Author Archives: wstoner

Exploit available for Solaris 10 rpc.ypupdated

Posted on by
Reply

Exploit code is available for rpc.ypupdated on Solaris 10. If rpc.ypupdated uses the “-i” option during startup it will be vulnerable to the exploit. This can allow an attacker to execute arbitrary code on the affected system. The vulnerability is caused by issues with the handling of map names sent during an update. You should insure that the “-i” option is not being used and that all access to RPC services is limited to known and trusted users. There is currently no patch available and older versions of Solaris may be vulnerable

Asterisk Vulnerabilities

Posted on by
1

Several vulnerabilities exist in various Asterisk products that can lead to Denial of Service conditions, the bypassing of security restrictions and may allow the compromise of an affected system.

Two of the vulnerabilities are a result of errors that can arise when RTP codecs are processed. If more than 32 RTP payloads are sent a stack-based buffer overflow may occur. In the other case a specially crafted SIP packet can be used to write 0 into certain memory locations. The final vulnerability is a result of problems that exist in SIP channel driver.

Make sure that you have updated to the releases below, as is applicable to your site:
Asterisk:

Update to version 1.2.27.
or
Update to version 1.4.18.1.

Asterisk Business Edition:
Update to version B.2.5.1 and C.1.6.2.

s800i (Asterisk Appliance):
Update to version 1.1.0.2.

Asterisk Appliance Developer Kit:
Fixed in the SVN repository. Please see the vendor’s advisories for details.

F-Secure Products at Risk of Compromise or DoS

Posted on by
Reply

Multiple F-Secure products contain unspecified issues in their handling of archive files. This could allow specially crafted archive files to be used as an attack vector. The results of a successful attack could cause a Denial of Service or possibly result in the compromise of the affected host. The products at risk are:

F-Secure Internet Security 2008
F-Secure Internet Security 2007
F-Secure Internet Security 2007 Second Edition
F-Secure Internet Security 2006
F-Secure Anti-Virus 2008
F-Secure Anti-Virus 2007
F-Secure Anti-Virus 2007 Second Edition
F-Secure Anti-Virus 2006
F-Secure Client Security 7.11 and earlier
F-Secure Anti-Virus Client Security 6.04 and earlier
F-Secure Anti-Virus for Workstations 7.11 and earlier
F-Secure Anti-Virus Linux Client Security 5.54 and earlier
F-Secure Anti-Virus for Linux 4.65 and earlier
Solutions based on F-Secure Protection Service for Consumers version 7.00 and earlier
Solutions based on F-Secure Protection Service for Business version 3.10 and earlier
F-Secure Mobile Anti-Virus™ for S60 2nd edition
F-Secure Mobile Anti-Virus™ for Windows Mobile 2003/5.0/6
F-Secure Mobile Security™ for Series 80

F-Secure Anti-Virus for Windows Servers 7.01 and earlier
F-Secure Anti-Virus for Citrix Servers 7.00 and earlier
F-Secure Anti-Virus Linux Server Security 5.54 and earlier

F-Secure Anti-Virus for Microsoft Exchange 7.10 and earlier
F-Secure Internet Gatekeeper 6.61, Windows and earlier
F-Secure Internet Gatekeeper for Linux 2.16 and earlier
F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier
F-Secure Messaging Security Gateway 4.0.7 and earlier

Details on patching the products list above can be found at:

http://www.f-secure.com/security/fsc-2008-2.shtml

Avaya (Solaris) Remote Denial of Service

Posted on by
Reply

Avaya has released an advisory covering CMS R12, R13/R13.1, R14 and Avaya IR 2.0, 3.0 that contain vulnerabilities that could lead successful security bypass or remote Denial of Service attacks. The issue at hand is actually in the underlying Solaris firewall. Full details can be found in the original advisories:

Avaya: http://support.avaya.com/elmodocs2/security/ASA-2008-119.htm

Solaris: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200183-1

Multiple IBM AIX Vulnerabilities

Posted on by
Reply

Vulnerabilities have been discovered in AIX’s X server and inet_network libc library that can lead to a number of threats. These include the execution of arbitrary code in a root context, Denial of Service, or exposure of sensitive data. The original IBM advisories are located at:

AIX X server multiple vulnerabilities

AIX libc inet_network buffer overflow

Thunderbird 2 MIME vulnerability

Posted on by
Reply

Mozilla Thunderbird 2.0.0.9 has been found to contain a heap buffer overflow vulnerability due to the way it handles external-body MIME types. Systems running this version of Thunderbird are vulnerable to compromise or the execution of arbitrary code via specially crafted email messages. You should update to Thunderbird 2.0.0.12 as soon as possible.

Mozilla’s advisory is located at: http://www.mozilla.org/security/announce/2008/mfsa2008-12.html

ICQ Vulnerability Should Increase Your Vigilance

Posted on by
Reply

A newly discovered format string error in ICQ version 6 build 6043 once again highlights the need to be cautious about who you are conversing with. Interaction  with the embedded Internet Explorer component can allow specially crafted messages to execute arbitrary code on the affected system. Make sure that you only open messages from known and trusted contacts.  It is a good idea to clean unknown or untrusted contacts from your contact list and enable the “Accept messages only from contacts” option. The build named above is known to be vulnerable other versions may also be affected

VMWare Directory Traversal for Shared Folders

Posted on by
Reply

Multiple VMWare products running on Windows platforms with Shared Folders are vulnerable to a directory traversal attack. If an attacker can has access to a guest operating system they can exploit the vulnerability to gain write access to the underlying hosting system. This obviously opens the door for a multitude of attacks.

Until a patch is released users on Windows are advised to disable any Shared Folders that they may have configured.

The original advisory is at:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034

Symantec Veritas Storage Foundation Vulnerabilities

Posted on by
Reply

Two new vulnerabilites have been reported in Symantec’s Veritas Storage Foundation product. Both are primarily Denial of Sevice issues, but one may lead to the execution of arbitrary code. This more serious issue is caused by input validation issues in the Administrator Service and can be exploited by sending a specially crafted packet to one of the products default ports, 3207/UDP. This vulnerability affects version 5.0 on both Windows and Unix/Linux systems. The lesser vulnerability is also caused by an input validation issue, this time in the Veritas Scheduler service. It can be exploited by sending a specially crafted packet to the default port 4888/TCP.

The original Symantec advisories are available at:
SYM08-005: http://www.symantec.com/avcenter/security/Content/2008.02.20a.html

and

SYM08-004:
http://www.symantec.com/avcenter/security/Content/2008.02.20.html