>
> *****************************
> Widely-Deployed Software
> *****************************
>
> (1) CRITICAL: Sun Solaris/SunOS Telnet Daemon Authentication Bypass
> Affected:
> Sun SunOS versions 5.10, 5.11, and possibly prior
>
> Description: Sun SunOS (the Unix-derived core of the Solaris Operating
> System) contains an authentication-bypass vulnerability in its telnet
> daemon. By passing a username beginning with "-f" to the
> server via the
> "-l" switch on the telnet client, an attacker can cause the server to
> ignore other authentication credentials and allow the attacker to log
> in as any user, including root. Depending on operating system
> revision,
> telnet may be enabled by default. Users are advised to disable telnet
> if possible, and to switch to a more secure remote-access
> protocol, such
> as SSH. Technical details and a working exploit are publicly available
> for this vulnerability. This vulnerability is similar to one
> discovered
> for other UNIX-derived and UNIX-like operating systems in 1994.
>
> Status: Sun has not confirmed, no updates available.
>
> References:
> SANS ISC Handler's Diary Blog Posting
> http://isc.sans.org/diary.html?storyid=2220
> Posting on RioSec Security Blog (includes proof-of-concept)
> http://riosec.com/solaris-telnet-0-day.html?q=solaris-telnet-0-day
> Example Exploit
> http://www.milw0rm.com/exploits/3293
> Slashdot Discussion
> http://it.slashdot.org/it/07/02/12/1118248.shtml
> Similar Vulnerability for Other UNIX-derived Operating Systems
> http://osvdb.org/displayvuln.php?osvdb_id=1007
> Wikipedia Article on Telnet
> http://en.wikipedia.org/wiki/Telnet
> Sun Solaris Home Page
> http://www.sun.com/software/solaris/
> SecurityFocus BID
> http://www.securityfocus.com/bid/22512
>
> **************************************************************
> ***********
>
> (2) HIGH: Trend Micro Antivirus UPX File Parsing Buffer Overflow
> Affected:
> Trend Micro Antivirus Engine with a Virus Pattern File prior
> to 4.245.00.
>
> The Trend Micro Antivirus Engine is deployed in a wide array of Trend
> Micro and third-party OEM products. Please consult the
> official security
> advisory to determine if a product is vulnerable.
>
> Description: Trend Micro Antivirus, a popular antivirus solution,
> contains a buffer overflow vulnerability when parsing executables
> compressed with the UPX executable compression program. A
> specially-crafted executable could trigger this buffer overflow and
> execute arbitrary code with SYSTEM/root privileges, allowing complete
> control of the vulnerable system. Note that the malicious file can be
> sent to a vulnerable system via email (spam messages), web,
> FTP, Instant
> Messaging or Peer-to-Peer file sharing. UPX file format
> vulnerabilities
> have been widely-reported in the past, and UPX file fuzzers
> are commonly
> available.
>
> Status: Trend Micro confirmed, updates available.
>
> Council Site Actions: The affected software and/or
> configuration are not
> in production or widespread use, or are not officially
> supported at any
> of the council sites. They reported that no action was necessary.
>
> References:
> iDefense Security Advisory
> http://www.securityfocus.com/archive/1/459390
> Trend Micro Security Advisory
> http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN
-1034289
> SANS Incident Handler's Diary
> http://isc.sans.org/diary.html?storyid=2190
> Wikipedia Article on UPX Executable Compression
> http://en.wikipedia.org/wiki/UPX
> Trend Micro Home Page
> http://www.trendmicro.com
> SecurityFocus BID
> http://www.securityfocus.com/bid/22449
>
> *********************************************************
>
> (3) MODERATE: Samba Multiple Remote Code Execution Vulnerabilities
> Affected:
> Samba version 30.23d and prior
>
> Description: Samba, an open source implementation of the Microsoft
> Server Message Block (SMB) or Common Internet Filesystem (CIFS)
> protocol, contains multiple vulnerabilities:
> (1) Samba provides a "winbind" module that is loadable by the Name
> Service Switch facility on several UNIX and UNIX-like systems. This
> module allows nameservice lookups via the WINS protocol. On
> Sun Solaris
> systems configured to use this module, a specially-crafted request can
> trigger a stack-based buffer overflow to execute arbitrary code with
> root privileges.
> (2) Samba contains a format string vulnerability that can be triggered
> while serving Andrew File System (AFS) directories via CIFS. If the
> "afsacl.so" module is loaded on a vulnerable system, a user with write
> privileges could exploit this format string to execute arbitrary code
> with the privileges of the Samba process. Both the vulnerable
> configurations are rare, and are not the default configuration. Note
> that, because Samba is open source, technical details for these
> vulnerabilities are available via source code analysis.
>
> Status: Samba confirmed, updates available.
>
> Council Site Actions: Two of the reporting council sites are using the
> affected software. Both sites plan to update their systems
> during their
> next regularly scheduled system maintenance period. One of the sites
> commented that even though they are not using the vulnerable features
> right now, they can't say that they will not be used in the future.
> Thus, they feel the best practice is to install the patches now.
>
> References:
> Samba Security Advisories
> http://www.securityfocus.com/archive/1/459179
> http://www.securityfocus.com/archive/1/459168
> SANS Incident Handler Posting
> http://isc.sans.org/diary.html?storyid=2175
> Wikipedia Article on the Andrew File System
> http://en.wikipedia.org/wiki/Andrew_File_System
> Wikipedia Article on the Name Service Switch
> http://en.wikipedia.org/wiki/Name_Service_Switch
> Samba Home Page
> http://www.samba.org
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/22403
> http://www.securityfocus.com/bid/22410
>
> *********************************************************
>
>
>
> Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
> Week 7 2007
>
>
> 07.7.6 CVE: CVE-2007-0671
> Platform: Microsoft Office
> Title: Microsoft Office Malformed String Remote Code Execution
> Description: Microsoft Office is prone to a remote code execution
> vulnerability. This issue occurs when the application processes
> maliciously crafted files. Microsoft Office XP SP3 and prior are
> affected.
> Ref:
> http://www.symantec.com/enterprise/security_response/writeup.j
> sp?docid=2007-020717-0252-99
> http://www.kb.cert.org/vuls/id/613740
> http://www.microsoft.com/technet/security/advisory/932553.mspx
> ______________________________________________________________________
>
> 07.7.12 CVE: Not Available
> Platform: Cross Platform
> Title: Trend Micro Antivirus UPX Compressed PE File Buffer Overflow
> Description: Trend Micro Antivirus is an antivirus application for
> Windows and Unix-like operating systems. Trend Micro
> Antivirus is prone
> to a buffer overflow vulnerability because it fails to properly bounds
> check user-supplied data before copying it to an insufficiently-sized
> memory buffer. This issue affects all Trend Micro products
> and versions
> using the Scan Engine and Pattern File technology.
> Ref: http://www.securityfocus.com/archive/1/459390
> http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=470
> http://www.kb.cert.org/vuls/id/276432
> http://www.securityfocus.com/bid/22449
> ______________________________________________________________________
>
> 07.7.13 CVE: Not Available
> Platform: Cross Platform
> Title: RARLAB Unrar Password Protected Archives Buffer Overflow
> Description: Unrar is a command line archive extractor for Windows and
> Linux operating systems. Unrar is prone to a stack-based
> buffer overflow vulnerability because it fails to properly bounds
> check user-supplied input before copying it to an insufficiently sized
> memory buffer. Version 3.60 for Linux and version 3.61 for Windows are
> affected.
> Ref:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=472
> http://www.securityfocus.com/archive/1/459384
> http://www.securityfocus.com/bid/22447
> ______________________________________________________________________
>
> 07.7.14 CVE: Not Available
> Platform: Cross Platform
> Title: STLPort Library Multiple Unspecified Buffer Overflow
> Vulnerabilities
> Description: STLport is a C++ Standard Template Library (STL). The
> STLport library is susceptible to multiple unspecified buffer overflow
> vulnerabilities because the library fails to properly bounds check
> user-supplied input before copying it to insufficiently-sized memory
> buffers. STLport versions prior to 5.0.3 are affected.
> Ref: http://sourceforge.net/project/shownotes.php?release_id=483468
> http://www.securityfocus.com/bid/22423
> ______________________________________________________________________
>
> 07.7.16 CVE: Not Available
> Platform: Cross Platform
> Title: Jetty Insecure Random Number Generation
> Description: Jetty is a java server available for various operating
> systems. It is prone to a vulnerability that allows an
> attacker to determine
> the seed of a random number generator because the application uses the
> "java.util.Random" class to generate session IDs. This issue affects
> versions prior to 4.2.27 for the 4.x series, 5.1.12 for the 5.x
> series, 6.0.2 for the 6.0x series, and 6.1.0pre3 for the 6.1.x series.
> Ref: http://www.securityfocus.com/bid/22405/info
> http://fisheye.codehaus.org/changelog/jetty/?cs=1274
> ______________________________________________________________________
>
> 07.7.17 CVE: CVE-2007-0453
> Platform: Cross Platform
> Title: Samba NSS host lookup Winbind Multiple Remote Buffer Overflow
> Vulnerabilities
> Description: Samba is a file and print server. It is available for
> multiple operating platforms. The application is prone to multiple
> remote buffer overflow vulnerabilities because the application fails
> to bounds check user-supplied data before copying it into an
> insufficiently-sized buffer. This issue affects versions 3.0.21 to
> 3.0.23d.
> Ref: http://www.securityfocus.com/archive/1/459168
> http://www.securityfocus.com/bid/22410/info
> ______________________________________________________________________
>
> 07.7.18 CVE: CVE-2007-0454
> Platform: Cross Platform
> Title: Samba Server VFS Plugin AFSACL.SO Remote Format String
> Description: Samba is a file and print server for use with "SMB/CIFS"
> clients. It is prone to a remote format string vulnerability because
> it fails to properly sanitize user-supplied input before including it
> in the format specifier argument of a formatted printing function.
> Samba versions 3.06 to 3.0.23d are affected.
> Ref: http://www.kb.cert.org/vuls/id/649732
> ______________________________________________________________________
>
> 07.7.19 CVE: CVE-2007-0555, CVE-2007-0556
> Platform: Cross Platform
> Title: PostgreSQL Information Disclosure and Denial of Service
> Vulnerabilities
> Description: PostgreSQL is a relational database suite. It is
> available for UNIX, Linux, and variants, as well as Apple Mac OS X and
> Microsoft Windows operating systems. Versions 7.3, 7.4, 8.0, 8.1 and
> 8.2 are affected.
> Ref: http://rhn.redhat.com/errata/RHSA-2007-0064.html
> http://www.postgresql.org/support/security
> ______________________________________________________________________
>
> 07.7.20 CVE: CVE-2007-0452
> Platform: Cross Platform
> Title: Samba Deferred CIFS File Open Denial of Service
> Description: Samba is a freely available file and printer sharing
> application. The smbd daemon is prone to a denial of service
> vulnerability because requests are never removed from the
> deferred file
> open request queue. This forms an infinite loop. Samba
> versions 3.0.6 through 3.0.23d are affected.
> Ref: http://www.securityfocus.com/bid/22395
> ______________________________________________________________________
>
>
> 07.7.22 CVE: Not Available
> Platform: Cross Platform
> Title: Computer Associates BrightStor ARCserve Backup Catirpc.EXE
> Denial Of Service
> Description: Computer Associates BrightStor ARCserve Backup products
> provide backup and restore protection for Windows, NetWare, Linux, and
> UNIX servers as well as Windows, Mac OS X, Linux, UNIX, AS/400, and
> VMS clients. The application is prone to a denial of service
> vulnerability because it mishandles unexpected user-supplied input.
> Computer Associates BrightStor ARCServe Backup versions 11.5
> and earlier are
> affected.
> Ref: http://www.securityfocus.com/bid/22365
> ______________________________________________________________________