Author Archives: Adam Hostetler

TFTP Vulnerabilities

Posted on by
Reply

It appears that possibly a new tool to find vulnerabilities in tftp servers may be floating around. In the last several days 3 different TFTP programs have had 0Day exploits released. We’re not sure of the similarities in the exploits yet, but being across multiple products shows that there is some underlying issue. The currently affected TFTP servers are Quick TFTP, PacketTrap Networks TFTP Server, and TFTP Server for Windows. If you happen to use any of these, update as soon as possible. If you are using other TFTP server software, keep an eye out for updates.

Firefox and Thunderbird Vulns, Excel Exploit

Posted on by
Reply

Vulnerabilities have been reported in Mozilla Firefox and Thunderbird. These vulnerabilities could be exploited by malicious people to ypass browser/mail client security restrictions, disclose information, and conduct cross-site scripting and phishing attacks. Version 2.0.0.13 fixes these issues for both Firefox and Thunderbird, so update as soon as possible.

An Excel exploit has been released into the wild. The exploit takes advantage of a vulnerability described in MS08-014. Microsoft has already released an update for this, so if it hasn’t been installed already. Now would be a really great time to do so.

Google Redirection Vulnerability

Posted on by
Reply

I was reading my email this morning, and a particular spam had slipped through the filter. It was wanting me to look at some enticing Shakira video, and being the inquisitive person I am, I looked at the URL. I was surprised to find that the URL was google.com, and there was a redirection within the ad mechanism. As an example http://www.google.com/pagead/iclk?sa=l&ai=RZLTKo&num=30620&adurl=http://microsolved.com

This is something I had not noticed before, and so did a little research. It seems that this is how Google ads works, and within the last couple of weeks spammers and phishers have been abusing this pretty blatantly. Because this appears to be working “as designed”, I wouldn’t expect to see any changes to how this works in the near future.

Mac OS X Updates

Posted on by
Reply

Apple has released Security Update 2008-002 v1.0 for OS X 10.5.2. Also released is Safari version 3.1. In the security update multiple vulnerabilities are fixed, including several buffer overflow vulnerabilities. As with all security updates, MicroSolved highly recommends downloading, testing, and deploying these updates as soon as possible. For more information about the security update, see http://docs.info.apple.com/article.html?artnum=307562

CA BrightStor ARCserve 0day

Posted on by
Reply

A 0day exploit has been released into the wild today for ARCserve. A buffer overflow vulnerability appears to exist in the file ‘ListCtrl.ocx’. At this point in time, it is not known how widespread this exploit will become. However, it was released on a popular exploit website, so it’s only a matter of time before the exploit is changed or put into an exploit framework. In the meantime, make sure ARCserve services are locked down as tight as possible until CA is able to release a fix for this issue.

Cisco and Adobe Vulnerabilities

Posted on by
Reply

Cisco and Adobe have released details on new vulnerabilities.  Cisco’s vulnerability is within their User-Changeable Password software. This vulnerability can be exploited by attackers to create cross-site scripting attacks and potentially to compromise the vulnerable host. Adobe’s vulnerabilities are reported in Form Designer and Form Client.  These vulnerabilities, if exploited by an attacker, can be used to compromise a user’s system. To be exploited, a user would have to visit a malicious website. Both Cisco and Adobe have released updates for the affected products, so update as soon as possible.

March Windows Updates

Posted on by
Reply

Looks like Microsoft has released 4 critical Microsoft Office updates this month. All four updates are resolving issues that could lead to remote code execution. There are also several other non security related updates for Windows, WSUS, and Windows Update. Of course, as always, we recommend that you test the updates immediately and then deploy them to production.

New Advanced Botnets Discovered

Posted on by
Reply

Previously undetected botnets have been found to be running under the radar. The largest one has gained the name “MayDay”. MayDay has not infected a lot of systems yet, like Storm has, but has advanced capabilities to evade detection. Notably, it’s able to send HTTP traffic through an enterprises proxy. The bot also uses peer-to-peer technology, through two channels, to stay in contact. The bot appears to be using both TCP and ICMP for data transmission.Even though this bot isn’t a large threat yet, it shows that bot development isn’t going to stop any time soon. Bot writers are getting smarter and more clever, while detection and analysis techniques are lagging behind.

BEA WebLogic Vulnerability

Posted on by
Reply

Vulnerabilities have been reported in BEA WebLogic products. The vulnerabilities could allow attackers to inject script, disclose inform

The issue occurs during the processing of requests within the “HttpClusterServlet” and “HttpProxyServlet” servlets. If the system is configured with the “SecureProxy” setting, then it may be  potentially be exploited to gain access to certain administrative resources that are only accessible to an administrator.

Products affected are WebLogic Express, Portal and Server versions 6.x through 10.x, and WebLogic Workshop 8.x through 10.x. BEA has updates for all affected products.