are used to specify
> information about updates. By default, AOM files are opened without
> prompting, including when downloaded from websites. A 
> malicious AOM file
> could take advantage of this vulnerability to execute arbitrary code
> with the privileges of the current user. The Adobe Download Manager is
> installed by default with several Adobe products, including Acrobat
> Reader.
> 
> Status: Adobe confirmed, updates available.
> 
> Council Site Actions:  Most of the responding council sites plan to
> address this issue in their next regularly scheduled 
> maintenance window.
> Some sites rely on Adobe's Automatic update feature, thus if this
> application is available via that Automatic Update, it will 
> get updated.
> Otherwise those sites will need to develop a strategy to 
> distribute this
> application.
> 
> References:
> Zero Day Initiative Advisory
> http://www.zerodayinitiative.com/advisories/ZDI-06-044.html
> Adobe Security Advisory
> http://www.adobe.com/support/security/bulletins/apsb06-19.html
> eEye Security Advisory
> http://research.eeye.com/html/advisories/published/AD20061205.html
> SecurityFocus BID
> http://www.securityfocus.com/bid/21453
> 
> ****************************************************************
> 
> (5) HIGH: Barracuda Spam Firewall UUlib Buffer Overflow
> Affected:
> Barracuda Networks Barracuda Spam Firewall versions 3.3.3, 3.1.18,
> 3.1.17, 3.3.03.055, 3.3.03.053, 3.3.01.001, and 3.3.0.54
> 
> Description: Barracuda Networks Barracuda Spam Firewall ships with a
> version of the Convert-UUlib Perl module known to be vulnerable to a
> buffer overflow. A specially-crafted email message could exploit this
> vulnerability to take complete control of the vulnerable device.
> Technical details and a proof-of-concept for this vulnerability are
> publicly available.
> 
> Status: Barracuda Networks confirmed, updates available.
> 
> Council Site Actions: The affected software and/or 
> configuration are not
> in production or widespread use, or are not officially 
> supported at any
> of the council sites. They reported that no action was necessary.
> 
> References:
> Posting by Jean-Sebastien Guay-Leroux
> http://www.securityfocus.com/archive/1/453641
> Proof-of-Concept
> http://www.securityfocus.com/archive/1/396826
> SecurityFocus BID
> http://www.securityfocus.com/bid/13401
> 
> ****************************************************************
> 
> (6) HIGH: Citrix Presentation Server Client ActiveX Remote 
> Code Execution
> Affected:
> Citrix Presentation Server Client for Windows versions prior to 9.230
> 
> Description: Citrix Presentation Server Client for Windows contains an
> ActiveX control which contains a heap overflow vulnerability in its
> "SendChannelData" method. A page that instantiates this control could
> exploit this vulnerability to execute arbitrary code with the 
> privileges
> of the current user.
> 
> Status: Citrix confirmed, updates available. Users can mitigate the
> impact of this vulnerability by disabling the vulnerable 
> ActiveX control
> via Microsoft's "kill bit" mechanism for CLSID
> "238F6F83-B8B4-11CF-8771-00A024541EE3".
> 
> Council Site Actions: Two of the responding council sites are 
> addressing
> this issue.  One site will address in their next regularly scheduled
> system maintenance window.  They will expedite or set the kill-bit if
> an exploit is released.  The other site mostly has clients connecting
> from Mac OS X machines. They will send an email to 
> potentially affected
> users.
> 
> References:
> TippingPoint Security Research Team Advisory
> http://www.tippingpoint.com/security/advisories/TSRT-06-15.html
> Citrix Security Advisory
> http://support.citrix.com/article/CTX111827
> Fortconsult Security Advisory
> http://www.fortconsult.net/images/pdf/citrix_advisory_dec2006.pdf
> Microsoft Knowledge Base (details the "kill bit" mechanism)
> http://support.microsoft.com/kb/240797
> SecurityFocus BID
> http://www.securityfocus.com/bid/21458
> 
> ****************************************************************
> 
> (7) HIGH: Computer Associates BrightStor ARCServe Buffer Overflow
> Affected:
> Computer Associates Server Protection Suite r2
> Computer Associates Business Protection Suite for Microsoft 
> SBS Premium and Standard Editions r2
> Computer Associates Business Protection Suite r2
> Computer Associates BrightStor ARCServe Backup versions prior 
> to 11.5.SP2
> 
> Description: Computer Associates BrightStor ARCServe, a common
> enterprise backup solution, contains a buffer overflow vulnerability.
> By sending a specially-crafted request to the ARCServe process, an
> attacker could exploit this vulnerability and execute arbitrary code
> with SYSTEM privileges. Currently, only the Microsoft Windows versions
> of the software are believed vulnerable. Because multiple
> vulnerabilities have been found in the Computer Associates backup
> products over the past few years, users are advised to block all ports
> opened by the software at the network perimeter.
> 
> Status: Computer Associates confirmed, updates available.
> 
> References:
> Computer Associates Security Advisory
> http://www.securityfocus.com/archive/1/453916
> Computer Associates BrightStor ARCSeve Product Home Page
> http://www3.ca.com/solutions/ProductFamily.aspx?ID=115
> Computer Associates Technical Notes (includes information on 
> open ports)
> http://www.ca.com/at/local/partner/techtalk_mar05_faq.pdf
> http://supportconnectw.ca.com/public/ca_common_docs/brightstor
> winxpsp2matrix.asp
> SecurityFocus BID
> http://www.securityfocus.com/bid/21502 
> 
> ****************************************************************
> ****************************************************************
> 
> (9) MODERATE: Trend Micro OfficeScan Multiple Buffer Overflows
> Affected:
> Trend Micro OfficeScan versions 6.5 and 7.3 and prior
> 
> Description: Trend Micro OfficeScan, a popular enterprise security
> suite, contains multiple buffer overflows in its web console. 
> By sending
> specially-crafted requests to the "Wizard.exe" or 
> "CgiRemoteInstall.exe"
> programs, an attacker could exploit these buffer overflows and execute
> arbitrary code with the privileges of the affected process. Note that
> authentication is required to exploit these vulnerabilities. Users are
> advised to limit access to the web console if possible.
> 
> Status: Trend Micro confirmed, updates available.
> 
> Referneces:
> Trend Micro Readme Files
> http://www.trendmicro.com/ftp/documentation/readme/osce_73_win
_en_patch1.1_readme.txt
> http://www.trendmicro.com/ftp/documentation/readme/OSCE_6.5_wi
n_en_patch8_Readme.txt
> Trend Micro Home Page
> http://www.trendmicro.com
> SecurityFocus BID
> http://www.securityfocus.com/bid/21442
> 
> **************
> Other Software
> **************
> 
> (10) HIGH: MadWifi WiFi Driver Multiple Vulnerabilities
> Affected:
> MadWifi version 0.9.2 and prior
> 
> Description: MadWifi, an open source interface to 
> Atheros-chipset based
> wireless cards, contains multiple vulnerabilities in its 
> "giwscan_cb()"
> and "encode_ie()" functions. By sending a malformed beacon or probe
> response frame, an attacker could exploit these 
> vulnerabilities and take
> complete control of the affected system. No authentication is 
> required,
> and attackers need only be within wireless range of the vulnerable
> system. Note that the affected system may need to be actively probing
> for wireless networks to be vulnerable. MadWifi is available 
> for Linux,
> FreeBSD, NetBSD, and OpenBSD, as well as other operating 
> systems. These
> vulnerabilities are similar to others reported in earlier issues of
> @RISK.
> 
> Status: MadWifi confirmed, updates available.
> 
> References:
> Previous @RISK Entry
> http://www.sans.org/newsletters/risk/display.php?v=5&i=45#widely1
> MadWifi Security Advisory
> http://madwifi.org/wiki/news/20061207/release-0-9-2-1-fixes-cr
itical-security-issue
> MadWifi Home Page
> http://www.madwifi.org/
> Wikipedia Entry on Device Drivers
> http://en.wikipedia.org/wiki/Device_driver 
> SecurityFocus BID
> http://www.securityfocus.com/bid/21486
> 
> *******************************************************************
> 
> 
> ______________________________________________________________________
> 
> 06.49.5 CVE: Not Available
> Platform: Windows
> Title: Outpost Firewall PRO Security Bypass Weakness
> Description: Outpost Firewall PRO is a firewall application. It is
> vulnerable to security bypass weakness that allows local privileged
> attackers to bypass security restrictions. Outpost Firewall PRO
> version 4.0 is affected.
> Ref: http://www.securityfocus.com/archive/1/453182
> ______________________________________________________________________
> 
> 
> 06.49.7 CVE: Not Available
> Platform: Windows
> Title: Microsoft Windows Print Spooler GetPrinterData Denial of
> Service
> Description: Microsoft Windows Print Spooler service (Spoolsv.exe)
> manages printing processes. It is vulnerable to a denial of service
> issue due to insufficient handling of malformed data. Print Spooler on
> Microsoft Windows 2000 SP4 is vulnerable.
> Ref: http://www.securityfocus.com/bid/21401/info
> ______________________________________________________________________
> 
> 06.49.8 CVE: CVE-2006-6179
> Platform: Windows
> Title: Trend Micro OfficeScan Wizard and CgiRemoteInstall Multiple
> Buffer Overflow Vulnerabilities
> Description: Trend Micro OfficeScan is an integrated enterprise level
> security product. The application is vulnerable to multiple
> unspecified buffer overflow issues. Versions prior to and including
> 6.5 and 7.3 are affected. See the advisory for further details.
> Ref: http://www.frsirt.com/english/advisories/2006/4852
> ______________________________________________________________________
> 
> 06.49.9 CVE: Not Available
> Platform: Windows
> Title: Microsoft Internet Explorer Frame Src Denial of Service
> Description: Microsoft Internet Explorer is prone to a denial of
> service vulnerability because the application fails to handle
> exceptional conditions. The issue occurs when the application
> processes a malicious page that contains frames and the "frame src"
> HTML tag is set to the "3F" invalid character.
> Ref: http://www.securityfocus.com/bid/21447
> ______________________________________________________________________
> 
> 06.49.11 CVE: CVE-2006-5994
> Platform: Microsoft Office
> Title: Microsoft Word Unspecified Remote Code Execution
> Description: Microsoft Word is prone to an unspecified remote code
> execution vulnerability. Please see the advisory for further details.
> Ref: http://www.microsoft.com/technet/security/advisory/929433.mspx
> ______________________________________________________________________
> 
> 06.49.14 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Adobe Reader and Acrobat AcroPDF.dll ActiveX Control Remote
> Code Execution Vulnerabilities
> Description: Adobe Reader and Acrobat with AcroPDF.dll ActiveX control
> are vulnerable to multiple remote code execution issues. See the
> advisory for further details.
> Ref: http://www.adobe.com/support/security/advisories/apsa06-02.html
> ______________________________________________________________________
> 
> 06.49.21 CVE: CVE-2006-6334
> Platform: Third Party Windows Apps
> Title: Citrix Presentation Server Client WFICA.OCX ActiveX Component
> Heap Buffer Overflow
> Description: Citrix Presentation Server Client is an ICA client
> application that includes Citrix support. It is prone to a heap buffer
> overflow vulnerability because it fails to properly bounds check
> user-supplied data to the "DataSize" and "DataType" parameters of the
> "SendChannelData()" function before copying it into an insufficiently
> sized memory buffer. Citrix Presentation Server Client version 9.200
> is vulnerable and others may also be affected.
> Ref: http://support.citrix.com/article/CTX111827
> ______________________________________________________________________
> 
> 06.49.26 CVE: CVE-2006-5751
> Platform: Linux
> Title: Linux Kernel Get_FDB_Entries Buffer Overflow
> Description: The Linux kernel is prone to a buffer overflow
> vulnerability due to a bounds checking flaw in the "get_fdb_entries()"
> function. Versions prior to 2.6.18.4 are reportedly vulnerable.
> Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18.4
> ______________________________________________________________________
> 
> 06.49.28 CVE: CVE-2006-4514
> Platform: Linux
> Title: LibGSF Remote Heap Buffer Overflow
> Description: The GNOME Structured File Library (libgsf) is a utility
> library for reading and writing structured file formats. It is exposed
> to a remote heap buffer overflow issue. This issue occurs in the
> "gsf-infile-msole.c" file. Specifically, the "ole_init_info()"
> function only obtains enough memory for the number specified in
> "num_bat".
> Ref: http://www.securityfocus.com/bid/21358
> ______________________________________________________________________
> 
> 06.49.31 CVE: CVE-2006-6301
> Platform: Linux
> Title: DenyHosts Remote Denial of Service
> Description: DenyHosts is an application designed to monitor SSH
> server authentication failure messages and block hosts that attempt to
> brute force SSH authentication credentials. Due to a flaw in the
> regular expression used to parse the log file, attackers attempting to
> authenticate with usernames containing whitespace characters may add
> arbitrary IP addresses to the "/etc/hosts.deny" file causing a remote
> denial of service to legitimate users.
> Ref: http://www.securityfocus.com/bid/21468
> ______________________________________________________________________
> 
> 06.49.33 CVE: CVE-2006-6332
> Platform: Linux
> Title: MADWiFi Linux Kernel Device Driver Multiple Remote Buffer
> Overflow Vulnerabilities
> Description: TheMADWiFi device driver provides the Linux kernel device
> support for wireless LAN chipsets from Atheros. It is prone to
> multiple remote stack based buffer overflow vulnerabilities. MADWiFi
> device driver prior to version 0.9.2.1 are vulnerable.
> Ref: http://www.securityfocus.com/bid/21486
> ______________________________________________________________________
> 
> 06.49.34 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel IBMTR.C Remote Denial of Service
> Description: The Linux kernel is exposed to a remote denial of service
> issue. This issue is triggered when the kernel processes incoming
> packets.  This vulnerability resides in
> "drivers/net/tokenring/ibmtr.c" and arises when a malicious
> "ip_summed" value is supplied in a packet resulting in memory
> corruption. Kernel versions from 2.6.0 up to and including 2.6.19 are
> affected.
> Ref: http://www.securityfocus.com/bid/21490
> ______________________________________________________________________
> 
> 06.49.38 CVE: Not Available
> Platform: Unix
> Title: F-PROT Antivirus ACE Remote Denial of Service
> Description: F-PROT Antivirus is an antivirus application. It is
> vulnerable to a denial of service issue due to failure of the
> application to properly handle certain file types, resulting in
> excessive consumption of system resources. F-PROT Antivirus version
> 4.6.6 is affected.
> Ref: http://www.securityfocus.com/archive/1/453475
> ______________________________________________________________________
> 
> 06.49.49 CVE: CVE-2006-5856
> Platform: Cross Platform
> Title: Adobe Download Manager AOM Buffer Overflow
> Description: Adobe Download Manager is a client application for
> managing the retrieval of Adobe software products. It is vulnerable to
> a remote buffer overflow issue. See the advisory for further details.
> Adobe Download Manager versions 2.1 and earlier are vulnerable.
> Ref:
> http://www.adobe.com/support/security/bulletins/apsb06-19.html
> #instructions
> ______________________________________________________________________
> 
> 06.49.51 CVE: Not Available
> Platform: Cross Platform
> Title: GnuPG OpenPGP Packet Processing Function Pointer Overwrite
> Description: GNU Privacy Guard (GnuPG) is an encryption application
> available for numerous platforms. It is prone to a vulnerability that
> could permit an attacker to overwrite a function pointer.
> Specifically, the problem occurs when attacker controlled data is
> improperly utilized in a filter when processing OpenPGP packets.
> Ref: http://www.securityfocus.com/bid/21462
> ______________________________________________________________________



 




Copyright © Lexa Software, 1996-2009.