Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 3
>
> *****************************
> Widely Deployed Software
> *****************************
>
> (1) CRITICAL: Microsoft Windows Multiple Networking
> Vulnerabilities (MS08-001)
> Affected;
> Microsoft Windows 2000
> Microsoft Windows XP
> Microsoft Windows Server 2003
> Microsoft Windows Vista
>
> Description: Microsoft Windows contains multiple flaws in its handling
> of certain network protocols. Flaws exist in the handling of Internet
> Control Message Protocol (ICMP), Internet Group Management Protocol
> (IGMP), and Multicast Listener Discovery (MLD). A specially crafted
> message in one of these protocols could trigger a memory corruption
> condition in the Windows kernel. Successfully exploiting one of these
> vulnerabilities would allow an attacker to execute arbitrary code with
> kernel-level privileges. Note that Router Discovery Protocol
> (RDP) must
> be active for systems to be vulnerable to the ICMP processing
> flaw. This
> protocol is disabled by default on all versions of Microsoft Windows.
> Some technical details are publicly available for these
> vulnerabilities.
>
> Status: Microsoft confirmed, updates available.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
> Wikipedia Article on ICMP
> http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
> Wikipedia Article on IGMP
> http://en.wikipedia.org/wiki/Internet_Group_Management_Protocol
> Wikipedia Article on MLD
> http://en.wikipedia.org/wiki/Multicast_Listener_Discovery
> Wikipedia Article on RDP
> http://en.wikipedia.org/wiki/ICMP_Router_Discovery_Protocol
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/27100
> http://www.securityfocus.com/bid/27139
>
> *******************************
>
> (4) CRITICAL: Apple QuickTime Player RTSP/HTTP Response
> Buffer Overflow
> Affected:
> Apple QuickTime versions 7.3.1 and prior
>
> Description: Apple QuickTime is Apple's streaming media framework for
> Apple Mac OS X and Microsoft Windows. It contains a flaw in
> its handling
> of responses sent by remote servers when attempting to stream
> media from
> them. An overlong Hypertext Transfer Protocol (HTTP) error response
> could trigger a buffer overflow in QuickTime Player. Successfully
> exploiting this buffer overflow would allow an attacker to execute
> arbitrary code with the privileges of the current user. This
> vulnerability manifests itself when HTTP is used as a fallback from a
> failed Real Time Transport Protocol (RTSP) connection. Note that
> QuickTime may launch automatically upon encountering a malicious link,
> depending upon configuration. Full technical details and a
> proof-of-concept are publicly available for this vulnerability.
>
> Status: Apple has not confirmed, no updates available.
>
> References:
> Advisory by Luigi Auriemma (includes proof-of-concept)
> http://aluigi.altervista.org/adv/quicktimebof-adv.txt
> Apple QuickTime Home Page
> http://www.apple.com/quicktime/
> SecurityFocus BID
> http://www.securityfocus.com/bid/27225
>
>
> (10) MODERATE: Microsoft Rich Text Box ActiveX Control
> Arbitrary File Overwrite
> Affected:
> Microsoft Rich Text Box ActiveX Control
>
> Description: The Microsoft Rich Text Box ActiveX control
> provides a user
> interface widget for editing Rich Text Format (RTF) documents. This
> control provides a "SaveFile" method that, when called, will save the
> contents of the text box to an arbitrary file on the system.
> A specially
> crafted web page that instantiated this control would be able
> to exploit
> this vulnerability to create or overwrite arbitrary files with the
> privileges of the current user. A proof-of-concept is
> publicly available
> for this vulnerability.
>
> Status: Microsoft has not confirmed, no updates available. Users can
> mitigate the impact of this vulnerability by disabling the affected
> control via Microsoft's "kill bit" mechanism for CLSID
> "B617B991-A767-4F05-99BA-AC6FCABB102E".
>
> References:
> Proof-of-Concept
> http://milw0rm.com/exploits/4874
> Wikipedia Article on Rich Text Format
> http://en.wikipedia.org/wiki/Rich_Text_Format
> Widget Developer Documentation
> http://technet.microsoft.com/en-us/library/s2t5aae7(VS.80).aspx
> Microsoft Knowledge Base Article (details the "kill bit" mechanism)
> http://support.microsoft.com/kb/240797
> SecurityFocus BID
> http://www.securityfocus.com/bid/27201
>
>
> 08.3.38 CVE: CVE-2007-6420, CVE-2007-6421, CVE-2007-6422,
> CVE-2007-6423
> Platform: Cross Platform
> Title: Apache "mod_proxy_balancer" Multiple Vulnerabilities
> Description: Apache is exposed to multiple vulnerabilities affecting
> the "mod_proxy_balancer" module. Apache versions 2.2.6, 2.2.5, 2.2.4,
> 2.2.3, 2.2.2 and 2.2.0 are affected.
> Ref: http://www.securityfocus.com/archive/1/486169
> ______________________________________________________________________
>
> 08.3.45 CVE: CVE-2007-6388
> Platform: Web Application - Cross Site Scripting
> Title: Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 "mod_status"
> Cross-Site Scripting
> Description: The Apache HTTP Server mod_status module provides
> information on server activity. The module is exposed to a cross-site
> scripting issue because it fails to properly sanitize user-supplied
> input to unspecified parameters. Specifically, this issue occurs when
> the "server-status" page is publicly accessible. Apache versions prior
> to 2.2.7-dev, 2.0.62-dev and 1.3.40-dev are affected.
> Ref: http://httpd.apache.org/security/vulnerabilities_22.html
> ______________________________________________________________________
> (c) 2008. All rights reserved. The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only. In some
> cases, copyright for material in this newsletter may be held
> by a party
> other than Qualys (as indicated herein) and permission to use such
> material must be requested from the copyright owner.
>
> Subscriptions: @RISK is distributed free of charge by the
> SANS Institute
> to people responsible for managing and securing information
> systems and
> networks. You may forward this newsletter to others with such
> responsibility inside or outside your organization.
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
>
> iEYEARECAAYFAkeLvfEACgkQ+LUG5KFpTkYCVwCgiqdwJGCLyaPoOK5cs2azB+5X
> 3AUAn3pojZS+1jssGPcHjHqyouzOgXPC
> =rq2B
> -----END PGP SIGNATURE-----
>
|