ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 11



> 
> 
> *****************************
> Widely Deployed Software
> *****************************
> 
> (1) CRITICAL: Apple QuickTime Multiple Vulnerabilities
> Affected:
> Apple QuickTime versions prior to 7.1.5
> 
> Description: Apple QuickTime, Apple's streaming media framework,
> contains multiple vulnerabilities in handling various file formats.
> Certain specially-crafted image and movie files could exploit these
> vulnerabilities, and execute arbitrary code with the privileges of the
> QuickTime user. Note that QuickTime content in web pages is opened by
> default if the QuickTime player is installed, allowing malicious web
> pages to exploit this vulnerability. Some technical details for these
> vulnerabilities are publicly available. These issues affect both the
> Microsoft Windows and Mac OS X versions of QuickTime.
> 
> Status: Apple confirmed, updates available. The updates are
> automatically available via Apple's Software Update facility.
> 
> Council Site Actions:  Two of the responding council sites 
> are using the
> affected software. One site has already deployed the updates. 
>  The other
> site does not install this software by default, but said that the
> automatic update feature should update systems for those who have
> installed the software on their own.
> 
> References:
> Apple Security Advisories
> http://docs.info.apple.com/article.html?artnum=61798 
> http://docs.info.apple.com/article.html?artnum=305149 
> Zero Day Initiative Advisory
> http://www.zerodayinitiative.com/advisories/ZDI-07-010.html 
> iDefense Security Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=486 
> Nevis Labs Security Advisory
> http://www.securityfocus.com/archive/1/461999 
> Piotr Bania Advisory
> http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt 
> QuickTime Developer Documentation (contains technical 
> information about various QuickTime file and stream formats)
> http://developer.apple.com/quicktime/ 
> Product Home Page
> http://www.apple.com/quicktime/ 
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/22844 
> 
> ****************************************************************
> ****************************************************************
> 
> (5) LOW: Mozilla-based Browser Arbitrary JavaScript Code Execution
> Affected:
> Mozilla Firefox versions 1.5.0.9 and 2.0.0.1
> Mozilla SeaMonkey version 1.0.7
> 
> Description: Browsers based on the Mozilla code base, 
> including Mozilla
> Firefox and the browser component of Mozilla SeaMonkey, contain an
> arbitrary JavaScript execution vulnerability. A malicious web page
> containing a specially-crafted "IMG" tag with a "javascript:" 
> URL in its
> "SRC" attribute could execute arbitrary JavaScript without the user's
> knowledge. Note that the script code is executed even if the user has
> disabled JavaScript in the browser's settings. Note that this
> vulnerability was introduced as a side effect of the fix for Mozilla
> vulnerability MFSA 2006-72; only browsers that have been 
> patched against
> that vulnerability are vulnerable.
> 
> Status: Mozilla confirmed, updates available.
> 
> Council Site Actions: Two if the responding council sites are 
> using the
> affected software. One site has already deployed the updates. 
>  The other
> site does not install this software by default, but said that 
> automatic
> update feature should update for those who have installed it on their
> own.
> 
> References:
> Mozilla Security Advisory
> http://www.mozilla.org/security/announce/2007/mfsa2007-09.html 
> SecurityFocus BID
> http://www.securityfocus.com/bid/22826 
> 
> **************************************************************
> *********
> 
> Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
> Week 11 2007
> 
> 07.11.1 CVE: Not Available
> Platform: Windows
> Title: Microsoft Windows ole32.dll Word Document Handling Denial of
> Service
> Description: The Microsoft ole32.dll library is exposed to a denial
> of service issue. The issue manifests when the library handles
> document (.doc) files containing malformed pointer values. Software
> that is linked to the ole32.dll versions that reside on Microsoft
> Windows 2000 SP4 FR and XP SP2 FR platforms are affected.
> Ref: http://www.securityfocus.com/bid/22847
> ______________________________________________________________________
> 
> 07.11.4 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: RealMedia RealPlayer Ierpplug.DLL ActiveX Control Multiple
> Buffer Overflow Vulnerabilities
> Description: RealPlayer ActiveX control allows users to stream various
> media files through their web browser. The application is exposed to 
> multiple buffer overflow issues because it fails to properly bounds
> check user-supplied data before copying it to an insufficiently
> sized buffer. RealPlayer ActiveX control version 10.5 is affected.
> Ref: http://support.microsoft.com/kb/240797
> ______________________________________________________________________
> 
> 07.11.6 CVE: CVE-2007-0713
> Platform: Mac Os
> Title: Apple QuickTime MOV File Heap Overflow
> Description: Apple QuickTime is a media player that supports multiple
> file formats. The application is prone to a heap overflow issue
> because it fails to properly check boundaries on user-supplied data.
> QuickTime 7.1 is affected.
> Ref: http://docs.info.apple.com/article.html?artnum=305149
> ______________________________________________________________________
> 
> 07.11.7 CVE: CVE-2007-0714
> Platform: Mac Os
> Title: Apple Quicktime UDTA ATOM Integer Overflow
> Description: QuickTime Player is the media player distributed by Apple
> for QuickTime and other media files. The application is exposed to an
> integer overflow issue when processing specially crafted MOV files.
> Specifying a large "udta" (user data atom) Atom size can
> result in an insufficiently-sized heap buffer allocation. This can be
> leveraged to overwrite heap memory during a RtlAllocateHeap()
> routine. Versions prior to 7.1.5 are affected.
> Ref: http://docs.info.apple.com/article.html?artnum=305149
> ______________________________________________________________________
> 
> 07.11.8 CVE: CVE-2007-0718
> Platform: Mac Os
> Title: Apple QuickTime Color Table ID Heap Overflow
> Description: QuickTime Player is the media player distributed by Apple
> for QuickTime and other media files. QuickTime is exposed to a heap
> overflow issue because it fails to perform adequate bounds checking on
> user-supplied data. QuickTime 7.1.3 is affected.
> Ref: http://www.kb.cert.org/vuls/id/313225
> ______________________________________________________________________
> 
> 07.11.9 CVE: CVE-2007-0711, CVE-2007-0712, CVE-2007-0713,
> CVE-2007-0714, CVE-2007-0715, CVE-2007-0716, CVE-2007-0717,
> CVE-2007-0718
> Platform: Mac Os
> Title: Apple QuickTime Multiple Unspecified Code Execution
> Vulnerabilities
> Description: QuickTime Player is the media player distributed by Apple
> for QuickTime and other media files. The application is exposed to
> multiple unspecified remote code execution issues because it 
> fails to perform
> boundary checks prior to copying user-supplied data into sensitive
> process buffers. QuickTime versions prior to 7.1.5 are vulnerable.
> Ref: http://www.securityfocus.com/bid/22827
> ______________________________________________________________________
> 
> 07.11.12 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel Sys_Tee Local Privilege Escalation
> Description: The Linux kernel is susceptible to a local privilege
> escalation issue. This issue occurs due to a race condition in the
> "sys_tee()" function in the "fs/splice.c" source file. Linux kernel
> 2.6.17.6 and prior versions are affected.
> Ref: http://www.securityfocus.com/bid/22823
> ______________________________________________________________________
> 
> 07.11.13 CVE: CVE-2007-1263
> Platform: Linux
> Title: GnuPG Signed Message Arbitrary Content Injection
> Description: GNU Privacy Guard (GnuPG) is an open-source encryption
> application available for numerous platforms. GnuPG is prone to a
> weakness that may allow an attacker to add arbitrary content into a
> message without the end user knowing. RedHat Enterprise Linux WS 4 and
> earlier versions are affected.
> Ref: http://www.securityfocus.com/archive/1/461958
> ______________________________________________________________________
> 
> 07.11.23 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Zip URL Wrapper Stack Buffer Overflow
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> The application is prone to a remote stack-based buffer overflow issue
> because the "zip://" URL wrapper fails to properly bounds check
> user-supplied input before copying it to an insufficiently-sized
> memory buffer. PHP version 5.2.0 and PHP with PECL ZIP 1.8.3 are
> affected.
> Ref: http://www.php-security.org/MOPB/MOPB-16-2007.html#notes
> ______________________________________________________________________
> 
> 07.11.24 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Import_Request_Variables Arbitrary Variable Overwrite
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> The application is exposed to an issue that permits an attacker to
> overwrite arbitrary variables due to a design flaw in the
> "import_request_variables()" function. PHP versions 4.0.7 to 
> 5.2.1 are affected.
> Ref: http://www.wisec.it/vulns.php?id=10
> ______________________________________________________________________
> 
> 07.11.25 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox Document.Cookie Path Argument Denial of Service
> Description: Mozilla Firefox is exposed to a remote denial of service
> issue. Mozilla Firefox version 2.0.0.2 is affected. Please refer to
> the advisory for further details.
> Ref: http://www.securityfocus.com/bid/22879
> ______________________________________________________________________
> 
> 07.11.26 CVE: Not Available
> Platform: Cross Platform
> Title: Snort Inline Fragmentation Denial of Service
> Description: Snort is a freely available, open-source NID system. The
> application is exposed to a denial of service issue because the
> network intrusion detection (NID) system fails to handle specially
> crafted network packets. Snort versions 2.6.1.1, 2.6.1.2 and
> 2.7.0(beta) are affected.
> Ref: http://www.securityfocus.com/bid/22872
> ______________________________________________________________________
> 
> 
> 07.11.29 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Shared Memory Functions Resource Verification Arbitrary
> Code Execution
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> PHP shared memory functions (shmop) are prone to an arbitrary code
> execution issue because the shared memory functions fail to verify the
> type of resources that are being used. Therefore it is possible for
> the functions to call wrong resource types containing user-supplied
> data. PHP 4 versions prior to 4.4.5 and PHP 5 versions prior to 5.2.1
> are affected.
> Ref: http://www.php-security.org/MOPB/MOPB-15-2007.html
> ______________________________________________________________________
> 
> 07.11.30 CVE: Not Available
> Platform: Cross Platform
> Title: PHP 5 Substr_Compare Integer Overflow
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> The PHP 5 "substr_compare()" function is exposed to an 
> integer overflow
> issue because it fails to ensure that integer values are not overrun.
> Versions of PHP 5 up to version 5.2.1 are affected.
> Ref: http://www.php-security.org/MOPB/MOPB-14-2007.html
> ______________________________________________________________________
> 
> 07.11.33 CVE: CVE-2004-2680
> Platform: Cross Platform
> Title: Apache mod_python Output Filter Mode Information Disclosure
> Description: Apache's mod_python is a module that allows the webserver
> to interpret Python scripts. The application is exposed to an
> information disclosure issue because the module fails to handle output
> filter data containing more than 16384 bytes. Apache 
> mod_python versions 3.1.3, 3.1.4, 3.0.3 and 3.0.4 are affected.
> Ref: http://www.securityfocus.com/bid/22849/info
> ______________________________________________________________________
> 
> 07.11.34 CVE: Not Available
> Platform: Cross Platform
> Title: Asterisk SIP Channel Driver Remote Denial of Service
> Description: Asterisk is a private branch exchange (PBX) application.
> The application is exposed to a remote denial of service issue. The
> problem occurs in the "channels/chan_sip.c" SIP channel driver when
> handling malformed requests sent through UDP port 5060. Asterisk
> versions prior to 1.2.16 and 1.4.1 are affected.
> Ref: http://www.kb.cert.org/vuls/id/228032
> ______________________________________________________________________
> 
> 07.11.37 CVE: Not Available
> Platform: Cross Platform
> Title: Mod_Security ASCIIZ Byte POST Bypass
> Description: Mod_security is a web application firewall implemented as
> an Apache HTTP server module. The application is exposed to a POST
> parsing bypass issue which allows an attacker to bypass mod_security
> restrictions and successfully submit malicious input to mod_security
> protected sites. All iterations of mod_security below 2.1.0 are
> affected.
> Ref: http://www.php-security.org/MOPB/BONUS-12-2007.html
> ______________________________________________________________________
> 
> 07.11.39 CVE: CVE-2007-0994
> Platform: Cross Platform
> Title: Mozilla Firefox Javascript URI Remote Code Execution
> Description: Mozilla Firefox is prone to a remote code execution issue
> due to a design error. The vulnerability exists because of a
> regression which allows web content to execute arbitrary code. It can
> be exploited by setting the "SRC" attribute of an "IMG" tag to a
> specific javascript URI. Mozilla SeaMonkey 1.0.7, Mozilla Firefox 2.0
> .1 and 1.5.0.9 are affected.
> Ref: http://www.securityfocus.com/bid/22826
> ______________________________________________________________________
> 
> 07.11.44 CVE: Not Available
> Platform: Cross Platform
> Title: Zend Platform PHP.INI File Modification
> Description: The Zend Platform is a PHP application server. The
> application is exposed to an issue that may allow local 
> attackers to modify
> the PHP configuration file (php.ini). This issue occurs because the
> application is installed with an ini_modifier program that may be
> executed by local users to change the configuration file. The Zend
> Platform versions 2.2.1 and 2.2.1(a) are affected.
> Ref: http://www.php-security.org/MOPB/BONUS-07-2007.html
> ______________________________________________________________________
> 
> 07.11.45 CVE: Not Available
> Platform: Cross Platform
> Title: PHP PHPInfo Cross-Site Scripting Variant
> Description: PHP is a freely available, open-source web scripting
> language package. The application is prone to a cross-site 
> scripting issue
> as it fails to properly sanitize user-supplied input to scripts
> containing the "phpinfo()" function. PHP versions 4.4.3, 4.4.4, 4.4.5
> and 4.4.6 are affected.
> Ref: http://www.php-security.org/MOPB/MOPB-08-2007.html
> ______________________________________________________________________
> 
> 07.11.46 CVE: Not Available
> Platform: Cross Platform
> Title: PHP PHP_Binary Heap Information Leak
> Description: PHP contains a serialization handler called "php_binary"
> as part of its session extension. The "php_binary" serialization
> handler is prone to a heap information leak because of a missing
> boundary check in the extraction of variable names. PHP4 versions
> prior to 4.4.5 and PHP5 versions prior to 5.2.1 are affected.
> Ref: http://www.securityfocus.com/bid/22805
> ______________________________________________________________________
> 
> 07.11.47 CVE: CVE-2007-0908
> Platform: Cross Platform
> Title: PHP WDDX Session Deserialization Information Leak
> Description: PHP WDDX extension contains a serialization handler that
> provides support for the WDDX data format. The serialization handler
> of the WDDX extension is exposed to a stack information leak. The
> vulnerability arises because of an improper initialization of a
> "key_length" variable. PHP4 versions prior to 4.4.5 and PHP5 versions
> prior to 5.2.1 are affected.
> Ref: http://www.php-security.org/MOPB/MOPB-11-2007.html
> ______________________________________________________________________
> 
> 07.11.48 CVE: Not Available
> Platform: Cross Platform
> Title: PHP WDDX_Deserialize Buffer Overflow
> Description: PHP is a freely available, open-source web scripting
> language package. The application is exposed to a remotely exploitable
> buffer overflow issue because it fails to do proper bounds checking
> when processing client supplied WDDX packets. PHP versions 6.0, 5.2,
> and 4.4.0 through 4.4.6 are affected.
> Ref: http://www.php-security.org/MOPB/MOPB-09-2007.html
> ______________________________________________________________________
> 
> 07.11.49 CVE: Not Available
> Platform: Cross Platform
> Title: Kaspersky AntiVirus UPX File Decompression Remote Denial of
> Service
> Description: Kaspersky AntiVirus is an antivirus application for
> desktop and small business computers. The application is exposed to a
> denial of service issue because it fails to properly handle compressed
> UPX data. Kaspersky Labs Antivirus Engine version 6.0.1.411 for
> Windows and 5.5-10 for Linux are affected.
> Ref: 
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=485
> ______________________________________________________________________
> 
> 07.11.52 CVE: CVE-2007-0774
> Platform: Cross Platform
> Title: Apache Tomcat Mod_JK.SO Arbitrary Code Execution
> Description: Apache Tomcat is a popular web server application for
> multiple platforms. The application is exposed to an arbitrary code
> execution issue due to insufficient sanitization of user-supplied
> input which results in a stack-based buffer overflow. Apache Software
> Foundation Tomcat versions 5.5.20 and earlier are affected.
> Ref: 
> http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html
> ______________________________________________________________________

> 07.11.88 CVE: Not Available
> Platform: Network Device
> Title: IBM ThinkPad Intel PRO/1000 LAN Adapter Software Unspecified
> Description: IBM ThinkPad Intel PRO/1000 LAN Adapter Software provides
> Ethernet drivers for IBM ThinkPad computers. Versions prior to build
> 135400 are vulnerable.
> Ref:
> http://www-307.ibm.com/pc/support/site.wss/document.do?sitesty
le=lenovo&lndocid=MIGR-62922
> ______________________________________________________________________



 




Copyright © Lexa Software, 1996-2009.