Category Archives: Emerging Threats

ICQ Vulnerability Should Increase Your Vigilance

Posted on by
Reply

A newly discovered format string error in ICQ version 6 build 6043 once again highlights the need to be cautious about who you are conversing with. Interaction  with the embedded Internet Explorer component can allow specially crafted messages to execute arbitrary code on the affected system. Make sure that you only open messages from known and trusted contacts.  It is a good idea to clean unknown or untrusted contacts from your contact list and enable the “Accept messages only from contacts” option. The build named above is known to be vulnerable other versions may also be affected

VMWare Directory Traversal for Shared Folders

Posted on by
Reply

Multiple VMWare products running on Windows platforms with Shared Folders are vulnerable to a directory traversal attack. If an attacker can has access to a guest operating system they can exploit the vulnerability to gain write access to the underlying hosting system. This obviously opens the door for a multitude of attacks.

Until a patch is released users on Windows are advised to disable any Shared Folders that they may have configured.

The original advisory is at:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034

WMWare ESX Multiple Vulns, Novell iPrint Remote Code

Posted on by
Reply

VMWare ESX is vulnerable to multiple issues, including the bypassing of security restrictions, system compromise, denial of service, and the disclosure of sensitive information. Currently, VMWare ESX 2.x and 3.x are vulnerable. VMWare has released a patch for this issue, available from www.vmware.com.
Novell iPrint Client is vulnerable to remote exploitation. The vulnerability lies in the active control ienipp.ocx and can be exploited remotely to cause a stack based buffer overflow. This has been confirmed in version 4.26 and 4.32. Novell recommends all users update to version 4.34.

Symantec Veritas Storage Foundation Vulnerabilities

Posted on by
Reply

Two new vulnerabilites have been reported in Symantec’s Veritas Storage Foundation product. Both are primarily Denial of Sevice issues, but one may lead to the execution of arbitrary code. This more serious issue is caused by input validation issues in the Administrator Service and can be exploited by sending a specially crafted packet to one of the products default ports, 3207/UDP. This vulnerability affects version 5.0 on both Windows and Unix/Linux systems. The lesser vulnerability is also caused by an input validation issue, this time in the Veritas Scheduler service. It can be exploited by sending a specially crafted packet to the default port 4888/TCP.

The original Symantec advisories are available at:
SYM08-005: http://www.symantec.com/avcenter/security/Content/2008.02.20a.html

and

SYM08-004:
http://www.symantec.com/avcenter/security/Content/2008.02.20.html

BEA WebLogic Vulnerability

Posted on by
Reply

Vulnerabilities have been reported in BEA WebLogic products. The vulnerabilities could allow attackers to inject script, disclose inform

The issue occurs during the processing of requests within the “HttpClusterServlet” and “HttpProxyServlet” servlets. If the system is configured with the “SecureProxy” setting, then it may be  potentially be exploited to gain access to certain administrative resources that are only accessible to an administrator.

Products affected are WebLogic Express, Portal and Server versions 6.x through 10.x, and WebLogic Workshop 8.x through 10.x. BEA has updates for all affected products.

Opera Multiple Vulns, Lotus Notes Java Compromise

Posted on by
Reply

Multiple vulnerabilities in the Opera web browser have been reported. These vulnerabilities could allow for the execution of arbitrary script code, conduct cross site scripting, force a user to upload files, and bypass security restrictions. These vulnerabilities are reported in versions prior to 9.26. Version 9.26 is available at the time of this writing. Anyone using this software should upgrade as soon as possible.
If you’re running IBM Lotus Notes with “Enable Java access from JavaScript” enabled, then you are vulnerable to remote compromise. The vulnerability is reported in versions 6.5.6 and 7.0. Reportedly, the vulnerability has been fixed in version 7.0.2. Also, the vendor suggests disabling the above option.

IBM DB2 and Kerio MailServer DoS

Posted on by
Reply

Some vulnerabilities have been reported in IBM/DB2. While one of the vulnerabilities is unspecified, the other is a result of an unspecified error during a CONNECT/ATTACH process, that can cause a denial of service. Administrators of DB2 systems should apply Fixpak 4a.
Kerio MailServer 6.x (prior to 6.5) contains multiple vulnerabilities. These vulnerabilities could cause a buffer overflow, leading to system compromise, or a denial of service. Kerio has made a newer version available at http://www.kerio.com/kms_download.html

Mozilla Vulnerabilities

Posted on by
Reply

Mozilla Firefox, Thunderbird, and SeaMonkey contain multiple vulnerabilities. These vulnerabilities could allow attackers to execute code remotely, cause a DoS, access sensitive information, and in general control your browsing. The vulnerabilities are in version 2.0.0.11 and prior. Thunderbird 2.0.0.9 and SeaMonkey 1.1.7 are vulnerable to many of the same issues. Mozilla has made upgrade available.