ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 20



> 
> **********************
> Widely-Deployed Software
> **********************
> 
> 1) CRITICAL: Microsoft Word Memory Corruption/Remote Code Execution
> Affected:
> Microsoft Word 2000 and later
> 
> Description: A critical vulnerability exists in Microsoft 
> Word 2000 and
> later versions. This vulnerability was not reported publicly. It was
> discovered when a virus exploiting this vulnerability was seen in the
> wild. Analysis of the virus has revealed that specially-crafted
> Microsoft Word documents can result in code execution when opened on a
> vulnerable system. The currently spreading virus installs a trojan on
> vulnerable systems. There is no patch available; users of the 
> vulnerable
> software should not open Word documents from untrusted sources. Users
> are advised to keep their antivirus signatures updated, and 
> be prepared
> to deploy a patch from Microsoft. Users should also keep 
> watch for signs
> of a targeted attack on their systems. Some known behavior of 
> the virus
> includes HTTP access to the hostname "localhosts.3322.org". 
> Users should
> monitor DNS queries and investigate any attempts to resolve this
> address. Note that the owner of this domain has changed the IP address
> for which this resolves several times.
> 
> Status: Microsoft confirmed. Update expected to be released as part of
> the next update cycle.
> 
> References:
> SecurityFocus BID
> http://www.securityfocus.com/bid/18037/
> eWeek Article
> http://www.eweek.com/article2/0,1895,1965042,00.asp
> SANS Internet Storm Center Handler's Diary Entry
> http://isc.sans.org/diary.php?storyid=1346
> Microsoft Windows Live Safety Center
> http://safety.live.com
> 
> - ----------------------------------------------------------------
> 
> 4) CRITICAL: Cyrus imapd Remote Buffer Overflow
> Affected:
> Cyrus imapd version 2.3.2 and prior
> 
> Description: Cyrus imapd is a popular IMAP (Internet Message Access
> Protocol) mail server maintained by Project Cyrus at Carnegie Mellon
> University. Recent versions of the software suffer from a 
> remote buffer
> overflow vulnerability. A specially-crafted IMAP request can trigger
> this buffer overflow and can result in malicious code injection. Note
> that the imapd "popsubfolders" option must be enabled for a server to
> be vulnerable. This option is not enabled by default, but is commonly
> enabled after installation to allow POP users subfolder 
> access (normally
> only available via IMAP). Technical details and a proof-of-concept
> exploit are known to be in the wild. Note that the attacker 
> need not be
> authenticated to exploit this vulnerability.
> 
> Status: Project Cyrus has not confirmed, no updates are available.
> 
> References:
> Project Cyrus Home Page
> http://cyrusimap.web.cmu.edu/
> Full Disclosure Posting (includes technical details)
> http://archives.neohapsis.com/archives/fulldisclosure/2006-05/
> 0527.html
> SecurityFocus BID
> http://www.securityfocus.com/bid/18056
> 
> - ----------------------------------------------------------------
> 
> 5) MODERATE: Sender Policy Framework Library Remote Format 
> String Vulnerability
> Affected:
> libspf version 1.0.0-p5
> 
> Description: The libspf library is an implementation of the Sender
> Policy Framework. The Sender Policy Framework is a DNS-based system to
> reduce unsolicited email ("spam") by verifying the servers authorized
> to send email for a given DNS domain. This library is widely deployed
> on many email servers. Multiple vulnerabilities have been 
> discovered in
> this library, allowing an attacker to execute arbitrary code on a
> vulnerable server by specifying a specially-crafted email address or
> domain name. Note that only servers running with debugging enabled are
> vulnerable.
> 
> Status: libspf confirmed, patch released.
> 
> References:
> libspf Home Page
> http://www.libspf.org/
> Sender Policy Framework Home Page
> http://www.openspf.org/
> Sender Policy Framework Specification
> http://new.openspf.org/Specifications
> FrSIRT Security Advisory
> http://www.frsirt.com/english/advisories/2006/1846
> SecurityFocus BID
> Not yet available.
> - ----------------------------------------------------------------
> 
> 06.20.1 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Word Unspecified Remote Code Execution
> Description: Microsoft Word is prone to an unspecified remote code
> execution vulnerability. The cause of this issue is currently unknown.
> This issue is being actively exploited in the wild to place a backdoor
> named Backdoor.Ginwui on targeted computers through a trojan named
> Trojan.Mdropper.H. Microsoft Word versions 2003 and earlier are
> vulnerable.
> Ref: http://www.securityfocus.com/bid/18037
> ______________________________________________________________________
> 
> 06.20.3 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: RealVNC Remote Authentication Bypass
> Description: RealVNC is susceptible to an authentication bypass
> vulnerability. This issue is due to a flaw in the authentication
> process of the affected package. This allows them to gain full control
> of the VNC server session. RealVNC version 4.1.1 is vulnerable.
> Ref: http://www.securityfocus.com/bid/17978
> ______________________________________________________________________
 



 




Copyright © Lexa Software, 1996-2009.