December 2006 - Posts

• Sun Java JRE Multiple Vulnerabilities

  http://secunia.com/advisories/23445/  Description: Some vulnerabilities have been reported in Sun Java JRE (Java Runtime Environment), which can be exploited by malicious people to compromise a user's system. 1) Two errors exist in the Java Runtime Environment, which can be exploited by malicious, untrusted applets to read and write local files, or to execute local applications. 2) Two errors related to serialisation exist in the Java Runtime Environment, which can be exploited by a malicious, untrusted applet to elevate it's privileges. The following releases are affected: * JDK and JRE 5.0 Update 7 and prior * SDK and JRE 1.4.2_12 and prior * SDK and JRE 1.3.1_18 and prior (not affected by vulnerability #2) Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable: http://secunia.com/software_inspector/ Solution: Update to fixed versions: JDK and JRE 5.0: Update to JDK and JRE 5.0 Update 8 or later. http://java.sun.com/javase/downloads/index_jdk5.jsp SDK and JRE 1.4.x: Update to SDK and JRE 1.4.2_13 or later. http://java.sun.com/j2se/1.4.2/download.html SDK and JRE 1.3.x: Update to SDK and JRE 1.3.1_19 or later. http://java.sun.com/j2se/1.3/download.html Posted Dec 22 2006, 11:38 AM by aberges with no comments Filed under: Security, Patches, Vulnerability, Java

• Sun Java JRE Applet Security Bypass

  http://secunia.com/advisories/23398/  Description: Two vulnerabilities have been reported in Sun Java JRE (Java Runtime Environment), which can be exploited by malicious people to bypass certain security restrictions. The vulnerabilities are caused due to unspecified errors in the Java Runtime Environment and may allow a malicious, untrusted applet to access data in other applets. The vulnerabilities are reported in the following versions: * JDK and JRE 5.0 Update 6 and prior * SDK and JRE 1.4.2_12 and prior * SDK and JRE 1.3.1_18 and prior Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable: http://secunia.com/software_inspector/ Solution: Update to fixed versions. Posted Dec 22 2006, 11:35 AM by aberges with no comments Filed under: Security, Patches, Vulnerability, Java

• NOD32 Antivirus Engine Multiple File Parsing Vulnerabilities

  http://secunia.com/advisories/23459/  Description: Sergio Alvarez has reported some vulnerabilities in the NOD32 Antivirus engine, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) An integer-overflow error within the parsing of DOC files can be exploited to cause a heap-based buffer overflow via a specially crafted DOC file. Successful exploitation allows execution of arbitrary code. 2) An integer-overflow error within the parsing of CAB archives can be exploited to cause a heap-based buffer overflow via a specially crafted CAB archive. Successful exploitation allows execution of arbitrary code. 3) A division-by-zero error within the parsing of CHM files can be exploited to cause a DoS via a specially crafted CHM file. The vulnerabilities are reported in versions prior to 1.1743. Solution: Update to the latest version. Posted Dec 22 2006, 11:33 AM by aberges with no comments Filed under: Security, Patches, Vulnerability

• Adobe Download Manager AOM Buffer Overflow Vulnerability

  If users in your environment have the ability to install software on their machines, you'll probably find many instances of this installed on your network(s).  Adobe Download Manager is the default method used to retrieve the Adobe Reader application from the Internet for installation. http://secunia.com/advisories/23233/  Description: A vulnerability has been reported in Adobe Download Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when handling section names in the "dm.ini" file as created by Adobe Download Manager when processing AOM files. This can be exploited to cause a stack-based buffer overflow via a specially crafted AOM or "dm.ini" file. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website. The vulnerability is reported in version 2.1 and earlier.  Posted Dec 19 2006, 01:34 PM by aberges with no comments Filed under: Security, Patches, Adobe, Vulnerability

• AOL CDDBControl ActiveX Control "SetClientInfo()" Buffer Overflow

  And yet another one that seems to appear repeatedly on client laptops: AOL.  As stated in previous posts, be warned. http://secunia.com/advisories/23043/ Description: Secunia Research has discovered a vulnerability in AOL, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "CDDBControlAOL.CDDBAOLControl" ActiveX control (cddbcontrol.dll) when processing the first argument passed to the "SetClientInfo()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (more than 256 bytes). Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website with Internet Explorer. The vulnerability is related to: SA20861 The vulnerability is confirmed in America Online 7.0 revision 4114.563, AOL 8.0 revision 4129.230, and AOL 9.0 Security Edition revision 4156.910. Other versions may also be affected. Solution: Updates are automatically available for AOL 9.x users when logging into the AOL service. Users of AOL versions earlier than 9.0 are urged to upgrade to the latest version of the AOL software. Posted Dec 19 2006, 01:31 PM by aberges with no comments Filed under: Security, Patches, Vulnerability

• Yahoo! Messenger Unspecified ActiveX Control Buffer Overflow

  In my organization, end-users love to install Yahoo! Messenger.  Be warned; there's a new exploit on the loose: http://secunia.com/advisories/23401/ Description: A vulnerability has been reported in Yahoo! Messenger, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in an ActiveX control and can be exploited to cause a buffer overflow. No further information is currently available. The vulnerability is reported in versions obtained prior to Nov 2, 2006. Solution: Update to the latest version. http://messenger.yahoo.com/ Posted Dec 19 2006, 01:26 PM by aberges with no comments Filed under: Security, Patches, Vulnerability

• DeepBurner DBR File Parsing Buffer Overflow Vulnerability

  I know many people are using this application on USB drives as a portable app; now would be a good time to upgrade. http://secunia.com/advisories/23367/  Description: Expanders has discovered a vulnerability in DeepBurner, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when parsing DBR files with an overly long string (greater than 256 bytes) in the "path" parameter of the "file" tag. This can be exploited to cause a stack-based buffer overflow via a specially crafted DBR file. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in DeepBurner Pro version 1.8.0.225. Other versions may also be affected. Posted Dec 19 2006, 01:23 PM by aberges with no comments Filed under: Security, Patches, Vulnerability

• Antivirus Vendors - Multiple Vulnerabilities

  A summary of AV vulnerabilities disclosed by Secunia since December began: McAfee VirusScan Command Line Scanner Insecure DT_RPATH Critical: Moderately critical Impact: Privilege escalation System access Where: From remote Solution Status: Unpatched BitDefender AntiVirus Engine PE File Parsing Buffer Overflow Critical: Highly critical Impact: System access Where: From remote Solution Status: Vendor Patch CA Anti-Virus Drivers Denial of Service Vulnerabilities Critical: Not critical Impact: DoS Where: Local system Solution Status: Vendor Patch Sophos Anti-Virus SIT/CPIO File Processing Vulnerabilities Critical: Highly critical Impact: System access Where: From remote Solution Status: Vendor Patch Clam AntiVirus Multipart Nestings Denial of Service Critical: Moderately critical Impact: DoS Where: From remote Solution Status: Vendor Patch   Posted Dec 19 2006, 01:03 PM by aberges with no comments Filed under: McAfee, Security, Vulnerability, Antivirus

• Skype Worm Hits Internet

  If you aren't keeping track of Skype in your environment, here's one more reason to do so, as reported by the ISC: Skype worm Published: 2006-12-18, Last Updated: 2006-12-18 23:54:28 UTC by Toby Kohlenberg (Version: 2(click to highlight changes)) We are hearing some details of a new worm spreading via Skype IM, it appears to be using a custom (or at least unusual) packer and the network traffic appears encrypted as well. Please send us any info you might have on it. Additional information available from F-Secure and Symantec at the links provided here.   Posted Dec 19 2006, 12:57 PM by aberges with no comments Filed under: Security, Viruses/Worms

• Intel 2200BG W29N51.SYS Driver Beacon Frame Race Condition

  Description: Breno Silva Pinto has reported a vulnerability in Intel 2200BG drivers, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a race condition when W29N51.SYS handles multiple beacon frames. This can be exploited to overwrite certain kernel memory structures via sending multiple specially crafted beacon frames to the wireless card. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 9.0.3.9. Other versions may also be affected. http://secunia.com/advisories/23338/ Posted Dec 19 2006, 12:52 PM by aberges with no comments Filed under: Security, Patches, Vulnerability, Wireless