Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 




      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 2

> *****************************
> Widely Deployed Software
> *****************************
> (1) CRITICAL: yaSSL Multiple Vulnerabilities
> Affected:
> yaSSL versions 1.7.5 and prior
> Description: YaSSL is an open source implementation of the Secure
> Sockets Layer (SSL) and Transport Layer Security (TLS) standards, used
> for adding authentication and encryption to network traffic.
> It contains
> multiple vulnerabilities in its handling of SSL streams. A specially
> crafted request from a client could exploit one of these
> vulnerabilities, and allow an attacker to execute arbitrary code with
> the privileges of the vulnerable process using the library. Full
> technical details and proofs-of-concept are publicly
> available for these
> vulnerabilities. Note that the popular MySQL database server
> uses yaSSL;
> if SSL support is enabled on MySQL, it has been confirmed that it is
> vulnerable to a pre-authentication code execution attack. A
> proof-of-concept for the MySQL vulnerability is also publicly
> available.
> Status: YaSSL has not confirmed, no updates available.
> References:
> Advisory by Luigi Auriemma (includes YaSSL proofs-of-concept)
> http://aluigi.altervista.org/adv/yasslick-adv.txt
> Posting by Luigi Auriemma (includes MySQL proof-of-concept)
> http://www.securityfocus.com/archive/1/485811
> Wikipedia Article on Transport Layer Security
> http://en.wikipedia.org/wiki/Transport_Layer_Security
> Vendor Home Page
> http://yassl.com/
> SecurityFocus BID
> http://www.securityfocus.com/bid/27140
> ********************************************
> (2) CRITICAL: Real Networks RealPlayer and Helix Server
> Undisclosed Remote Code Execution
> Affected:
> Versions 11 and prior
> Description: Real Networks RealPlayer, a popular streaming
> media player,
> and Helix Server, a popular streaming media server, contain an
> undisclosed remote code execution vulnerability. A specially crafted
> RealPlayer datastream or Real Time Streaming Protocol (RTSP) request
> could trigger one of these vulnerabilities and allow an attacker to
> execute arbitrary code with the privileges of the vulnerable process.
> RealPlayer content is generally displayed by default, without first
> prompting the user, and Helix Server generally accepts arbitrary
> requests. No further technical details are publicly available for this
> vulnerability, but a proof-of-concept is available for members of the
> Immunity Security Partners' Program. It is believed that RealPlayer on
> all supported platforms is vulnerable.
> Status: Real Networks has not confirmed, no updates available.
> References:
> Videos Demonstrating Purported Proofs-of-Concept
> http://gleg.net/realplayer11.html
> http://gleg.net/realserver.html
> Posting by Evgeny Legerov
> http://lists.immunitysec.com/pipermail/dailydave/2008-January/
> Proof-of-Concept (live link, will exploit vulnerable browsers)
> http://c.uc8010.com/111.htm
> Real Networks Home Page
> http://www.real.com/
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/27091
> http://www.securityfocus.com/bid/27122
> ********************************************
> (3) HIGH: Multiple Products SWF File Cross Site Scripting
> Vulnerabilities
> Affected:
> Adobe Flash Player versions released prior to December, 2007
> InfoSoft Fusion Charts
> Techsmith Camtasia
> Description: SWF is the native file format for Adobe/Macromedia Flash
> content. Several tools that automatically generate SWF files for web
> content do so in an insecure manner, allowing arbitrary injection of
> JavaScript code. Servers that host these files are vulnerable
> to a cross
> site scripting (XSS) attack. Full technical details and multiple
> proofs-of-concept for these vulnerabilities are publicly
> available. The
> advisory indicates that numerous tools are vulnerable; however, only
> those tools that have have been fixed are listed in the advisory.
> Several of these vulnerabilities may have been addressed in earlier
> editions of @RISK detailing updates to individual products.
> Status: Vendors confirmed, updates available.
> References:
> Description by Rich Cannings (includes proof-of-concept)
> http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw
> Posting by Rich Cannings
> http://www.securityfocus.com/archive/1/485722
> Wikipedia Article on Cross Site Scripting
> http://en.wikipedia.org/wiki/Cross-site_scripting
> SecurityFocus BID
> http://www.securityfocus.com/bid/27109
> ********************************************
> (5) MODERATE: Mozilla Firefox Basic Authentication Spoofing
> Vulnerability
> Affected:
> Mozilla Firefox versions and prior
> Description: "Basic Authentication" is an authentication mechanism
> defined by the Hypertext Transfer Protocol (HTTP) specification and
> supported by practically all web browsers. It allows web sites to
> authenticate users via a username and a password. Most web browsers,
> including Mozilla Firefox, display the prompt for the username and
> password in a separate window. In Mozilla Firefox, this window also
> displays the authentication "realm", which indicates the entity
> requesting authentication information. Mozilla Firefox fails
> to properly
> sanitize the server-provided realm information. A specially
> crafted web
> page could exploit this vulnerability to arbitrarily rewrite the realm
> as displayed to the user. This would allow an attacker to spoof the
> source of an authentication request, possibly tricking the user into
> disclosing personal authentication information. Full technical details
> and a proof-of-concept are publicly available for this vulnerability.
> Status: Mozilla has not confirmed, no updates available.
> References:
> Posting by Aviv Raff (includes proof-of-concept)
> http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFire
> foxBasicAuthentication.aspx
> Video Demonstration of the Attack
> http://www.youtube.com/watch?v=NaCPw1s3GFw
> Wikipedia Article on Basic Authentication
> http://en.wikipedia.org/wiki/Basic_access_authentication
> Mozilla Home Page
> http://www.mozilla.org
> SecurityFocus BID
> http://www.securityfocus.com/bid/27111
> (c) 2008.  All rights reserved.  The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only.  In some
> cases, copyright for material in this newsletter may be held by a
> party other than Qualys (as indicated herein) and permission to use
> such material must be requested from the copyright owner.


Copyright © Lexa Software, 1996-2009.