ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 14



> 
> *************************Widely Deployed 
> Software*************************
> 
> (1) MODERATE: ClamAV Multiple Buffer Overflows
> Affected:
> ClamAV versions prior to 0.88.1
> 
> Description: ClamAV is an open-source antivirus software 
> designed mainly
> for scanning emails on UNIX mail gateways. The software 
> includes a virus
> scanning library - libClamAV. This library is used by many third party
> email, web, FTP scanners as well as mail clients. The library contains
> an integer overflow that can be triggered by a specially 
> crafted Windows
> Executable (PE format) if the "ArchiveMaxFileSize" option is disabled
> (not a default configuration). The attacker can send the 
> malicious files
> via email, web, FTP or a file share, and exploit the overflow 
> to execute
> arbitrary code on the system running the ClamAV library.
> Proof-of-concept Windows executable has been posted. The library also
> contains a format string vulnerability in its logging 
> function for which
> limited technical details are available.
> 
> Council Site Actions: Only one council site was affected by 
> this issue.
> They have a few installations of this software, primarily on Debian
> GNU/Linux systems that are relied upon by relatively small numbers of
> users. Those systems will obtain the DSA-1024-1 update, or 
> already have
> done so.
> 
> Status: Vendor confirmed, upgrade to ClamAV version 0.88.1.
> 
> References:
> Posting by Damina Put
> http://www.overflow.pl/adv/clamavupxinteger.txt 
> Third Party Software Using ClamAV
> http://www.clamav.net/whos.html#pagestart (Includes Mac OS X server)
> http://www.clamav.net/3rdparty.html#pagestart 
> SecurityFocus BID
> http://www.securityfocus.com/bid/17388
> 
> **************************************************************
> *********
> 
> (2) LOW: Internet Explorer Address Bar Spoofing
> Affected:
> All versions of Internet Explorer
> 
> Description: This vulnerability in Internet Explorer can be exploited
> to spoof the address bar displayed by Internet Explorer i.e. 
> the address
> bar can be made to point to a different webpage while the content is
> loaded from the attacker's webpage. The vulnerability arises due to
> timing issues in Internet Explorer when it tries to load a macromedia
> flash file and another webpage in the same browser window in a quick
> succession. An attacker can exploit this flaw to conduct phishing
> attacks, which continue to be on a rise. Exploit code is publicly
> available.
> 
> Status: Microsoft not confirmed, no patches available. A workaround is
> to disable "Active Scripting". Note that disabling Active 
> Scripting will
> also help in protecting from certain 0-day vulnerabilities in Internet
> Explorer.
> 
> References:
> Posting by hainanluke
> http://archives.neohapsis.com/archives/bugtraq/2006-04/0020.html 
> http://archives.neohapsis.com/archives/bugtraq/2006-04/0077.html 
> Secunia Vulnerability Test Page
> http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vuln
> erability_Test/ 
> SecurityFocus BID
> http://www.securityfocus.com/bid/17404 
> 
> **************************************************************

> **************************************************************
> *********
> 
> (4) HIGH: McAfee WebShield Format String Vulnerability
> Affected: 
> WebShield SMTP version 4.5 MR1a
> 
> Description: McAfee WebShield SMTP is a Windows-based software that
> scans e-mails for malicious attachments. This software 
> contains a format
> string vulnerability that can be triggered when the software processes
> an email addressed to a non-existent domain. An 
> unauthenticated attacker
> can exploit this flaw by sending an email to a non-existent 
> domain with
> the email address containing format specifiers (such as %s), 
> and execute
> arbitrary code on the WebShield server with SYSTEM privileges.
> 
> Status: McAfee released patch P0803 for version 4.5MR1a three years
> back. Version 4.5MR2 contains a fix for this issue.
> 
> Council Site Actions: The affected software and/or 
> configuration are not
> in production or widespread use, or are not officially 
> supported at any
> of the council sites. They reported that no action was necessary.
> 
> References:
> Symantec Advisory
> http://archives.neohapsis.com/archives/bugtraq/2006-04/0043.html 
> Product Homepage
> http://www.mcafee.com/us/enterprise/products/anti_virus/intern
> et_gateway/webshield_smtp.html 
> SecurityFocus BID
> http://www.securityfocus.com/bid/16742 
> 
> **************************************************************
______________________________________________________________________
> 
> 06.14.1 CVE: CVE-2006-1626
> Platform: Other Microsoft Products
> Title: Internet Explorer Address Bar Spoofing
> Description: Internet Explorer is prone to an address bar spoofing
> vulnerability. The problem occurs during a race condition between the
> loading of web content and a Macromedia Flash application. Microsoft
> Internet Explorer versions 6.0, 7.0 beta1 and 7.0 beta 2 are
> vulnerable.
> Ref: http://www.securityfocus.com/bid/17404
> ______________________________________________________________________
> 
> 06.14.2 CVE: CVE-2006-0559
> Platform: Third Party Windows Apps
> Title: McAfee WebShield SMTP Remote Format String
> Description: McAfee WebShield SMTP is an application designed to parse
> and scan incoming email for malicious content. It is vulnerable to a
> remote format string issue due to insufficient sanitization of
> user-supplied input before including it in a format specifier argument
> to a formatted printing function. McAfee WebShield versions 4.5 MR2
> and earlier are vulnerable.
> Ref: http://www.frsirt.com/english/advisories/2006/1219
> ______________________________________________________________________
> ______________________________________________________________________
> 
> 06.14.15 CVE: CVE-2006-1546, CVE-2006-1547, CVE-2006-1548
> Platform: Cross Platform
> Title: Apache Struts Multiple Remote Vulnerabilities
> Description: Apache Struts is an open-source framework for building
> Web applications. It is susceptible to multiple remote
> vulnerabilities. Please refer to the link below for further details.
> Apache Struts versions prior to 1.2.9 are affected by these issues.
> Ref: http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
> http://issues.apache.org/bugzilla/show_bug.cgi?id=38534
> http://issues.apache.org/bugzilla/show_bug.cgi?id=38749
> ______________________________________________________________________
> ______________________________________________________________________
> 
> 06.14.17 CVE: Not Available
> Platform: Cross Platform
> Title: Eset Software NOD32 Antivirus Local Arbitrary File Creation
> Description: Eset Software's NOD32 Antivirus System is vulnerable to a
> local arbitrary file creation issue due to failing to drop SYSTEM
> privileges when performing operations on behalf of a local user. Eset
> Software's NOD32 Antivirus System versions 2.5 and earlier are
> vulnerable.
> Ref: http://www.securityfocus.com/archive/1/429892
> ______________________________________________________________________
> 
> 
> 06.14.19 CVE: CVE-2006-1614, CVE-2006-1615, CVE-2006-1630
> Platform: Cross Platform
> Title: Clam Anti-Virus ClamAV Multiple Vulnerabilities
> Description: ClamAV is an antivirus application. It is vulnerable to
> numerous buffer overflow and denial of service issues. See reference
> for further details. ClamAV versions 0.88 and earlier are vulnerable.
> Ref: http://www.overflow.pl/adv/clamavupxinteger.txt
> ______________________________________________________________________
> 
> 06.14.20 CVE: CVE-2006-1629
> Platform: Cross Platform
> Title: OpenVPN Client Remote Code Execution Vulnerability
> Description: OpenVPN is an OpenSSL based tunneling application. It is
> vulnerable to a remote code execution issue due to a lack of proper
> sanitization of server supplied data. OpenVPN versions 2.0.0 through
> 2.0.5 are vulnerable.
> Ref: http://openvpn.net/changelog.html
> ______________________________________________________________________



 




Copyright © Lexa Software, 1996-2009.