Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 




      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 37

> *****************************
> Widely Deployed Software
> *****************************
> (1) CRITICAL: MIT Kerberos Multiple Vulnerabilities
> Affected:
> MIT Kerberos versions prior to 1.6.3 and 1.5.5
> Description: MIT's implementation of the Kerberos authentication
> protocol contains multiple vulnerabilities in its "kadmind"
> administration daemon. This daemon runs on servers that act
> as Kerberos
> controllers. This server exports a Sun RPC (also called ONC RPC)
> interface that can be used to administer the service. The first
> vulnerability lies in the handling of RPCSEC_GSS authentication
> information and can be exploited by unauthenticated users. The second
> vulnerability stems from a failure to properly parse arguments to
> certain exported procedures, and requires authentication to
> exploit. An
> attacker who successfully exploited these vulnerabilities
> would be able
> to execute arbitrary code with the privileges of the
> vulnerable process
> (usually root). Note that the first vulnerability exists in the RPC
> library shipped with Kerberos; other products using this library may
> also be vulnerable. MIT Kerberos or products based thereupon
> are shipped
> by default with numerous Unix and Unix-like systems. Technical details
> for these vulnerabilities are available via source code analysis.
> Status: MIT confirmed, updates available.
> References:
> MIT Advisory
> http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-006.txt
> Wikipedia Article on Kerberos
> http://en.wikipedia.org/wiki/Kerberos_%28protocol%29
> Wikipedia Article on Sun RPC
> http://en.wikipedia.org/wiki/Sun_RPC
> Kerberos Home Page
> http://web.mit.edu/kerberos/www/index.html
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/25533
> http://www.securityfocus.com/bid/25534
> (3) HIGH: Apache Struts/OpenSymphony WebWork OGNL Remote Code
> Execution
> Affected:
> Apache Struts versions prior to 2.0.9
> OpenSymphony WebWork versions prior to 2.0.4
> OpenSymphony XWork versions prior to 2.0.4
> Description: Apache Struts and OpenSymphony WebWork provide a
> Java-based
> development environment for internet applications. A failure
> to properly
> handle invalid user form input could allow an attacker to execute
> arbitrary Open Graph Navigation Language (OGNL) code. OGNL is an
> expression language for Java that allows simpler interaction with
> JavaBeans. An attacker who submitted a specially crafted web form to a
> vulnerable system could cause the server to execute arbitrary
> OGNL code
> with the privileges of the vulnerable process. This could in turn lead
> to arbitrary Java code execution. Technical details are available for
> this vulnerability, both in the advisory and through source code
> analysis. A simple proof-of-concept is included in the advisory.
> Status: Apache and OpenSymphony confirmed, updates available.
> References:
> Apache Security Advisory
> http://struts.apache.org/2.x/docs/s2-001.html
> Wikipedia Article on OGNL
> http://en.wikipedia.org/wiki/OGNL
> Product Home Pages
> http://www.opensymphony.com/webwork/wikidocs/OGNL.html
> http://struts.apache.org/
> SecurityFocus BID
> http://www.securityfocus.com/bid/25524
> 07.37.40 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox Unspecified Protocol Handling Command
> Injection
> Description: Mozilla Firefox is exposed to an unspecified issue that
> lets attackers inject commands through the "mailto", "nntp", "news",
> and "snews" protocol handlers. The issue presents itself when an
> attacker by way of a malicious URI, passes user-supplied characters in
> the URL to those protocol handlers. Mozilla Firefox version is
> affected.
> Ref: http://xs-sniper.com/blog/


Copyright © Lexa Software, 1996-2009.