>
> *****************************
> Widely Deployed Software
> *****************************
>
> (1) CRITICAL: Apache Tomcat JK Web Server Connector Stack Overflow
> Affected:
> Apache Tomcat JK Web Server Connector 1.2.19
> Apache Tomcat JK Web Server Connector 1.2.20
> Apache Tomcat 4.1.34
> Apache Tomcat 5.5.20
>
> Description: Apache Tomcat, a popular application server, contains a
> stack overflow vulnerability. An overlong URL (one greater than 4095
> bytes) could exploit this buffer overflow and execute arbitrary code
> with the privileges of the server process. The flaw stems
> from an unsafe
> memory copy in the Apache Tomcat JK Web Server Connector component.
> Certain versions of Tomcat include vulnerable versions of
> this component
> by default. Note that, because Tomcat is open source,
> technical details
> for this vulnerability can be determined through source code analysis.
>
> Status: Apache confirmed, updates available.
>
> References:
> Zero Day Initiative Advisory
>
> Apache Security Advisory
>
> Apache Tomcat Home Page
>
> SecurityFocus BID
>
>
> **************************************************************
> ***********
>
> (2) CRITICAL: WordPress Blogging Software Backdoor
> Affected:
> WordPress version 2.1.1 when downloaded between February
> 25th, 2007 and
> March 2nd, 2007
>
> Description: WordPress, a popular and widely-used blog application,
> contains a remotely-accessible backdoor. Backdoors are malicious code
> inserted into an application that allows an attacker to compromise the
> application by accessing it in a special, attacker-defined way. On
> February 25th, 2007, the source code for WordPress version 2.1.1 was
> altered to contain a backdoor. A specially-crafted string passed in an
> HTTP request in a variable named "ix" or "iz" will lead to remote code
> execution with the privileges of the web server process. Full
> technical
> details are publicly available for this vulnerability and it can be
> assumed that this vulnerability is being actively exploited
> in the wild.
>
> Status: WordPress confirmed, updates available.
>
> References:
> WordPress Blog Posting
>
> Posting by ifsecure@xxxxxxxxx
>
> Wikipedia Article on Backdoors
>
> "Reflections on Trusting Trust" by Ken Thompson (classic computer
> security text outlining a hypothetical backdoor in early UNIX)
>
> SecurityFocus BID
>
>
> **************************************************************
> **************************************************************
> ***********
>
> (6) LOW: Symantec Mail Security for SMTP Header Parsing Vulnerability
> Affected:
> Symantec Mail Security for SMTP version 5.0 and possibly prior
>
> Description: Symantec Mail Security for SMTP is a popular anti-malware
> email scanner for Windows, Unix, and Linux. An undisclosed
> vulnerability
> in the processing of email headers can result in arbitrary code
> execution with the privileges of the scanning process. No further
> technical details are publicly available for this vulnerability. It is
> believed that only the Windows version of the software is vulnerable,
> and that this vulnerability is not currently being exploited in the
> wild.
>
> Status: Symantec confirmed, updates available.
>
> References:
> Symantec Patch 175 Release Notes
> ftp://ftp.symantec.com/public/english_us_canada/products/syman
> tec_mail_security/5.0_smtp/updates/release_notes_p175.txt
> Product Home Page
>
> 1008&pvid=845_1
> SecurityFocus BID
>
>
> **************************************************************
> ***********
>
> ****************
> Exploit Code
> ****************
>
> (8) Solaris Telnet Worm
> Description: The Solaris Telnet vulnerability discussed in a previous
> issue of @RISK is being actively attacked in the wild by a worm. This
> worm can attack both x86- and SPARC-architecture systems. The worm
> attempts to compromise a vulnerable system and execute a large number
> of commands as either the "lp" or "adm" user, and then
> proceed to infect
> other systems. Users are advised to disable telnet, if
> possible. Sun has
> released an "inoculation" script that will remove the worm
> from infected
> systems, and prevent re-infection by disabling the telnet service.
>
> References:
> Previous @RISK Newsletter Entry
>
> Arbor Networks Security Blog Posting
>
> -possible-worm/
> Sun Security Coordination Team Posting (includes inoculation script)
>
>
> **************************************************************
> ******************
>
> Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
> Week 10 2007
>
> This list is compiled by Qualys ( www.qualys.com ) as part of that
> company's ongoing effort to ensure its vulnerability management web
> service tests for all known vulnerabilities that can be scanned. As of
> this week Qualys scans for 5392 unique vulnerabilities. For this
> special SANS community listing, Qualys also includes vulnerabilities
> that cannot be scanned remotely.
>
> 07.10.1 CVE: Not Available
> Platform: Windows
> Title: Windows Shell User Logon ActiveX Control Unauthorized
> User Creation
> Description: The Windows Shell User Logon ActiveX control is used to
> provide access to a Windows shell. The control (CLSID:
> 08F04139-8DFC-11D2-80E9-006008B066EE) is prone to an issue that allows
> attackers to create user accounts on victim computers. The Windows
> Shell User Logon ActiveX control version 6.0.2900.2180 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.10.2 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Office Publisher Remote Denial of Service
> Description: Microsoft Office Publisher is an application for
> designing and publishing documents. It is exposed to a remote denial
> of service issue because it fails to properly handle malformed PUB
> files. Microsoft Office Publisher 2007 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.10.3 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Excel NULL Pointer Dereference Denial of Service
> Description: Microsoft Excel is a spreadsheet application. It is
> exposed to a denial of service issue that occurs when the application
> handles a specially-crafted spreadsheet file. This issue stems from a
> NULL-pointer dereference. Microsoft Excel 2003 SP3 and earlier
> versions are affected.
> Ref:
> ______________________________________________________________________
>
> 07.10.4 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Office 2003 Denial of Service
> Description: Microsoft Office is prone to a denial of service
> condition when the malformed WMF file is viewed in the Microsoft
> Office application. The issue is triggered when the application is
> used to insert the malicious file into a document. Microsoft Office
> 2003 is affected. Refer to the advisory for further details.
> Ref:
> ______________________________________________________________________
>
> 07.10.5 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Office Publisher Unspecified Remote Code Execution
> Description: Microsoft Office Publisher is a document design and
> publishing application. Publisher is prone to an unspecified remote
> code execution vulnerability due to an unspecified error when handling
> malformed files. Refer to the advisory for further details.
> Ref:
> ______________________________________________________________________
>
>
> 07.10.7 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Windows Explorer WMF File Handling Denial of Service
> Description: Microsoft Windows Explorer is prone to a denial of
> service issue. Microsoft Windows XP Tablet PC Edition SP2 and earlier
> versions are affected. Please refer to the advisory for further
> details.
> Ref:
>
> ______________________________________________________________________
>
> 07.10.8 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer OnUnload Javascript Browser
> Entrapment
> Description: Microsoft Internet Explorer is exposed to a vulnerability
> that allows attackers to trap users at a particular webpage and spoof
> page transitions. The issue occurs because of a Javascript "onUnload"
> handler design error that allows a malicious user to trap an
> unsuspecting user on
> a particular page. Microsoft Internet Explorer 6 and 7 are vulnerable.
> Ref:
> ______________________________________________________________________
>
> 07.10.9 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer OnUnload Null Pointer Dereference
> Description: Microsoft Internet Explorer is prone to a race condition
> that causes a denial of service. Microsoft Internet Explorer 6 and 7
> are affected. Refer to the advisory for details.
> Ref:
> ______________________________________________________________________
>
>
> 07.10.11 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Comodo Firewall Pro Local Protection Mechanism Bypass
> Description: Comodo is a firewall application. The application is
> exposed to the issue because protection mechanism fails to properly
> handle multiple simultaneous connections to a named pipe. By accessing
> this named pipe, attackers may modify keys located in the
> "HKLMSYSTEMSoftwareComodoPersonal Firewall" registry location. Comodo
> Personal Firewall version 2.3.6.81, 2.4.18.184, 2.4.17.183, and
> 2.4.16.174 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.10.25 CVE: CVE-2004-0057
> Platform: Cross Platform
> Title: TCPDump IEEE802.11 Printer Remote Buffer Overflow
> Description: The "tcpdump" utility is a freely available open source
> network monitoring tool. The utility is exposed to a heap-based buffer
> overflow issue because it fails to bounds check user-supplied input
> before copying it into an insufficiently sized memory buffer. tcpdump
> versions 3.9.5 and earlier are affected.
> Ref:
> ______________________________________________________________________
>
> 07.10.26 CVE: Not Available
> Platform: Cross Platform
> Title: Symantec Mail Security for SMTP Arbitrary Code Execution
> Description: Symantec Mail Security for SMTP is an integrated email
> protection application to prevent virus threats, spam, and other
> unwanted content. The application is exposed to a vulnerability that
> would allow remote attackers to execute arbitrary code on an affected
> computer or to cause denial of service conditions. Symantec Mail
> Security version 5.0 and earlier versions are affected.
> Ref:
> ______________________________________________________________________
>
> 07.10.29 CVE: Not Available
> Platform: Cross Platform
> Title: Adobe Acrobat/Adobe Reader Information Disclosure
> Description: Adobe Acrobat and Adobe Reader are applications designed
> for reading Portable Document Format (PDF) files. The applications are
> exposed to an information disclosure issue due to improper permissions
> being granted to JavaScript objects, so that an attacker can disclose
> the contents of local files using specially-crafted "file://" URIs
> embedded in JavaScript. Adobe Acrobat Reader version 7.0.9 and earlier
> versions are affected.
> Ref:
> ______________________________________________________________________
>
> 07.10.30 CVE: Not Available
> Platform: Cross Platform
> Title: Citrix Presentation Server Client Unspecified Remote Code
> Execution
> Description: The Citrix Presentation Server Client is an ICA client
> application that includes support for making ICA connections through
> proxy servers. The application is prone to an unspecified remote code
> execution issue. All versions prior to 10.0 for Microsoft Windows
> platforms are vulnerable.
> Ref:
> ______________________________________________________________________
>
> 07.10.35 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox OnUnload Javascript Browser Entrapment
> Description: Mozilla Firefox is a web browser for multiple operating
> platforms. Firefox is prone to a vulnerability that allows attackers
> to trap users at a particular webpage and spoof page transitions. This
> issue occurs because of a JavaScript "onUnload" handler design error
> that allows a malicious user to trap an unsuspecting user on
> a particular page.
> Mozilla Firefox version 2.0 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.10.37 CVE: CVE-2007-1092
> Platform: Cross Platform
> Title: Mozilla Firefox OnUnload Memory Corruption
> Description: Mozilla Firefox is prone to a remote memory corruption
> vulnerability. Mozilla Firefox version 2.0.0.1, and Ubuntu Linux 6.10
> amd64 and earlier are affected. please refer to the advisory
> for further details.
> Ref:
> ______________________________________________________________________
