[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 52

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

>
> *****************************
> Widely Deployed Software
> *****************************
>
> (1) CRITICAL: Adobe Flash Player Multiple Vulnerabilities
> Affected:
> Adobe Flash Player
>
> Description: Adobe Flash Player is the most popular platform for rich
> internet content. The Adobe Flash Player web browser plugin is bundled
> with Microsoft Windows, Apple Mac OS X, and various Unix and
> Linux-based
> operating systems. The Flash plugin contains multiple vulnerabilities
> in its handling of Flash content and network requests. A specially
> crafted web page with embedded Flash content could exploit
> one of these
> vulnerabilities to allow an attacker to execute arbitrary
> code with the
> privileges of the current user, perform cross site scripting attacks,
> or execute other attacks. Note that Flash content is generally loaded
> automatically upon receipt, therefore no user interaction other than
> viewing a malicious web page would be necessary to exploit these
> vulnerabilities. Some technical details are publicly
> available for these
> vulnerabilities.
>
> Status: Adobe confirmed, updates available.
>
> References:
> Adobe Security Advisory
> http://www.adobe.com/support/security/bulletins/apsb07-20.html
> TippingPoint DVLabs Security Advisory
> http://dvlabs.tippingpoint.com/advisory/TPTI-07-21
> Stanford University Security Advisory
> http://crypto.stanford.edu/advisories/CVE-2007-6244/
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/26965
> http://www.securityfocus.com/bid/26960
> http://www.securityfocus.com/bid/26930
> http://www.securityfocus.com/bid/26969
> http://www.securityfocus.com/bid/26951
> http://www.securityfocus.com/bid/26949
> http://www.securityfocus.com/bid/26929
>
> *****************************************************
>
> (2) CRITICAL: Trend Micro ServerProtect Insecure Method Exposure
> Affected:
> Trend Micro ServerProtect versions 5.58 and prior
>
> Description: ServerProtect is an anti-malware solution from
> Trend Micro.
> ServerProtect exports a Remote Procedure Call (RPC) interface. This
> interface provides various filesystem manipulation procedures that may
> be called without authentication. Calling these procedures would allow
> an attacker to arbitrary modify system files and
> configuration with the
> privileges of the vulnerable process (usually SYSTEM). Full technical
> details are publicly available for this vulnerability.
>
> Status: Trend Micro confirmed, updates available.
>
> References:
> Trend Micro Security Update Information
> http://www.trendmicro.com/ftp/documentation/readme/spnt_558_wi
n_en_securitypatch4_readme.txt
> Zero Day Initiative Advisory
> http://zerodayinitiative.com/advisories/ZDI-07-077.html
> Product Home Page
> http://us.trendmicro.com/us/products/enterprise/serverprotect-
> for-microsoft-windows/
> SecurityFocus BID
> http://www.securityfocus.com/bid/26912
>
> *****************************************************
>
> (4) CRITICAL: ClamAV Multiple Executable Parsing Vulnerabilities
> Affected:
> ClamAV versions 0.91.2 and prior
>
> Description: ClamAV is a popular multiplatform antivirus solution.
> Executable packers are often used to obfuscate malware.
> ClamAV contains
> multiple vulnerabilities in its handling of packed executables. A
> specially crafted packed executable could trigger one of these
> vulnerabilities, and allow an attacker to execute arbitrary code with
> the privileges of the vulnerable process. Note that in
> situations where
> ClamAV is used to scan email or automatically scan files, no user
> interaction would be required to exploit this vulnerability. In these
> cases, email transiting the server or files otherwise sent to the
> vulnerable system would be sufficient to exploit this vulnerability.
> Note that full technical details are available for this vulnerability
> via source code analysis.
>
> Status: ClamAV confirmed, updates available.
>
> References:
> iDefense Security Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=634
> ClamAV Home Page
> http://www.clamav.net/
> MEW Packer Home Page
> http://northfox.uw.hu/
> SecurityFocus BID
> http://www.securityfocus.com/bid/26927
>
> *****************************************************
> *****************************************************
>
> (7) HIGH: IBM Lotus Domino Web Access ActiveX Control Buffer Overflow
> Affected:
> IBM Lotus Domino versions prior to 7.0.34.1
>
> Description: IBM Lotus Domino is an IBM collaboration
> solution. Part of
> its web-based functionality is provided by an ActiveX control. This
> control contains a buffer overflow vulnerability in the
> handling of its
> __General_ServerName__ property. A specially crafted web page that
> instantiates this control and sets this property could exploit this
> buffer overflow. Successfully exploiting this buffer overflow would
> allow an attacker to execute arbitrary code with the privileges of the
> current user. Some technical details and a proof-of-concept
> are publicly
> available for this vulnerability.
>
> Status: IBM has not confirmed, no updates available. Users
> can mitigate
> the impact of this vulnerability by disabling the vulnerable
> control via
> Microsoft's __kill bit__ mechanisms for CLSID
> __E008A543-CEFB-4559-912F-C27C2B89F13B__. Note that this may affect
> normal application functionality.
>
> References:
> Posting by Elazar Broad
> http://archives.neohapsis.com/archives/fulldisclosure/2007-12/
> 0498.html
> Proof-of-Concept
> http://downloads.securityfocus.com/vulnerabilities/exploits/26972.html
> Microsoft Knowledge Base Article (details the ┐__kill bit┐__
> mechanism)
> http://support.microsoft.com/kb/240797
> Product Home Page
> http://www-306.ibm.com/software/lotus/products/domino/
> SecurityFocus BID
> http://www.securityfocus.com/bid/26972
>

>
> (9) MODERATE: Opera Multiple Vulnerabilities
> Affected:
> Opera versions prior to 9.25
>
> Description: Opera is a popular cross-platform web browser.
> It contains
> multiple vulnerabilities. Most vulnerabilities are limited to
> cross site
> scripting attacks or information disclosure vulnerabilities, but an
> undisclosed error in the handling of Transport Layer Security (TLS,
> sometimes known as SSL version 3) certificates could lead to arbitrary
> code execution with the privileges of the current user.
>
> Status: Opera confirmed, updates available.
>
> References:
> Opera Security Advisory
> http://www.opera.com/docs/changelogs/windows/925/#security
> Wikipedia Article on Transport Layer Security
> http://en.wikipedia.org/wiki/Transport_Layer_Security
> Opera Home Page
> http://www.opera.com
> SecurityFocus BID
> http://www.securityfocus.com/bid/26937
>
> ****************

>
> Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
>
> Week 52, 2007
> This list is compiled by Qualys ( www.qualys.com ) as part of that
> company's ongoing effort to ensure its vulnerability management web
> service tests for all known vulnerabilities that can be scanned. As of
> this week Qualys scans for 5549 unique vulnerabilities. For
> this special
> SANS community listing, Qualys also includes vulnerabilities
> that cannot
> be scanned remotely.
>
>
> 07.52.22 CVE: CVE-2007-4567
> Platform: Linux
> Title: Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service
> Description: The Linux kernel is exposed to a remote denial of service
> issue because it fails to adequately validate specially-crafted IPv6
> "Hop-By-Hop" headers. Computers configured with IPv6 can crash when
> processing specially-crafted "Hop-By-Hop" extended headers.
> Ref:
> http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-
> 2.6.22-rc1
> ______________________________________________________________________
>
> 07.52.23 CVE: CVE-2007-6336
> Platform: Linux
> Title: ClamAV "mspack.c" Off-By-One Buffer Overflow
> Description: ClamAV is a multi platform anti virus toolkit used to
> scan email messages for viruses. The application is exposed to a
> buffer overflow issue because it fails to properly bounds check
> user-supplied input before copying it to insufficiently sized memory
> buffers. ClamAV version 0.91.2 is affected.
> Ref: http://www.securityfocus.com/archive/1/485322
> ______________________________________________________________________
>
> 07.52.24 CVE: CVE-2007-6242
> Platform: Linux
> Title: Adobe Flash Player JPG Header Remote Heap-Based Buffer Overflow
> Description: Adobe Flash Player is an application that plays Flash
> media (.SWF). The application is exposed to a remote heap-based buffer
> overflow issue because the application fails to handle user-supplied
> input using consistent signedness. Adobe Flash Player versions
> 9.0.48.0, 8.0.35.0, 7.0.70.0, and earlier are affected.
> Ref: https://rhn.redhat.com/errata/RHSA-2007-1126.html
> ______________________________________________________________________
> 07.52.32 CVE: Not Available
> Platform: Cross Platform
> Title: Trend Micro ServerProtect Multiple Remote Insecure Method
> Exposure Vulnerabilities
> Description: Trend Micro ServerProtect is an antivirus application
> designed specifically for servers. The application is exposed to
> multiple remote insecure method exposure issues because the
> application does not properly restrict access to certain DCE/RPC
> methods. ServerProtect version 5.58 (Security Patch 3) is affected.
> Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-077.html
> ______________________________________________________________________
>
> 07.52.41 CVE: CVE-2007-6243
> Platform: Cross Platform
> Title: Adobe Flash Player Policy File Cross Domain Security Bypass
> Description: Adobe Flash Player is a multimedia application for
> Microsoft Windows, Mozilla, and Apple technologies. The application is
> exposed to a cross-domain security bypass issue that will allow an
> attacker to bypass the same-origin policy file. Specifically, certain
> SWF files can bypass the browser's same-origin policy.
> Adobe Flash Player versions 9.0.48.0, 8.0.35.0. 7.0.70.0 and earlier
> are affected.
> Ref: http://www.adobe.com/support/security/bulletins/apsb07-20.html
> ______________________________________________________________________
>
> 07.52.44 CVE: CVE-2007-6335
> Platform: Cross Platform
> Title: ClamAV "libclamav/pe.c" MEW Packed PE File Integer Overflow
> Description: ClamAV is a multi-platform anti-virus toolkit used to
> scan email messages for viruses. The application is exposed to an
> integer overflow issue because it fails to properly verify
> user-supplied data. ClamAV version 0.91.2 is affected.
> Ref: http://www.securityfocus.com/archive/1/485285
> ______________________________________________________________________
>
> 07.52.45 CVE: CVE-2007-6430
> Platform: Cross Platform
> Title: Asterisk Host-Based Authentication Security Bypass
> Description: Asterisk is an open-source PBX application available for
> multiple operating platforms. The application is exposed to a security
> bypass issue that affects the SIP and IAX protocols due to the way
> database-based registrations ("realtime") are processed. Specifically,
> the application fails to validate IP addresses when logging into the
> application with a correct username and no password. Asterisk Open
> Source versions prior to 1.2.26 and 1.4.16 are affected,
> Asterisk Business Edition
> versions prior to B.2.3.6 are affected, and Asterisk Business
> Edition versions prior
> to C.1.0-beta8 are affected.
> Ref: http://www.securityfocus.com/archive/1/485287
> ______________________________________________________________________
>
> 07.52.46 CVE: Not Available
> Platform: Cross Platform
> Title: Adobe Flash Player Multiple Security Vulnerabilities
> Description: Adobe Flash Player is a multimedia application for
> Microsoft Windows, Mozilla, and Apple technologies. The application is
> exposed to multiple security issues. Adobe Flash Player versions prior
> to 9.0.48.0, 8.0.35.0, and 7.0.70.0 are affected.
> Ref: http://www.securityfocus.com/bid/26929/references
> ______________________________________________________________________
>
> 07.52.47 CVE: CVE-2007-5275
> Platform: Cross Platform
> Title: Adobe Flash Player DNS Rebinding
> Description: Adobe Flash Player is a multimedia application for
> Microsoft Windows, Mozilla, and Apple technologies. The application is
> exposed to a DNS rebinding issue that allows remote attackers to
> establish arbitrary TCP sessions. The application allows Flash movies
> to open TCP sockets to arbitrary hosts that serve an XML policy file
> authorizing the origin of the movie. The issue occurs because Flash
> player checks the policy file against domain names and not IP
> addresses, and for this reason it is possible to authorize a
> domain and then rebind
> the domain to a different IP address.
> Ref: http://www.adobe.com/support/security/bulletins/apsb07-20.html
> ______________________________________________________________________
>
> 07.52.48 CVE: Not Available
> Platform: Cross Platform
> Title: Opera Web Browser Multiple Security Vulnerabilities
> Description: Opera Web Browser is a browser that runs on multiple
> operating systems. The application is exposed to multiple issues.
> Opera versions prior to 9.25 are affected.
> Ref: http://www.opera.com/docs/changelogs/windows/925/#security
> ______________________________________________________________________
>
> 07.52.49 CVE: Not Available
> Platform: Cross Platform
> Title: MySQL Server Unspecified Remote Arbitrary Command Execution
> Description: MySQL is a freely available SQL database for multiple
> platforms. The application is exposed to an unspecified issue that
> allows remote attackers to execute arbitrary commands on the database.
> MySQL versions 5.0.45 and 5.0.51 are affected.
> Ref:
> http://blog.wslabi.com/2007/12/focus-on-mysql-remote-code-exec
ution.html
> ______________________________________________________________________
>
> 07.52.50 CVE: CVE-2007-6244
> Platform: Cross Platform
> Title: Adobe Flash Player "asfunction" Cross-Site Scripting
> Description: Adobe Flash Player is a multimedia application for
> Microsoft Windows, Mozilla, and Apple technologies. ActionScript is a
> language used to develop media processed by Adobe Flash Player. The
> application is exposed to a cross-site scripting issue because it
> fails to properly sanitize user-supplied data. The issue exists in the
> "asfunction" protocol when handling certain SWF files.
> Ref: https://rhn.redhat.com/errata/RHSA-2007-1126.html
> ______________________________________________________________________
>
> 07.52.55 CVE: CVE-2007-6246
> Platform: Cross Platform
> Title: Adobe Flash Player Unspecified Privilege Escalation
> Description: Adobe Flash Player is an application that plays Flash
> media files (SWF). The application is exposed to an issue that allows
> attackers to gain elevated privileges on affected computers. The issue
> is caused due to an unspecified memory permission error. Adobe Flash
> Player versions prior to 9.0.115.0 are affected.
> Ref: http://www.adobe.com/support/security/bulletins/apsb07-20.html
> ______________________________________________________________________
>
> 07.52.56 CVE: CVE-2007-6245
> Platform: Cross Platform
> Title: Adobe Flash Player HTTP Response Splitting
> Description: Adobe Flash Player is a multimedia application for
> Microsoft Windows, Mozilla, and Apple technologies. The application is
> exposed to an HTTP response splitting issue because it fails to
> adequately sanitize user-supplied input. Adobe Flash Player versions
> 9.0.48.0, 8.0.35.0, and 7.0.70.0 and earlier are affected.
> Ref: http://www.adobe.com/support/security/bulletins/apsb07-20.html
> ______________________________________________________________________
>
>
> (c) 2007.  All rights reserved.  The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only.  In some
> cases, copyright for material in this newsletter may be held
> by a party
> other than Qualys (as indicated herein) and permission to use such
> material must be requested from the copyright owner.
>