>
> *************************
> Widely Deployed Software
> *************************
>
> (0) CRITICAL: IE WebViewFolderIcon ActiveX Control Remote
> Code Execution
> Affected:
> Windows 2000 SP4/XP SP1/XP SP2
>
> Description: The 0-day vulnerability in WebViewFolderIcon ActiveX
> Control discussed in a previous issue of the @RISK newsletter is now
> getting exploited in the wild. Security researchers last week publicly
> posted exploit code that can be used to compromise a Windows
> system when
> an IE user browses a malicious webpage.
>
> Status: Microsoft confirmed, no updates yet available. A workaround is
> to set the kill bits for the following UUIDs:
> "844F4806-E8A8-11d2-9652-00C04FC30871" and
> "E5DF9D10-3B52-11D1-83E8-00A0C90DC849".
>
> References:
> Microsoft Security Advisory
>
> SANS Handler's Diary Discussion
>
> Previous @RISK Newsletter Posting
>
> Patch from ZERT and Determina (third-party patches, not
> tested by Microsoft)
>
>
> How to Killbit ActiveX Controls
>
> Exploit Code
>
>
>
> **************************************************************
> **********
>
> (1) HIGH: Microsoft PowerPoint Remote Code Execution
> Affected:
> Microsoft PowerPoint 2000/2002/2003
> Microsoft PowerPoint 2004/v.X for Mac
>
> Description: Microsoft PowerPoint is vulnerable to a
> remotely-exploitable code execution vulnerability. A specially-crafted
> PowerPoint file, when opened, can execute arbitrary code with the
> privileges of the current user. No technical details for this
> vulnerability have been publicly posted but a Trojan has been seen in
> the wild. The Trojan is currently identified as
> "Trojan.PPDropper.F" by
> some antivirus software. It is believed that this issue is related to
> the issue disclosed in a previous @RISK entry (see the references
> below). The currently-known variant has been seen to connect
> to the host
> "mylostlove1.6600.org", though other variants may connect elsewhere.
> Users are advised to monitor network access logs to see if
> this host is
> being actively contacted.
>
> Status: Microsoft confirmed, no updates available.
>
> Council Site Actions: All of the responding council sites are waiting
> on a patch from the vendor. They will deploy during their
> next regularly
> schedule system update cycle.
>
> References:
> Microsoft Security Advisory
>
> Previous @RISK Entry
>
Y#widely3
> SANS Internet Storm Center Handler's Diary Entry
>
> SecurityFocus BID
>
>
> ****************************************************************
> ****************************************************************
>
> (3) HIGH: OpenSSL ASN.1 Remote Buffer Overflow
> Affected:
> OpenSSL version 0.9.8c and prior
> OpenSSL version 0.9.7k and prior
>
> Description: OpenSSL, an open source implementation of the Secure
> Sockets Layer, contains a remotely-exploitable buffer overflow in its
> handling of ASN.1-encoded data. OpenSSL is used in a wide variety of
> applications; including many applications designed for
> security, and is
> installed by default on most UNIX, Linux, BSD, and Mac OS X
> systems. By
> sending a specially-crafted request to a vulnerable application using
> OpenSSL, an attacker could trigger this buffer overflow and execute
> arbitrary code with the privileges of the vulnerable application. Note
> that, because OpenSSL is open source, technical details for this
> vulnerability may be easily obtained via source code analysis.
>
> Status: OpenSSL confirmed, updates available.
>
> Council Site Actions: Two of the responding council sites
> are using the
> affected software and are in the process of investigating how this
> vulnerability affects them.
>
> References: OpenSSL Security Advisory
> Wikipedia
> Article on the
> Secure Sockets Layer
> Wikipedia Article on ASN.1 OpenSSL
> Home Page SecurityFocus BID
>
>
> ****************************************************************
>
> (4) MODERATE: GNU gzip Multiple Remote Vulnerabilities
> Affected:
> GNU gzip versions 1.3.5 and prior
>
> Description: GNU gzip, the GNU project's popular compression tool,
> contains multiple remotely-exploitable vulnerabilities. A specially
> crafted gzip-compressed file could trigger these vulnerabilities and
> execute arbitrary code with the privileges of the current
> user. The gzip
> program is installed on all Linux, BSD, and Mac OS X systems, and is
> common on most UNIX systems. On these systems, it is generally the
> preferred compression method. Note that, because gzip is open source,
> technical details for this vulnerability may be easily obtained via
> source code analysis.
>
> Status: Some vendors, notably FreeBSD, have released patches for the
> versions of gzip included in their operating system distributions.
>
> Council Site Actions: Only one of the responding council
> sites is using
> the affected software. Their Red Hat Linux systems will be
> updated via
> the Up2Date cycle. They are still investigating whether the
> vulnerability affects them on other O/S platforms.
>
> References:
> Red Hat Security Advisory
>
> GNU gzip Home Page
>
> GNU Project Home Page
>
> SecurityFocus BID
>
>
> ****************************************************************
>
> (5) MODERATE: Mozilla Firefox Unconfirmed Remote Code Execution
> Affected:
> Mozilla Firefox versions 1.5.8 and possibly prior
>
> Description: An unconfirmed remote code execution vulnerability in
> Mozilla Firefox has been reported. A specially-crafted web page
> containing JavaScript could result in arbitrary code
> execution with the
> privileges of the current user. No technical details for this
> vulnerability have been publicly posted.
>
> Status: Mozilla has not confirmed, no updates available.
>
> References:
> Story on ZDNet
>
> Mozilla Firefox Home Page
>
> SecurityFocus BID
>
>
> ****************************************************************
>
> (7) LOW: OpenSSH Remote Race Condition
> Affected:
> OpenSSH version 4.3 and prior
> Portable OpenSSH versions 4.3 and prior
>
> Description: OpenSSH, a popular implementation of the Secure Shell
> protocol, contains a remotely-exploitable race condition. OpenSSH
> servers configured to use GSSAPI (General Security Services
> Application
> Programming Interface) services are vulnerable to this race condition.
> By sending specially-crafted traffic to a vulnerable system,
> an attacker
> could theoretically execute arbitrary code with root privileges
> (Portable OpenSSH) or cause a denial-of-service condition (OpenSSH).
> Note that this vulnerability is currently believed to be only
> theoretical; it is not believed to be practically exploitable under
> normal conditions.
>
> References:
> OpenSSH Release Announcement
>
> OpenSSH Home Page
>
> Wikipedia Entry on GSSAPI
>
> tion_Program_Interface
> SecurityFocus BID
>
>
> ______________________________________________________________________
>
> 06.39.2 CVE: CVE-2006-4694
> Platform: Microsoft Office
> Title: Microsoft PowerPoint Unspecified Remote Code Execution
> Description: Microsoft PowerPoint is prone to an unspecified remote
> code execution vulnerability. This issue can allow remote attackers to
> execute arbitrary code on a vulnerable computer by supplying a
> malicious PowerPoint document to a user. This issue is being actively
> exploited in the wild as Trojan.PPDropper.F. This vulnerability is
> currently known to affect Microsoft Office 2000, Office XP and Office
> 2003.
> Ref:
> ______________________________________________________________________
>
> 06.39.24 CVE: CVE-2006-3738
> Platform: Unix
> Title: OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow
> Description: OpenSSL is an open source implementation of the SSL
> protocol. It is exposed to a buffer overflow issue due to a failure of
> the library to properly bounds check user-supplied input prior to
> copying it to an insufficiently sized memory buffer.
> Ref:
> ______________________________________________________________________
> ______________________________________________________________________
>
> 06.39.27 CVE: Not Available
> Platform: Cross Platform
> Title: CA eTrust Security Command Center and eTrust Audit Multiple
> Vulnerabilities
> Description: CA eTrust Security Command Center (eSCC) is security
> system management application. eTrust Audit is a system auditing
> application for the enterprise. These applications are prone to
> multiple unspecified information disclosure and replay
> vulnerabilities. Multiple versions are reportedly vulnerable; please
> see the advisory for further details.
> Ref:
> ______________________________________________________________________
>
> 06.39.29 CVE: Not Available
> Platform: Cross Platform
> Title: Portable OpenSSH GSSAPI Remote Code Execution
> Description: OpenSSH is a freely available, open-source implementation
> of the Secure Shell protocol. Portable OpenSSH is the same code base
> with portability enhancements to enable the applications to run on a
> variety of platforms. Portable OpenSSH is susceptible to a remote code
> execution vulnerability. The issue derives from a race condition in a
> vulnerable signal handler.
> Ref:
> ______________________________________________________________________
>
> 06.39.30 CVE: Not Available
> Platform: Cross Platform
> Title: Portable OpenSSH GSSAPI Authentication Abort Information
> Disclosure
> Description: Portable OpenSSH is susceptible to an information
> disclosure weakness. The issue derives from a GSSAPI authentication
> abort which can be used to determine the existence and validity of
> usernames on unspecified platforms. Portable OpenSSH versions 4.3p1
> and prior exhibit this weakness.
> Ref:
> ______________________________________________________________________
>
> 06.39.31 CVE: CVE-2006-4343
> Platform: Cross Platform
> Title: OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service
> Description: OpenSSL is an implementation of the SSL protocol. It is
> affected by a denial of service issue which affects the SSLv2 client
> code.
> Ref:
> ______________________________________________________________________
>
> 06.39.32 CVE: CVE-2006-2940
> Platform: Cross Platform
> Title: OpenSSL Public Key Processing Denial of Service
> Description: OpenSSL is an open source implementation of the SSL
> protocol. It is vulnerable to a denial of service issue when an
> attacker uses malicious public key data to connect to a vulnerable
> server. See the advisory for further details.
> Ref:
> ______________________________________________________________________
