[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 16

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

*****************************************************

(2) CRITICAL: ClamAV Multiple Vulnerabilities
Affected:
ClamAV versions prior to 0.93

Description: ClamAV is a popular open source antivirus solution for
multiple platforms. Flaws in its handling of a variety of file formats
can lead to buffer overflows and memory corruption vulnerabilities. A
specially crafted file analyzed by the software could trigger one of
these vulnerabilities, allowing an attacker to execute arbitrary code
with the privileges of the vulnerable process. Note that, on systems
using ClamAV as an email analysis engine, it is sufficient for an email
message to transit the server to exploit one of these vulnerabilities;
no user interaction is necessary. Full technical details for these
vulnerabilities is available via source code analysis. Several
proofs-of-concept are publicly available.

Status: ClamAV confirmed, updates available.

References:
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=687
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686
ClamAV Bug Reports
https://www.clamav.net/bugzilla/show_bug.cgi?id=877
https://www.clamav.net/bugzilla/show_bug.cgi?id=897
https://www.clamav.net/bugzilla/show_bug.cgi?id=876
https://www.clamav.net/bugzilla/show_bug.cgi?id=878
Secunia Security Advisory
http://secunia.com/secunia_research/2008-11/advisory/
ClamAV Home Page
http://www.clamav.net
SecurityFocus BID
Not yet available.



(5) HIGH: ICQ Message Handling Buffer Overflow
Affected:
ICQ versions 6.0 and prior

Description: ICQ is a popular instant messaging application. It contains
a flaw in its handling of remote "user status messages". These messages
are used to indicate the status of another user, such as "available" or
"away". These messages will be rendered by a remote client when querying
the user's status. There is a flaw in the handling of these messages. A
specially crafted message could trigger a buffer overflow when rendered
by a victim's client, allowing an attacker to execute arbitrary code
with the privileges of the current user. A user would have to be
monitoring the status of an attacker to be vulnerable to this issue.
Full technical details and a proof-of-concept are publicly available for
this vulnerability.

Status:  Vendor confirmed, updates available.

References:
INFIGO Security Advisory
http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-04-08
ICQ Home Page
http://www.icq.com/
SecurityFocus BID
Not yet available.

*****************************************************


(8) LOW: Mozilla Web Browsers Garbage Collection Possible Remote Code Execution
Affected:
Mozilla Firefox versions prior to 2.0.0.14
Mozilla Thunderbird versions prior to 2.0.0.14
Mozilla SeaMonkey versions prior to 1.1.10

Description: Web browsers that are based on the Mozilla codebase,
including the popular Firefox web browser, contain a flaw in their
handling of certain JavaScript constructs. The JavaScript engine in
these browsers has a flaw in its implementation of garbage collection
(a method of automatic memory management). A specially crafted
JavaScript script embedded in a web page could exploit this
vulnerability and lead to a crash. It is not currently believed that
this crash could be leveraged to execute arbitrary code, but similar
bugs in the past have lead to remote code execution. Full technical
details are available for this vulnerability via source code analysis.

Status: Mozilla confirmed, updates available.

References:
Mozilla Security Advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-20.html
Wikipedia Article on Garbage Collection
http://en.wikipedia.org/wiki/Garbage_collection_%28computer_science%29
Wikipedia Article on JavaScript
http://en.wikipedia.org/wiki/JavaScript
Mozilla Home Page
http://www.mozilla.org
SecurityFocus BID
http://www.securityfocus.com/bid/28818

**********************************************************