ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 6



> 
> *****************************
> Widely Deployed Software
> *****************************
> 
> (1) HIGH: Microsoft Office Unspecified Remote Code Execution
> Affected:
> Microsoft Office 2000
> Microsoft Office 2004 for Mac
> Possibly other versions.
> 
> Description: Microsoft Office contains a memory corruption 
> vulnerability
> in the processing of certain file formats. A specially-crafted file
> could exploit this vulnerability and execute arbitrary code with the
> privileges of the current user. This vulnerability is 
> reported as being
> actively exploited in the wild. Currently, the public exploit is using
> Microsoft Excel files, but other file formats may be vulnerable. The
> extent of exploitation in the wild is currently believed to 
> be very low.
> Note that Microsoft Office documents are not opened by default on
> versions of Office after Office 2000, or if the Office Document
> Confirmation Tool has been installed. No technical details for this
> vulnerability are believed to be publicly available.
> 
> Status: Microsoft confirmed, no updates available.
> 
> References:
> Microsoft Security Advisory
> http://www.microsoft.com/technet/security/advisory/932553.mspx
> Virus Information from McAfee
> http://vil.nai.com/vil/content/v_137387.htm
> Microsoft Office Document Confirmation Tool
> http://www.microsoft.com/downloads/details.aspx?familyid=8B576
> 2D2-077F-4031-9EE6-C9538E9F2A2F&displaylang=en
> Slashdot Discussion
> http://it.slashdot.org/it/07/02/04/223256.shtml 
> SecurityFocus BID
> http://www.securityfocus.com/bid/22383
> 
> 
> **************************************************************
> ***********
> 
> (3) LOW: Cisco SIP Packet Processing Denial-of-Service
> Affected:
> Cisco devices that support Voice-over-IP
> 
> Description: Cisco devices that support Voice-over-IP (VoIP), but that
> are not properly configured for VoIP, are prone to a denial-of-service
> vulnerability. Currently, the nature of the vulnerability is not
> publicly known, but has been confirmed to involve traffic on UDP port
> 5060 and the Session Initiation Protocol (SIP). Note that devices that
> are properly configured for VoIP are not vulnerable. Users are advised
> to block UDP port 5060 at the network perimeter, if possible.
> 
> Status: Cisco confirmed, updates available.
> 
> Council Site Actions: Most of the responding council sites 
> are using the
> affected software.  Their respective network support teams plan to
> roll-out the patched during their next regularly scheduled 
> system update
> process.
> 
> References:
> Cisco Security Advisory
> http://archives.neohapsis.com/archives/bugtraq/2007-01/0690.html
> Wikipedia Article on the Session Initiation Protocol
> http://en.wikipedia.org.wiki/Session_Initiation_Protocol
> SecurityFocus BID
> http://www.securityfocus.com/bid/22330
> 
> ***********
> 
> ***********************
> Exploits and Details
> ***********************
> 
> (5) DETAILS: Microsoft Agent Heap Overflow Vulnerability
> 
> Description: Technical details have been publicly posted for a
> vulnerability patched in Microsoft Security Bulletin MS06-068. A
> specially-crafted string in a Microsoft Agent file (acf) with a length
> specified as greater than 0x7FFFFFFF will trigger a buffer overflow.
> Successful exploitation of this buffer overflow can result in 
> arbitrary
> code execution with the privileges of the current user. This
> vulnerability was discussed in a previous issue of @RISK.
> 
> Council Site Actions:  Most of the responding council sites 
> are already
> in the process of updating their systems.
> 
> References:
> Previous @RISK Entry
> http://www.sans.org/newsletters/risk/display.php?v=5&i=46#widely4
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms06-068.mspx
> Posting by COSEINC
> http://archives.neohapsis.com/archives/bugtraq/2007-01/0672.html
> 
> *****************************
> 
> (7) DETAILS: Computer Associates BrightStor ARCserve Buffer Overflows
> 
> Description: Technical details have been publicly posted two
> vulnerabilities in Computer Associates BrightStor ARCserve.
> Specially-crafted traffic sent to the "LGSSERVER.EXE" process can
> exploit these vulnerabilities and execute arbitrary code with SYSTEM
> privileges:
> (1) A specially-crafted packet with a length specified as greater than
> 32767 will trigger a buffer overflow and result in arbitrary code
> execution. The vulnerable process listens on TCP port 1900; users are
> advised to block access to this port at the network 
> perimeter, if at all
> possible.
> (2) Specially-crafted traffic beginning with the sequence
> "\x4e\x3d\x2c\x1b" and with a length greater than 65535 will trigger a
> buffer overflow and allow arbitrary code execution. The vulnerable
> process listens on TCP port 2200; users are advised to block access to
> this port at the network perimeter, if at all possible.  These issues
> were discussed in a previous issue of @RISK.
> 
> Council Site Actions: Only one of the responding council 
> sites is using
> the affected software and they plan to load the patches during their
> next regularly schedule system update process.
> 
> References:
> Previous @RISK Entry
> http://www.sans.org/newsletters/risk/display.php?v=6&i=5#widely5
> Posting by NGS Software Insight Security Research
> http://archives.neohapsis.com/archives/bugtraq/2007-01/0684.html
> 
> **************************************************************
> *****************************
> 
> Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
> Week 6 2007
> 
> 
> 07.6.1 CVE: Not Available
> Platform: Windows
> Title: Windows Vista Voice Recognition Command Execution
> Description: Windows Vista is prone to a command execution
> vulnerability because of its built in voice recognition capability.
> When voice recognition is enabled and when the speakers and microphone
> are on and the volume is adjusted appropriately, voice commands given
> via an audio file may be executed by the operating system. Several
> versions of Windows Vista are affected.
> Ref:
> http://blogs.technet.com/msrc/archive/2007/01/31/issue-regardi
> ng-windows-vista-speech-recognition.aspx
> ______________________________________________________________________
> 
> 07.6.2 CVE: Not Available
> Platform: Windows
> Title: Microsoft Windows Mobile Multiple Remote Denial of 
> Service Vulnerabilities
> Description: Microsoft Windows Mobile is an operating system for smart
> phones and PDAs. Due to insufficient input sanitization, it is prone
> to two remote denial of service vulnerabilities. Please refer to the
> advisory for further information.
> Ref: http://www.securityfocus.com/bid/22343
> ______________________________________________________________________
> 
> 07.6.3 CVE: Not Available
> Platform: Windows
> Title: Microsoft Internet Explorer Multiple ActiveX Controls Denial of
> Service Vulnerabilities
> Description: Microsoft Internet Explorer is prone to multiple denial
> of service vulnerabilities due to insufficient exception handling in
> various ActiveX controls. Internet Explorer versions 5, 6 and 7 are
> reportedly vulnerable. Please refer to the advisory for further
> information.
> Ref: http://www.securityfocus.com/bid/22288
> ______________________________________________________________________
> 
> 07.6.5 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Computer Associates BrightStor ARCserve BackUp LGServer Remote
> Stack Buffer Overflow
> Description: Computer Associates BrightStor ARCserve Backup products
> provide backup and restore protection. BrightStor ARCserve 
> Backup is prone to a remote stack
> based buffer overflow vulnerability due to inadequate bounds checks on
> user-supplied data prior to copying it to an insufficiently sized
> buffer. Computer Associates BrightStor ARCserve Backup versions 11.0,
> 11.1 and 11.1 SP1 are affected.
> Ref:
> http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/b
> abldimpsec-notice.asp
> ______________________________________________________________________
> 
> 07.6.8 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Ipswitch WS_FTP 2007 SCP Handling Format String
> Description: Ipswitch WS_FTP 2007 Professional is an FTP server
> written for the Microsoft Windows operating system. It is prone to a
> format string vulnerability due to insufficient input sanitization in
> the SCP handling module.
> Ref: http://www.securityfocus.com/bid/22275
> ______________________________________________________________________
> 
> 07.6.23 CVE: CVE-2007-0459,CVE-2007-0458,CVE-2007-0457,CVE-2007-0456
> Platform: Cross Platform
> Title: Wireshark Multiple Protocol Denial of Service Vulnerabilities
> Description: Wireshark is an application for analyzing network
> traffic. It is vulnerable to multiple denial of service issues when
> certain unspecified HTTP packets are reassembled. Wireshark versions
> 0.99.4 and earlier are vulnerable.
> Ref: http://www.wireshark.org/security/wnpa-sec-2007-01.html
> ______________________________________________________________________
> 
> 07.6.24 CVE: Not Available
> Platform: Cross Platform
> Title: Computer Associates BrightStor ARCserve Backup LGSERVER.EXE
> Denial Of Service
> Description: Computer Associates BrightStor ARCserve Backup products
> provide backup and restore protection for multiple platforms. 
> BrightStor ARCserve Backup is
> prone to a denial of service vulnerability due to insufficient error
> handling in the "LGSERVER.EXE" service. Multiple versions are
> reportedly vulnerable. Please refer to the advisory for more
> information.
> Ref:
> http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/b
> abldimpsec-notice.asp
> ______________________________________________________________________
> 
> 07.6.78 CVE: Not Available
> Platform: Network Device
> Title: Intel 2200BG 802.11 Driver Beacon Frame Denial of Service
> Description: Intel 2200BG driver is prone to a remote code execution
> vulnerability due to a race condition. The vulnerability occurs when
> the affected device driver "w29n51.sys" fails to properly handle
> malformed disassociation packets. Intel 2200 driver version 9.0.3.9 is
> vulnerable, and other versions may also be affected.
> Ref: http://www.securityfocus.com/bid/22260
> ______________________________________________________________________



 




Copyright © Lexa Software, 1996-2009.