Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 




      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 44

> *****************************
> Widely Deployed Software
> *****************************
> (1) CRITICAL: IBM Lotus Notes and Domino Multiple Vulnerabilities
> Affected:
> Lotus Notes versions 7.0.2 and prior
> Description: IBM Lotus Notes, IBM's enterprise groupware solution,
> contains multiple vulnerabilities. Several of its built-in
> file viewers,
> used to view other files within the application, contain buffer
> overflows or other vulnerabilities. A specially crafted attachment to
> an email or other document could trigger one of these vulnerabilities
> when a user views the attachment, allowing an attacker to execute
> arbitrary code with the privileges of the current user.
> Additionally, a
> buffer overflow in the handling of HTML email messages could allow an
> attacker to execute arbitrary code with the privileges of the current
> user when the message is acted upon (e.g. replied to or copied to the
> clipboard). Other vulnerabilities could allow attachments to be
> automatically executed, or allow for information disclosure. Multiple
> proofs-of-concept and technical details are available for these
> vulnerabilities.
> Status: IBM confirmed, updates available.
> References:
> IBM Security Advisories
> http://www-1.ibm.com/support/docview.wss?uid=swg21272836
> http://www-1.ibm.com/support/docview.wss?uid=swg21271111
> http://www-1.ibm.com/support/docview.wss?uid=swg21272930
> http://www-1.ibm.com/support/docview.wss?uid=swg21270884
> http://www-1.ibm.com/support/docview.wss?uid=swg21257030
> http://www-1.ibm.com/support/docview.wss?uid=swg21271957
> Vuln.sg Advisories (includes proofs-of-concept)
> http://vuln.sg/lotusnotes702wpd-en.html
> http://vuln.sg/lotusnotes702doc-en.html
> http://vuln.sg/lotusnotes702sam-en.html
> http://vuln.sg/lotusnotes702mif-en.html
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/26200
> http://www.securityfocus.com/bid/26175
> *********************************
> (2) HIGH: Symantec Mail Security Multiple Vulnerabilities
> Affected:
> Symantec Mail Security for Domino
> Symantec Mail Security for SMTP
> Description: Symantec Mail Security is Symantec's enterprise mail
> analysis engine for viruses, malware, and spam. Symantec Mail Security
> contains multiple vulnerabilities in its handling of various document
> formats. Specially crafted documents could exploit these
> vulnerabilities
> to execute arbitrary code with the privileges of the
> vulnerable process
> or create a denial-of-service condition. These flaws may be related to
> the IBM Lotus Notes flaws discussed above. Note that no user
> interaction
> is necessary to exploit these vulnerabilities; a message
> transiting the
> server may exploit them.
> Status: Symantec confirmed, updates available.
> References:
> Product Home Pages
> http://www.symantec.com/business/products/overview.jsp?pcid=22
> 50&pvid=848_1
> http://www.symantec.com/business/products/overview.jsp?pcid=22
> 50&pvid=848_1
> Secunia Advisories
> http://secunia.com/advisories/27367/
> http://secunia.com/advisories/27388/
> SecurityFocus BID
> http://www.securityfocus.com/bid/26175
> *********************************
> (3) HIGH: Real Networks RealPlayer Multiple Vulnerabilities
> Affected:
> Real Networks RealPlayer versions 10 and prior
> Helix Player versions 10 and prior
> Description: Real Networks RealPlayer is a popular,
> multi-platform media
> player. Helix Player is an open source media player based on code
> released by Real Networks. These applications contain flaws in their
> handling of various file formats. A specially crafted file
> opened by one
> of these applications could trigger a buffer overflow and allow an
> attacker to execute arbitrary code with the privileges of the current
> user. Depending upon configuration, the vulnerable file types may be
> opened automatically by one of the vulnerable applications. Technical
> details for these vulnerabilities are available via source
> code analysis
> and in various advisories. These vulnerabilities may be related to a
> vulnerability discussed in a previous edition of @RISK.
> Status: Real Networks confirmed, updates available.
> References:
> Real Networks Advisories
> http://service.real.com/realplayer/security/10252007_player/en/
> Advisories by Piotr Bania
> http://www.piotrbania.com/all/adv/realplayer-memory-corruption-adv.txt
> http://www.piotrbania.com/all/adv/realplayer-heap-corruption-adv.txt
> Previous @RISK Entry
> https://www2.sans.org/newsletters/risk/display.php?v=6&i=43#widely1
> Real Networks Home Page
> http://www.real.com
> Helix Home Page
> https://helixcommunity.org/
> SecurityFocus BID
> http://www.securityfocus.com/bid/26214
> *********************************
> (4) HIGH: Sun Java Runtime Environment Multiple Applet Vulnerabilities
> Affected:
> Sun Java Runtime Environment versions prior to 6 Update 3
> Description: The Sun Java Runtime Environment contains multiple
> vulnerabilities in its sandboxing of Java applets and applications. A
> specially crafted applet or application could break the built in
> protection afforded by the runtime environment and read or write
> arbitrary files, or execute arbitrary commands, with the privileges of
> the current user. No technical details for these vulnerabilities are
> currently publicly available. Sun's Java Runtime Environment is
> installed by default on all Apple Mac OS X systems, many Microsoft
> Windows systems, and a number of Linux, Unix, and Unix-like systems.
> Status: Sun confirmed, updates available.
> References:
> Sun Security Advisories
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/25918
> http://www.securityfocus.com/bid/26185

> 07.44.3 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: BitDefender Unspecified Arbitrary Code Execution
> Description: BitDefender is a computer security application for the
> Microsoft Windows operating platform. The application is exposed to an
> unspecified arbitrary code execution issue.
> Ref: http://research.eeye.com/html/advisories/upcoming/20071024.html
> ______________________________________________________________________
> 07.44.10 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox ParseFTPList Remote Denial of Service
> Description: Mozilla Firefox is a web browser available for multiple
> operating platforms. The application is exposed to a remote
> denial of service issue when parsing file listings on malicious FTP
> servers. User-supplied input can cause the "ParseFTPList.ccp" source
> file to use a "pos" parameter value that exceeds the number of indices
> in the "tokens" array, causing an invalid pointer reference. Firefox
> version is affected.
> Ref: http://www.eleytt.com/advisories/eleytt_FFPARSEFTPLIST.pdf
> ______________________________________________________________________
> 07.44.14 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox Malformed XBL Constructor Remote Denial of
> Service
> Description: Mozilla Firefox is a web browser available for multiple
> operating platforms. The application is exposed to a remote denial of
> service issue that occurs when handling HTML files with a
> malformed XML
> file. Specifically, when the XML binding language (XBL) is used, the
> application fails to handle malformed data contained in the
> constructor. Firefox is affected.
> Ref: http://www.securityfocus.com/bid/26172
> ______________________________________________________________________
> 07.44.21 CVE: Not Available
> Platform: Cross Platform
> Title: wpa_supplicant ASN1_Get_Next Buffer Overflow
> Description: wpa_supplicant is a freely-available package designed to
> allow WPA and WPA2 wireless communications on many different operating
> systems. The application is exposed to a buffer overflow issue because
> it fails to perform adequate boundary checks on user-supplied data.
> wpa_supplicant version 0.5.8 is affected.
> Ref: http://hostap.epitest.fi/wpa_supplicant/
> ______________________________________________________________________
> 07.44.75 CVE: Not Available
> Platform: Network Device
> Title: Cisco Multiple Products Extensible Authentication Protocol
> Denial of Service
> Description: Extensible Authentication Protocol (EAP) an
> authentication framework for various Cisco devices. The application is
> exposed to a denial of service issue that exists in the Extensible
> Authentication Protocol (EAP). Specifically, the devices fail to
> handle specially crafted EAP Response Identity packets. The following
> devices are affected: Cisco Access Points and 1310 Wireless Bridges
> running Cisco IOS in autonomous mode, and all Cisco switches running
> vulnerable versions of Cisco IOS and Cisco CatOS.
> Ref: http://www.cisco.com/warp/public/707/cisco-sr-20071019-eap.shtml
> ______________________________________________________________________
> (c) 2007.  All rights reserved.  The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only.  In some
> cases, copyright for material in this newsletter may be held
> by a party
> other than Qualys (as indicated herein) and permission to use such
> material must be requested from the copyright owner.


Copyright © Lexa Software, 1996-2009.