ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 30



>
> *****************************
> Widely Deployed Software
> *****************************
>
> (2) CRITICAL: Oracle Products Multiple Vulnerabilities (CPU July 2007)
> Affected:
> Multiple Oracle products, including:
> Oracle Enterprise Search
> Oracle PeopleSoft Enterprise PeopleTools
> Oracle PeopleSoft Enterprise Human Capital Management
> Oracle PeopleSoft Customer Relationship Manager
> Oracle Database versions 9i and 10g
> Oracle eBusiness Suite
> Oracle Application Server
>
> Description: Oracle has released their Critical Patch Update for July
> of 2007. Flaws addressed in this update include remote code execution
> vulnerabilities, SQL injection vulnerabilities, and
> cross-site-scripting
> and information disclosure vulnerabilities. Successfully
> exploiting one
> of the vulnerabilities could potentially allow an attacker to execute
> arbitrary code or SQL queries with the privileges of the
> database user.
> Currently, it is believed that authentication is required to
> exploit the
> more severe vulnerabilities; however, authentication may be afforded
> through SQL injection attacks in Internet-facing web servers or other
> publicly accessible systems.
>
> Status: Oracle confirmed, updates available.
>
> Council Site Actions:  All of the reporting council sites are still
> performing regression testing or reviewing/assessing their level of
> impact.  Most will address these flaws in their regular
> quarterly Oracle
> update process.
>
> References:
> Oracle Critical Patch Update
> http://www.oracle.com/technology/deploy/security/critical-patc
h-updates/cpujul2007.html
> Red Database Security Team Advisories
> http://www.securityfocus.com/archive/1/473997
> http://www.securityfocus.com/archive/1/474002
> http://www.securityfocus.com/archive/1/474000
> Team SHATTER Security Alert
> http://www.securityfocus.com/archive/1/474047
> Imperva Security Advisory
> http://www.imperva.com/application_defense_center/papers/oracl
> e-ebs-07172007.html
> SecurityFocus BID
> http://www.securityfocus.com/bid/24887
>
> **************************************************************
> ***********
>
> (3) HIGH: Mozilla Products Multiple Vulnerabilities
> Affected:
> Products based on the Mozilla suite, including:
> Mozilla Firefox versions prior to 2.0.0.5
> Mozilla Thunderbird versions prior to 2.0.0.5
> Mozilla Seamonkey is believed to also be vulnerable, but this
> has not been confirmed.
>
> Details: The Mozilla Firefox web browser contains multiple
> vulnerabilities. Flaws in the handling of JavaScript scripts (or other
> DOM scripting methods) could allow a malicious web page to execute
> arbitrary code with the privileges of the current user, or perform
> cross-site-scripting attacks. It is believed that the Mozilla
> Thunderbird email client is also vulnerable when configured to execute
> JavaScript scripts in email messages. Note that this is not
> the default
> configuration for Thunderbird. Because the affected products are open
> source, technical details for these vulnerabilities could be obtained
> via source code analysis.
>
> Status: Mozilla confirmed, updates available.
>
> Council Site Status: Most of the reporting council sites do not
> officially support Firefox; however, they do have a growing number of
> Firefox users. Most of their users tend to have the
> auto-update feature
> enabled.  Users will be notified of the issue to ensure updates take
> place.
>
> References:
> Mozilla Foundation Security Advisories
> http://www.mozilla.org/security/announce/2007/mfsa2007-25.html
> http://www.mozilla.org/security/announce/2007/mfsa2007-21.html
> http://www.mozilla.org/security/announce/2007/mfsa2007-19.html
> http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
> SecurityFocus BID
> http://www.securityfocus.com/bid/24946
>
> **************************************************************
> **************
>
> (4) HIGH: Computer Associates Alert Notification Server
> Multiple Buffer Overflows
> Affected:
> CA Threat Manager for the Enterprise
> CA Anti-Virus for the Enterprise
> CA Protection Suites
> BrightStor ARCserve Backup version r11.5
> BrightStor ARCserve Backup version r11.1
> BrightStor ARCserve Backup version r11 for Windows
> BrightStor Enterprise Backup version r10.5
> BrightStor ARCserve Backup version 9.01
> BrightStor ARCserve Client agent for Windows
>
> Description: The Computer Associates Alert Notification Server is
> included in several Computer Associates products and used to accept
> notifications of events. It exports an MS-RPC interface. Several
> procedures exposed via this interface contain buffer overflows. A
> specially crafted request to one of these procedures could exploit one
> of these buffer overflows. Successful exploitation would allow an
> attacker to execute arbitrary code with the privileges of the
> vulnerable
> process (usually SYSTEM). Note that on Windows 2000 systems, no
> authentication would be necessary to exploit these vulnerabilities;
> other Windows systems would require authentication.
>
> Status: Computer Associates confirmed, updates available.
>
> Council Site Actions:  Only one of the reporting council
> sites is using
> the affected software and they are still researching the impact before
> deciding on the best course of action.
>
> References:
> Computer Associates Security Advisory
> http://www.securityfocus.com/archive/1/474154
> iDefense Security Advisory
> http://www.securityfocus.com/archive/1/473984
> SecurityFocus BID
> http://www.securityfocus.com/bid/24947
>
> **************************************************************
> ***********
>
> (5) MODERATE: Ipswitch IMail Server 2006 Multiple Buffer Overflows
> Affected:
> Ipswitch IMail 2006
>
> Description: Ipswitch IMail, a popular enterprise mail sever for
> Microsoft Windows, contains multiple buffer overflows in its handling
> of Internet Message Access Protocol (IMAP) messages. An overlong IMAP
> "search" or "search charset" command could trigger buffer overflows in
> the vulnerable application. Successfully exploiting these overflows
> would allow an attacker to execute arbitrary code with the privileges
> of the vulnerable process (usually SYSTEM). Note that an
> attacker would
> require valid authentication credentials to exploit these
> vulnerabilities.
>
> Status:  Ipswitch confirmed, updates available.
>
> Council Site Status: The affected software is not in production or
> widespread use, or is not officially supported at any of the
> responding
> council sites. They reported that no action was necessary.
>
> References:
> iDefense Security Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=563
> Ipswitch Release Notes
> http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_Re
lNotes.htm#NewRelease
> Vendor Home Page
> http://www.ipswitch.com
> SecurityFocus BID
> http://www.securityfocus.com/bid/24962
>
> **************************************************************
> ***********
>
> (6) MODERATE tcpdump Buffer Overflow
> Affected:
> tcpdump versions 3.9.6 and prior
>
> Description: The "tcpdump" command is provided on many Unix and
> Unix-like systems and is used to provide a raw packet capture or
> snapshot of network traffic on the local network. It is often used by
> network administrators and network administration tools for traffic
> capture and analysis. A specially crafted packet could
> overflow a static
> buffer in any tcpdump process capturing traffic. Because tcpdump by
> default monitors all traffic on the local network, no
> authentication is
> necessary to exploit this vulnerability. However, an attacker
> would need
> a way to inject arbitrary traffic onto the local network. Successfully
> exploiting this overflow would allow an attacker to execute arbitrary
> code with the privileges of the vulnerable process (usually
> root). Note
> that tcpdump is included by default on most Unix, Unix-like, and
> Linux-based operating systems (including Apple Mac OS X).
> Full technical
> details and working proof-of-concept are available for this
> vulnerability.
>
> Status: Vendor confirmed, updates available.
>
> Council Site Status:  Several of the reporting council sites are using
> tcpdump.  At one site their RHE servers and desktops will be
> updated via
> the Up2Date option. They will advise the other users to upgrade.  The
> other sites report plans to patch.
>
> References:
> CVS log for tcpdump
> http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c
> Proof-of-Concept
> http://digit-labs.org/files/exploits/tcpdump-bgp.c
> Product Home Page
> http://www.tcpdump.org
> SecurityFocus BID
> http://www.securityfocus.com/bid/24965
>
> **************************************************************
> ***********
>
> (7) MODERATE: Trend Micro OfficeScan Web Management
> Authentication Bypass
> Affected:
> Trend Micro OfficeScan Corporate Edition versions 8.0 and prior
>
> Description: Trend Micro OfficeScan, a popular enterprise
> virus scanning
> solution, contains an authentication bypass vulnerability in its
> web-based administration console. Authentication credentials are
> generated by an ActiveX control instantiated by the login
> page and then
> sent to the server. By sending an empty authentication request, an
> attacker could log into the administration console and alter
> OfficeScan
> configuration. Note that this would also allow an attacker to
> alter the
> configuration of the antivirus system on clients controlled by the
> OfficeScan server. Some technical details are publicly available for
> this vulnerability.
>
> Status: Trend Micro confirmed, updates available.
>
> References:
> Trend Micro Security Patch
> http://www.trendmicro.com/ftp/documentation/readme/osce_80_win
_en_securitypatch_b1042_readme.txt
> iDefense Security Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=558
> Vendor Home Page
> http://www.trendmicro.com
> SecurityFocus BID
> http://www.securityfocus.com/bid/24935
>
> **************************************************************
> ***********
> ****************
> Other Software
> ****************
>
> (9) MODERATE: SquirrelMail G/PGP Plugin Multiple Vulnerabilities
> Affected:
> SquirrelMail G/PGP Plugin versions prior to 2.1
>
> Description: SquirrelMail is a popular webmail system for PHP-enabled
> webservers. Its G/PGP Plugin module allows users to use
> PGP-based public
> key encryption to encrypt and digitally sign email messages. Failures
> to properly sanitize user input to this module would allow an attacker
> to inject arbitrary shell commands or PHP code into the PHP process.
> Successfully exploiting these vulnerabilities would allow an attacker
> to execute arbitrary code with the privileges of the webserver or PHP
> interpreter process. Note that this module is not enabled by default,
> but is often installed by end users.
>
> Council Site Actions: The affected software and/or
> configuration is not
> in production or widespread use, or is not officially supported at any
> of the responding council sites. They reported that no action was
> necessary.
>
> References:
> iDefense Security Advisories
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=330
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=555
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=329
> Wikipedia Article on PGP
> http://en.wikipedia.org/wiki/Pretty_Good_Privacy
> Wikipedia Article on Public-Key Cryptography
> http://en.wikipedia.org/wiki/Pretty_Good_Privacy
> SquirrelMail Home Page
> http://squirrelmail.org/
> SecurityFocus BID
> http://www.securityfocus.com/bid/24874
>
> **************************************************************
> **************
>
> Part II - Comprehensive List of Newly Discovered Vulnerabilities from
> Qualys (www.qualys.com)
>
> Week 30, 2007
>
> This list is compiled by Qualys ( www.qualys.com ) as part of that
> company's ongoing effort to ensure its vulnerability management web
> service tests for all known vulnerabilities that can be scanned. As of
> this week Qualys scans for 5465 unique vulnerabilities. For this
> special SANS community listing, Qualys also includes vulnerabilities
> that cannot be scanned remotely.
>
> ______________________________________________________________________
>
> 07.30.1 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer OnBeforeUnload Javascript Browser
> Entrapment
> Description: Microsoft Internet Explorer is the standard browser for
> Windows platforms. Internet Explorer is exposed to an issue that
> allows attackers to trap users at a particular webpage and spoof page
> transitions. Internet Explorer 7 is affected.
> Ref: http://www.securityfocus.com/archive/1/473702
> ______________________________________________________________________
> 07.30.3 CVE: CVE-2007-3455
> Platform: Third Party Windows Apps
> Title: Trend Micro OfficeScan Management Console Authentication Bypass
> Description: Trend Micro OfficeScan is a centrally-managed antivirus
> application for Microsoft Windows. The application is exposed to an
> authentication bypass issue because it fails to adequately handle
> user-supplied input. OfficeScan version 7.3 is affected.
> Ref: http://www.securityfocus.com/archive/1/473880
> ______________________________________________________________________
>
> 07.30.6 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Ipswitch IMail Server Multiple Buffer Overflow Vulnerabilities
> Description: Ipswitch IMail Server is an email server that serves
> clients their mail via a web interface. It runs on Microsoft Windows.
> The application is exposed to multiple buffer overflow issues due to a
> failure of the application to properly bounds check user-supplied
> input prior to copying it to insufficiently sized memory buffers.
> Ipswitch IMail Server 2006 is affected.
> Ref: http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNo
> tes.htm#NewRelease
> ______________________________________________________________________
>
> 07.30.8 CVE: CVE-2007-3564
> Platform: Linux
> Title: Curl GnuTLS Certificate Verfication Access Validation
> Description: Curl is a utility for retrieving remote content from
> servers over a number of protocols. The application is exposed to an
> issue that permits an attacker to access unauthorized websites. Curl
> versions prior to 7.16.14 are affected.
> Ref: http://curl.haxx.se/docs/adv_20070710.html
> ______________________________________________________________________
>
> 07.30.15 CVE: Not Available
> Platform: Cross Platform
> Title: Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Denial of
> Service
> Description: Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 is an
> antivirus application that dynamically inspects certain protocols for
> malicious code as it traverses the firewall. The application is
> exposed to an unspecified denial of service issue because it fails to
> properly handle an unknown condition. Kaspersky Anti-Virus version 5.5
> for Check Point Firewall-1 is affected.
> Ref: http://support.kaspersky.com/checkpoint?qid=208279464
> ______________________________________________________________________
>
> 07.30.16 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Glob() Function Arbitrary Code Execution
> Description: PHP is a general-purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> The application is exposed to an arbitrary code execution issue. PHP
> versions 5.2.3 and 4.4.4 are affected.
> Ref: http://www.securityfocus.com/bid/24922
> ______________________________________________________________________
>
> 07.30.19 CVE: Not Available
> Platform: Cross Platform
> Title: Opera Web Browser Data: URL Scheme Address Bar Spoofing
> Description: Opera is a cross platform web browser. The application is
> exposed to an address bar spoofing issue that may allow a remote
> attacker to carry out phishing style attacks. Opera version 9.21 is
> affected.
> Ref: http://www.securityfocus.com/bid/24917
> ______________________________________________________________________
>
> 07.30.23 CVE: Not Available
> Platform: Cross Platform
> Title: Multiple Browsers Address Bar URI Spoofing
> Description: Multiple web browsers are affected by a URI
> spoofing issue.
> The application is exposed to this issue because it fails to handle
> user-supplied data in pages based on the "data:" URI scheme
> (RFC 2397).
> Opera version 9.21 and Konqueror version 3.5.7 are affected.
> Ref: http://www.securityfocus.com/archive/1/473703
> ______________________________________________________________________
>
> 07.30.24 CVE: Not Available
> Platform: Cross Platform
> Title: Opera Web Browser Dangling Pointer Remote Code Execution
> Description: The Opera Web Browser is a web client available for
> multiple platforms. The application is exposed to a remote code
> execution issue that occurs because of a dangling pointer in the
> affected application. Opera version 9.21 is affected.
> Ref:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=564
> ______________________________________________________________________
>
> 07.30.25 CVE: CVE-2007-3798
> Platform: Cross Platform
> Title: tcpdump Print-bgp.C Remote Integer Overflow
> Description: The "tcpdump" utility is a freely available open-source
> network monitoring tool. It is available for UNIX, Linux, and
> Microsoft
> Windows operating systems. The utility is exposed to an
> integer overflow
> issue because it fails to bounds check user-supplied input before
> copying it into an insufficiently sized memory buffer.
> tcpdump versions
> 3.9.6 and earlier are affected.
> Ref: http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c
> ______________________________________________________________________
>
> 07.30.28 CVE: CVE-2007-3762
> Platform: Cross Platform
> Title: Asterisk IAX2 Channel Driver IAX2_Write Function Remote Stack
> Buffer Overflow
> Description: Asterisk is a private branch exchange (PBX) application
> available for Linux, BSD, and Mac OS X platforms. The application is
> exposed to a stack-based buffer overflow issue because the application
> fails to bounds check user-supplied data before copying it into an
> insufficiently sized buffer.
> Ref: http://ftp.digium.com/pub/asa/ASA-2007-014.pdf
> ______________________________________________________________________
>
> 07.30.29 CVE: CVE-2007-3763, CVE-2007-3764, CVE-2007-3765
> Platform: Cross Platform
> Title: Asterisk Multiple Remote Denial of Service Vulnerabilities
> Description: Asterisk is a private branch exchange (PBX) application
> available for Linux, BSD, and Mac OS X platforms. The application is
> exposed to multiple remote denial of service issues.
> Ref: http://www.securityfocus.com/bid/24950
> ______________________________________________________________________
>
> 07.30.30 CVE: CVE-2007-3734, CVE-2007-3735, CVE-2007-3736,
> CVE-2007-3737, CVE-2007-3738
> Platform: Cross Platform
> Title: Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
> Description: The Mozilla Foundation has released four advisories
> regarding security issues in Firefox 2.0.0.4. Please refer to the
> advisory for more information.
> Ref: http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
> ______________________________________________________________________
>
> 07.30.31 CVE: CVE-2007-3825
> Platform: Cross Platform
> Title: Computer Associates Alert Notification Server Multiple Buffer
> Overflow Vulnerabilities
> Description: Computer Associates Alert Notification Server provides
> alerting capabilities to multiple CA products. The application is
> exposed to multiple buffer overflow issues because it fails to bounds
> check user-supplied data before copying it into insufficiently sized
> buffers.
> Ref:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=561
> ______________________________________________________________________
>
> (c) 2007.  All rights reserved.  The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only.  In some
> cases, copyright for material in this newsletter may be held by a
> party other than Qualys (as indicated herein) and permission to use
> such material must be requested from the copyright owner.
>
>



 




Copyright © Lexa Software, 1996-2009.