Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 4 No. 43



> 
> **********************************************************************
> 
> (2) HIGH: Ethereal Multiple Protocol Decoding Overflows
> Affected:
> Ethereal versions 0.7.7 - 0.10.12
> 
> Description: Ethereal, a popular open source network sniffer and
> protocol analyzer for Unix/Windows platforms contains buffer overflow
> vulnerabilities in parsing the following protocols: SRVLOC, AgentX and
> SLIMP3. These buffer overflows can be exploited to execute arbitrary
> code with the privileges of the ethereal process (typically 
> "root" when
> ethereal is being used as a sniffer). To exploit these flaws, an
> attacker has to either inject the malicious packets into the network
> traffic being sniffed by ethereal, or entice a client to open a
> specially crafted packet capture file. The technical details regarding
> the buffer overflows and an exploit for SLIMP3 protocol decoder have
> been posted.
> 
> Status: Ethereal has released version 0.10.13 that also fixes DoS
> vulnerabilities in other protocol decoders in addition to the buffer
> overflows.
> 
> Council Site Actions: Most of the council sites are responding to this
> item on some level.  A few sites have notified their users and
> recommended that they upgrade to the fixed version.  The other sites
> will distribute the patches during their next regularly 
> scheduled system
> update process.  One site commented they the seldom use Ethereal on
> their workstations, so their SOP is to update to the latest 
> version each
> time they use it.
> 
> References:
> Ethereal Advisory
> http://www.ethereal.com/appnotes/enpa-sa-00021.html    
> iDefense Advisory
> http://archives.neohapsis.com/archives/vulnwatch/2005-q4/0021.html  
> SLIMP3 Exploit
> http://www.frsirt.com/exploits/20051020.ethereal_slimp3_bof.py.php  
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/15148  
> http://www.securityfocus.com/bid/15158 
> 
> ****************************************************************
> 
> 
> ****************************************************************
> 
> (4) MODERATE: Multiple Anti-virus Vendor Detection Bypass
> Affected:
> Multiple AV vendors including McAfee, Trend Micro, Kaspersky, 
> Sophos, CA, Panda.
> 
> Description: Multiple anti-virus engines reportedly contain a
> vulnerability that can lead to bypassing detection of malware 
> in ".bat",
> ".html" and ".eml" files. The problem occurs because the detection
> engines stop processing these files if they are tagged with a fake
> executable file header. Note that with the increase in client-side
> attacks, bypassing malicious HTML detection may lead to spread of
> spyware and other malware on desktop systems. Multiple proof 
> of concept
> examples have been posted.
> 
> Status: No official statement is available from the AV vendors at this
> time. The advisory also lists certain versions of the AV software that
> are not reportedly vulnerable.
> 
> Council Site Actions: All council sites are waiting for further
> information from their anti-virus vendor.  Most sites use automated
> updates for the engine and dat files.
> 
> References:
> Posting by Andrey Bayora
> http://archives.neohapsis.com/archives/fulldisclosure/2005-10/
> 0504.html 
> http://archives.neohapsis.com/archives/bugtraq/2005-10/0315.html  
> http://www.securityelf.org/magicbyte.html
> Posting by Andreas Marx
> http://archives.neohapsis.com/archives/bugtraq/2005-10/0322.html   
> SecurityFocus BID
> Not posted yet. 
> 
> ****************************************************************
> 
> ****************
> Exploits
> ****************
> 
> (5) Windows Plug and Play Overflow (MS05-047)
> 
> Multiple exploits have been posted for the Windows Plug and Play
> overflow patched by MS05-047.
> 
> Council Site Updates:  Most of the council site have already 
> distributed
> the patch or will in the near future.
> 
> References:
> http://archives.neohapsis.com/archives/bugtraq/2005-10/0259.html  
> http://www.frsirt.com/exploits/20051024.MS05-047-Dos.c.php  
> Previous @RISK Newsletter Posting
> http://www.sans.org/newsletters/risk/display.php?v=4&i=41#widely4  
> 
> ****************************************************************
> 
> 
> 05.43.3 CVE: Not Available
> Platform: Linux
> Title: Squid FTP Server Response Denial of Service
> Description: Squid is a popular caching proxy server. It is reported
> to be vulnerable to a remote denial of service issue due to improper
> handling of ftp server responses. Squid versions 2.5 and earlier are
> reported to be vulnerable.
> Ref: http://www.securityfocus.com/bid/15157 
> ______________________________________________________________________
> 
> 
> 05.43.12 CVE: CAN-2005-3184
> Platform: Cross Platform
> Title: Ethereal Stack Buffer Overflow
> Description: Ethereal is a network analyzer. It is vulnerable to a
> remote buffer overflow issue when dissecting Service Location Protocol
> (SRVLOC) packets. Ethereal versions 0.10.13 and ealier are vulnerable.
> Ref:
> http://www.idefense.com/application/poi/display?id=323&type=vu
> lnerabilities&flashstatus=true
> ______________________________________________________________________
> 
> 
> 05.43.19 CVE: CAN-2005-3241, CAN-2005-3242, CAN-2005-3243,
> CAN-2005-3244, CAN-2005-3246, CAN-2005-3245, CAN-2005-3247,
> CAN-2005-3248, CAN-2005-3249, CAN-2005-3184
> Platform: Cross Platform
> Title: Ethereal Multiple Protocol Dissector Vulnerabilities
> Description: Ethereal is a multi-platform network protocol sniffer and
> analyzer. Several vulnerabilities in Ethereal have been disclosed by
> the vendor. The reported issues are in various protocol dissectors
> like BER, SigComp UDVM, SCSI, sFlow, RTnet, ISAKMP, FC-FCS, RSVP, ISIS
> LSP, ONC RPC, SLIMP3, AgentX, SRVLOC, IrDA, SMB and X11. Ethereal
> versions 0.7.7 through 0.10.12 are affected.
> Ref: http://www.securityfocus.com/bid/15148/exploit 
> ______________________________________________________________________




 




Copyright © Lexa Software, 1996-2009.