Author Archives: Nathan Grandbois

Leopard Clawing WoW?

Posted on by
Reply

MacOS X Leopard has issues with the firewall. For starters, the firewall is deactivated upon installation. Next, the firewall has changed so that it now operates that the application level and performs signature checks. If Apple does not have a digital signature for an application, it will sign the application itself. If at any time, the binary changes, it will be denied internet access. This is causing problems with applications that change their binaries, such as Skype and World of Warcraft. Users having issues with these applications have reported a reinstall fixing the issue. There’s much discussion about this on the WoW forums.

In other news, a new blind SQL injection tool has been released, http://sqlmap.sourceforge.net/. I haven’t personally used this tool but it looks promising. Also, the “cyber jihad” rumored to start on 11/11 is nothing more than a rumor. I remember the last time they tried this and it fizzled out to nothing, just like it likely will this time. At best they may be able to pull off some DoS attacks, but no extra precautions are required if you are regularly vigilant.

Vulnerability Updates, Firefox 2.0.0.9, and a Mac Trojan

Posted on by
Reply

Similar to previously reported vulnerabilities, Symantec’s Mail Security Appliance is vulnerable to denial of service and a buffer overflow. This is due to insecurity in a third party tool. The exploit can be triggered when the appliance checks a specially crafted file. Administrators are recommended to update to version 5.0.0-36 or later.

Two ActiveX controls installed on client systems using SonicWALL SSL VPN contain vulnerabilities. The first, NeLaunchCtrl, contains boundary errors in a number of functions that could result in a buffer overflow by visiting a malicious site. The WebCacheCleaner control contains an insecure “FileDelete()” method that can be exploited to delete arbitrary files on a system. Firewall admins should update to firmware version 2.5 for SonicWALL SSL VPN 2000/4000, and version 2.1 for SonicWALL SSL-VPN 200.

Hewlett-Packard OpenView Radia Integration Server contains a vulnerability that could allow remote attackers to access arbitrary files on the system. The issues is within the HTTP server running on TCP port 3456 and can be exploited without authentication. Attackers could use this to access configuration or log files which could aid in furthering an attack.

In other news, Firefox update 2.0.0.9 has been released. This is not a security fix, but a stability release. Users should be running at least version 2.0.0.8.

A mac based Trojan, a malicious video codec, is in the wild. Spam emails directing people to pornographic websites are hoping to lure users in to downloading a required codec to watch videos. Once downloaded, no codec is actually installed but a Trojan virus instead.

InstallShield Issues and BorderManager Vulns

Posted on by
Reply

Macrovision InstallShield Update Service contains an insecure method vulnerability. InstallShield contains an ActiveX control that is marked safe for scripting. An attacker could leverage the update service to download and install malicious software. Due to the fact that it is marked safe for scripting, this could be exploited by a malicious web site or a downloaded application. The following ActiveX control should be disabled so that Internet Explorer will not load the control.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E9880553-B8A7-4960-A668-95C68BED571E}]

“Compatibility Flags”=dword:00000400

The updated versions of FlexNet and InstallShield products will not be marked safe for scripting.

Additionally, Novell Border Manager Client is vulnerable to a remote heap-based buffer overflow. The vulnerability exists within the Client Trust Application and can be exploited by sending a specially crafted packet to the application. Successful exploitation could result in the exploitation of arbitrary code. The vulnerability is reported in Novell BorderManager 3.8.