ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА














     АРХИВ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 30



> Hash: SHA1
> 
> This will be a bad week for cyber defenders; the vulnerabilities that
> will be announced this week will affect a very large proportion of
> business executives.  Last week's critical vulnerabilities included an
> unpatched, important vulnerability in Apple Safari and a very critical
> vulnerability in Firefox that demands immediate upgrading.
> 

> *****************************
> Widely-Deployed Software
> *****************************
> 
> (1) HIGH: Mozilla Suite Multiple Vulnerabilities
> Affected:
> Mozilla Firefox version 1.5.4 and prior
> Mozilla SeaMonkey version 1.0 and prior
> Mozilla Thunderbird version 1.5.0.3 and prior
> 
> Description: Applications based on the Mozilla web browser technology,
> including the Mozilla Firefox web browser, the Mozilla SeaMonkey suite
> (often referred to as simply "Mozilla"), and the Mozilla Thunderbird
> email client, contain multiple remotely-exploitable vulnerabilities. A
> malicious webpage or an HTML email could exploit some of these
> vulnerabilities to execute arbitrary code on a user's system.
> 
> Status: Mozilla Foundation confirmed, updates released. . As a general
> workaround, if possible, users should disable JavaScript in email
> messages and web pages.
> 
> Council Site Actions: Mozilla is in use at a number of the council
> sites, but is not yet supported at all sites. Those sites that do
> support Mozilla are either applying the updates manually or relying on
> the auto-update feature.  Site that do note provide central 
> support will
> rely on the auto-update feature and/or end users to apply updates.
> 
> References:
> SANS Incidents.org Diary Entry (includes links to individual 
> advisories)
> http://www.incidents.org/diary.php?storyid=1515 
> TippingPoint Zero Day Initiative Advisory
> http://zerodayinitiative.com/advisories/ZDI-06-025.html 
> Secunia Security Advisory
> http://archives.neohapsis.com/archives/fulldisclosure/2006-07/
> 0637.html 
> http://archives.neohapsis.com/archives/fulldisclosure/2006-07/
> 0630.html 
> Individual Mozilla Foundation Advisories
> http://www.mozilla.org/security/announce/2006/mfsa2006-56.html 
> http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-49.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-47.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-44.html
> SecurityFocus BID
> http://www.securityfocus.com/bid/19181
> 
> **************************************************************
> **************************************************************
> **********
> 
> (3) MODERATE: Apache "mod_rewrite" Remote Buffer Overflow
> Affected:
> Apache httpd versions 1.3.28 - 1.3.36, 2.0.46 - 2.0.58, 2.2.0 - 2.2.2
> 
> Description: The Apache HTTP daemon (httpd) contains a
> remotely-exploitable buffer overflow in the "mod_rewrite" URL 
> rewriting
> module, which is included in most Apache httpd distributions. This
> module is used to perform transformations on URLs passed to the server
> according to administrator-supplied "rewrite rules". The 
> module contains
> an off-by-one buffer overflow when parsing LDAP URLs. If the rewrite
> rules are structured such that an attacker can supply the initial
> portion of the URL (for example, a rewrite rule begins with an "$1"),
> an attacker could exploit this buffer overflow and execute arbitrary
> code with the privileges of the server process. Rewrite rules that
> affect the latter portions of the URL, or that contain the 
> "Forbidden",
> "Gone", or "NoEscape" options are not affected. Additionally, if the
> httpd binary was compiled with any form of automatic or explicit stack
> padding, the binary is not vulnerable. Since Apache is Open Source
> software, technical details can easily be obtained by examining the
> source code.
> 
> Status: Apache confirmed, updates available.
> 
> References:
> McAfee Security Advisory
> http://www.securityfocus.com/archive/1/441487 
> Apache Foundation Home Page
> http://www.apache.org/ 
> SecurityFocus BID
> http://www.securityfocus.com/bid/19204 
> 
> **************************************************************
> **************************************************************
> **************
> 
> (7) MODERATE: ISS RealSecure/BlackICE Mailslot Heap Overflow 
> Detect DoS
> Affected:
> ISS RealSecure Network/Server/Desktop 7.0
> Proventia A/G/M Series
> Proventia Server/Desktop
> BlackICE PC Protection 3.6
> BlackICE Server Protection 3.6
> 
> Description: ISS's RealSecure and BlackICE network intrusion detection
> and prevention devices and software suffer from a remotely-exploitable
> denial-of-service attack when detecting and filtering attacks against
> Microsoft's Mailslot implementation (outlined in a previous @RISK
> entry). By sending a specially-crafted packet through a 
> network segment
> monitored by a RealSecure or BlackICE sensor, an attacker could cause
> the sensor, and possibly the system running the sensor, to stop
> responding. Rebooting is required to restore normal operation.
> 
> Status: ISS confirmed, updates available.
> 
> References:
> NSFOCUS Security Advisory
> http://archives.neohapsis.com/archives/bugtraq/2006-07/0477.html
> Previous @RISK Entry regarding Microsoft's Mailslot vulnerability
> http://www.sans.org/newsletters/risk/display.php?v=5&i=28#widely1
> ISS Home Page
> http://www.iss.net/
> SecurityFocus BID
> http://www.securityfocus.com/bid/19178
> 
> **************
> 
> (10) LOW: Internet Key Exchange Protocol Denial-of-Service 
> Vulnerability
> Affected:
> Any device using the Internet Key Exchange (IKE) protocol version 1 is
> potentially vulnerable
> 
> Description: IKE, the Internet Key Exchange Protocol, is used to
> exchange shared secret information between hosts to enable the use of
> IPsec and related protocols. IKE is generally used as a 
> component in VPN
> solutions, but can be used whenever secure key exchange is 
> required. Due
> to the stateless nature of the IKE version 1 protocol, it is possible
> for an attacker to exhaust all available IKE resources on a target
> system, preventing other users from using the IKE facilities of the
> target system. Note that individual implementations may attempt to
> protect systems from this vulnerability, but the protocol 
> specification
> itself allows for this vulnerability. Users are advised to ask their
> vendor if their systems use IKE version 1. Users of Cisco's IOS can
> mitigate the impact of this vulnerability by implementing the "Call
> Admission Control for IKE" IOS feature.
> 
> Status: Cisco has provided workaround information for 
> IOS-based devices;
> other IKE implementations may have additional workarounds.
> 
> References:
> Internet Storm Center Diary Entry
> http://www.incidents.org/diary.php?storyid=1516
> Cisco Advisory
> http://archives.neohapsis.com/archives/fulldisclosure/2006-07/
> 0620.html
> http://www.cisco.com/warp/public/707/cisco-sr-20060726-ike.shtml 
> Wikipedia Entry on IKE
> http://en.wikipedia.org/wiki/Internet_key_exchange
> RFC 2409 (defines IKE)
> http://tools.ietf.org/html/rfc2409
> SecurityFocus BID (Cisco implementation only)
> http://www.securityfocus.com/bid/19176
> 

> 06.30.1 CVE: Not Available
> Platform: Windows
> Title: Windows Remote Denial of Service
> Description: Microsoft Windows is reportedly susceptible to a remote
> denial of service issue when a large number of malformed TCP packets
> with both source and destination ports set to 135 are sent to the
> system. These packets also have various header fields set to
> randomized values. Please refer to the advisory for details.
> Ref: http://www.securityfocus.com/archive/1/441007
> ______________________________________________________________________
> 
> 06.30.3 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer Internet.HHCtrl Click Denial of Service
> Description: Microsoft Internet Explorer is prone to a denial of
> service vulnerability. The vulnerability presents itself when the
> browser instantiates a new "Internet.HHCtrl.1" object. An attacker can
> trigger a NULL pointer dereference by calling the "Click" method
> without first initializing the URL parameter.
> Ref: http://www.securityfocus.com/bid/19109
> ______________________________________________________________________
> 
> 06.30.4 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer Multiple Object ListWidth Property Denial of
> Service
> Description: Microsoft Internet Explorer is prone to a denial of
> service vulnerability. The vulnerability presents itself when the
> browser instantiates a new "Forms.ListBox.1" or "Forms.ComboBox.1"
> object. An attacker can trigger a NULL pointer dereference by setting
> the "ListWidth" property to "0x7ffffffe".
> Ref: http://www.securityfocus.com/bid/19113
> ______________________________________________________________________
> 
> 06.30.5 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer NMSA.ASFSourceMediaDescription Stack Overflow
> Description: Microsoft Internet Explorer is prone to a stack overflow
> when the browser processes the "NMSA.ASFSourceMediaDescription" object
> with a "dispValue" property set as a long string. All current versions
> are affected.
> Ref:
> http://browserfun.blogspot.com/2006/07/mobb-23-nmsaasfsourceme
> diadescription.html
> ______________________________________________________________________
> 
> 06.30.6 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer Native Function Iterator Denial Of Service
> Description: Microsoft Internet Explorer is prone to an unspecified
> denial of service vulnerability that is triggered when an attacker
> convinces a victim user to visit a malicious website, causing Internet
> Explorer to crash. Versions 6.0 and 6.0 SP1 are reported as
> vulnerable.
> Ref: http://www.securityfocus.com/bid/19140
> ______________________________________________________________________
> 
> 06.30.7 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer NDFXArtEffects Stack Overflow
> Description: Microsoft Internet Explorer is prone to a stack overflow
> vulnerability. The vulnerability presents itself when the browser
> processes the "NDFXArtEffects" object with the "RGBExtraColor",
> "RGBForeColor" and "RGBBackColor" properties set as long strings. A
> successful attack can cause Internet Explorer to crash.
> Ref: http://www.securityfocus.com/bid/19184
> ______________________________________________________________________
> 06.30.9 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Internet Explorer String To Binary Function Denial Of Service
> Description: Microsoft Internet Explorer is vulnerable to a denial of
> service issue due to insufficient handling of a long string to the
> "stringToBinary()" function. Microsoft Internet Explorer versions 6.0
> SP2 and earlier are vulnerable.
> Ref: http://browserfun.blogspot.com/atom.xml
> ______________________________________________________________________
> 
> 06.30.17 CVE: CVE-2006-3825
> Platform: Solaris
> Title: Sun Internet Protocol Implementation Routing Table Bypass
> Description: Sun's Internet Protocol implementation is vulnerable to a
> routing table bypass vulnerability. This vulnerability exists because
> the kernel fails to ensure that network traffic only routes to
> addresses configured in the system's routing table. Therefore, an
> attacker may redirect network packets using individual specified
> sockets to an on-link router ignoring system settings. A successful
> exploit may allow an attacker to bypass the system's routing table
> configuration in order to redirect traffic to unauthorized addresses.
> Ref:
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-10250
> 9-1&searchclause=
> ______________________________________________________________________
> 
> 06.30.18 CVE: Not Available
> Platform: Solaris
> Title: Sun Solaris SysInfo Local Information Disclosure
> Description: Sun Solaris is prone to a local information disclosure
> issue due to an unspecified flaw in the "sysinfo" system call. Please
> refer to the attached advisory for details.
> Ref:
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-10234
> 3-1&searchclause=
> ______________________________________________________________________
> 
> 06.30.21 CVE: Not Available
> Platform: Cross Platform
> Title: GnuPG Parse_Comment Remote Buffer Overflow
> Description: GNU Privacy Guard (GnuPG) is an encryption application.
> It is affected by a remote buffer overflow issue due to insufficient
> sanitization of the "parse_comment()" function in the "parse-packet.c"
> source file. GnuPG version 1.4.4 is affected.
> Ref:
> http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.html
> ______________________________________________________________________
> 
> 06.30.26 CVE: CVE-2006-3353
> Platform: Cross Platform
> Title: Opera Web Browser CSS Background HTTPS URI Memory Corruption
> Description: Opera Web Browser is prone to a memory corruption
> vulnerability when processing a CSS background property of a DHTML
> element to a long HTTPS URI. Opera version 9 is vulnerable.
> Ref:
> http://browserfun.blogspot.com/2006/07/mobb-26-opera-css-backg
> round.html
> ______________________________________________________________________
> 
> 06.30.28 CVE: Not Available
> Platform: Cross Platform
> Title: Cisco Internet Key Exchange Denial of Service
> Description: Cisco Internet Key Exchange (IKE) is prone to a denial of
> service issue due to resource exhaustion when handling a high rate of
> IKE requests. A sustained attack of 10 packets per second at 122 bytes
> each is sufficient to cause the issue. Please refer to the attached
> cisco advisory for details.
> Ref: http://www.cisco.com/warp/public/707/cisco-sr-20060726-ike.shtml
> ______________________________________________________________________
> 
> 06.30.29 CVE:
> CVE-2006-3812,CVE-2006-3811,CVE-2006-3810,CVE-2006-3809,CVE-2006-3808,
> CVE-2006-3807,CVE-2006-3806,CVE-2006-3805,CVE-2006-3804,CVE-2006-3803,
> CVE-2006-3802,CVE-2006-3801,CVE-2006-3113,CVE-2006-3677
> Platform: Cross Platform
> Title: Mozilla Firefox Javascript Navigator Object Remote Code
> Execution
> Description: Mozilla Firefox is prone to a remote code execution
> vulnerability. The application fails to properly sanitize
> user-supplied input  before using it to create a new Javascript
> object. The vulnerability exists when assigning unspecified parameters
> to the "window.navigator" object. An attacker may replace the
> navigator object before Java starts to trigger this vulnerability.
> Mozilla Firefox versions 1.5.0 to 1.5.0.4 are vulnerable to this
> issue.
> Ref: http://www.mozilla.org/security/announce/2006
> ______________________________________________________________________
> 
> 06.30.30 CVE: CVE-2006-3113
> Platform: Cross Platform
> Title: Mozilla Foundation Products XPCOM Memory Corruption
> Description: Mozilla Foundation products Firefox, Thunderbird and
> SeaMonkey are vulnerable to a memory corruption issue due to
> insufficient handling of simultaneous XPCOM events. See the referenced
> advisory for further details.
> Ref: http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
> ______________________________________________________________________




 




Copyright © Lexa Software, 1996-2009.