ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 22



> *************************
> Widely Deployed Software
> *************************
> 
> (1) HIGH: Mozilla Firefox and Thunderbird Multiple Vulnerabilities
> Affected:
> Firefox versions prior to 1.5.0.4
> Thunderbird versions prior to 1.5.0.4
> 
> Description: Mozilla Foundation released version 1.5.0.4 for Firefox
> browser as well as Thunderbird email client last week. The 
> new versions
> fix 12 vulnerabilities in Firefox and 8 vulnerabilities in 
> Thunderbird.
> The most severe of the vulnerabilities can allow a webpage or an HTML
> email to execute arbitrary code on a user's system. The technical
> details about the low severity flaws can be obtained from the Mozilla
> bugzilla. The details about the code execution flaws are not available
> yet.
> 
> Status: Upgrade to Firefox and Thunderbird to version 1.5.0.4
> 
> References:
> Mozilla Security Fixes Page
> http://www.mozilla.org/projects/security/known-vulnerabilities
.html#Mozilla
> 
> **********************************************************************
> 
> (2) HIGH: F-Secure Products Web Console Buffer Overflow
> Affected:
> F-Secure Anti-Virus for Exchange version 6.40
> F-Secure Internet Gatekeeper versions 6.40-6.42 and 6.50
> 
> Description: F-Secure's Web console is designed for the web-based
> management of the anti-virus software. This HTTP server contains a
> buffer overflow that can be exploited by unauthenticated attackers to
> execute arbitrary code. The technical details regarding this flaw have
> not been publicly posted. Note that the web console server is 
> accessible
> only to the local host in the default configuration. However, for
> convenience, some administrators may configure access for the web
> console from any hosts in their network.
> 
> Status: F-Secure has released hotfixes for the Microsoft Exchange
> version 6.40 and Internet Gatekeeper version 6.50. Upgrade Internet
> Gatekeeper to version 6.60. Block HTTP requests to port 25023/tcp
> (default web console port) from the Internet.
> 
> Council Site Actions: The affected software and/or 
> configuration are not
> in production or widespread use, or are not officially 
> supported at any
> of the council sites. They reported that no action was necessary.
> 
> References:
> F-Secure Security Advisory
> http://www.f-secure.com/security/fsc-2006-3.shtml
> F-Secure Home Page
> http://www.f-secure.com
> SecurityFocus BID
> http://www.securityfocus.com/bid/18201
> 
> **********************************************************************
> 
> (3) MODERATE: Snort URI Rule Detection Bypass
> Affected:
> Snort versions 2.4.x prior to version 2.4.5
> 
> Description: Snort, a popularly used IDS, contains a 
> vulnerability that
> can be exploited by an attacker to evade Snort's HTTP attack detection
> routines. The evasion can be performed by simply adding a carriage
> return "\r" at the end of an URI in a malicious HTTP request. 
> Note that
> this technique can be used to bypass a number of Apache webserver
> attacks detected by Snort.
> 
> Status: Sourcefire will release fixed versions 2.4.5 and 2.6.0 on June
> 5th. A third-party patch is currently available for this issue.
> 
> References:
> Sourcefire Update
> http://www.snort.org/pub-bin/snortnews.cgi#431 
> Demarc Security Advisory and Patch
> http://www.demarc.com/support/downloads/patch_20060531 
> Snort Homepage
> http://www.snort.org 
> SecurityFocus BID
> http://www.securityfocus.com/bid/18200 
> 
> **********************************************************************
> 
> 
> ***************
> Other Software
> ***************
> 
> (4) HIGH: Alt-N MDaemon IMAP Server Buffer Overflow
> Affected:
> Alt-N MDaemon possibly all versions
> 
> Description: The MDaemon IMAP server reportedly contains a buffer
> overflow that can be triggered by an IMAP command longer than 99554
> bytes. The flaw can be exploited to execute arbitrary code with
> potentially "SYSTEM" privileges. A proof-of-concept exploit has been
> publicly posted.
> 
> Status: Vendor not confirmed, no patches available.
> 
> References:
> Alt-N MDaemon Homepage
> http://www.altn.com/ 
> SecurityFocus BID
> http://www.securityfocus.com/bid/18129/ 
> 
> ******************************************************************
> 
> *************
> Exploits
> *************
> 
> (6) Macro-virus for StarOffice and OpenOffice
> 
> Description: Stardust is the first proof-of-concept macro-virus that
> targets StarOffice and OpenOffice programs. The virus is written in
> "StarBasic", the scripting language used for 
> StarOffice/OpenOffice. Note
> that the virus affects installations of these programs on
> Windows/UNIX/Mac platforms.
> 
> References:
> Kaspersky Webpage
> http://www.viruslist.com/en/viruses/encyclopedia?virusid=123066 
> News.com Article
> http://news.com.com/Stardust+virus+lands+on+OpenOffice/2100-73
> 49_3-6078475.html 
> Hackdot.org Story
> http://hackdot.org/index.php?itemid=79 
> StarOffice and OpenOffice Home Page
> http://www.sun.com/software/star/staroffice/index.jsp         
> http://www.openoffice.org/ 
> 
> *******************************************************************
> 
> 06.22.2 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer Malformed HTML Parsing Denial of
> Service
> Description: Microsoft Internet Explorer is affected by a denial of
> service vulnerability. This issue presents itself when the application
> tries to parse certain malformed HTML content. This results in a NULL
> pointer dereference in "mshtml.dll", crashing the browser. Internet
> Explorer 6 is vulnerable to this issue.
> Ref: http://www.securityfocus.com/bid/18112
> ______________________________________________________________________
> 
> 06.22.3 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer MHTML URI Buffer Overflow
> Description: Microsoft Internet Explorer is susceptible to a remote
> buffer overflow vulnerability in "INETCOMM.DLL". This issue is
> triggered when Internet Explorer attempts to follow excessively long
> URIs that begin with "mhtml://mid:". This triggers a crash in the
> "INETCOMM.DLL" library.
> Ref: http://www.securityfocus.com/archive/1/435492
> ______________________________________________________________________
> 
> 06.22.5 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Alt-N MDaemon Remote Pre-Authentication IMAP Buffer Overflow
> Description: Alt-N MDaemon is a mail server product. It is vulnerable
> to a remote buffer overflow issue when attempting to parse malformed
> input of approximately 99 kilobytes of data. Alt-N MDaemon versions
> 8.1.3 and earlier are vulnerable.
> Ref: http://www.securityfocus.com/bid/18129
> ______________________________________________________________________
> 
> 06.22.7 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Etype Eserv Multiple Input Validation Vulnerabilities
> Description: Eserv is an IMAP and HTTP server. It is vulnerable to
> multiple input validation issues such as source code disclosure and
> directory traversal. These issues are due to insufficient sanitization
> of user-supplied input. Eserv versions 3.25 and earlier are
> vulnerable.
> Ref: http://www.securityfocus.com/archive/1/435415
> ______________________________________________________________________
> 
> 06.22.9 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: F-Secure Multiple Products Web Console Buffer Overflow
> Description: F-Secure Internet Gatekeeper is designed for gateway
> deployed content-filtering to protect against various malware. It is
> affected by a buffer overflow issue due to insufficient sanitization
> of user data. F-Secure Internet Gatekeeper version 6.60 is affected.
> Ref: http://www.securityfocus.com/bid/18201
> ______________________________________________________________________
> 
> 06.22.10 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: VMware Server User Credentials Disclosure
> Description: VMware Server is a virtual machine server. It is
> vulnerable to a weakness that may disclose user credentials because
> the server retains user credentials in memory. VMware Server versions
> before RC1 are vulnerable.
> Ref: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2124
> ______________________________________________________________________
> 
> 06.22.11 CVE: CVE-2006-1856
> Platform: Linux
> Title: Linux Kernel LSM ReadV/WriteV Security Restriction Bypass
> Description: The Linux kernel is susceptible to a security restriction
> bypass issue because the kernel fails to properly enforce Security
> Module security checks. Linux kernel versions prior to 2.6.16.12 are
> vulnerable.
> Ref: http://rhn.redhat.com/errata/RHSA-2006-0493.html
> ______________________________________________________________________
> 
> 06.22.13 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel Netfilter Do_Add_Counters Local Race Condition
> Description: The Linux kernel is susceptible to a local race condition
> vulnerability in the "do_add_counters()" function. This issue is
> exploitable only by local users who have superuser privileges or have
> the CAP_NET_ADMIN capability. Linux kernel versions prior to 2.6.16.17
> in the 2.6 series are affected.
> Ref: http://www.securityfocus.com/bid/18113
> ______________________________________________________________________
> 
> 06.22.14 CVE: CVE-2005-0489
> Platform: Linux
> Title: Linux Kernel Invalid Proc Memory Access Local Denial of Service
> Description: The Linux kernel is exposed to a denial of service
> vulnerability due to a flaw in the "proc" filesystem that may lead to
> attempts to access previously freed memory. Linux kernel versions
> prior to 2.4.27 are affected.
> Ref: http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.27
> ______________________________________________________________________
> 
> 06.22.15 CVE: CVE-2006-1589
> Platform: Linux
> Title: Linux Kernel ELF Loader Mismatched Architecture Local Denial of
> Service
> Description: The Linux kernel is prone to a local denial of service
> vulnerability. This issue is due to a flaw in the ELF object file
> loader. This issue affects Linux kernel versions prior to 2.4.25.
> Ref: http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.25
> ______________________________________________________________________
> 
> 06.22.16 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel MIPS Ptrace Local Privilege Escalation
> Description: The Linux kernel is susceptible to a local privilege
> escalation vulnerability. This issue occurs only on MIPS architectures
> in the ptrace facility.
> Ref: http://www.securityfocus.com/bid/18176
> ______________________________________________________________________
> 
> 06.22.17 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel MREMAP Local Privilege Escalation
> Description: The Linux kernel is susceptible to a local privilege
> escalation vulnerability due to an unspecified flaw in "mremap". Linux
> kernel versions prior to 2.4.25 are affected.
> Ref: http://www.securityfocus.com/bid/18177
> ______________________________________________________________________
> 
> 06.22.18 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel Proc dentry_unused Corruption Local Denial of
> Service
> Description: The Linux kernel is prone to a local denial of service
> vulnerability. This issue affects Linux kernel versions 2.6.15 through
> 2.6.17-rc5 on multiprocessor computers running SMP kernels.
> Ref: 
> http://marc.theaimsgroup.com/?l=linux-kernel&m=114860432801543&w=2
> ______________________________________________________________________
> 
> 06.22.21 CVE: CVE-2006-2654
> Platform: BSD
> Title: FreeBSD SMBFS CHRoot Security Restriction Bypass
> Description: FreeBSD is prone to a security restriction bypass
> vulnerability affecting the chroot implementation. The problem affects
> chroot inside of an SMB-mounted filesystem (smbfs). An attacker can
> bypass the filesystem security restriction through use of directory
> traversal strings.
> Ref: http://www.securityfocus.com/bid/18202
> ______________________________________________________________________
> 
> 06.22.22 CVE: Not Available
> Platform: BSD
> Title: FreeBSD YPServ Inoperative Access Control
> Description: YPServ is a utility which distributes NIS databases to
> client systems within an NIS domain. It is vulnerable to an
> inoperative access controls issue due to a change in the build process
> that resulted in the "securenets" access restrictions to be ignored.
> FreeBSD versions 6.0-STABLE and earlier are vulnerable.
> Ref: http://www.securityfocus.com/bid/18204
> ______________________________________________________________________
> 
> 06.22.25 CVE: Not Available
> Platform: Cross Platform
> Title: Apache James SMTP Denial Of Service
> Description: James is the Apache Java Enterprise Mail and News Server.
> James is vulnerable to a remote denial of service issue due to
> insufficient handling of malformed SMTP commands with excessively long
> arguments. Apache James versions 2.2.0 and earlier are vulnerable.
> Ref: http://www.securityfocus.com/archive/1/435278
> ______________________________________________________________________
> 
> 06.22.26 CVE: Not Available
> Platform: Cross Platform
> Title: Vixie Cron PAM_Limits Local Privilege Escalation
> Description: Vixie cron is a scheduling daemon. It is susceptible to a
> local privilege escalation vulnerability. This issue presents itself
> when pam_limits is utilized to enforce process limits. This issue
> allows local attackers that have been authorized to execute cron jobs
> to execute arbitrary commands with superuser privileges. Vixie cron
> version 4.1 is vulnerable to this issue.
> Ref: http://www.securityfocus.com/bid/18108
> ______________________________________________________________________
> 
> 06.22.28 CVE: Not Available
> Platform: Cross Platform
> Title: PHP cURL Encoded NULL Character Safe_Mode Restriction Bypass
> Description: PHP is a general purpose scripting language. PHP cURL is
> vulnerable to a safe_mode restriction bypass issue due to a
> mismatching of behaviors between the safe_mode restriction filename
> checking code in PHP, and what cURL actually attempts to fetch. PHP
> versions 5.1.4 and earlier are vulnerable.
> Ref: http://www.securityfocus.com/archive/1/435194
> ______________________________________________________________________
> 
> 06.22.31 CVE: CVE-2006-0405
> Platform: Cross Platform
> Title: LibTIFF TIFFFetchShortPair Null Pointer Dereference Denial of
> Service
> Description: LibTIFF is a library designed for the reading and
> manipulation of Tag Image File Format (TIFF) files. The
> TIFFFetchShortPair function in tif_dirread.c in Libtiff is vulnerable
> to a denial of service when a crafted TIFF image triggers a NULL
> pointer dereference. LibTIFF versions 3.8.0 and earlier are
> vulnerable.
> Ref: http://www.frsirt.com/english/advisories/2006/0302
> ______________________________________________________________________
> 
> 06.22.34 CVE: Not Available
> Platform: Cross Platform
> Title: Snort URIContent Rules Detection Evasion
> Description: Snort is reportedly prone to a vulnerability that may
> allow malicious packets to bypass detection. The problem occurs when a
> malicious URL has a carriage return at the end, directly before the
> HTTP protocol declaration. This vulnerability affects Snort versions
> 2.4.0 through 2.4.4.
> Ref: http://www.securityfocus.com/bid/18200
> ______________________________________________________________________
> 
> 06.22.35 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox, SeaMonkey, and Thunderbird Multiple Remote
> Vulnerabilities
> Description: The Mozilla Foundation released thirteen security
> advisories specifying security vulnerabilities in Mozilla Firefox,
> SeaMonkey, and Thunderbird. Please refer to the link below for
> details.
> Ref: http://www.securityfocus.com/bid/18228
> ______________________________________________________________________
> 




 




Copyright © Lexa Software, 1996-2009.