>
> **************************
> Widely-Deployed Software
> **************************
>
> (1) CRITICAL: HP OpenView Multiple Remote Command Execution
> Affected: HP OpenView Storage Data Protector Versions 5.1 and 5.5
> HP OpenView Network Node Manager Versions 6.20, 6.4x, 7.01, and 7.50
>
> Description: HP OpenView, a popular enterprise system management and
> monitoring solution, is vulnerable to several undisclosed
> remote command
> execution vulnerabilities due to improperly-validated input. Both the
> Network Node Manager (system monitoring and management) and
> Storage Data
> Protector (backup and data management) products are affected.
> Users are
> advised to block access to these systems from the Internet and other
> untrusted hosts. Note that these products often run with privileged
> access.
>
> Status: HP confirmed, patches released.
>
> Council Site Actions: The responding council sites using the affected
> software have notified their respective support teams and
> plan to deploy
> the patches during their next regularly scheduled system update. They
> also block OpenView access at their network security perimeters.
>
> References:
> HP OpenView Home Page
>
> HP Security Bulletin (Network Node Manager)
> ?
> objectID=c00672314
> HP Security Bulletin (Storage Data Protector)
> ?
> objectID=c00671912
> SecurityFocus BID (Network Node Manager)
>
> SecurityFocus BID (Storage Data Protector)
>
> - ----------------------------------------------------------------
>
> (2) CRITICAL: Symantec AntiVirus Remote Buffer Overflow
> Affected: Symantec Anti-Virus version 10.x and prior
>
> Description: Symantec AntiVirus is vulnerable to a remote buffer
> overflow. By sending specially-crafted requests to the
> antivirus engine,
> a remote user can exploit this buffer overflow and execute malicious
> code with "SYSTEM" privileges. No user interaction is required on the
> vulnerable system and the system is vulnerable in its default
> configuration.
>
> Status: Symantec confirmed. Updates available.
>
> Council Site Actions: The responding council sites that are using the
> affected software will deploy the vendor patch over the next
> few weeks.
>
> References:
> Symantec AntiVirus Corporate Edition Home Page
>
> Symantec Security Advisory
>
> /2006.05.25.html
> eEye Security Advisory
>
> SecurityFocus BID
>
> - ----------------------------------------------------------------
>
> (6) LOW: PostgreSQL Multibyte Encoding Security Bypass and
> SQL Injection
> Affected: PostgreSQL versions 8.1.4, 8.0.8, 7.4.13, 7.3.15 and prior.
>
> Description: PostgreSQL is an extremely popular and
> widely-deployed Open
> Source SQL database system. It also forms the basis of several other
> widely-deployed database engines, including RedHat's RedHat Database.
> The server suffers from a potential SQL injection and security bypass
> vulnerability due to a failure to properly validate multibyte
> character
> encodings when interacting with non-encoding-aware client-side
> applications. Specifically, when used with applications that treat
> multibyte characters as single characters, an attacker can submit
> specially-crafted multibyte strings to the server, which will
> interpret
> them as valid SQL commands. Note that most client applications are not
> encoding-aware and are therefore open to this vulnerability. Injected
> SQL commands will be run with the privileges of the client application
> on the server. Technical details for this vulnerability have
> been posted
> and simple proofs-of-concept are available.
>
> Status: PostgreSQL confirmed, updates available.
>
> Council Site Actions: At the reporting council sites the affected
> application is not used for any central IT services. The
> sites are still
> assessing whether their deployed configurations have a chance of
> exploitation.
>
> References:
> PostgreSQL Home Page
>
> PostgreSQL Security Advisories (includes detailed technical
> information)
>
> Secunia Security Advisory
>
> Internet Storm Center Handler's Diary Entry
>
> SecurityFocus BID
>
>
> **********************
> Other Software
> **********************
>
> (7) UPDATE: Metasploit 2.6 Released
> Description: Metasploit is a popular Open Source platform for
> developing
> and deploying security exploits. Version 2.6 of this platform has been
> released, and contains 143 exploits, 43 new since the last
> release. Many
> of these exploits are for still-current vulnerabilities.
>
> References:
> Metasploit Home Page
>
> Metasploit 2.6 Release Notes
>
> Internet Storm Center Handler's Diary Entry
>
>
>
> 06.21.3 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Skype Technologies Skype URI Handling Remote File Download
> Description: Skype from Skype Technologies is peer-to-peer
> communications software that provides for Internet-based voice
> communications. Skype is prone to an arbitrary file download
> vulnerability. This issue is due to improper Skype URI handling. This
> issue is triggered by specially crafted, malformed Skype URIs. If an
> unsuspecting user follows these URIs, Skype will be launched, and an
> attacker-specified file will automatically be downloaded from the
> victim user's computer to the attacker. This issue allows remote
> attackers to transfer files from one Skype user to another, provided
> the recipient user has previously approved downloads.
> Ref:
> ______________________________________________________________________
>
> 06.21.6 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Symantec Antivirus Remote Unspecified Code Execution
> Description: Symantec Antivirus is susceptible to an unspecified
> remote code execution issue which allows remote attackers to execute
> arbitrary machine code with SYSTEM-level privileges. Symantec
> Antivirus version 10 is affected.
> Ref:
> ______________________________________________________________________
>
> 06.21.8 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel SNMP NAT Helper Remote Denial of Service
> Description: The Linux SNMP NAT helper is susceptible to a remote
> denial of service vulnerability. This issue arises in the
> "snmp_trap_decode()" function when certain SNMP packets are processed.
> Specifically, the application improperly frees memory under various
> circumstances and crashes when the "ip_nat_snmp_basic" module is
> loaded and NAT is enabled on TCP ports 161 or 162. Kernel versions
> prior to 2.6.16.18 are vulnerable to this issue.
> Ref:
> ______________________________________________________________________
>
> 06.21.9 CVE: CVE-2006-1858,CVE-2006-1857
> Platform: Linux
> Title: Linux Kernel SCTP Multiple Remote Denial of Service
> Vulnerabilities
> Description: The Linux kernel SCTP module is vulnerable to multiple
> remote denial of service issues when the kernel handles unexpected
> SCTP packets. The Linux kernel versions 2.6.16 and earlier are
> vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.21.10 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel Choose_New_Parent Local Denial of Service
> Description: The Linux kernel is prone to a local denial of service
> vulnerability. This issue is due to a design error in the
> "choose_new_parent" function. This vulnerability allows local users to
> cause a kernel panic, denying further service to legitimate users.
> This issue affects Linux kernel versions prior to 2.6.11.12.
> Ref:
> ______________________________________________________________________
>
> 06.21.11 CVE: CVE-2006-1528
> Platform: Linux
> Title: Linux Kernel SG Driver Direct IO Local Denial of Service
> Description: The Linux kernel is prone to a local denial of service
> vulnerability. This issue is due to a design error in the SG driver.
> This issue presents itself when direct IO mixed with memory-mapped
> files is performed on SG devices. This causes a kernel panic due to
> unexpectedly empty entries in the scatter-gather list. This issue
> affects Linux kernel versions prior to 2.6.13.
> Ref:
> ______________________________________________________________________
>
> 06.21.16 CVE: CVE-2006-2502
> Platform: Unix
> Title: Cyrus IMAPD POP3D Remote Buffer Overflow
> Description: Cyrus IMAPD is an open-source Interactive Mail Access
> Protocol (IMAP) daemon. It is vulnerable to a remote buffer overflow
> issue due to insufficient sanitization of POP3D USER commands. Cyrus
> IMAPD version 2.3.2 is vulnerable.
> Ref:
>
> 0527.html
> ______________________________________________________________________
>
> 06.21.18 CVE: Not Available
> Platform: Cross Platform
> Title: Sun Java Runtime Environment Nested Array Objects Denial of
> Service
> Description: The Sun Java Runtime Environment is vulnerable to a
> denial of service vulnerability. This issue is due to a failure of the
> process to handle exceptional conditions when dealing with nested
> array objects. This issue is reported to affect Java Runtime
> Environment versions up to 1.4.2_11 and 1.5.0_06. This issue will
> crash Internet browsers running an affected Java plug-in.
> Ref:
> ______________________________________________________________________
>
> 06.21.19 CVE: Not Available
> Platform: Cross Platform
> Title: Multiple Browsers Exception Handling Information Disclosure
> Description: Multiple browsers are prone to an information disclosure
> vulnerability. The problem occurs during exception handling in
> "nsSidebar.js" when viewing malformed pages. When an exception occurs
> the data sent to the server includes the full installation directory
> of the client application. Please visit the referenced link for more
> details.
> Ref:
> ______________________________________________________________________
>
> 06.21.23 CVE: CVE-2006-2314, CVE-2006-2313
> Platform: Cross Platform
> Title: PostgreSQL Multibyte Character Encoding SQL Injection
> Vulnerabilities
> Description: PostgreSQL is an open-source relational database suite.
> PostgreSQL is prone to SQL injection vulnerabilities. These issues are
> due to a potential mismatch of multibyte-character conversions between
> PostgreSQL servers and client applications. Attackers may exploit the
> first issue by including invalid multibyte characters to bypass
> standard string-escape methods. Attackers can exploit the second issue
> in certain circumstances when database-using applications use the
> non-standard "" character to escape the single quote character, rather
> than the SQL standards compliant "'" escaping method. PostgreSQL
> versions prior to 7.3.15, 7.4.13, 8.0.8, and 8.1.4 are vulnerable to
> these issues.
> Ref:
> ______________________________________________________________________
>
> 06.21.24 CVE: Not Available
> Platform: Cross Platform
> Title: HP OpenView Storage Data Protector Remote Arbitrary Command
> Execution
> Description: HP OpenView Storage Data Protector is a data management
> product for backup and recovery operations. It is affected by a remote
> command execution issue. All current versions are affected.
> Ref:
> ______________________________________________________________________
> 06.21.55 CVE: Not Available
> Platform: Web Application
> Title: HP OpenView Network Node Manager Multiple Remote
> Vulnerabilities
> Description: HP OpenView Network Node Manager is a fault management
> application for IP networks. It is prone to multiple remote
> vulnerabilities. Remote, unauthorized privileged access, arbitrary
> command execution, and arbitrary file creation vulnerabilities affect
> Network Node Manager. Attackers may exploit these issues to execute
> arbitrary commands in the context of the affected process, create
> arbitrary files, or to gain privileged access.
> Ref:
> ______________________________________________________________________
>
