>
> Windows laptops with wireless cards that use Broadcom device drivers
> (Broadcom chips are used in machines from HP, Dell, Gateway, and
> eMachines) are directly vulnerable to the attack that has
> gotten so much
> press on Macintosh wireless. You are vulnerable if your wireless card
> is turned on, even if you are not connected to a wireless
> access point.
> Also this week, Firefox users should move to version 1.5.0.8
> or version
> 2 right away, and, separately, updates should be installed
> for OpenView
> Configuration Manager V. 1.0.
> Alan
> ****************************
> Widely Deployed Software
> ****************************
>
> (1) HIGH: Broadcom Wireless Device Driver Buffer Overflow
> Affected:
> Broadcom BCMWL5.SYS Driver version 3.50.21.10 and possibly prior
>
> Description: The Broadcom BCWML5.SYS device driver, used to control
> Broadcom wireless cards, contains a buffer overflow vulnerability. By
> sending an overly-long SSID in a probe response, an attacker could
> exploit this buffer overflow and take complete control of the
> vulnerable
> system. No authentication is required, and attackers need
> only be within
> wireless range of the vulnerable system. This driver is primarily
> designed for Microsoft Windows systems, but it is believed to be
> compatible with the "NdisWrapper" cross-platform driver framework,
> making it possible to run this driver under Linux on the
> Intel platform.
> This vulnerability was discovered as part of a project to
> discover bugs
> in various operating systems' kernels. A working exploit is available
> for this vulnerability. This vulnerability is similar to one
> discovered
> for Mac OS X and documented in an earlier issue of @RISK.
>
> Status: Some vendors have supplied patches for this vulnerability for
> their wireless cards.
>
> References:
> Month of Kernel Bugs Security Advisory
>
> Metasploit Exploit Module
>
> ndows/driver/broadcom_wifi_ssid.rb
> Broadcom Wireless Home Page
>
> Wikipedia Entry on Device Drivers
>
> NdisWrapper Home Page
>
> Previous @RISK Entry
>
> erabilities1
>
> ****************************************************************
>
> (2) HIGH: Mozilla Products Multiple Vulnerabilities
> Vulnerable:
> Mozilla Firefox versions prior to 1.5.0.8
> Mozilla Thunderbird versions prior to 1.5.0.8
> Mozilla SeaMonkey versions prior to 1.0.6
>
> Description: Several products based on the Mozilla suite of
> applications, including the Mozilla Firefox web browser, the Mozilla
> Thunderbird email client, and the Mozilla SeaMonkey integrated suite,
> contain multiple vulnerabilities. These vulnerabilities could allow a
> malicious web page or email message to execute arbitrary code with the
> privileges of the current user, or execute arbitrary JavaScript code.
> Several denial-of-service cases are also reported. Note that
> all of the
> affected applications are open source; technical details can
> be obtained
> via source code analysis.
>
> Status: Mozilla Foundation confirmed, updates available.
>
> Council Site Actions: Only two of the reporting council sites are
> responding to this item. One site is already distributing the updates.
> The other site plans to update their IT maintained systems later this
> month. Most of their non-IT-supported users have the product
> configured
> to automatically check and install updates.
>
> References:
> Mozilla Security Advisories
>
>
>
> SANS Internet Storm center Handler's Diary Entry
>
> SecurityFocus BID
>
>
> ****************************************************************
>
> (4) MODERATE: ProFTPD Unspecified Remote Code Execution
> Vulnerable:
> ProFTPD version 1.3 and possibly prior
>
> Description: ProFTPD, a popular multiplatform open source FTP server,
> contains an unspecified vulnerability. Attackers could exploit this
> vulnerability to execute arbitrary code with the privileges of the
> server process. The exact nature of this vulnerability is currently
> unknown, though it is believed to involve the "CommandBufferSize"
> configuration directive. Although technical details for this
> vulnerability have not been publicly posted, because ProFTPD is open
> source, technical details can be obtained via source code analysis.
>
> Council Site Actions: Have seen conflicting severity ratings for this
> (Moderate Critical), still reviewing
>
> References:
> ProFTP Home Page
>
> SecurityFocus BID
>
>
> ****************************************************************
>
> (5) MODERATE: Citrix MetaFrame IMA Management Module Multiple
> Vulnerabilities
> Vulnerable:
> Citrix MetaFrame XP versions 1.0 and 2.0
> Citrix MetaFrame Presentation Server versions 3.0 and 4.0
>
> Description: Citrix MetaFrame contains multiple
> vulnerabilities: (1) By
> sending a specially-crafted authentication messages to the server, an
> attacker could trigger a heap overflow. This overflow can be exploited
> to execute arbitrary code with the privileges of the server
> process. (2)
> Specially-crafted messages sent to the server can cause the server to
> crash, leading to a denial-of-service condition.
>
> Status: Citrix confirmed, updates available.
>
> Council Site Actions: Only one of the reporting council sites is
> responding to this item. Their desktop support team is currently
> investigating the impact at their organization.
>
> References:
> Zero Day Initiative Advisory
>
> Citrix Security Advisory
>
> SecurityFocus BID
>
>
> ****************************************************************
>
> (6) LOW: OpenSSH Authentication Signature Weakness
> Affected:
> OpenSSH versions prior to 4.5
>
> Description: OpenSSH, an open source implementation of the
> SSH protocol,
> contains a weakness in its authentication mechanisms. It may
> be possible
> to authenticate to an OpenSSH process with an invalid key
> signature. It
> is currently believed that this vulnerability is not
> exploitable without
> the presence of other vulnerabilities. OpenSSH is open source
> software;
> technical details for this vulnerability may be obtained via
> source code
> analysis.
>
> Status: OpenSSH confirmed, updates available.
>
> References:
> OpenSSH Home Page
>
> OpenSSH 4.5 Release Notes (including vulnerability announcement)
>
> SecurityFocus BID
>
>
>
> 06.45.1 CVE: Not Available
> Platform: Windows
> Title: Microsoft Internet Explorer 6 Unspecified Code Execution
> Description: Microsoft Internet Explorer is reportedly prone to an
> unspecified vulnerability that results in arbitrary code execution.
> Researchers report that minimal user interaction is required to carry
> out a successful attack. Successfully exploiting this issue allows
> remote attackers to execute arbitrary machine code in the context of
> the vulnerable application. All versions of Internet Explorer 6 are
> reported vulnerable to this issue.
> Ref:
> ______________________________________________________________________
>
> 06.45.2 CVE: Not Available
> Platform: Windows
> Title: Microsoft Windows GDI Kernel Local Privilege Escalation
> Description: Microsoft Windows is exposed to a local privilege
> escalation issue because data structures mapped to global memory by
> the GDI Kernel can be re-mapped as read-write by other processes.
> Please refer to the link below for further details.
> Ref:
> ______________________________________________________________________
>
> 06.45.3 CVE: Not Available
> Platform: Windows
> Title: Citrix Presentation Server IMA Service Multiple Remote
> Vulnerabilities
> Description: Citrix Presentation Server uses the IMA (Independent
> Management Architecture) service for inter-server and management
> communications. It is affecetd by buffer overflow issues in the
> "IMA_SECURE_DecryptData1()" decryption routine of the "ImaSystem.dll".
> It is also affected by a unspecified denial of service issue.
> Ref:
> ______________________________________________________________________
>
> 06.45.4 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Microsoft XML Core Service XMLHTTP ActiveX Control Remote Code
> Execution
> Description: Microsoft XML Core Service is vulnerable to a remote code
> execution issue due to a memory corruption error in the XMLHTTP
> ActiveX control when processing specially crafted arguments passed to
> the "setRequestHeader()" function. See the advisory for further
> details.
> Ref:
> ______________________________________________________________________
>
> 06.45.6 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: America Online ICQ ActiveX Control Remote Code Execution
> Description: The America Online ICQ ActiveX Control is a conferencing
> application for Microsoft Windows. It is prone to a remote code
> execution vulnerability. An attacker could exploit this issue simply
> by sending a message to a victim ICQ user. The issue resides in the
> "DownloadAgent" function URI parameter of the
> ICQPhone.SipxPhoneManager ActiveX control. The
> ICQPhone.SipxPhoneManager ActiveX control with a CLSID of
> 54BDE6EC-F42F-4500-AC46-905177444300 is affected.
> Ref:
> ______________________________________________________________________
>
> 06.45.17 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel Multiple IPV6 Packet Filtering Bypass
> Vulnerabilities
> Description: The Linux kernel is prone to multiple IPv6 packet
> filtering bypass vulnerabilities because of improper handling of
> fragmented packets. These issues could be exploited by an attacker to
> bypass ip6_table filtering rules.
> Ref:
>
> 2.6.19-rc4
> ______________________________________________________________________
>
> 06.45.19 CVE: CVE-2006-5679
> Platform: BSD
> Title: FreeBSD UFS Filesystem Local Integer Overflow
> Description: FreeBSD UFS filesystem is vulnerable to a local integer
> overflow via a crafted UFS filesystem that causes invalid or large
> size parameters to the "kmem_alloc" function. FreeBSD version 6.1 is
> vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.45.21 CVE: Not Available
> Platform: Solaris
> Title: Sun Solaris 10 UFS Local Denial of Service
> Description: Sun Solaris 10 is prone to a local denial of service
> issue because the kernel fails to handle corrupted data structures
> during the mount operation which results in a kernel page fault and
> subsequently leads to a loss of data or corruption of the local
> filesystem. Solaris 10 on the ia32/x86 architecture is susceptible,
> while previous versions may be affected as well.
> Ref:
> ______________________________________________________________________
>
> 06.45.29 CVE: Not Available
> Platform: Cross Platform
> Title: OpenSSH Privilege Separation Key Signature Weakness
> Description: OpenSSH is susceptible to a weakness that may allow
> attackers to authenticate without proper key signatures. This issue is
> due to a design error between privileged processes and their child
> processes. OpenSSH versions 4.4 and prior are vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.45.30 CVE: CVE-2006-5463,CVE-2006-5464,CVE-2006-5747,CVE-2006-5748
> Platform: Cross Platform
> Title: Mozilla Client Products Multiple Remote Vulnerabilities
> Description: The Mozilla Foundation has released two security
> advisories specifying security vulnerabilities in Mozilla Firefox,
> SeaMonkey, and Thunderbird. Please refer to the links below for
> further details.
> Ref:
>
>
> ______________________________________________________________________
>
> 06.45.33 CVE: Not Available
> Platform: Cross Platform
> Title: GNU GV Stack Buffer Overflow
> Description: GNU GV is a PostScript and PDF file viewer. It is prone
> to a stack based buffer overflow issue because it fails to bounds
> check user-supplied data before copying it into an insufficiently
> sized memory buffer. GNU GV version 3.6.2 is susceptible, while others
> may also be affected.
> Ref:
> ______________________________________________________________________
