Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 26



> *****************************
> Widely Deployed Software
> *****************************
> 
> (1) CRITICAL: Ingres Database Multiple Vulnerabilities
> Affected:
> Ingres Database versions 3.0.3, 2.6, 2.5, 2006
> Multiple Computer Associates products embed a vulnerable 
> version of the Ingres Database
> 
> Description: The Ingres Database, a popular enterprise 
> database engine,
> contains multiple vulnerabilities. A specially crafted 
> database request
> could trigger one of a number of stack- or heap-based buffer 
> overflows,
> and exploit these overflows to execute arbitrary code with the
> privileges of the vulnerable process. Additional flaws include
> denial-of-service and file overwrite vulnerabilities. Note that the
> vulnerable process may run with root or SYSTEM privileges. At 
> least one
> affected version of the product is open source, allowing technical
> details to be extracted via source code analysis. Additional technical
> details for some of these vulnerabilities is publicly available.
> 
> Status: Ingres confirmed, updates available.
> 
> References:
> Computer Associates Security Advisory
> http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln
> _letter.asp
> iDefense Security Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=546
> Next Generation Security Software Advisory
> http://www.ngssoftware.com/advisories/critical-risk-vulnerabil
ity-in-ingres-pointer-overwrite-2/
> SecurityFocus BID
> http://www.securityfocus.com/bid/24585
> 
> **************************************************************
> ***********
> 
> (3) MODERATE: F-Secure LHA and RAR Detection Bypass
> Affected:
> Products using the F-Secure Anti-Virus Engine
> 
> Description: Products using F-Secure security engines may flag certain
> LHA and RAR archive files as invalid and stop examining them for
> possible viruses and other malware. These files may be crafted in such
> a way that the file is still considered valid by end-user 
> applications.
> Any malware archived in such a file would bypass detection by F-Secure
> products.
> 
> Status: F-Secure confirmed, updates available.
> 
> Council Site Actions: The affected software and/or 
> configuration are not
> in production or widespread use, or are not officially 
> supported at any
> of the responding council sites. They reported that no action was
> necessary.
> 
> References:
> F-Secure Security Advisory
> http://www.f-secure.com/security/fsc-2007-5.shtml
> Wikipedia Article on the RAR Archive File Format
> http://en.wikipedia.org/wiki/RAR_%28file_format%29
> Wikipedia Article on the LHA Archive File Format
> http://en.wikipedia.org/wiki/LHA_%28file_format%29
> SecurityFocus BID
> http://www.securityfocus.com/bid/24525
> 
> 
> Part II - Comprehensive List of Newly Discovered Vulnerabilities from
> Qualys (www.qualys.com)
> Week 26, 2007
> 
> This list is compiled by Qualys ( www.qualys.com ) as part of that
> company's ongoing effort to ensure its vulnerability management web
> service tests for all known vulnerabilities that can be scanned. As of
> this week Qualys scans for 5465 unique vulnerabilities. For 
> this special
> SANS community listing, Qualys also includes vulnerabilities 
> that cannot
> be scanned remotely.
> 
> ______________________________________________________________________
> 
> 
> 07.26.2 CVE: CVE-2007-3334
> Platform: Third Party Windows Apps
> Title: Ingress Database Server Multiple Remote Vulnerabilities
> Description: Ingress Database Server is a database server included in
> CA eTrust Secure Content Manager. The application is exposed to
> multiple remote issues. Ingres Corporation Ingress Database version
> 3.0.3, 2.6, 2.5 and Computer Associates eTrust Secure Content Manager
> version 8.0 are affected.
> Ref: http://www.securityfocus.com/archive/1/471950
> ______________________________________________________________________
> 
> 07.26.5 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Avaya 4602SW SIP Phone Cnonce Parameter Authentication Spoofing
> Description: Avaya 4602SW SIP Phone and SIP call server are a
> voice-over-ip solution, used on the Microsoft Windows operating
> system. The application is exposed to an authentication spoofing issue
> that allows an attacker to hijack communications by way of a
> man-in-the-middle attack.
> Ref:
> http://www.sipera.com/index.php?action=resources,threat_adviso
ry&tid=299&
> ______________________________________________________________________
> 
> 07.26.16 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Kaspersky Internet Security 6 SSDT Hooks Multiple Local
> Vulnerabilities
> Description: Kaspersky Internet Security 6 is a personal security
> suite for Microsoft Windows operating systems. Among other features,
> it includes firewall and antivirus components. The application is
> exposed to multiple local issues. Kaspersky Internet Security version
> 6.0.2.614 and 6.0.2.621 are affected.
> Ref: http://www.securityfocus.com/archive/1/471453
> ______________________________________________________________________
> 
> 07.26.26 CVE: Not Available
> Platform: Cross Platform
> Title: Xvid Avi MBCoding.C Remote Code Execution
> Description: Xvid is an MPEG-4 video codec used to compress video
> data. The application is exposed to a remote code execution issue due
> to an array indexing error. Xvid version 1.1.2 is affected.
> Ref: http://www.securityfocus.com/bid/24561
> ______________________________________________________________________
> 
> 07.26.30 CVE: Not Available
> Platform: Cross Platform
> Title: F-Secure Multiple Anti-Virus Products LHA and RAR Archives Scan
> Bypass
> Description: Multiple F-Secure Anti-Virus products are exposed to an
> issue that may allow certain compressed archives to bypass the scan
> engine, due to a failure of the application to properly handle certain
> compressed archives file header fields.
> Ref: http://www.f-secure.com/security/fsc-2007-5.shtml
> ______________________________________________________________________
> 
> 07.26.31 CVE: Not Available
> Platform: Cross Platform
> Title: IBM WebSphere Application Server Unspecified Vulnerabilities
> Description: IBM WebSphere Application Server is exposed to multiple
> unspecified issues. 
> Very little information is known about theses issue though some of
> these issues may lead to denial of service conditions and allow
> attackers to bypass certain restrictions. IBM WebSphere Application
> Server versions prior to 6.1.0 Fix Pack 9 are affected.
> Ref: http://www.securityfocus.com/bid/24505
> ______________________________________________________________________
> 
> 07.26.32 CVE: Not Available
> Platform: Cross Platform
> Title: MailWasher Server LDAP Unauthorized Folder Access
> Description: MailWasher Server is an application used to filter spam.
> The application is exposed to an unauthorized folder access issue
> because it fails to perform user authentication in a proper manner.
> MailWasher Server versions prior to 2.2.1 are affected.
> Ref: http://www.securityfocus.com/bid/24507
> ______________________________________________________________________
> 
> 07.26.77 CVE: Not Available
> Platform: Network Device
> Title: D-Link DPH-540/DPH-541 Wi-Fi Phone Security Bypass
> Description: The D-Link DPH-540/DPH-541 Wi-Fi phone is a wireless
> Voice over IP (VoIP) home/business phone. The phone is exposed to a
> security bypass issue because it accepts SIP requests from random
> source IP addresses.
> Ref:
> http://www.sipera.com/index.php?action=resources,threat_adviso
ry&tid=219&
> ______________________________________________________________________
> 
> 07.26.78 CVE: Not Available
> Platform: Network Device
> Title: Polycom SoundPoint IP 601 SIP Phone CGI Request Remote Denial
> of Service
> Description: Polycom SoundPoint IP 601 SIP phones are multi-line
> SIP-capable phones. The phones are exposed to a denial of service
> issue due to a failure of the devices to properly bounds check
> user-supplied input prior to copying it to an insufficiently sized
> memory buffer. Phones with firmware versions in the 3.0 series are
> affected.
> Ref:
> http://www.sipera.com/index.php?action=resources,threat_adviso
ry&tid=273&
> ______________________________________________________________________
> 
> 07.26.79 CVE: Not Available
> Platform: Network Device
> Title: BlackBerry 7270 Phone SIP Stack Format String
> Description: BlackBerry 7270 is a wireless, hand-held communication
> device. The device is exposed to a remote format-string issue that
> affects the "From" field of "SIP INVITE" message headers. When a
> malicious message is processed, the phone will be unable to send or
> receive further calls until it has been reset. BlackBerry 7270 with
> BlackBerry Device Software versions 4.0.1.83 and earlier are affected.
> Ref: http://www.securityfocus.com/bid/24548
> ______________________________________________________________________
> 
> 07.26.80 CVE: Not Available
> Platform: Network Device
> Title: SJPhone SIP Phone Invite Transaction Denial of Service
> Description: The SJPhone SIP Phone is a Voice Over IP (VOIP) client
> application. The application is exposed to a denial of service issue
> because the application fails to handle specially crafted SIP
> messages.
> Ref:
> http://www.sipera.com/index.php?action=resources,threat_adviso
ry&tid=217&
> ______________________________________________________________________
> 
> 07.26.81 CVE: Not Available
> Platform: Network Device
> Title: BlackBerry 7270 SIP Header Denial of Service
> Description: BlackBerry 7270 is a wireless, hand-held communication
> device. The device gets exposed to a remote denial of service issue
> when the device handles a malformed "SIP INVITE" message. BlackBerry
> 7270 with BlackBerry Device Software Versions 4.0.1.83 and earlier are
> affected.
> Ref: http://www.securityfocus.com/bid/24545
> ______________________________________________________________________
> 
> 07.26.82 CVE: Not Available
> Platform: Network Device
> Title: D-Link DPH-540/DPH-541 Wi-Fi Phones SDP Header Denial of
> Service
> Description: D-Link DPH-540/DPH-541 Wi-Fi phone is a wireless Voice
> over IP (VoIP) home and business phones. This Wi-Fi phone is exposed
> to a remote denial of service issue when the phone handles a malformed
> SDP header in a "SIP INVITE" message.
> Ref:
> http://www.sipera.com/index.php?action=resources,threat_adviso
ry&tid=218&
> ______________________________________________________________________
> 
> 07.26.83 CVE: Not Available
> Platform: Network Device
> Title: Avaya One-X Desktop Edition SIP Header Denial of Service
> Description: Avaya One-X Desktop Edition is a soft-phone application
> that enables SIP-based (Session Initiation Protocol) endpoints on
> computers running the Microsoft Windows operating system. The phone
> gets exposed to a remote denial of service issue when the phone
> handles a malformed SIP header data. Avaya One-X Desktop Edition
> versions 2.1.0.70 and earlier are affected.
> Ref: http://support.avaya.com/elmodocs2/security/ASA-2007-241.htm
> ______________________________________________________________________
> 
> 07.26.84 CVE: Not Available
> Platform: Network Device
> Title: Polycom SoundPoint IP 601 SIP Phone INVITE Message Remote
> Denial of Service
> Description: Polycom SoundPoint IP 601 SIP phones are multi-line
> SIP-capable phones. The phones are exposed to a denial of service
> issue due to a failure of the devices to properly bounds check
> user-supplied input prior to copying it to an insufficiently sized
> memory buffer. Phones with firmware versions in the 3.0 series running
> with the SIP application version 1.6.3.0067 are affected.
> Ref:
> http://www.sipera.com/index.php?action=resources,threat_adviso
ry&tid=272&
> ______________________________________________________________________
> 
> 07.26.85 CVE: Not Available
> Platform: Network Device
> Title: Aastra 9112i SIP Phone SIP Message Denial of Service
> Description: Aastra 9112i SIP Phone is a Voice Over IP (VOIP) phone.
> The application is exposed to a denial of service issue because the
> application fails to handle specially crafted SIP messages. Firmware
> version 1.4.0.1049, Boot version: 1.1.0.10 are affected.
> Ref:
> http://www.sipera.com/index.php?action=resources,threat_adviso
ry&tid=277&
> ______________________________________________________________________
> 
> 07.26.86 CVE: Not Available
> Platform: Network Device
> Title: Avaya 4602SW SIP Phone Security Bypass
> Description: The Avaya 4602SW is a SIP-based IP phone used in
> conjunction with a SIP call server on the Microsoft Windows operating
> system. The Avaya 4602SW SIP Phone is exposed to a security bypass
> issue because it accepts SIP "INVITE" requests from random source IP
> addresses. The Avaya 4602 SW IP Phone (Model 4602D02A) is affected.
> Ref:
> http://www.sipera.com/index.php?action=resources,threat_adviso
ry&tid=300&
> ______________________________________________________________________
> 
> 07.26.87 CVE: Not Available
> Platform: Network Device
> Title: Snom-320 SIP Remote Unauthorized Access
> Description: The Snom-320 is a remotely manageable SIP VoIP business
> telephone. The application is exposed to a remote unauthorized access
> issue that may lead to information disclosure.
> Ref:
> http://www.sipera.com/index.php?action=resources,threat_adviso
ry&tid=275&
> ______________________________________________________________________
> 
> 07.26.88 CVE: Not Available
> Platform: Network Device
> Title: Snom-320 SIP Phone Remote Phone Dialing Unauthorized Access
> Description: The Snom-320 is a remotely manageable SIP VoIP business
> telephone. The Snom-320 SIP VoIP phone is exposed to a remote issue
> that may permit arbitrary dialing of the phone. The problem occurs
> with how the device handles GET requests to TCP port 1800.
> Ref:
> http://www.sipera.com/index.php?action=resources,threat_adviso
ry&tid=276&
> ______________________________________________________________________
> 
> (c) 2007.  All rights reserved.  The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only.  In some
> cases, copyright for material in this newsletter may be held 
> by a party
> other than Qualys (as indicated herein) and permission to use such
> material must be requested from the copyright owner.
> 



 




Copyright © Lexa Software, 1996-2009.