An exploit has been released to the public for a recent Domino Web Access vulnerability. If you haven’t updated Domino yet, it’d be a good time to do it. The original notification for this vulnerability was released in December. It can be found at http://www-1.ibm.com/support/docview.wss?uid=swg21279071
Author Archives: Adam Hostetler
Microsoft Windows Updates
Microsoft has released their updates for the February patch cycle. There are quite a few updates that should be tested and applied ASAP. One of these is MS08-010, IE security update, for which there is already an exploit circulating in the wild. There are also several other critical updates that need to be applied.
A reminder, as another popular holiday is coming up. Watch for “Valentines Cards” in your emails, especially if you don’t know who they’re from. Even if you do know who they’re from, use caution, and don’t run any untrusted executables or visit untrusted sites.
Linux Local Kernel Exploit
Two proof of concept kernel exploits have been released into the wild that exploit a newly discovered vulnerability. Kernel versions 2.6.17 to 2.6.24.1 are affected. The vulnerability is found within the vmsplice function call. This exploit effectively gives local root access on a wide range of Linux distributions.
Kernel version 2.6.24.2 fixes the issue. It’s recommended to disable all shell access until your kernel is updated, either by building from sources, or waiting for your Linux distribution to release an update.
Adobe Reader, Acrobat Vulnerabilities
Vulnerabilities have been reported within Adobe Reader and Acrobat. Some of the vulnerabilities could allow an attacker to compromise the user’s system. Other vulnerabilities have an unknown risk. Adobe is currently working on an update. It is recommended that all users of Adobe Reader to upgrade to version 8.1.2.
WS_FTP Buffer Overflow Vulnerability
A vulnerability has been identified in IpSwitch’s WS_FTP Server with SSH software. The vulnerability is a buffer overflow. It is possible to exploit this issue to cause a denial of server condition, and it may be possible to execute code. The vulnerability is confirmed in IpSwitch WS_FTP Server with SSH version 6.1. Other versions may also be affected.
Excel Exploit In The Wild
Microsoft reported today that a previously unknown vulnerability in Excel is being actively exploited. According to the release the issue affects older versions of Excel, including Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for OS X. The exploit requires the victim to open a malicious Excel file in order for the exploit to execute.
There is currently no fix for this issue, other than being very careful about which Excel files are opened. Microsoft said that they are working on a fix that may come out before the next patch cycle.
Microsoft’s advisory is at: http://www.microsoft.com/technet/security/advisory/947563.mspx
Quicktime PoC
Apple released an update to Quicktime yesterday, and attackers wasted no time coming up with a new exploit for it. Already in the public is a proof of concept exploit for Quicktime 7.3.1.70. It seems that Apple still hasn’t fixed the root cause of the RTSP vulnerability.
In other news, a survey over the past year on Oracle admins found that only 1 in 3 Oracle database admins bother to patch their databases. 68% of the admins admitted to never applying any patches at all. If that is true, it’s rather frightening.
Realplayer Exploit
RealNetworks has not yet patched the vulnerability for the issue we discussed a few days ago. With proof of concept code already released, its assumed that there are malicious versions of the exploit already out there, or at least being worked on. We highly recommend that real video files be blocked, or real player be uninstalled on machines for the time being. RealNetworks is still investigating the issue, and its unknown when a fix is expected.
More Storm Worm
Not a lot happening today in vulnerability news. However, a new round of the storm worm has been circulating. This time the emails are coming with “Happy New Years” themes. This one is seems to be pointing to the domain “uhavepostcard.com”. So be wary of any ecards in your inbox.
Novell Identity Manager, Groove Office
Groove Virtual Office is reported to have a vulnerable ActiveX control. The vulnerability is a buffer overflow which could potentially allow code execution if an exploit were successful. This vulnerability applies to Groove Virtual Office 3.x, and does not affect the newest version included in Office 2007. At this time there’s no patch, so it is recommended to disable the ActiveX control.
A vulnerability has also been reported in Novell Identity Manager. This vulnerability could be exploited by a remote attacker to cause a Denial of Service condition. It’s reported that version 3.5.1 is affected, but may also affect other versions. Novell has issued a patch for this issue.