An injection vulnerability has been found in OSSIM. The “dest” parameter in the PHP based login page is not adequately sanitized. This can lead to Cross Site Scripting attacks or even SQL injection. The original advisory can be found at:http://www.milw0rm.com/exploits/5171
VMWare ESX is vulnerable to multiple issues, including the bypassing of security restrictions, system compromise, denial of service, and the disclosure of sensitive information. Currently, VMWare ESX 2.x and 3.x are vulnerable. VMWare has released a patch for this issue, available from www.vmware.com.
Novell iPrint Client is vulnerable to remote exploitation. The vulnerability lies in the active control ienipp.ocx and can be exploited remotely to cause a stack based buffer overflow. This has been confirmed in version 4.26 and 4.32. Novell recommends all users update to version 4.34.
Two new vulnerabilites have been reported in Symantec’s Veritas Storage Foundation product. Both are primarily Denial of Sevice issues, but one may lead to the execution of arbitrary code. This more serious issue is caused by input validation issues in the Administrator Service and can be exploited by sending a specially crafted packet to one of the products default ports, 3207/UDP. This vulnerability affects version 5.0 on both Windows and Unix/Linux systems. The lesser vulnerability is also caused by an input validation issue, this time in the Veritas Scheduler service. It can be exploited by sending a specially crafted packet to the default port 4888/TCP.
The original Symantec advisories are available at:
SYM08-005: http://www.symantec.com/avcenter/security/Content/2008.02.20a.html
and
SYM08-004:
http://www.symantec.com/avcenter/security/Content/2008.02.20.html
Leading a team of security technicians can be a tough job, but in most corporations the manager of the team must also be an evangelist. The task of leading a security team often requires that the leader have a vision of the goals of the team and is capable of “selling” that vision both to upper management and the user base of the entire organization. Since many teams are led by technicians who have ascended through the ranks, they often have limited understanding of management needs and marketing approaches.
If you are such a security manager, here are a few tips to help you get started. The first one is a quick list of required reading. Leading the team means being a management consultant and an evangelist. To help strengthen or develop these skills, check out a couple of these titles:
The Macintosh Way by Guy Kawasaki – this is the Bible of evangelism from one of the greatest evangelists of the silicon age
The Idea Virus by Seth Godin – this book’s insight is the basis for viral marketing and can be a powerful tool for selling ideas inside of an organization, all of Seth’s work is great and could be helpful
A book about corporate structure and management goals – these are easy to come by and can vary by industry and organization type but a quick Amazon.com search is likely to reveal several that fit the needs
It is essential and critical that security team managers and leaders come up to speed on the needs and goals of management. It should be an immediate goal to learn the style and language of your management team. Only when you can act as a liaison and converse with them on their own terms can you begin the process of “selling” them on the security plan and process. Only when you understand them and have earned their trust can you begin to align security operations with the various lines of business and move further towards adding perceived value to their bottom line.
Vulnerabilities have been reported in BEA WebLogic products. The vulnerabilities could allow attackers to inject script, disclose inform
The issue occurs during the processing of requests within the “HttpClusterServlet” and “HttpProxyServlet” servlets. If the system is configured with the “SecureProxy” setting, then it may be potentially be exploited to gain access to certain administrative resources that are only accessible to an administrator.
Products affected are WebLogic Express, Portal and Server versions 6.x through 10.x, and WebLogic Workshop 8.x through 10.x. BEA has updates for all affected products.
Multiple vulnerabilities in the Opera web browser have been reported. These vulnerabilities could allow for the execution of arbitrary script code, conduct cross site scripting, force a user to upload files, and bypass security restrictions. These vulnerabilities are reported in versions prior to 9.26. Version 9.26 is available at the time of this writing. Anyone using this software should upgrade as soon as possible.
If you’re running IBM Lotus Notes with “Enable Java access from JavaScript” enabled, then you are vulnerable to remote compromise. The vulnerability is reported in versions 6.5.6 and 7.0. Reportedly, the vulnerability has been fixed in version 7.0.2. Also, the vendor suggests disabling the above option.
Some vulnerabilities have been reported in IBM/DB2. While one of the vulnerabilities is unspecified, the other is a result of an unspecified error during a CONNECT/ATTACH process, that can cause a denial of service. Administrators of DB2 systems should apply Fixpak 4a.
Kerio MailServer 6.x (prior to 6.5) contains multiple vulnerabilities. These vulnerabilities could cause a buffer overflow, leading to system compromise, or a denial of service. Kerio has made a newer version available at http://www.kerio.com/kms_download.html
Mozilla Firefox, Thunderbird, and SeaMonkey contain multiple vulnerabilities. These vulnerabilities could allow attackers to execute code remotely, cause a DoS, access sensitive information, and in general control your browsing. The vulnerabilities are in version 2.0.0.11 and prior. Thunderbird 2.0.0.9 and SeaMonkey 1.1.7 are vulnerable to many of the same issues. Mozilla has made upgrade available.
An exploit has been released to the public for a recent Domino Web Access vulnerability. If you haven’t updated Domino yet, it’d be a good time to do it. The original notification for this vulnerability was released in December. It can be found at http://www-1.ibm.com/support/docview.wss?uid=swg21279071
Microsoft has released their updates for the February patch cycle. There are quite a few updates that should be tested and applied ASAP. One of these is MS08-010, IE security update, for which there is already an exploit circulating in the wild. There are also several other critical updates that need to be applied.
A reminder, as another popular holiday is coming up. Watch for “Valentines Cards” in your emails, especially if you don’t know who they’re from. Even if you do know who they’re from, use caution, and don’t run any untrusted executables or visit untrusted sites.