>
> *****************************
> Widely-Deployed Software
> *****************************
> *****************************************************************
>
> (3) MODERATE: Cisco IOS SSL Packet Processing Denial-of-Service
> Affected:
> All Cisco devices running IOS with the Crypto Feature Set
>
> Description: Cisco's Internetwork Operating System (IOS)
> contains a flaw
> in the handling of Secure Sockets Layer (SSL) packets destined for the
> device. If the device is configured to process SSL packets, a
> specially-crafted "ClientHello", "ChangeCipherSpec", or "Finished"
> message could trigger a denial-of-service condition. Note that these
> messages are sent in cleartext, and do not require
> authentication. Cisco
> devices configuration to process SSL packets as part of a higher-level
> protocol are also vulnerable; example protocols include HTTPS
> and Cisco
> WebVPN. Note that the malicious traffic must be destined specifically
> for the vulnerable device; traffic simply transiting the
> device will not
> lead to exploitation.
>
> The vulnerability resides in the "RSA BSAFE" libraries that
> are used to
> implement cryptography in applications. Currently only a few vendors
> have reported if their products using these libraries are
> vulnerable or
> not.
>
> Status: Cisco confirmed, updates available.
>
> Council Site Actions: Most of the responding council sites
> said they are
> not running the vulnerable configuration on their Cisco
> router; however,
> they are double-checking. One site is running the affected
> configuration and plans to deploy the patch during their next
> regularly
> scheduled system maintenance cycle.
>
> References:
> CERT Advisory
>
> Cisco Security Advisories
>
>
> SANS Handlers' Diary
>
>
> SecurityFocus BID
>
>
> ****************************************************************
>
> ****************
> Other Software
> ****************
>
> (5) HIGH: Avast! Antivirus CAB File Handling Buffer Overflow
> Affected:
> Avast! Antivirus Managed Client versions prior to 4.7.700
>
> Description: Avast! Antivirus, a popular antivirus solution,
> contains a
> flaw in its handling of CAB (Microsoft Cabinet) files (a
> common archive
> file format). A specially-crafted CAB file can trigger a
> buffer overflow
> in the application, allowing an attacker to execute arbitrary
> code with
> the privileges of the vulnerable process. Note that only the managed
> client is currently confirmed as vulnerable.
>
> Status: Avast! confirmed, updates available.
>
> Council Site Actions: The affected software and/or
> configuration are not
> in production or widespread use, or are not officially
> supported at any
> of the responding council sites. They reported that no action was
> necessary.
>
> References:
> Avast! Client Change Log
>
> Wikipedia Article on CAB Files
>
> Vendor Home Page
>
> SecurityFocus BID
>
>
> ****************************************************************
>
> Part II - Comprehensive List of Newly Discovered Vulnerabilities from
> Qualys (www.qualys.com)
> Week 22, 2007
>
> This list is compiled by Qualys ( www.qualys.com ) as part of that
> company's ongoing effort to ensure its vulnerability management web
> service tests for all known vulnerabilities that can be scanned. As of
> this week Qualys scans for 5460 unique vulnerabilities. For
> this special
> SANS community listing, Qualys also includes vulnerabilities
> that cannot
> be scanned remotely.
>
> ______________________________________________________________________
>
> 07.22.1 CVE: Not Available
> Platform: Windows
> Title: Microsoft Internet Information Server Hit Highlighting
> Authentication Bypass
> Description: Microsoft Internet Information Server (IIS) is a web
> server application for Windows. IIS is exposed to an authentication
> bypass issue due to its implementation of "Hit-highlighting"
> functionality.
> Ref:
> ______________________________________________________________________
>
> 07.22.2 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer
> Overflow
> Description: Microsoft Office 2000 UA ActiveX Control is exposed to a
> buffer overflow issue because the application fails to bounds check
> user-supplied data before copying it into an insufficiently sized
> buffer.
> Ref:
> ______________________________________________________________________
>
> 07.22.3 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Visual Basic 6.0 Project Description Buffer Overflow
> Description: Microsoft Visual Basic 6.0 is a development platform for
> building applications on Microsoft platforms. The application is
> exposed to a stack-based buffer overflow issue because it fails to
> bounds check user-supplied data before copying it into an
> insufficiently sized buffer.
> Ref:
> ______________________________________________________________________
>
> 07.22.4 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Visual Basic 6.0 Project Company Name Denial of
> Service
> Description: Microsoft Visual Basic 6.0 is a development platform for
> building applications on Microsoft platforms. The application is
> exposed to a denial of service issue because the application fails to
> bounds check user-supplied data before copying it into an
> insufficiently sized buffer.
> Ref:
> ______________________________________________________________________
>
> 07.22.9 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Avast! Managed Client CAB File Handling Remote Heap Overflow
> Description: Avast! Managed Client is used with Avast! Distributed
> Network Manager to deploy and manage Avast! antivirus over the
> network. The application is exposed to a heap overflow issue in its
> CAB processing routines. Avast! Managed Client versions earlier than
> 4.7.700 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.22.11 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: UltraISO Cue File Stack Buffer Overflow
> Description: UltraISO is a CD/DVD image-handing application for
> Microsoft Windows. The application is exposed to a remote stack-based
> buffer overflow issue because it fails to adequately bounds check
> user-supplied data before copying it to an insufficiently sized memory
> buffer. UltraISO version 8.6.2.2011 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.22.13 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Multiple Citrix Products Session Reliability Server
> Security Bypass
> Description: Citrix Presentation Server is an application server used
> to deliver Windows-based applications over a network. Citrix Access is
> a security gateway used on networks which employ application servers.
> Multiple Citrix products are exposed to a security bypass issue
> because they fail to adequately enforce network security policies.
> Ref:
> ______________________________________________________________________
>
> 07.22.16 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: NOD32 Multiple Buffer Overflow Vulnerabilities
> Description: NOD32 is an anti-virus application available for
> Microsoft Windows. The application is exposed to multiple stack-based
> buffer overflow issues because it fails to bounds check user-supplied
> data before copying it into an insufficiently sized buffer. NOD32
> versions 2.7 prior to update 2.70.37.0 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.22.31 CVE: CVE-2007-2451
> Platform: Linux
> Title: Linux Kernel GEODE-AES Unspecified
> Description: The Linux kernel is exposed to an unspecified issue that
> resides in the GEODE-AES functionality. The impact of this issue is
> currently unknown. Please refer to the advisory for further details.
> Ref:
> ______________________________________________________________________
>
> 07.22.32 CVE: CVE-2007-2026, CVE-2007-2799
> Platform: Linux
> Title: File Multiple Denial of Service Vulnerabilities
> Description: File is a utility that identifies a file format by
> scanning binary data for various patterns. File is exposed to multiple
> denial of service issues because the application fails to handle
> exceptional conditions. Please refer to the advisory for further
> details.
> Ref:
> ______________________________________________________________________
>
> 07.22.33 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel VFat Compat IOCTLS Local Denial of Service
> Description: The Linux kernel is exposed to a local denial of service
> issue. The problem occurs on an x86-64 system with a 32bit compiled
> kernel when handling ioctl calls in a "MSDos" or "VFAT" directories.
> Ref:
> ______________________________________________________________________
>
> 07.22.38 CVE: CVE-2007-1860
> Platform: Cross Platform
> Title: Apache Tomcat JK Connector Double Encoding Security Bypass
> Description: Apache Tomcat is the servlet container used in the
> official Reference Implementation for the Java Servlet and JavaServer
> Pages technologies. The application is exposed to a security bypass
> issue because it decodes request URLs multiple times. Apache Tomcat JK
> Connector versions prior to 1.2.23 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.22.39 CVE: CVE-2007-2519
> Platform: Cross Platform
> Title: PHP PEAR INSTALL-AS Attribute Arbitrary File Overwrite
> Description: PHP Extension and Application Repository (PEAR) provides
> a distribution system for PHP components. The application is exposed
> to an arbitrary file overwrite issue which arises because the
> application does not sanitize or verify installation paths. PEAR
> versions 1.0 to 1.5.3 are affected.
> Ref:
> ______________________________________________________________________
>
> 07.22.40 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Crypt Function Authentication Bypass
> Description: PHP is a general-purpose scripting language that is
> especially suited for web development and can be embedded into HTML.
> The "crypt()" function is a function that returns an encrypted string
> using Unix DES-based encryption algorithms or other private key
> encryption algorithms. PHP is exposed to an authentication bypass
> issue because in multi-threaded environments, the "crypt()" function
> uses the same internal memory area.
> Ref:
> ______________________________________________________________________
>
> 07.22.41 CVE: CVE-2006-3894
> Platform: Cross Platform
> Title: RSA BSAFE Library Remote ASN.1 Denial of Service
> Description: The RSA BSAFE is a security and encryption library
> package for C, C++, Java, and embedded applications. The application
> is exposed to a denial of service issue due to a failure of the
> library to properly handle malformed ASN.1 (Abstract Syntax Notation
> One) data.
> Ref:
>
> ______________________________________________________________________
>
> 07.22.42 CVE: Not Available
> Platform: Cross Platform
> Title: GD Graphics Library PNG File Processing Denial of Service
> Description: The GD Graphics Library (gdlib) is an open-source
> graphics library available for multiple platforms, including UNIX
> variants and Microsoft Windows. It is implemented in ANSI C and is
> designed to facilitate creating and manipulating PNG, JPEG, and GIF
> image formats. The application is exposed to a denial of service issue
> due to mishandling of PNG files in the "gdPngReadData()" function of
> "gd_png.c". The GD Graphics Library version 2.0.34 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.22.45 CVE: Not Available
> Platform: Cross Platform
> Title: Opera Web Browser Torrent File Handling Buffer Overflow
> Description: The Opera Web Browser is a web client available for
> multiple platforms. The application is exposed to a buffer overflow
> issue because it fails to sufficiently bounds check user-supplied
> input. Opera versions prior to 9.21 are affected..
> Ref:
> ______________________________________________________________________
>
> 07.22.46 CVE: CVE-2007-2754
> Platform: Cross Platform
> Title: Freetype TT_Load_Simple_Glyph() TTF File Integer Overflow
> Description: FreeType is an open-source font-handling library. The
> application is exposed to an integer overflow issue because it fails
> to properly validate TTF files. FreeType versions 2.3.4 and earlier
> are affected.
> Ref:
> ______________________________________________________________________
>
> 07.22.100 CVE: Not Available
> Platform: Network Device
> Title: Cisco IOS SSL Packets Multiple Denial of Service
> Vulnerabilities
> Description: Cisco IOS (Internetwork Operating System) is an operating
> system commonly used on Cisco routers and network switches. IOS is
> exposed to multiple denial of service issues because it fails to
> handle malformed SSL packets. Cisco IOS versions 12.4 and earlier are
> affected.
> Ref:
> ______________________________________________________________________
>
> (c) 2007. All rights reserved. The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only. In some
> cases, copyright for material in this newsletter may be held
> by a party
> other than Qualys (as indicated herein) and permission to use such
> material must be requested from the copyright owner.
>
