>
> *****************************
> Widely Deployed Software
> *****************************
>
> ****************************************************************
>
> (2) HIGH: Computer Associates Anti-Virus Engine CAB Handling
> Buffer Overflows
> Affected:
> Software using the Computer Associates Anti-Virus Engine.
> Known products include:
> Computer Associates Anti-Virus
> eTrust EZ Antivirus
> Computer Associates Internet Security Suite 2007?eTrust Internet
> Security Suite eTrust EZ Armor Computer Associates Threat Manager
> Computer Associates Protection Suites Computer Associates
> Secure Content
> Manager Computer Associates Anti-Virus Gateway Unicenter Network and
> Systems Management BrightStor ARCserve Backup Computer
> Associates Common
> Services
>
> Description: The Computer Associates antivirus engine
> contains two flaws
> in the handling of CAB ("cabinet") archive files. An overly
> long stored
> file name or an invalid CAB file header could trigger a
> buffer overflow.
> Successfully exploiting one of these buffer overflows would allow an
> attacker to execute arbitrary code with the privileges of the scanning
> process. Note that, because the antivirus engine is often deployed to
> mail servers or otherwise automatically configured to scan systems,
> simply sending an email to a server running the software or sending a
> CAB file to a vulnerable user could trigger this vulnerability. Some
> technical details for this vulnerability are publicly available.
>
> Status: Computer associates confirmed, updates available.
>
> Council Site Actions: The affected software and/or
> configuration are not
> in production or widespread use, or are not officially
> supported at any
> of the responding council sites. They reported that no action was
> necessary.
>
> References:
> Zero Day Initiative Advisories
> http://www.zerodayinitiative.com/advisories/ZDI-07-034.html
> http://www.zerodayinitiative.com/advisories/ZDI-07-035.html
> Computer Associates Security Notice
> http://supportconnectw.ca.com/public/antivirus/infodocs/caanti
> virus-securitynotice.asp
> Wikipedia Article on the Cabinet Archive Format
> http://en.wikipedia.org/wiki/Cabinet_(file_format)
> Computer Associates Home Page
> http://www.ca.com
> SecurityFocus BID
> http://www.securityfocus.com/bid/24330
>
> ****************************************************************
> ****************************************************************
>
> (6) LOW: MPlayer CDDB Response Parsing Multiple Buffer Overflows
> Affected:
> MPlayer version 1.0rc1 and prior
>
> Description: MPlayer, a popular multiplatform media player, contains a
> flaw in its parsing of responses from CDDB servers. CDDB, the Compact
> Disc Database is a protocol used to store Compact Disc disc and track
> information. (Note that CDDB can also refer to the Gracenote
> commercial
> implementation of the CDDB.) If MPlayer queries a malicious
> CDDB server,
> the server can trigger a buffer overflow by sending a
> specially-crafted
> response. Successfully exploiting these vulnerabilities would allow an
> attacker to execute arbitrary code with the privileges of the current
> user. Note that, because MPlayer is open source, technical details are
> available via source code analysis. Note that MPlayer is configured by
> default to query known CDDB servers (mostly from the FreeDB project),
> however, these (and other) servers accept updates from anonymous users
> and may therefore be compromised.
>
> Status: MPlayer confirmed, updates available.
>
> Council Site Actions: The affected software and/or
> configuration are not
> in production or widespread use, or are not officially
> supported at any
> of the responding council sites. They reported that no action was
> necessary.
>
> References:
> MPlayer News Posting
> http://www.mplayerhq.hu/design7/news.html
> MPlayer Patch Information
> http://svn.mplayerhq.hu/mplayer/trunk/stream/stream_cddb.c?r1=
> 23287&r2=23470&diff_format=u
> Wikipedia Article on CDDB
> http://en.wikipedia.org/wiki/CDDB
> MPlayer Home Page
> http://www.mplayerhq.hu
> SecurityFocus BID
> http://www.securityfocus.com/bid/24339
>
> ****************************************************************
>
> Part II - Comprehensive List of Newly Discovered Vulnerabilities from
> Qualys (www.qualys.com)
> Week 24, 2007
>
> This list is compiled by Qualys ( www.qualys.com ) as part of that
> company's ongoing effort to ensure its vulnerability management web
> service tests for all known vulnerabilities that can be scanned. As of
> this week Qualys scans for 5465 unique vulnerabilities. For this
> special SANS community listing, Qualys also includes vulnerabilities
> that cannot be scanned remotely.
> ______________________________________________________________________
>
>
> 07.24.2 CVE: CVE-2007-2237
> Platform: Windows
> Title: Microsoft Windows GDI+ ICO File Remote Denial of Service
> Description: Microsoft Windows is exposed to a remote denial of
> service issue because it fails to properly handle maliciously-crafted
> ICO files. Please refer to the advisory for further details.
> Ref: http://www.kb.cert.org/vuls/id/290961
> ______________________________________________________________________
>
> 07.24.4 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Computer Associates ARCserve Backup Multiple Unspecified Remote
> Buffer Overflow Vulnerabilities
> Description: Computer Associates ARCserve Backup for Laptops &
> Desktops is an automated backup solution for Microsoft Windows
> operating systems. The application is exposed to multiple unspecified
> remote buffer overflow issues due to a failure of the application to
> bounds check user-supplied input before copying it into an
> insufficiently sized memory buffer. ARCserve Backup for Laptops &
> Desktops version r11.1 is affected.
> Ref: http://www.securityfocus.com/bid/24348
> ______________________________________________________________________
>
> 07.24.7 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Symantec Ghost Solution Suite UDP Packet Multiple Denial of
> Service Vulnerabilities
> Description: Symantec Ghost Solution Suite is an application used for
> enterprise-wide remote-PC deployment, recovery, cloning, and
> migration. It enables administrators to deploy or restore an operating
> system image or application onto a PC and migrate user settings and
> profiles to customize the PC. The application is exposed to three
> denial of service issues when handling a certain UDP network packet.
> Symantec Ghost Solution Suite versions 2.0.0 and earlier are affected.
> Ref: http://www.securityfocus.com/bid/24323
> ______________________________________________________________________
>
> 07.24.12 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Microsoft Internet Explorer Location Object Webpage Spoofing
> Description: Microsoft Internet Explorer is a web browser for the
> Windows operating system. The application is exposed to a webpage
> spoofing issue. Please refer to the advisory for further details.
> Ref: http://www.securityfocus.com/bid/24298
> ______________________________________________________________________
>
> 07.24.13 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Microsoft Internet Explorer JavaScript Cross Domain Information
> Disclosure
> Description: Microsoft Internet Explorer is a web browser for the
> Windows operating system. The browser is exposed to a cross domain
> information disclosure issue because it is possible for
> attackers to run
> scripts across domains.
> Ref: http://www.kb.cert.org/vuls/id/471361
>
> 07.24.21 CVE: CVE-2007-2876, CVE-2007-2875, CVE-2007-2453
> Platform: Linux
> Title: Linux Kernel Multiple Weaknesses and Vulnerabilities
> Description: Linux Kernel is exposed to multiple issues like a local
> denial of service issue which is caused by a NULL-pointer dereference.
> The kernel is also affected by an information leak in
> "kernel/cpuset,.c". The file contains an integer underflow in the
> "cpuset_task_read()" function. The kernel contains PRNG weaknesses
> that manifest as both seeding difficulties on systems with zero
> entropy, and errors in entropy extraction. Kernel versions 2.6.21.4
> and earlier are affected.
> Ref: http://www.securityfocus.com/bid/24376
> ______________________________________________________________________
>
> 07.24.30 CVE: Not Available
> Platform: Cross Platform
> Title: Opera Web Browser Basic Authentication Server Domain Spoofing
> Description: Opera Web Browser is a browser available for multiple
> operating platforms. The application is exposed to an HTTP basic
> authentication domain spoofing issue that occurs because the
> application truncates a server's HTTP "hostname" after 34 characters
> when displaying the dialog box for HTTP basic authentication prompt.
> Opera Web Browser version 9.21 is affected.
> Ref: http://www.securityfocus.com/bid/24352
> ______________________________________________________________________
>
> 07.24.31 CVE: CVE-2007-3023, CVE-2007-3024
> Platform: Cross Platform
> Title: Clam AntiVirus Multiple Unspecified Vulnerabilities
> Description: ClamAV is an antivirus application for Microsoft Windows
> and UNIX-like operating systems. The application is exposed
> to multiple
> unspecified issues. The incorrect calculation of the end of a buffer
> could lead to buffer overflow conditions. Improper permissions
> associated with temporary files could lead to symlink-type
> attacks. Clam
> AntiVirus versions prior to 0.90.3 are affected.
> Ref: http://www.securityfocus.com/bid/24358
> ______________________________________________________________________
>
> 07.24.32 CVE: CVE-2007-2297
> Platform: Cross Platform
> Title: Asterisk SIP Channel Driver UDP Packets Remote Denial of
> Service
> Description: Asterisk is a private branch exchange (PBX) application
> available for Linux, BSD, and Mac OS X platforms. The application is
> exposed to a remote denial of service issue because it fails to
> properly handle certain UDP packets.
> Ref: http://www.securityfocus.com/bid/24359
> ______________________________________________________________________
>
> 07.24.33 CVE: CVE-2007-2863
> Platform: Cross Platform
> Title: Computer Associates Anti-Virus Engine Malformed CAB Filename
> Buffer Overflow
> Description: Computer Associates Anti-virus engine is a scanning
> engine that is implemented in various Computer Associates products.
> The application is exposed to a stack-based buffer overflow issue
> because the application fails to bounds check user-supplied data
> before copying it into an insufficiently sized buffer.
> Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-034.html
> ______________________________________________________________________
>
> 07.24.36 CVE: CVE-2007-2864
> Platform: Cross Platform
> Title: Computer Associates Multiple Products Remote Stack-Based Buffer
> Overflow
> Description: Multiple Computer Associates products are exposed to a
> remote stack-based buffer overflow issue because the scan engine fails
> to properly bounds check user-supplied data before copying it to an
> insufficiently sized buffer.
> Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-034.html
> ______________________________________________________________________
>
> 07.24.37 CVE: Not Available
> Platform: Cross Platform
> Title: Symantec Reporting Server Authentication Bypass
> Description: Symantec Reporting Server is an optional web application
> within the Symantec System Center console that can be used to create
> reports about Symantec Client Security and Symantec AntiVirus products
> in an enterprise network. The application is exposed to an
> authentication bypass issue which occurs because the
> application permits
> attackers to disable the authentication mechanism for the SCS
> Reporting
> server.
> Ref: http://www.symantec.com/avcenter/security/Content/2007.06.05.html
> ______________________________________________________________________
>
> 07.24.38 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox Beatnik Extension Remote Script Code Execution
> Description: Mozilla Firefox is a browser that supports tabbed
> browsing, available for Linux, Apple Mac OS, and Microsoft Windows
> platforms. The Beatnik plugin is an audio application for Mozilla
> Firefox. The application is exposed to a remote script code execution
> issue because the application fails to validate input errors when
> processing RSS feeds. Beatnik version 1.0 is affected.
> Ref: http://www.securityfocus.com/bid/24324
> ______________________________________________________________________
>
> 07.24.42 CVE: CVE-2007-2650
> Platform: Cross Platform
> Title: Clam AntiVirus ClamAV OLE2 Parser Remote Denial of Service
> Description: ClamAV is an antivirus application for Microsoft Windows
> and UNIX-like operating systems. The application is exposed to a
> remote denial of service issue while handling malicious OLE2 files.
> ClamAV versions prior to 0.90.3 are affected.
> Ref: http://www.securityfocus.com/bid/24316
> ______________________________________________________________________
>
> 07.24.43 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox Resource Variant Directory Traversal
> Description: Mozilla Firefox is a web browser available for multiple
> operating platforms. The application is exposed to a directory
> traversal issue because it fails to adequately sanitize user-supplied
> data in "nsResProtocolHandler::ResolveURI". Mozilla Firefox version
> 2.0.4 is affected.
> Ref: http://www.securityfocus.com/bid/24303
> ______________________________________________________________________
>
> 07.24.45 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox Action Prompt Delay Security Mechanism Bypass
> Description: Mozilla Firefox is a web browser available for multiple
> operating platforms. The application is exposed to a security
> mechanism bypass issue because it fails to adequately prevent action
> prompt options from being selected before a delay timer has finished
> counting down. Mozilla Firefox versions 2.0.0.4 and earlier are
> affected.
> Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=376473
> ______________________________________________________________________
>
> 07.24.46 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla FireFox About:Blank IFrame Cross Domain Information
> Disclosure
> Description: Mozilla Firefox is a web browsing application
> available for
> multiple operating systems. The application is exposed to a
> cross domain
> information disclosure issue that occurs because it is possible for
> attackers to run scripts across domains. Mozilla Firefox versions
> 2.0.0.4 and earlier are affected.
> Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=343168
> ______________________________________________________________________
>
> 07.24.47 CVE: Not Available
> Platform: Cross Platform
> Title: Clam AntiVirus ClamAV RAR Handling Remote Denial of Service
> Description: ClamAV is an antivirus application for Microsoft Windows
> and Unix-like operating systems. The application is exposed to a
> remote denial of service issue while handling malicious RAR archives
> that can cause heap-based memory corruption.
> Ref: http://kolab.org/security/kolab-vendor-notice-15.txt
> ______________________________________________________________________
>
> 07.24.48 CVE: Not Available
> Platform: Cross Platform
> Title: PHP EXT/Session HTTP Response Header Injection
> Description: PHP is a general-purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> The application is exposed to an HTTP response header injection issue
> that occurs in the "session_start()" function. PHP versions 5.2.3 and
> earlier and PHP versions 4.4.7 and earlier are affected.
> Ref: http://www.php-security.org/MOPB/PMOPB-46-2007.html
> ______________________________________________________________________
>
>
> 07.24.50 CVE: Not Available
> Platform: Cross Platform
> Title: Sun Java Runtime Environment Image Parsing Buffer Overflow
> Description: Sun Java Runtime Environment is an enterprise development
> platform. The application is exposed to a buffer overflow issue
> because the application fails to bounds check user-supplied data
> before copying it into an insufficiently sized buffer.
> Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1
> ______________________________________________________________________
>
> 07.24.91 CVE: CVE-2007-2512
> Platform: Network Device
> Title: Alcatel Lucent VOIP Telephone System OmniPCX Enterprise
> Security Bypass
> Description: Alcatel Lucent OmniPCX Enterpise VOIP Telephone Systems
> are exposed to a security bypass issue due to a configuration error.
> Alcatel Lucent OmniPCX Enterpise version 7 is affected.
> Ref: http://www.securityfocus.com/bid/24360
> ______________________________________________________________________
>
> (c) 2007. All rights reserved. The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only. In some
> cases, copyright for material in this newsletter may be held
> by a party
> other than Qualys (as indicated herein) and permission to use such
> material must be requested from the copyright owner
>