ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 31



>
>
> (4) HIGH: Panda Antivirus Products Multiple Vulnerabilities
> Affected:
> Panda Antivirus Products
>
> Description: Panda products using the Panda Antivirus engine or the
> Panda AdminSecure agent contain remotely exploitable
> vulnerabilities. A
> specially-crafted Microsoft Windows executable file cold trigger a
> buffer overflow in the antivirus scanning engine, allowing an attacker
> to execute arbitrary code with the privileges of the
> vulnerable process.
> Note that the antivirus engine may be configured to scan
> emails or other
> files automatically. In such cases, simply sending an email to a
> vulnerable server or otherwise causing a file to be scanned would be
> sufficient for exploitation. Additionally, a flaw in the Panda
> AdminSecure agent would allow an attacker to execute
> arbitrary code with
> the privileges of the vulnerable process. The AdminSecure
> agent is used
> for remote administration of Panda products.
>
> Status: Panda confirmed, updates available. Users can mitigate the
> impact of the AdminSecure vulnerability by blocking access to
> TCP ports
> 19226 and 19227 at the network perimeter.
>
> Council Site Actions: The affected software and/or
> configuration is not
> in production or widespread use, or is not officially supported at any
> of the responding council sites. They reported that no action was
> necessary.
>
> References:
> Zero Day Initiative Advisory
> http://zerodayinitiative.com/advisories/ZDI-07-041.html
> n.runs Security Advisory
> http://www.nruns.com/[n.runs-SA-2007.019]%20-%20Panda%20Antivi
rus%20EXE%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt
> Vendor Home Page
> http://www.pandasoftware.com/
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/24989
> http://www.securityfocus.com/bid/25046
>
> **************************************************************
> ***********
>
> (5) HIGH: Borland InterBase Create Request Buffer Overflow
> Affected:
> Borland InterBase 2007
>
> Description: Borland InterBase is a popular database engine used in a
> variety of applications. The database engine contains a
> buffer overflow
> in its handling of certain remote commands. An overlong string sent to
> the "create" command could trigger this buffer overflow and allow an
> attacker to execute arbitrary code with the privileges of the current
> user. Note that some technical details are publicly available for this
> vulnerability.
>
> Status: Borland confirmed, updates available. Users may be able to
> mitigate the impact of this vulnerability by blocking TCP port 3050 at
> the network perimeter.
>
> Council Site Actions: The affected software and/or
> configuration is not
> in production or widespread use, or is not officially supported at any
> of the responding council sites. They reported that no action was
> necessary.
>
> References:
> TippingPoint DVLabs Security Advisory
> http://dvlabs.tippingpoint.com/advisory/TPTI-07-13
> SecurityFocus BID
> http://www.securityfocus.com/bid/25048
>
> **************************************************************
> ***********
>
> (6) HIGH: ESET NOD32 Multiple Vulnerabilities
> Affected:
> ESET NOD32 Antivirus versions prior to 2.2289
>
> Description: ESET NOD32 is a popular enterprise antivirus
> solution. The
> antivirus engine contains a flaw in its handling of of CAB ("cabinet")
> archive files. A specially crafted CAB file could trigger a heap
> corruption vulnerability and potentially execute arbitrary
> code with the
> privileges of the vulnerable process. Note that the antivirus
> engine may
> be configured to automatically scan email or other files. In
> such cases,
> it is sufficient for exploitation to simply cause an email to
> transit a
> vulnerable server or otherwise cause a file to be scanned.
> The antivirus
> engine also suffers from two denials-of-service in the processing of
> compressed executable files.
>
> Status: ESET confirmed, updates available.
>
> Council Site Actions: The affected software and/or
> configuration is not
> in production or widespread use, or is not officially supported at any
> of the responding council sites. They reported that no action was
> necessary.
>
> References:
> n.runs Security Advisories
> http://www.securityfocus.com/archive/1/474246
> http://www.securityfocus.com/archive/1/474244
> http://www.securityfocus.com/archive/1/474245
> Vendor Home Page
> http://www.eset.com/
> SecurityFocus BID
> http://www.securityfocus.com/bid/24988
>
> **************************************************************
> ***********
>
> (7) HIGH: Norman Antivirus Multiple Vulnerabilities
> Affected:
> Products using the Norman Antivirus Engine versions prior to 5.91.2
>
> Description: Norman Antivirus, a popular antivirus solution for the
> small-to-medium business market, contains multiple vulnerabilities. A
> specially-crafted ACE or LZH archive file could trigger a buffer
> overflow in the scanning engine and allow an attacker to execute
> arbitrary code with the privileges of the current user. Additionally,
> flaws in the processing of Microsoft Word documents could allow a
> malicious document to bypass antivirus inspection or cause a
> denial-of-service condition. Note that, because the antivirus software
> may be configured to automatically scan emails or other files, simply
> causing a malicious email message to transit a vulnerable server could
> trigger these vulnerabilities. Note that some technical details are
> available for these vulnerabilities.
>
> Status: Norman has not confirmed, no updates available.
>
> Council Site Actions: The affected software and/or
> configuration is not
> in production or widespread use, or is not officially supported at any
> of the responding council sites. They reported that no action was
> necessary.
>
> References:
> n.runs Security Advisories
> http://www.nruns.com/security_advisory_norton_antivirus_doc_di
> vide_by_zero_dos.php
> http://www.nruns.com/security_advisory_Norman_all_ace_buffer_o
> verflow.php
> http://www.nruns.com/security_advisory_norman_antivirus_lzh_bu
> ffer_overflow.php
> http://www.nruns.com/security_advisory_norman_antivirus_doc_de
> pection_bypass.php
> Vendor Home Page
> http://www.norman.com
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/25020
> http://www.securityfocus.com/bid/25003
> http://www.securityfocus.com/bid/25014
> http://www.securityfocus.com/bid/25015
>
> **************************************************************
> ***********
>
> (8) MODERATE: ISC BIND Remote Cache Poisoning
> Affected:
> ISC BIND 9 versions prior to 9.4.1 patch 1
>
> Description: ISC BIND, by far the most popular DNS server on the
> internet, contains a flaw in its algorithm used to generate
> transaction
> ID numbers. All DNS requests have a random transaction ID number
> embedded within them to identify the request in the current set of
> pending requests. If this transaction ID is guessed, an attacker could
> provide a false reply to the DNS server or otherwise
> impersonate actors
> in other requests, and potentially poison the DNS cache. A
> poisoned DNS
> cache will return false information in response to requests, allowing
> an attacker to divert traffic to attacker-controlled systems. The flaw
> in BIND's transaction ID generator provides predictability of
> transaction IDs by observing several preceding transaction IDs. Two
> different proofs-of-concept are publicly available, as are technical
> details.
>
> Status: ISC confirmed, updates available.
>
> Council Site Actions:  All of the reporting council sites are
> responding
> to this item.  They plan to upgrade to the latest version during their
> next maintenance cycle. A few sites are still investigating if the
> vendor version they have installed is vulnerable.
>
> References:
> Posting by Amit Klein (includes proofs-of-concept)
> http://www.securityfocus.com/archive/1/474516
> Paper by Amit Klein
> http://www.trusteer.com/docs/bind9dns.html
> Wikipedia Article on DNS Cache Poisoning
> http://en.wikipedia.org/wiki/DNS_cache_poisoning
> BIND Home Page
> http://www.isc.org/index.pl?/sw/bind/
> SecurityFocus BID
> http://www.securityfocus.com/bid/25037
>
> **************************************************************
>
> 07.31.2 CVE: Not Available
> Platform: Windows
> Title: Microsoft Windows Explorer GIF File Denial of Service
> Description: Windows Explorer is exposed to a denial of service issue
> that occurs when the application is used to open a folder containing a
> malicious GIF file. Windows Explorer on Microsoft Windows XP SP2 is
> affected.
> Ref: http://www.securityfocus.com/bid/25013
> ______________________________________________________________________
>
>
> 07.31.7 CVE: CVE-2007-3875
> Platform: Third Party Windows Apps
> Title: Multiple Computer Associates Products Arclib.DLL Malformed CHM
> File Denial of Service
> Description: Multiple Computer Associates products are exposed to a
> denial of service issue because the applications fail to handle
> malformed CHM files that contain an invalid "previous listing chunk
> number" field. The applications that use the "arclib.dll" library
> versions prior to 7.3.0.9 are affected.
> Ref:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=567
> ______________________________________________________________________
>
> 07.31.8 CVE: CVE-2007-3302
> Platform: Third Party Windows Apps
> Title: Computer Associates ETrust Intrusion Detection Caller.DLL
> Remote Code Execution
> Description: Computer Associates eTrust Intrusion Detection System is
> a network security application that provides functionality such as
> intrusion detection, antivirus, centralized monitoring and web
> filtering. The application is exposed to a remote code execution issue
> that occurs in the "Caller.dll" ActiveX control.
> Ref:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=568
> ______________________________________________________________________
>
> 07.31.9 CVE: CVE-2007-0060
> Platform: Third Party Windows Apps
> Title: Computer Associates Multiple Products Message Queuing Remote
> Stack Buffer Overflow
> Description: Multiple Computer Associates products are exposed to a
> remote stack-based buffer overflow issue that affects the Message
> Queuing (CAM / CAFT) component. The application fails to properly
> bounds check user-supplied data before copying it to an insufficiently
> sized buffer. CA Message Queuing software versions prior to v1.11
> Build 54_4 on Windows and NetWare are affected.
> Ref:
> http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?
> cid=149809
> ______________________________________________________________________
>
> 07.31.10 CVE: CVE-2007-3566
> Platform: Third Party Windows Apps
> Title: Borland InterBase IBServer.EXE Remote Stack Based Buffer
> Overflow
> Description: Borland InterBase is a scalable database application
> available for multiple operating platforms. The application is exposed
> to a remote stack-based buffer overflow issue because it fails to
> perform adequate boundary checks on user-supplied data.
> Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-07-13
> ______________________________________________________________________
>
> 07.31.17 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Panda Antivirus EXE File Remote Code Execution
> Description: Panda Antivirus is exposed to a remote code execution
> issue due to the failure of the application to properly bounds check
> user-supplied input prior to copying it to an insufficiently sized
> memory buffer. Panda Antivirus versions prior to 20 July 2007 are
> affected.
> Ref: http://www.securityfocus.com/archive/1/474247
> ______________________________________________________________________
>
> 07.31.26 CVE: Not Available
> Platform: Cross Platform
> Title: Multiple Browser URI Handlers Command Injection Vulnerabilities
> Description: Multiple browsers are exposed to issues that let
> attackers inject commands through various protocol handlers. These
> issues stem from an input validation error and arise in Mozilla
> Firefox and Netscape Navigator. Mozilla Firefox versions
> 2.0.0.5 and 3.0a6
> and Netscape Navigator 9 are affected.
> Ref: http://www.securityfocus.com/bid/25053
> ______________________________________________________________________
>
> 07.31.28 CVE: CVE-2007-2925
> Platform: Cross Platform
> Title: ISC BIND 9 Default ACL Settings Recursive Queries And Cached
> Content Security Bypass
> Description: ISC's BIND 9 is exposed to a security bypass issue
> because the default access control list is not configured properly.
> BIND 9 versions up to 9.4.1 are affected.
> Ref: http://www.isc.org/index.pl?/sw/bind/bind-security.php
> ______________________________________________________________________
>
> 07.31.34 CVE: Not Available
> Platform: Cross Platform
> Title: Sun Java Runtime Environment Network Access Restriction
> Security Bypass
> Description: The Java Runtime Environment is an application that
> allows users to run Java applications. The application is exposed to a
> security bypass issue that occurs because the application allows
> untrusted Java Applets hosted on a remote computer to bypass certain
> network restrictions.
> Ref: http://support.avaya.com/elmodocs2/security/ASA-2007-322.htm
> ______________________________________________________________________
>
> 07.31.35 CVE: Not Available
> Platform: Cross Platform
> Title: Panda AdminSecure Agent Remote Integer Overflow
> Description: Panda AdminSecure is a set of administrative tools for
> managing Panda antivirus solutions that deployed over a network. The
> application is exposed to a remote integer overflow issue that affects
> the AdminSecure agent when it processes user-supplied data with a
> malicious "length" value.
> Ref: http://www.securityfocus.com/archive/1/474551
> ______________________________________________________________________
>
>
> 07.31.37 CVE: Not Available
> Platform: Cross Platform
> Title: Norman Virus Control DOC OLE File Parsing Denial of Service
> Description: Norman Virus Control is an antivirus application
> available for various operating systems. The application is exposed to
> a denial of service issue because it fails to handle specially crafted
> ".DOC" OLE2 files due to a divide-by-zero condition.
> Ref: http://www.nruns.com/parsing-engines-advisories.php
> ______________________________________________________________________
>
> 07.31.38 CVE: Not Available
> Platform: Cross Platform
> Title: MySQL Access Validation and Denial of Service Vulnerabilities
> Description: MySQL is an open source SQL database application
> available for multiple operating platforms. The application is exposed
> to multiple remote issues, including a denial of service issue
> that occurs in the connection protocol, and an access validation
> issue. Versions of MySQL 5 prior to 5.0.45 are affected.
> Ref: http://www.securityfocus.com/bid/25017
> ______________________________________________________________________
>
> 07.31.39 CVE: Not Available
> Platform: Cross Platform
> Title: Multiple Norman Antivirus Products OLE2 File Parser Scan Bypass
> Description: Multiple Norman Antivirus products are exposed to an
> issue that may allow certain compressed archives to bypass the scan
> engine. The issue occurs because the application fails to properly
> handle maliciously crafted OLE2 ".doc" files. Norman Virus Control
> version 5.90 is affected.
> Ref: http://www.securityfocus.com/archive/1/474428/30/0/threaded
> ______________________________________________________________________
>
> 07.31.40 CVE: CVE-2007-2926
> Platform: Cross Platform
> Title: ISC BIND 9 Remote Cache Poisoning
> Description: A remote DNS cache poisoning issue affects BIND 9 because
> it fails to use secure DNS transaction IDs. The internal state of the
> pseudo random number generator (PRNG) that the software utilizes to
> create transaction IDs can be determined by remote attackers. BIND 9
> versions up to 9.4.1 are affected.
> Ref: https://rhn.redhat.com/errata/RHSA-2007-0740.html
> ______________________________________________________________________
>
> 07.31.41 CVE: Not Available
> Platform: Cross Platform
> Title: Kerio MailServer Attachment Filter Unspecified
> Description: Kerio MailServer is a mail server designed for use with
> Microsoft Windows, Apple Mac OS X, Linux and Unix variant operating
> systems. The application is exposed to an unspecified issue due to an
> error in the attachment filter. Kerio MailServer versions prior to
> 6.4.1 are affected.
> Ref: http://www.securityfocus.com/bid/25038
> ______________________________________________________________________
>
>
> 07.31.46 CVE: Not Available
> Platform: Cross Platform
> Title: Multiple Norman Virus Control Products LZH Multiple
> Buffer Overflow Vulnerabilities
> Description: Norman Virus Control is an antivirus application
> available for various operating systems. Multiple Norman Virus Control
> Products are prone to three buffer overflow issues because the
> applications fail to bounds check user-supplied data before copying it
> into an insufficiently sized buffer.
> Ref: http://www.nruns.com/parsing-engines-advisories.php
> ______________________________________________________________________
>
> 07.31.47 CVE: Not Available
> Platform: Cross Platform
> Title: Norman Virus Control ACE Parsing Buffer Overflow
> Description: Norman Virus Control is an antivirus application
> available for various operating systems. The application is exposed to
> a buffer overflow issue because it fails to properly bounds check
> user-supplied data before copying it into an insufficiently sized
> buffer when parsing specially crafted "ACE" files. Virus Control
> version 5.90 is affected.
> Ref: http://www.nruns.com/parsing-engines-advisories.php
> ______________________________________________________________________
>
> 07.31.50 CVE: Not Available
> Platform: Cross Platform
> Title: ESET NOD32 Antivirus Multiple Remote Vulnerabilities
> Description: ESET NOD32 Antivirus is an antivirus application
> available for Microsoft Windows, Novell, UNIX, Linux, and other
> UNIX-like operating systems. The application is exposed to multiple
> remote issues, including a heap memory corruption issue due to a
> race condition, a denial of service issue when parsing specially
> crafted "ASPACK" packed files, and a denial of service issue resulting
> from a divide-by-zero condition. ESET NOD32 versions prior to 2.2289
> are affected.
> Ref: http://www.nruns.com/parsing-engines-advisories.php
> ______________________________________________________________________
>
> 07.31.95 CVE: Not Available
> Platform: Network Device
> Title: Cisco Wireless LAN Control ARP Storm Multiple Denial of Service
> Vulnerabilities
> Description: The Cisco Wireless LAN Controller (WLC) manages Cisco
> Aironet access points using the Lightweight Access Point Protocol
> (LWAPP). The application is exposed to multiple denial of service
> issues because the application fails to properly handle unicast ARP
> traffic. Cisco Wireless LAN Control versions 3.2, 4.0 and 4.1 are
> affected.
> Ref:
> http://www.cisco.com/en/US/products/products_security_advisory
> 09186a008088ab28.shtml
> ________________________________________________________________
>
>
> (c) 2007.  All rights reserved.  The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only.  In some
> cases, copyright for material in this newsletter may be held
> by a party
> other than Qualys (as indicated herein) and permission to use such
> material must be requested from the copyright owner.
>
> ==end==
>



 




Copyright © Lexa Software, 1996-2009.