ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 5



> 
> *****************************
> Widely-Deployed Software
> *****************************
> 
> **************************************************************
> ***********
> (2) HIGH: Cisco IOS Multiple Vulnerabilities
> Affected:
> Cisco IOS XR versions 2.0 and higher
> Cisco IOS versions 12.4 XB and prior
> Due to the large number of builds of IOS, other versions may be
> vulnerable. Some builds within the range given above are not 
> vulnerable.
> It is recommended that users consult the official Cisco advisories to
> determine whether or not they are vulnerable.
> 
> Description: Cisco IOS is Cisco's custom operating system used in its
> routing products. The majority of internet traffic is routed 
> via systems
> running IOS. Cisco IOS contains the following vulnerabilities:
> 
> (1) A specially-crafted IP options field in an Internet 
> Control Message
> Protocol (ICMP), Protocol Independent Multicast version 2 (PIMv2),
> Pragmatic General Multicast (PGM), or URL Rendezvous Directory (URD)
> packet could trigger a vulnerability, leading to a denial-of-service
> condition. It is believed that this vulnerability could lead to
> arbitrary code execution, but this has not yet been proven.
> 
> (2) A specially-crafted Transmission Control Protocol (TCP) packet can
> lead to a small memory leak on certain vulnerable systems. 
> Large numbers
> of these packets can exhaust all available memory on a system, leading
> to a denial-of-service condition.
> 
> (3) An Internet Protocol version 6 (IPv6) packet containing a
> specially-crafted Type 0 Routing header could lead to a
> denial-of-service condition by crashing the vulnerable system.  IOS is
> vulnerable to the first two issues in its default configuration; IPv6
> processing is not enabled by default. In all cases, the malicious
> traffic must be directed specifically to the router; traffic 
> transiting
> the router will not trigger these vulnerabilities. These 
> vulnerabilities
> can be partially mitigated by configuring firewall rules and access
> lists to limit the types of traffic that can reach the vulnerable
> systems directly.
> 
> Status: Cisco confirmed, updates available.
> 
> References:
> Cisco Security Advisories
> http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml
> http://www.cisco.com/en/US/products/products_security_advisory
> 09186a00807cb157.shtml#workarounds
> http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted
> -tcp.shtml
> Cisco Applied Intelligence Response (discusses mitigating strategies)
> http://www.cisco.com/en/US/products/products_security_response
> 09186a00807cb0da.html
> Cisco IOS Home Page
> http://www.cisco.com/en/US/products/sw/iosswrel/products_ios_c
> isco_ios_software_category_home.html
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/22208
> http://www.securityfocus.com/bid/22210
> http://www.securityfocus.com/bid/22211
> 
> **************************************************************
> **************************************************************
> ***********
> 
> (4) MODERATE: Microsoft Word Unspecified Code Execution Vulnerability
> Affected: 
> Microsoft Word 2000 and possibly other versions
> 
> Description: Microsoft Word is vulnerable to a code execution
> vulnerability. The exact nature of this vulnerability is currently
> undisclosed. According to SecurityFocus, Symantec believes this
> vulnerability is being actively exploited in the wild.
> 
> Status: Microsoft is investigating this issue.
> 
> References:
> Microsoft Security Advisory
> http://www.microsoft.com/technet/security/advisory/932114.mspx
> SecurityFocus BID
> http://www.securityfocus.com/bid/22225
> 
> **************************************************************
> ***********
> (5) MODERATE: Computer Associates Multiple Products Multiple 
> Vulnerabilities
> Affected:
> Computer Associates Desktop and Business Protection Suite
> Computer Associates Desktop Management Suite
> Computer Associates Mobile Backup
> Computer Associates BrightStor ARCserve Backup Laptop and Desktop
> 
> Description: Multiple Computer Associates products contain
> remotely-exploitable buffer overflows. The exact nature of 
> these buffer
> overflows is currently not publicly known, but the vendor has stated
> that successful exploitation can lead to arbitrary code execution with
> SYSTEM or root privileges. It is unknown if these vulnerabilities are
> related to those discussed in @RISK Volume 6, Issue 3.
> 
> Special Note: CA BrightStor ARCServe buffer overflows have 
> been actively
> exploited for the past couple of years. SANS recommends that you block
> all the ports that are opened by the software, at the network 
> perimeter.
> A list of the ports to block may be found at:
> http://www.ca.com/at/local/partner/techtalk_mar05_faq.pdf
> http://supportconnectw.ca.com/public/ca_common_docs/brightstor
> winxpsp2matrix.asp
> 
> Status: Computer Associates confirmed, updates available.
> 
> References:
> Previous @RISK Entry
> http://www.sans.org/newsletters/risk/display.php?v=6&i=3#widely2
> Computer Associates Security Advisory
> http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/b
> abldimpsec-notice.asp
> Next Generation Security Software (credited by the vendor 
> with discovery
> of these vulnerabilities)
> http://www.ngssoftware.com
> Product Home Page
> http://www3.ca.com/solutions/ProductFamily.aspx?ID=115
> SecurityFocus BID 
> http://www.securityfocus.com/bid/22199
> 
> 
> **************
> Other Software
> **************
> 
> (9) LOW: Multiple VoIP Phones Session Hijacking Vulnerability
> Affected:
> VoIP phones using the Aredfox PA168 chipset with firmware 
> versions 1.42 and 1.54
> 
> Description: Voice-over-IP (VoIP) phones that use the Aredfox chipset
> are vulnerable to a session-hijacking vulnerability. If an 
> administrator
> logs into the phone's web-based administrative interface, that session
> can be easily hijacked by an attacker to execute arbitrary 
> commands with
> adminitrative privilege. Note that the attacker's session is 
> valid only
> so long as the administrator is logged in. A simple 
> proof-of-concept for
> this vulnerability is available.
> 
> Status: Aredfox has not confirmed, no updates available.
> 
> References:
> Proof of Concept (includes list of affected phones)
> http://downloads.securityfocus.com/vulnerabilities/exploits/ac
> tive-session-attack.sh
> Vendor Home Page
> http://www.aredfox.com/eindex.htm
> VoIP Security Alliance
> http://voipsa.org/
> SecurityFocus BID
> http://www.securityfocus.com/bid/22191
> 
> *****
> Patch
> *****
> 
> (10) CRITICAL: QuickTime RTSP URL Handler Buffer Overflow
> 
> Description: Apple has released a patch for the QuickTime RTSP URL
> handler buffer overflow, described in the @RISK volume 6, 
> issue 1. This
> patch should be automatically downloaded via the Software Update
> facility on Mac OS X. Windows users may need to manually download an
> updated version of QuickTime.
> 
> References:
> Previous @RISK Entry
> http://www.sans.org/newsletters/risk/display.php?v=6&i=1#widely1
> Apple Security Update
> http://docs.info.apple.com/article.html?artnum=304989
> QuickTime Download for Microsoft Windows
> http://www.apple.com/quicktime/download/win.html
> 
> **************************************************************
> **************************
> 
> 07.5.1 CVE: Not Available
> Platform: Windows
> Title: Microsoft Help Workshop .HPJ File Buffer Overflow
> Description: Microsoft Help Workshop is prone to a buffer overflow
> vulnerability as it fails to properly bounds check user-supplied
> input in ".hpj" help project files. Please see the advisory for
> further information.
> Ref: http://www.securityfocus.com/bid/22135
> ______________________________________________________________________
> 
> 07.5.2 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Word 2000 Unspecified Code Execution
> Description: Microsoft Word 2000 is prone to a remote code execution
> vulnerability that arises because of a memory corruption
> vulnerability. Exploit attempts against Word 2003/XP result in a
> denial of service due to complete CPU utilization, denying service to
> legitimate users. Various versions of Microsoft Word are affected.
> Ref: http://www.securityfocus.com/bid/22225
> ______________________________________________________________________
> 
> 07.5.3 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Visual C++ Resource File Buffer Overflow
> Description: Microsoft Visual C++ is prone to a stack-based buffer
> overflow issue because it fails to bounds check user-supplied data to
> the MSDEV.EXE process within the resource compiler RCDLL module.
> Ref: http://www.securityfocus.com/bid/22170
> ______________________________________________________________________
> 
> 07.5.5 CVE: CVE-2007-0444
> Platform: Third Party Windows Apps
> Title: Citrix Presentation and MetaFrame Server Cpprov.DLL Stack
> Buffer Overflow
> Description: The Citrix Presentation Server and MetaFrame server are
> ICA client applications that include Citrix support. They are prone to
> a stack-based buffer overflow vulnerability because they fail to
> properly bounds check user-supplied data to the "EnumPrinters()" and
> "OpenPrinter" functions residing in the "ccprov.dll" file. 
> Citrix Presentation
> Server 4.0, Citrix MetaFrame XP 1.0 and Citrix MetaFrame Presentation
> Server 3.0 are all affected.
> Ref: http://support.citrix.com/article/CTX111686
> ______________________________________________________________________
> 
> 07.5.6 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Computer Associates BrightStor ARCServe BackUp Multiple Remote
> Buffer Overflow Vulnerabilities
> Description: Computer Associates BrightStor ARCServe BackUp is prone
> to multiple buffer overflow vulnerabilities which allow remote
> attackers to execute arbitrary code with SYSTEM privileges.
> Ref: http://www.securityfocus.com/bid/22199
> ______________________________________________________________________
> 
> 
> 07.5.9 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: BitDefender Client Professional Plus Settings Local Format
> String Vulnerability
> Description: BitDefender Client Professional Plus is prone to a format
> string vulnerability because it fails to properly sanitize
> user-supplied input before using it in the format specifier argument
> to a formatted printing function. BitDefender Client Professional Plus
> build 8.02 and prior versions are vulnerable to this issue.
> Ref:
> http://www.bitdefender.com/KB325-en--Format-string-vulnerability.html
> ______________________________________________________________________
> 
> 07.5.21 CVE: CVE-2007-0003
> Platform: Linux
> Title: Linux-PAM Pam_Unix.SO Authentication Bypass
> Description: Linux-PAM is a package of Pluggable Authentication
> Modules. It is vulnerable to an authentication bypass issue because it
> fails to effectively verify user passwords during the authentication
> process. Linux-PAM version 0.99.7.0 is vulnerable.
> Ref: 
> https://www.redhat.com/archives/pam-list/2007-January/msg00017.html
> ______________________________________________________________________
> 
> 07.5.28 CVE: Not Available
> Platform: Unix
> Title: ISC BIND Remote Fetch Context Denial of Service
> Description: ISC BIND is prone to a remote denial of service
> vulnerability due to a failure of the application to properly handle
> unexpected DNS requests.
> Ref: http://www.securityfocus.com/bid/22229
> ______________________________________________________________________
> 
> 
> 07.5.31 CVE: Not Available
> Platform: Cross Platform
> Title: Trend Micro InterScan VirusWall VSAPI Module Buffer Overflow
> Description: Trend Micro InterScan VirusWall (ISVW) is an internet
> gateway virus scanning package. It is prone to a buffer overflow
> vulnerability due to insufficient input sanitization in the
> "libvsapi.so" library file. Version 3.81 is reportedly vulnerable.
> Ref: http://www.securityfocus.com/bid/22240
> ______________________________________________________________________
> 
> 07.5.32 CVE: Not Available
> Platform: Cross Platform
> Title: ISC BIND Remote DNSSEC Validation Denial of Service
> Description: ISC BIND is vulnerable to a remote denial of service
> issue because the application fails to handle malformed DNSSEC
> validation requests. See the advisory for further details.
> Ref: http://www.isc.org/index.pl?/sw/bind/bind-security.php
> ______________________________________________________________________
> 
> 07.5.33 CVE: CVE-2007-0471
> Platform: Cross Platform
> Title: Multiple Check Point Products Integrity Clientless Security
> Security Bypass
> Description: Connectra is a web security gateway and VPN-1 Power/UTM
> is a virtual private network package developed by Check Point. Both
> applications are prone to a security bypass vulnerability due to
> insufficient data sanitization in the "/sre/params.php" script. Please
> refer to the advisory for vulnerable versions.
> Ref: http://www.securityfocus.com/bid/22233
> ______________________________________________________________________
> 
> 07.5.35 CVE: Not Available
> Platform: Cross Platform
> Title: Symantec Web Security Multiple Denial of Service And Cross-Site
> Scripting Vulnerabilities
> Description: Symantec Web Security is an HTTP/FTP traffic scanner
> that scans and filters viruses and inappropriate content at the web
> gateway. It is affected by multiple denial of service and cross-site
> scripting issues. Symantec Web Security versions prior to 3.0.1.85 are
> vulnerable.
> Ref: http://www.securityfocus.com/bid/22184
> ______________________________________________________________________
> 
> 07.5.37 CVE: CVE-2007-0248
> Platform: Cross Platform
> Title: Squid Proxy ACL Queue Overload Remote Denial of Service
> Description: Squid is an open source proxy server. It is vulnerable to
> a remote denial of service issue because the proxy server fails to
> handle excessive data. Squid Web Proxy Cache version 2.6.STABLE7
> resolves this issue.
> Ref: http://www.squid-cache.org/bugs/show_bug.cgi?id=1848
> ______________________________________________________________________
> 
> 07.5.96 CVE: Not Available
> Platform: Network Device
> Title: Cisco IOS IPv6 Source Routing Remote Memory Corruption
> Description: Cisco IOS is prone to a remote memory corruption
> vulnerability. This issue is due to a failure of the software to
> properly handle IPv6 packets containing specially crafted type 0
> routing headers.
> Ref:
> http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml
> ______________________________________________________________________
> 
> 07.5.97 CVE: Not Available
> Platform: Network Device
> Title: Cisco Multiple Devices Crafted IP Option Multiple Remote Code
> Execution Vulnerabilities
> Description: Cisco IOS and Cisco IOS XR are network communications
> operating systems used in many Cisco routers and network switches.
> Multiple Cisco switches and routers running Cisco IOS and Cisco IOS XR
> are prone to multiple remote denial of service and code execution
> vulnerabilities. Please see the advisory for further information.
> Ref:
> http://www.cisco.com/en/US/products/products_security_advisory
> 09186a00807cb157.shtml
> ______________________________________________________________________
> 
> 07.5.98 CVE: Not Available
> Platform: Network Device
> Title: AVM FRITZ!Box VoIP Remote Denial of Service
> Description: FRITZ!Box is a wireless DSL modem and router. A
> zero-length UDP packet sent to the SIP port 5060 of the device through
> the IP interface or the DSL line causes the VoIP-telephony service to
> crash.
> Ref: http://www.securityfocus.com/bid/22130
> ______________________________________________________________________
> 
> 07.5.99 CVE: CVE-2007-0397
> Platform: Network Device
> Title: Cisco SSL/TLS Certificate and SSH Public Key Validation
> Description: Cisco Security Monitoring, Analysis and Response System
> (CS-MARS) and Cisco Adaptive Security Device Manager (ASDM) are a
> security system that correlates and analyzes data in event logs
> received from various network devices. Both do not validate the
> SSL/TLS certificates or SSH public keys when connecting to devices,
> which allows remote attackers to spoof those devices to obtain
> sensitive information or generate incorrect information. See the
> advisory for further details.
> Ref: 
> http://www.cisco.com/warp/public/707/cisco-sa-20070118-certs.shtml
> ______________________________________________________________________
> 
> 07.5.100 CVE: Not Available
> Platform: Hardware
> Title: Multiple VOIP Phones Aredfox PA168 Chipset Session Hijacking
> Description: Aredfox PA168 is a programmable chip for VoIP based
> devices. Multiple VoIP phones using the Aredfox PA168 Chipset are
> vulnerable to a session hijacking issue due to a design error. VoIP
> phones using the Aredfox PA168 chipset with SIP Firmware versions
> V1.42 and 1.54 are vulnerable.
> Ref: http://www.securityfocus.com/bid/22191
> ______________________________________________________________________



 




Copyright © Lexa Software, 1996-2009.