> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Anyone using Oracle should already have installed the July updates.
> Cisco MARS users should upgrade to 4.2.1. And Internet Explorer users
> may want to set the kill bit for ActiveX UUID because Microsoft hasn't
> confirmed the existence of the memory corruption flaw posted by HD
> Moore. Also, there were more problems discovered in wireless
> routers -
> this time in D-Link routers.
>
>
> *****************************
> Widely-Deployed Software
> *****************************
> (1) HIGH: Oracle Critical Patch Update July 2006
> Affected:
> The following Oracle products:
> Oracle Database, Oracle Enterprise Manager, Oracle
> Application Server,
> Oracle Collaboration Suite, Oracle E-business Suite, PeopleSoft
> Enterprise Portal Solutions, JD Edwards Enterprise Tools, Oracle
> Pharmaceutical Applications, Oracle Developer Suite, Oracle Workflow,
> Oracle Application Server Portal
> (For vulnerable versions please refer to the Oracle Advisory)
>
> Description: Oracle has released a security update for
> multiple products
> that patches over 60 vulnerabilities. According to the Oracle advisory
> a number of these flaws can be easily exploited via HTTP or SQL
> protocol. One of the discoverers has posted the technical
> details about
> four of these vulnerabilities.
>
> Council Site Actions: Most of the reporting council sites are
> responding to this item and plan to deploy the patches during
> their next
> regularly scheduled systems update cycle. One site is currently
> regression testing the updates.
>
> References:
> Oracle Advisory
>
h-updates/cpujul2006.html
> Red Database Security Advisories
>
tion_dbms_stats.html
>
tion_dbms_upgrade.html
>
tion_dbms_cdc_impdp.html
>
tion_kupw$worker.html
> SecurityFocus BID
>
>
> *********************************************************************
>
> (2) HIGH: Internet Explorer WebViewFolderICon ActiveX Control Memory
> Corruption (0-day)
> Affected:
> Internet Explorer version 6.0
> Possibly all versions of IE
>
> Description: Internet Explorer contains a memory corruption flaw that
> is triggered when "SetSlice" method is invoked on "WebViewFolderIcon"
> ActiveX object. A malicious webpage can exploit the flaw to
> potentially
> execute arbitrary code on a user's system. The technical details
> required to craft an exploit have been publicly posted.
>
> Status: Microsoft has not confirmed, no updates available. Set the
> killbit for ActiveX UUID "{E5DF9D10-3B52-11D1-83E8-00A0C90DC849}" as a
> workaround.
>
> Council Site Actions: All reporting council sites are waiting on
> additional information and a patch from the vendor. They will most
> likely deploy the patch during a regularly scheduled systems
> maintenance
> cycle.
>
> References:
> Browser Fun Blog Posting by HD Moore
>
on-setslice.html
> Browser Fun Blog by HD Moore
>
> Microsoft Support Document on Disabling ActiveX Controls ("killbits")
>
> SecurityFocus BID
> Not yet available.
>
> **************************************************************
> ***************
>
> (4) HIGH: Wireshark Ethereal Multiple Protocol Decoding
> Vulnerabilities
> Affected:
> Ethereal versions prior to 0.99.2
>
> Description: Wireshark (formerly Ethereal) is a popular open source
> network sniffer and protocol analyzer for Unix and Windows platforms.
> The software contains format string, off-by-one or buffer overflow
> vulnerabilities in parsing the following protocols: ANSI MAP,
> CheckPoint
> FW-1, MQ, XML, NCP NMAS, NCP NDPS, NTP and NFS. Many of these
> flaws can
> be exploited to execute arbitrary code with the privileges of the
> ethereal process (typically "root" when ethereal is being used as a
> sniffer). To exploit these flaws, an attacker has to either inject the
> malicious packets into the network traffic being sniffed by ethereal,
> or entice a client to open a specially crafted packet capture
> file. The
> technical details can be obtained by examining the fixed
> code. Note that
> any network applications based on ethereal protocol decoder
> modules may
> also be affected.
>
> Status: Wireshark has confirmed the flaws and released version 0.99.2
>
> Council Site Actions: Ethereal is used minimally at most
> council sites,
> but is not supported by their central IT departments. Most sites will
> advise their users to upgrade. One site has already pushed manual
> updates to the small number of affected users.
>
> References:
> Wireshark Advisory
>
> Wireshard Homepage
>
> SecurityFocus BID
>
>
> 06.29.1 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Powerpoint Multiple Unspecified Vulnerabilities
> Description: Microsoft PowerPoint is prone to multiple remote
> vulnerabilities. Please check the attached advisory for details.
> Microsoft PowerPoint 2003 is affected.
> Ref:
> ______________________________________________________________________
>
> 06.29.2 CVE: CVE-2006-3655, CVE-2006-3656, CVE-2006-3660
> Platform: Microsoft Office
> Title: Microsoft Powerpoint Multiple Unspecified Vulnerabilities
> Description: Microsoft PowerPoint is prone to multiple remote
> vulnerabilities which may allow remote attackers to cause crashes, or
> to execute arbitrary machine code in the context of the affected
> application. PowerPoint versions 2003 and prior are reported to be
> vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.29.3 CVE: CVE-2006-3730
> Platform: Other Microsoft Products
> Title: Internet Explorer WebViewFolderIcon Denial of Service
> Description: Internet Explorer is prone to a denial of service issue
> when the browser processes a malicious "WebViewFolderIcon" object.
> Microsoft Internet Explorer versions 6.0 SP1 and 6.0 are vulnerable.
> Ref:
>
on-setslice.html
> ______________________________________________________________________
>
> 06.29.4 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer DXImageTransform Properties Denial of Service
> Description: Internet Explorer is prone to a denial of service issue
> which exists at the "StartColorStr" and "EndColorStr" properties of
> the "DXImageTransform.Microsoft.Gradient" ActiveX object. Internet
> Explorer 6 SP2 is affected.
> Ref:
>
olorstr.html
> ______________________________________________________________________
>
> 06.29.5 CVE: CVE-2006-2492,CVE-2006-3653,CVE-2006-3654
> Platform: Other Microsoft Products
> Title: Microsoft Works Spreadsheet Multiple Remote Vulnerabilties
> Description: Microsoft Works is vulnerable to multiple unspecified
> buffer overflow issues when it attempts to import malicious files.
> Microsoft Works version 8.0 is vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.29.6 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer MHTMLFile Denial of Service
> Description: Internet Explorer is exposed to a denial of service
> issue. The problem occurs when the application is used to view a
> malicious URI or web page consisting of a malformed MHTMLfile element.
> Internet Explorer version 6 SP2 is affected.
> Ref:
> ______________________________________________________________________
>
> 06.29.7 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer DataSourceControl Denial of Service
> Description: Internet Explorer is prone to a denial of service issue
> in the "getDataMemberName()" properties of the "DataSourceControl"
> ActiveX control object. Internet Explorer 6 SP2 is affected.
> Ref:
>
> ______________________________________________________________________
>
> 06.29.8 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer OVCtl Denial of Service
> Description: Microsoft Internet Explorer is prone to a denial of
> service issue which is triggered when the browser processes the
> "NewDefaultItem" method of the "OVCtl" object. All current versions
> are affected.
> Ref:
>
titem.html
> ______________________________________________________________________
>
> 06.29.9 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer Content-Type Denial of Service
> Description: Microsoft Internet Explorer is prone to a denial of
> service vulnerability. The vulnerability presents itself when the
> browser processes excessively large "Content-Type" HTTP response
> headers consisting of more than approximately 1M bytes. This crash
> reportedly occurs due to a flaw in the "wininet.dll" library.
> Ref:
> ______________________________________________________________________
>
> 06.29.10 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: RARLAB WinRAR LHA Filename Handling Buffer Overflow
> Description: RARLAB WinRAR is a compression utility capable of reading
> and writing files using several different archival formats. It is
> susceptible to a remote buffer overflow vulnerability, which is caused
> by a failure of the application to properly bounds check user-supplied
> input prior to copying it to an insufficiently-sized memory buffer.
> Versions from 3.0 to 3.60 beta 6 are reported as vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.29.19 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Various Citrix Applications MFEvent.DLL Privilege Escalation
> Description: Various Citrix applications contain an error that allows
> an authenticated user to escalate privileges. Citrix Metaframe, Citrix
> MetaFrame Presentation Server and Citrix Presentation Server are
> affected.
> Ref:
> ______________________________________________________________________
>
> 06.29.24 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel PROC Filesystem Local Privilege Escalation
> Description: The Linux kernel is susceptible to a local privilege
> escalation issue due to a race condition in the "proc" filesystem. The
> exploit demonstrating this issue accesses "/proc/*/environ" files,
> setting setuid permissions. The 2.6 series of the Linux kernel is
> vulnerable to this issue.
> Ref:
> ______________________________________________________________________
>
> 06.29.36 CVE: Not Available
> Platform: Cross Platform
> Title: Asterisk IAX2 Request Flood Remote Denial of Service
> Description: Asterisk is a private branch exchange (PBX) application.
> It is susceptible to a remote denial of service vulnerability. The
> software is unable to efficiently handle numerous unauthenticated call
> requests. Asterisk versions prior to 1.2.10 are vulnerable to this
> issue.
> Ref:
> ______________________________________________________________________
>
> 06.29.39 CVE: CVE-2006-3627 - CVE-2006-3632
> Platform: Cross Platform
> Title: Wireshark Protocol Dissectors Multiple Vulnerabilities
> Description: Wireshark is a network packet analyzer and the successor
> to Ethereal. It is prone to multiple vulnerabilities which may permit
> attackers to execute arbitrary code, which can facilitate a compromise
> of an affected computer or cause a denial of service condition to
> legitimate users of the application. Versions 0.99.1 and prior are
> reported as vulnerable.
> Ref:
> ______________________________________________________________________
