Versions of ClamAV earlier than 0.92.1 contain vulnerabilities that can allow attackers to perform denial of service conditions or potentially compromise an affected system. We advise that you update any installations of this software.
Apple has released an update to OS X 10.5. The update addresses a broad spectrum of issues which could allow for a range of compromises ranging from Denial of Service to illicit remote access to the execution of arbitrary code. Some of the specifically identified vulnerabilities include problems with URL handling in Mail and the Safari browser, a buffer overflow in Samba and unspecified problems in NFS. For full details please see Apple’s original advisory at:http://docs.info.apple.com/article.html?artnum=307430
Two proof of concept kernel exploits have been released into the wild that exploit a newly discovered vulnerability. Kernel versions 2.6.17 to 2.6.24.1 are affected. The vulnerability is found within the vmsplice function call. This exploit effectively gives local root access on a wide range of Linux distributions.
Kernel version 2.6.24.2 fixes the issue. It’s recommended to disable all shell access until your kernel is updated, either by building from sources, or waiting for your Linux distribution to release an update.
Some vulnerabilities in Apache Tomcat have been discovered. These vulnerabilities could allow for the manipulation of an SSL session or the disclosure of session ID’s. Administrators running Tomcat should update to version 5.5.26 or 6.0.16.
Multiple vulnerabilities in Firefox, Thunderbird, and Seamonkey have been reported. These vulnerabilities could result in memory corruption, information exposure, directory traversal, and potentially other issues. A proof of concept exists for Firefox 2.0.0.12. Users should update their Mozilla software to the latest version, and keep an eye out for any additional updates to this issue.
Vulnerabilities have been reported within Adobe Reader and Acrobat. Some of the vulnerabilities could allow an attacker to compromise the user’s system. Other vulnerabilities have an unknown risk. Adobe is currently working on an update. It is recommended that all users of Adobe Reader to upgrade to version 8.1.2.
Backup Exec System Recovery Manager version 7.0 and 7.0.1 have been found to be vulnerable to a flaw that allows attackers to upload files without authentication. This can lead to the execution of arbitrary code. The attack vector is a specially crafted HTTP post. Symantec has released an advisory and update at: http://www.symantec.com/avcenter/security/Content/2008.02.04.html
WS_FTP Server version 6.1 has been found to have a vulnerability in the WS_FTP Server Manager. Successful exploitation gives access to the log viewing interface and may disclose sensitive information. Other versions may also be vulnerable.
An undisclosed flaw has been discovered in HP’s Storage Essentials SRM. Exploitation can allow some unauthorized remote access and may lead to the execution of arbitrary code. All versions prior to 6.0.0 are vulnerable. HP’s original advisory is here: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01316132
Two vulnerabilities in the Java Runtime Environment have been announced. These may allow an applet to gain elevated privileges and could allow for the execution of arbitrary code. The affected releases are:
JDK and JRE 6 Update 1 and earlier
JDK and JRE 5.0 Update 13 and earlier
We recommend that you update your systems. The original advisory is at:http://sunsolve.sun.com/search/document.do?assetkey=1-66-231261-1
A new release of the Adobe PDF reader is available. It is purported to fix several security vulnerabilities and improve the user experience. While the security issues have not been disclosed you can read about the update at Adobe’s site:http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1