Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 




      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: The Consensus Security Vulnerability Alert Vol. 7 No. 9

> *****************************
> Widely Deployed Software
> *****************************
> (1) CRITICAL: Trend Micro OfficeScan Password Handling Buffer Overflow
> Affected:
> Trend Micro OfficeScan versions 8.0 and prior
> Description: OfficeScan is an enterprise antivirus product from Trend
> Micro. It contains a buffer overflow in its handling of passwords when
> authenticating users. A specially crafted request containing
> an overlong
> password could trigger this buffer overflow. Successfully exploiting
> this buffer overflow would allow an attacker to execute arbitrary code
> with the privileges of the vulnerable process. Full technical details
> and multiple proofs-of-concept are publicly available for this
> vulnerability. Note that some versions of OfficeScan crash rather than
> allow remote code execution, meaning that on those versions of
> OfficeScan, this vulnerability is only a denial-of-service. An
> additional denial-of-service vulnerability is also disclosed in this
> advisory.
> Status: Trend Micro has not confirmed, no updates available.
> References:
> Advisory by Luigi Auriemma (includes multiple proofs-of-concept)
> http://aluigi.altervista.org/adv/officescaz-adv.txt
> Product Home Page
> http://us.trendmicro.com/us/products/enterprise/officescan-cli
> ent-server-edition/
> SecurityFocus BID
> http://www.securityfocus.com/bid/28020

> (4) HIGH: Symantec Scan Engine RAR File Handling Buffer Overflow
> Affected:
> Symantec Scan Engine versions 5.1.2 and prior
> Description: Symantec Scan Engine is a version of Symantec's antivirus
> engine designed to be included in other products. The engine supports
> scanning requests submitted via the Internet Content
> Adaptation Protocol
> (ICAP). A specially crafted RAR archive file submitted from a remote
> user could trigger a heap overflow in the scan engine process.
> Successfully exploiting this overflow would allow an attacker
> to execute
> arbitrary code with the privileges of the vulnerable process.
> Note that,
> depending on how the scan engine is integrated with other products, it
> may be possible to exploit this vulnerability remotely and without any
> user interaction. Any product using the scan engine should be
> considered
> vulnerable.
> Status: Symantec confirmed, updates available. Users can mitigate the
> impact of this vulnerability by blocking access to TCP port
> 1344 at the
> network perimeter, if possible. Also patched in this update is a
> denial-of-service vulnerability.
> References:
> Symantec Security Advisory
> http://www.symantec.com/avcenter/security/Content/2008.02.27.html
> iDefense Security Advisories
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=666
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=667
> Wikipedia Article on ICAP
> http://en.wikipedia.org/wiki/Internet_Content_Adaptation_Protocol
> Wikipedia Article on the RAR File Format
> http://en.wikipedia.org/wiki/RAR_%28file_format%29
> Product Home Page
> http://www.symantec.com/business/products/overview.jsp;jsessio
> nid=C3868263582F4FB5597B5D93C8EFD1AE?pcid=2251&pvid=836_1
> SecurityFocus BID
> http://www.securityfocus.com/bid/27913
> (6) HIGH: ICQ Format String Vulnerability
> Affected:
> ICQ versions 6 and prior
> Description: ICQ is a popular instant messaging application.
> It contains
> a flaw in its handling of received messages. A specially
> crafted message
> containing certain formatting characters could trigger a format string
> vulnerability. Successfully exploiting this vulnerability could allow
> an attacker to execute arbitrary code with the privileges of
> the current
> user. Note that if a user has ICQ configured to accept
> incoming messages
> (the default configuration), no user interaction is required
> to exploit
> this vulnerability. Some technical details and a simple
> proof-of-concept
> are publicly available for this vulnerability.
> Status: ICQ has not confirmed, no updates available.
> References:
> Secunia Security Advisory
> http://secunia.com/advisories/29138/
> Advisory from B0B (in German)
> http://board.raidrush.ws/showthread.php?t=386983
> ICQ Home Page
> http://www.icq.com
> SecurityFocus BID
> http://www.securityfocus.com/bid/28027
> *********************************************************************
> (7) MODERATE: Ghostscript Document Handling Buffer Overflow
> Affected:
> GNU Ghostscript versions 8.61 and prior
> Description: Ghostscript is an open source parsing and display engine
> for the PostScript (PS) and Portable Document Format (PDF) page
> description languages. It is the default PS and PDF viewer
> for a variety
> of Linux distributions and forms the basis of other PS and
> PDF viewers.
> It contains a flaw in its handling of certain PostScript
> constructions.
> A specially crafted PS file could trigger this flaw, leading to a
> stack-based buffer overflow. Successfully exploiting this buffer
> overflow would allow an attacker to execute arbitrary code with the
> privileges of the current user. Depending upon configuration,
> Ghostscript may be used to open PostScript documents upon receipt,
> without further user interaction. Full technical details for this
> vulnerability and a proof-of-concept are publicly available.
> Status: Vendor confirmed, updates available.
> References:
> Security Advisory from Chris Evans
> http://scary.beasts.org/security/CESA-2008-001.html
> Wikipedia Article on PostScript
> http://en.wikipedia.org/wiki/PostScript
> Wikipedia Article on PDF
> http://en.wikipedia.org/wiki/Portable_Document_Format
> Ghostscript Home Page
> http://www.ghostscript.com
> SecurityFocus BID
> http://www.securityfocus.com/bid/28017
> **********************************************************

> 08.09.1 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Word Unspecified Remote Code Execution
> Description: Microsoft Word is exposed to an unspecified remote code
> execution issue. Please refer to the following link for further
> information.
> Ref: http://www.scmagazineus.com/Olympic-spam-carries-malicious-code-M
> essageLabs/article/107232/
> ______________________________________________________________________


> (c) 2008.  All rights reserved.  The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only.  In some
> cases, copyright for material in this newsletter may be held
> by a party
> other than Qualys (as indicated herein) and permission to use such
> material must be requested from the copyright owner.


Copyright © Lexa Software, 1996-2009.