An unspecified vulnerability in the Java plug-in can allow an untrusted applet to gain escalated privileges. The vulnerability is known to exist in version 5.0.2. For full details see IBM’s advisory at:http://www-1.ibm.com/support/docview.wss?uid=swg1PK65161
Author Archives: wstoner
Cisco Network Admission Control Appliance Vulnerability
The Cisco Network Admission Control Appliance (NAC) contains a vulnerability that allows the shared secret used by the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM) to be captured. This can then be leveraged to gain control over the CAS.
The following versions of NAC are known to be vulnerable:
All 3.5.x versions
All 3.6.x versions prior to 3.6.4.4
All 4.0.x versions prior to 4.0.6
All 4.1.x versions prior to 4.1.2
For full details see Cisco’s original advisory at: http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml
Safari Browser Vulns
Versions of Safari that are earlier than 3.1.1 for both MacOS and Windows contain Cross Site Scripting vulnerabilties. See Apple’s original advisory at: http://support.apple.com/kb/HT1467
CA Products ActiveX Control Vulnerabilities
The ActiveX control gui_cm_ctrls.ocx in a number of CA products contains vulnerabilities caused by improper input validation. Successful exploits can lead to arbitrary code execution and could lead to full compromise of an affected system.
BrightStor ARCServe Backup for Laptops and Desktops r11.5 (Server only, client is not affected).
CA Desktop Management Suite r11.2 C2
CA Desktop Management Suite r11.2 C1
CA Desktop Management Suite r11.2a
CA Desktop Management Suite r11.2
CA Desktop Management Suite r11.1 (GA, a, C1)
Unicenter Desktop Management Bundle r11.2 C2
Unicenter Desktop Management Bundle r11.2 C1
Unicenter Desktop Management Bundle r11.2a
Unicenter Desktop Management Bundle r11.2
Unicenter Desktop Management Bundle r11.1 (GA, a, C1)
Unicenter Asset Management r11.2 C2
Unicenter Asset Management r11.2 C1
Unicenter Asset Management r11.2a
Unicenter Asset Management r11.2
Unicenter Asset Management r11.1 (GA, a, C1)
Unicenter Software Delivery r11.2 C2
Unicenter Software Delivery r11.2 C1
Unicenter Software Delivery r11.2a
Unicenter Software Delivery r11.2
Unicenter Software Delivery r11.1 (GA, a, C1)
Unicenter Remote Control r11.2 C2
Unicenter Remote Control r11.2 C1
Unicenter Remote Control r11.2a
Unicenter Remote Control r11.2
Unicenter Remote Control r11.1 (GA, a, C1)
CA Desktop and Server Management r11.2 C2
CA Desktop and Server Management r11.2 C1
CA Desktop and Server Management r11.2a
CA Desktop and Server Management r11.2
CA Desktop and Server Management r11.1 (GA, a, C1)
For full details see the original advisory at: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256
Critical Oracle Vulnerabilities
Multiple vulnerabilities have been reported in the Oracle products listed below. The packages SDO_GEOM, SDO_IDX, and SDO_UTIL do not properly sanitize input, this can allow the injection of arbitrary SQL code. Additionally there are issues with the DBMS_STATS_INTERNAL package. These issues could allow an attacker to gain DBA privileges. There are additional issues that remain unspecified. See Oracle’s original advisory at: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html
* Oracle Database 11g, version 11.1.0.6
* Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3
* Oracle Database 10g, version 10.1.0.5
* Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
* Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.1.0, 10.1.3.3.0
* Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0
* Oracle Application Server 10g (9.0.4), version 9.0.4.3
* Oracle Collaboration Suite 10g, version 10.1.2
* Oracle E-Business Suite Release 12, version 12.0.4
* Oracle E-Business Suite Release 11i, version 11.5.10.2
* Oracle PeopleSoft Enterprise PeopleTools versions 8.22.19, 8.48.16, 8.49.09
* Oracle PeopleSoft Enterprise HCM versions 8.8 SP1, 8.9, 9.0
* Oracle Siebel SimBuilder versions 7.8.2, 7.8.5
Lotus Notes Multiple Keyview Parsing Vulnerabilities
Vulnerabilities in various third-party file viewing applications can leave systems using Lotus Notes open to compromise. In specific situations, specially crafted files can allow for the execution of arbitrary code. Lotus Notes versions 7.0.3 and 8.0 are known to be vulnerable, other versions may also have issues. The file types that can be used to leverage this vulnerability are:
Applix Presents (.ag)
Folio Flat File (.fff)
HTML speed reader (.htm)
KeyView document viewing engine
Text mail (MIME)
These issues were originally discovered by the Secunia Research team. More information can be found at: http://secunia.com/advisories/28210
IBM’s response, including remediation suggestions is available at: http://www.ibm.com/support/docview.wss?rs=463&uid=swg21298453
Microsoft Security Bulletin Summary for April 2008
Microsoft released a total of 5 Critical and 3 Important security bulletins for the month of April. The breakdown is as follows:
MS08-018 – Critical – Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)
Undisclosed vulnerabilities in Microsoft Office Project. These could allow an attacker to use a specially crafted Project file to take complete control of the affected system.
Affected software:
Microsoft Project 2000 Service Release 1 (KB949043)
Microsoft Project 2002 Service Pack 1 (KB949005)
Microsoft Project 2003 Service Pack 2 (KB948962)
For full details see the original advisory at:
http://www.microsoft.com/technet/security/bulletin/ms08-018.mspx
MS08-021 – Critical – Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
Undisclosed vulnerabilities in GDI. These could allow an attacker to use a specially crafted EMF or WMF image files to take complete control of the affected system.
Affected Software
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
(Note that for the above platforms MS08-021 replaces MS07-046)
Windows Vista and Windows Vista Service Pack 1
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 for Itanium-based Systems
For full details see the original advisory at:
http://www.microsoft.com/technet/security/bulletin/ms08-021.mspx
MS08-022 – Critical – Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
Undisclosed vulnerabilities in the VBScript and JScript scripting engines. These could allow an attacker to take complete control of the affected system.
Affected Software
VBScript 5.1 and JScript 5.1 on Microsoft Windows 2000 Service Pack 4
VBScript 5.6 and JScript 5.6 on Microsoft Windows 2000 Service Pack 4
VBScript 5.6 and JScript 5.6 on Windows XP Service Pack 2
VBScript 5.6 and JScript 5.6 on Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
VBScript 5.6 and JScript 5.6 on Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
VBScript 5.6 and JScript 5.6 on Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
VBScript 5.6 and JScript 5.6 on Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
(Note that for the above platforms MS08-022 replaces MS06-023)
For full details see the original advisory at:
http://www.microsoft.com/technet/security/bulletin/ms08-022.mspx
MS08-023 – Critical – Security Update of ActiveX Kill Bits (948881)
An undisclosed vulnerability for ActiveX components. The vulnerability could allow an attacker to use a specially crafted Web page as a vector for remote code execution. The
severity of any compromise may depend upon the level of administrative rights of the user account.
Affected Software:
Microsoft Windows 2000 Service Pack 4 with Internet Explorer 5.01 Service Pack 4
Microsoft Windows 2000 Service Pack 4 with Internet Explorer 6 Service Pack 1
Windows XP Service Pack 2
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista and Windows Vista Service Pack 1
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 for Itanium-based Systems
For full details see the original advisory at:
http://www.microsoft.com/technet/security/bulletin/ms08-023.mspx
MS08-024 – Critical – Cumulative Security Update for Internet Explorer (947864)
This security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Windows 2000 Service Pack 4
with Internet Explorer 5.01 Service Pack 4
or Internet Explorer 6 Service Pack 1
Windows XP Service Pack 2
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
with Internet Explorer 6
Windows XP Service Pack 2
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista and Windows Vista Service Pack 1
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 for Itanium-based Systems
with Internet Explorer 7
For full details see the original advisory at:
http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx
MS08-020 – Important – Vulnerability in DNS Client Could Allow Spoofing (945553)
An undisclosed vulnerability that could allow an attacker to spoof or redirect Internet traffic on affected systems.
For full details see the original advisory at:
http://www.microsoft.com/technet/security/bulletin/ms08-020.mspx
MS08-025 – Important –Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
An undisclosed vulnerability in the Windows kernel. Can allow a local attacker to take complete control of an affected system.
For full details see the original advisory at:
http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx
MS08-019 – Important –Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
Undisclosed vulnerabilities in Microsoft Office Visio. These could allow an attacker to use specially crafted Visio files to perform remote code execution or take complete control of an affected system.
For full details see the original advisory at:
http://www.microsoft.com/technet/security/bulletin/ms08-019.mspx
HP OpenView Network Node Manager Vulnerabilities
An independent researcher, Luigi Auriemma, has found several vulnerabilities in Version 7.53 of HP’s OpenView Network Node Manager. These include a format string error and stack based buffer overflows and Denial of Service issues. All of the vulnerabilities were discovered within the ovalarmsrv.exe process which listens on ports 2953 and 2954. If you are running this product you should ensure that access is limited to known and trusted parties. The original advisory can be found at: http://aluigi.altervista.org/adv/ovalarmsrv-adv.txt
Cisco Unified Communications Disaster Recovery Framework Vulnerability
The Disaster Recovery Framework is able to receive and execute commands without authentication. This can allow an attacker to cause denial of service conditions, obtain sensitive configuration information, overwrite configuration parameters, or execute DRF-related commands, including arbitrary system commands with full administrative privileges.
For further details and mitigation suggestions please see the original advisory at:http://www.cisco.com/warp/public/707/cisco-sa-20080403-drf.shtml
Slew of Cisco Alerts
The Cisco Systems Product Security Incident Response Team release a group of security advisories today. The majority of the vulnerabilities can result in Denial of Service for multiple products. Here’s the round up:
Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
Devices running certain versions of Cisco IOS prior to 12.3 with VPDN enabled may be affected by the vulnerabilities. The vulnerabilities are a result of a memory leak and an inability to reuse virtual interfaces. See the original advisory for full details:
http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml
Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Certain Processors
Some Cisco Catalyst 6500 Series and Cisco 7600 Routers running particular branches of Cisco IOS based on 12.2 may be vulnerable to a denial of service vulnerability. To be vulnerable they must be configured to use OSPF and MPLS enabled VPNs. Products known to be vulnerable are based on the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720). See the original advisory for full details: http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml
Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers
Devices running Cisco IOS software with Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service attack. To be vulnerable the device must also have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. See the original advisory for full details: http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml
Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS
All devices running Cisco IOS with the Data-link Switching (DLSw) feature enabled may be susceptible to a vulnerability that can result in a reload or memory leak when processing specially crafted UDP or IP Protocol 91 packets. See the original advisory for full details: http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml
Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
All devices running Cisco IOS and configured for MVPN are susceptible to a vulnerability that can allow an attacker to receive multicast traffic from other MVPN networks. See the original advisory for full details: http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml