Author Archives: Nathan Grandbois

Checkpoint VPN XSS, Multiple Java Vulns

Posted on by
Reply

Checkpoint VPN-1 UTM Edge is vulnerable to cross site scripting. This particular XSS vulnerability allows for reflective cross site scripting pre authentication. This could allow attackers to embed the login form in an html form for deceptive and malicious purposes. The latest firmware version, 7.5.48, reportedly does not contain this vulnerability.

There are multiple vulnerabilities in Java. This includes Java Web Start, the JRE and SDK. These vulnerabilities could lead to a Denial of Service or system compromise. All of the more recent versions of Java are vulnerable, so if you haven’t updated your Java install in a few weeks, now would be the time to do so.

Lighttpd, a popular light open source web server, is vulnerable to CGI source exposure and potential denial of service. Version 1.4.18-r2 is affected and a newer version is available.

WMWare ESX Multiple Vulns, Novell iPrint Remote Code

Posted on by
Reply

VMWare ESX is vulnerable to multiple issues, including the bypassing of security restrictions, system compromise, denial of service, and the disclosure of sensitive information. Currently, VMWare ESX 2.x and 3.x are vulnerable. VMWare has released a patch for this issue, available from www.vmware.com.
Novell iPrint Client is vulnerable to remote exploitation. The vulnerability lies in the active control ienipp.ocx and can be exploited remotely to cause a stack based buffer overflow. This has been confirmed in version 4.26 and 4.32. Novell recommends all users update to version 4.34.

Opera Multiple Vulns, Lotus Notes Java Compromise

Posted on by
Reply

Multiple vulnerabilities in the Opera web browser have been reported. These vulnerabilities could allow for the execution of arbitrary script code, conduct cross site scripting, force a user to upload files, and bypass security restrictions. These vulnerabilities are reported in versions prior to 9.26. Version 9.26 is available at the time of this writing. Anyone using this software should upgrade as soon as possible.
If you’re running IBM Lotus Notes with “Enable Java access from JavaScript” enabled, then you are vulnerable to remote compromise. The vulnerability is reported in versions 6.5.6 and 7.0. Reportedly, the vulnerability has been fixed in version 7.0.2. Also, the vendor suggests disabling the above option.

IBM DB2 and Kerio MailServer DoS

Posted on by
Reply

Some vulnerabilities have been reported in IBM/DB2. While one of the vulnerabilities is unspecified, the other is a result of an unspecified error during a CONNECT/ATTACH process, that can cause a denial of service. Administrators of DB2 systems should apply Fixpak 4a.
Kerio MailServer 6.x (prior to 6.5) contains multiple vulnerabilities. These vulnerabilities could cause a buffer overflow, leading to system compromise, or a denial of service. Kerio has made a newer version available at http://www.kerio.com/kms_download.html

Mozilla Vulnerabilities

Posted on by
Reply

Mozilla Firefox, Thunderbird, and SeaMonkey contain multiple vulnerabilities. These vulnerabilities could allow attackers to execute code remotely, cause a DoS, access sensitive information, and in general control your browsing. The vulnerabilities are in version 2.0.0.11 and prior. Thunderbird 2.0.0.9 and SeaMonkey 1.1.7 are vulnerable to many of the same issues. Mozilla has made upgrade available.

Apache Tomcat; Firefox, Thunderbird Info Leak

Posted on by
Reply

Some vulnerabilities in Apache Tomcat have been discovered. These vulnerabilities could allow for the manipulation of an SSL session or the disclosure of session ID’s. Administrators running Tomcat should update to version 5.5.26 or 6.0.16.
Multiple vulnerabilities in Firefox, Thunderbird, and Seamonkey have been reported. These vulnerabilities could result in memory corruption, information exposure, directory traversal, and potentially other issues. A proof of concept exists for Firefox 2.0.0.12. Users should update their Mozilla software to the latest version, and keep an eye out for any additional updates to this issue.

Oracle Prerelease Info, Tivoli Bof

Posted on by
Reply

There’s a vulnerability in Oracle Siebel SimBuilder that could allow for remote system compromise. This vulnerability is related to a vulnerability in NCTAudioFile2.dll. The vulnerability affects version version 7.8.5 build 2635. Other version have not been tested so they may be vulnerable as well. Users should disable the affected ActiveX control. If you are affected by this and would like more information please feel free to contact us.
Tivoli Storage Manager Express is vulnerable to a heap based buffer overflow. This can be exploited by a malicious user on the network to cause code execution under the SYSTEM user. Versions of the software prior to 5.3.7.3 are affected. Administrators of this software should apply the updates available at ftp://service.boulder.ibm.com/storage/tivoli-storage-management/patches/express/NT/5.3.7.3/
Also, Oracle will be releasing critical patch updates Tuesday, January 15th. Several critical vulnerabilities in database software and application servers are expected to be announced. We will provide more details as they are made available.

Quicktime PoC, IBM Lotus DoS

Posted on by
Reply

There’s a vulnerability in IBM Lotus Domino, which could result in a Denial of Service. There aren’t any details regarding the specifics of the vulnerability at this time. The vulnerability is reported in versions below 7.0.2 Fix Pack 3. Administrators should look in to updating to 7.0.2 Fix Pack 3. More information can be obtained from the original advisory http://www-1.ibm.com/support/docview.wss?uid=swg27011539
McAfee E-Business Server is also vulnerable to a local Denial of Service. An error in the handling of authentication packets can be exploited to DoS the service or potentially execute arbitrary code. Version 8.5.2 and earlier are vulnerable. Version 8.5.3 is available.
An exploit has been released for the Quicktime RTSP vulnerability previously discusses. There is currently no fix available at this time. Users should be aware and alert to what they are watching/listening to and from who.

SQL Worm, MBR Rootkit

Posted on by
Reply

There is a SQL “worm” spreading through the internet taking advantage of sites vulnerable to SQL injection attacks. The attack injects javascript in to all fields in the database that attempts to exploit browser flaws on clients that visit the infected website.  Web developers should be aware of the increasing attacks using input validation errors as their attack vector.

We have received word of a working MBR rootkit that works on modern systems. Not a new concept, but one that hasn’t had attention for several years. Windows Vista allows users to edit the MBR from userland.  A MBR rootkit has been discovered in the wild at the end of 2007. Keep an eye on this for more information coming in the future.

Novell Privilege Escalation, AIX Unspecified Vuln, Firefox Dialog Box

Posted on by
Reply

Novell ZENworks Endpoint Security Management (ESM) Security Client contains a vulnerability that could allow a local user to call cmd.exe thus giving them command line access and escalate privileges. The vulnerability is reported in version 3.5.  Administrators should upgrade to version 3.5.0.82.

An unspecified vulnerability has been reported in IBM AIX. Hardly any detail is available except that it occurs when the wrong path name is passed to the “trustchk_block_write()” function and prevents trusted files from being modified. This issue is reported in AIX 6.1 and administrators are urged to apply APAR IZ12119.

When Firefox creates an authentication dialog box it displays the actual source of the website at the end of the dialog text, where other browsers may create it at the beginning. This could lead to luring unsuspecting users to phishing websites and stealing authentication credentials. Mozilla has assigned this a security rating of low. Users should be vigilant about where they put their authentication credentials and make sure it’s to the proper website.