ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 12



> ********************************
> Widely Deployed Software
> ********************************
> 
> **************************************************************
> ***********
> 
> (2) CRITICAL: CA BrightStor ARCServe Backup Tape Engine and 
> Portmapper Vulnerabilities
> Affected:
> BrightStor Products:
> BrightStor ARCserve Backup r11.5, r11.1, r11, r10.5, v9.01
> CA Protection Suites r2:
> CA Server and Business Protection Suites r2
> CA Business Protection Suite for Microsoft Small Business 
> Server Standard Edition r2
> CA Business Protection Suite for Microsoft Small Business 
> Server Premium Edition r2
> 
> Description: Computer Associates BrightStor ARCserve Backup products
> provide backup services for Windows, NetWare, Linux and UNIX. The Tape
> Engine feature allows the backup products to use tape drives as a
> storage media. The Tape Engine process, which listens on port 
> 6502/tcp,
> contains multiple vulnerabilities in the handling of RPC requests that
> can be exploited to either shut down the Tape Engine service 
> or possibly
> execute arbitrary code with "SYSTEM" privileges. In addition, the
> portmapper service also contains a vulnerability that can be exploited
> to crash the service. The technical details have not yet been publicly
> posted.
> 
> Status: CA has released patches for the affected products. A 
> workaround
> is to block access to the port 6502/tcp and 111/udp at the network
> perimeter to prevent attacks originating from the Internet.
> 
> Special Note: CA BrightStor products have been widely exploited during
> the past year. Hence, this patch should be applied on a 
> priority basis.
> 
> References:
> Computer Associates Advisory
> http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?ci
d=101317 
> SecurityFocus BID
> http://www.securityfocus.com/bid/22994 
> 
> *******************************************************************
> 
> (3) HIGH: McAfee ePolicy Orchestrator and ProtectionPilot 
> Multiple Vulnerabilities
> Affected:
> McAfee ePolicy Orchestrator versions 3.5p6 and 3.6.1 and prior
> McAfee ProtectionPilot versions 1.1.1p3 and 1.5.0 and prior
> 
> Description: McAfee ePolicy Orchestrator and ProtectionPilot contain
> multiple vulnerabilities in the "SiteManager" ActiveX component. A
> malicious web page that instantiates this component could 
> exploit these
> vulnerabilities and execute arbitrary code with the privileges of the
> current user. Note that this component is generally only installed on
> the Orchestrator or ProtectionPilot server, or a system with the
> management console for one of these applications installed. Technical
> details for these vulnerabilities is publicly available, and reusable
> exploit code for ActiveX components could be easily adapted to target
> this component.
> 
> Status: McAfee confirmed, updates available. Users can mitigate the
> impact of this vulnerability by disabling the vulnerable control via
> Microsoft's "kill bit" mechanism for CLSID
> "4124FDF6-B540-44C5-96B4-A380CEE9826A".
> 
> Council Site Actions: Two of the reporting council sites are using the
> affected software.  One site plans to deploy the patch during 
> their next
> regularly scheduled maintenance cycle. The other site is still
> investigating their course of action. They may accept the risk due to
> the fact that their systems are in the process of being 
> integrated into
> their parent company.
> 
> References:
> McAfee Security Advisory
> https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html
> Fortinet Security Research Team Posting
> http://archives.neohapsis.com/archives/fulldisclosure/2007-03/
> 0162.html
> Microsoft Knowledge Base Article (details the "kill bit" mechanism")
> http://support.microsoft.com/kb/240797
> Product Home Pages
> http://www.mcafee.com/us/enterprise/products/system_security_m
> anagement/epolicy_orchestrator.html
> http://www.mcafee.com/us/smb/products/management_solutions/pro
> tection_pilot.html
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/22952
> 
> **************************************************************
> ***********
> 
> (4) MODERATE: OpenBSD IPv6 Kernel Memory Corruption
> Affection:
> OpenBSD version 3.1 - 4.1, and possibly prior
> 
> Description: OpenBSD, a derivative of the classical BSD 
> operating system
> (itself descended from Unix) designed for high security, contains a
> kernel memory corruption vulnerability in its handling of 
> IPv6 traffic.
> A specially-crafted IPv6 packet could exploit this memory corruption
> issue to execute arbitrary code with kernel privileges, effectively
> taking complete control of a vulnerable system. Note that, to
> successfully exploit this vulnerability, an attacker must be able to
> inject traffic onto the vulnerable system's local network. IPv6 is
> enabled by default in OpenBSD. Technical details and a working exploit
> are publicly available for this vulnerability.
> 
> Status: OpenBSD confirmed, updates available.
> 
> Council Site Actions: Two of the reporting council sites have 
> responded
> to this item. One site has already patched their systems as part of
> their regular system maintenance. The other site has advised 
> their users
> to update their systems on their own.
> 
> References:
> OpenBSD Errata Entry (includes patch)
> http://www.openbsd.org/errata40.html#m_dup1
> Posting by Core Security Technologies (includes working exploit)
> http://archives.neohapsis.com/archives/bugtraq/2007-03/0158.html
> SANS Internet Storm Center Handler's Diary Entry
> http://isc.sans.org/diary.html?storyid=2445
> Slashdot Discussion
> http://it.slashdot.org/article.pl?sid=07/03/15/0045207
> Wikipedia Article on BSD 
> http://en.wikipedia.org/wiki/Berkeley_Software_Distribution
> Wikipedia Article on the term "Unix-Like"
> http://en.wikipedia.org/wiki/Unix-like
> OpenBSD Home Page
> http://www.openbsd.org
> SecurityFocus BID
> http://www.securityfocus.com/bid/22901
> 
> **************************************************************
> ***********
> 
> (5) LOW: Apache Tomcat Directory Traversal
> Affected:
> Apache Tomcat versions prior to 5.5.23 and 6.0.10
> 
> Description: Apache Tomcat, a popular Java servlet container and
> application server, contains a directory traversal vulnerability. A
> specially-crafted request could allow an attacker to read arbitrary
> files below the configured document root of the Tomcat 
> server. Note that
> the files must be readable by the Tomcat server process. A simple
> proof-of-concept is available.
> 
> Status: Apache confirmed, updates available.
> 
> Council Site Actions:  Three of the reporting council sites are using
> the affect software and plan to respond on some level.  The first site
> only has a few small installations of Tomcat and they have advised the
> developers to upgrade those systems manually.
> 
> The second site has advised their user base to update.  The third site
> is still investigating the best course of action - they have multiple
> Tomcat installations and a number of one-off solutions.  They plan to
> research all Tomcat server locations.
> 
> References:
> Posting by SEC Consult (includes proof-of-concept)
> http://archives.neohapsis.com/archives/fulldisclosure/2007-03/
> 0167.html
> Product Home Page
> http://tomcat.apache.org
> SecurityFocus BID
> http://www.securityfocus.com/bid/22960 
> 
> **************************************************************
> *********
> 
> Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
> Week 12 2007
> 
> This list is compiled by Qualys ( www.qualys.com ) as part of that
> company's ongoing effort to ensure its vulnerability management web
> service tests for all known vulnerabilities that can be scanned. As of
> this week Qualys scans for 5402 unique vulnerabilities. For this
> special SANS community listing, Qualys also includes vulnerabilities
> that cannot be scanned remotely.
> 
> 07.12.1 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting
> Description: Microsoft Internet Explorer is exposed to a cross-site
> scripting issue because it fails to sufficiently sanitize
> user-supplied data. This issue arises when rendering the local
> "Navigation Canceled" resource page "res://ieframe.ddl/navcancel.htm".
> When page navigation is canceled, the intended URI path is appended to
> the local resource path following a "#" character. Microsoft Internet
> Explorer version 7.0 is affected.
> Ref: http://www.securityfocus.com/bid/22966
> ______________________________________________________________________
> 
> 07.12.5 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Orchestrator SiteManager.DLL ActiveX Control Remote Buffer
> Overflow Vulnerabilities
> Description: McAfee EPolicy Orchestrator is a suite of applications
> that provide anti-virus, anti-spyware, system firewalls, host IPS,
> content filtering and patch management. 
> The application is exposed to multiple buffer overflow issues as
> software fails to perform sufficient bounds checking of user-supplied
> input before copying it to insufficiently sized memory buffers.
> McAfee ProtectionPilot versions 1.5 and earlier are affected.
> Ref:
> https://knowledge.mcafee.com/SupportSite/search.do?cmd=display
KC&docType=kc&sliceId=SAL_Public&externalId=612496
> ______________________________________________________________________
> 
> 07.12.12 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel Netfilter NFNetLink_Log Multiple NULL Pointer
> Dereference Vulnerabilities
> Description: The Linux kernel is exposed to multiple NULL pointer
> dereference issues due to NULL pointer dereference problems in
> "nfnetlink_log". Linux kernel 2.6.20 and all earlier versions
> are affected.
> Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.3
> ______________________________________________________________________
> 
> 07.12.17 CVE: CVE-2007-1365
> Platform: BSD
> Title: OpenBSD ICMP6 Packet MBuf Remote Denial of Service
> Description: OpenBSD is exposed to a remote denial of service issue
> when handling specially crafted ICMP6 packets. Specifically, 
> this issue
> occurs in the "m_dup1()" function when copying the content from one
> "mbuf" structure to another "mbuf" structure. 
> OpenBSD versions 3.9 and 4.0 are affected.
> Ref: http://www.securityfocus.com/bid/22901
> ______________________________________________________________________
> 
> 07.12.20 CVE: CVE-2007-1447, CVE-2007-1448
> Platform: Cross Platform
> Title: Computer Associates BrightStor ARCServe BackUp Tape Engine
> Multiple Vulnerabilities
> Description: Computer Associates BrightStor ARCserve Backup products
> provide backup and restore protection for various clients. The
> application is exposed to a memory corruption issue that 
> arises when the
> application handles an RPC request containing specially crafted
> procedure arguments. A denial of service issue affecting the Tape
> Engine service presents itself due to an unspecified RPC function.
> See the reference below for a list of affected versions.
> Ref: 
> http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317
> ______________________________________________________________________
> 
> 07.12.27 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Session Identifier Rejection Double Free Memory Corruption
> Description: PHP is exposed to a double free memory corruption issue.
> When a session identifier is rejected, a flag is set which causes the
> application to free a pointer to the previous session identifier and
> create a new identifier. The issue arises as this operation is not
> atomic and can be interrupted by exceptional conditions. PHP versions
> 5.2.0 and 5.2.1 are affected.
> Ref: http://www.php-security.org/MOPB/MOPB-23-2007.html
> ______________________________________________________________________
> ______________________________________________________________________
> 
> 07.12.29 CVE: Not Available
> Platform: Cross Platform
> Title: Trend Micro Scan Engine UPX File Parsing Remote Denial of
> Service
> Description: The Trend Micro Scan Engine is available on various
> products shipped by the vendor. The application is exposed to a denial
> of service issue because it fails to properly handle compressed UPX
> files. Various products using the Trend Micro Antivirus Scan Engine
> versions 8 and above are affected.
> Ref:
> http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034587
> ______________________________________________________________________
> 
> 07.12.30 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Session_Regenerate_ID Function Double Free Memory
> Corruption
> Description: PHP is exposed to a double free memory corruption issue
> which resides in the "session_regenerate_id()" function used to
> regenerate a new session identifier.  The affected function fails to
> clear a previously freed pointer from the previous session before
> calling the session identifier generator. PHP versions 5 to 5.2.1 are
> affected. PHP version 4 is vulnerable only if successful remote
> exploits are proven.
> Ref: http://www.php-security.org/MOPB/MOPB-22-2007.html
> ______________________________________________________________________
> 
> 07.12.31 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Multiple Safe_Mode and Open_Basedir Restriction Bypass
> Vulnerabilities
> Description: PHP is a general purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> PHP versions 5.2.1 and prior are vulnerable to these issues. Please
> refer to the advisory for further details.
> Ref: http://www.php-security.org/MOPB/MOPB-21-2007.html
> ______________________________________________________________________
> 
> 07.12.34 CVE: Not Available
> Platform: Cross Platform
> Title: Apache HTTP Server Tomcat Directory Traversal
> Description: Apache Tomcat is the servlet container used in the
> official Reference Implementation for the Java Servlet and JavaServer
> Pages technologies. The application is exposed to a directory
> traversal issue because it fails to sufficiently sanitize
> user-supplied input. Apache Tomcat versions in the 5.0 series
> prior to 5.5.22 and versions in the 6.0 series prior to 6.0.10 are
> affected.
> Ref: http://www.securityfocus.com/bid/22960
> ______________________________________________________________________
> 
> 07.12.36 CVE: Not Available
> Platform: Cross Platform
> Title: unrarlib URarLib_Get Function Buffer Overflow
> Description: unrarlib is a library for opening and reading RAR files.
> The library is exposed to a buffer overflow issue because it fails to
> perform proper bounds checking of user-supplied input before copying
> it to an insufficiently sized memory buffer. The problem occurs in the
> "urarlib_get()" function of "unrarlib.c". unrarlib version 0.4 is
> affected.
> Ref: http://www.securityfocus.com/bid/22942
> ______________________________________________________________________



 




Copyright © Lexa Software, 1996-2009.