Apple has released QuickTime 7.3.1 to address several vulnerabilities. These include the buffer overflow in RTSP, a heap buffer overflow found in QuickTime’s handling of QTL files and vulnerabilities which exist in QuickTime’s Flash media handler. Updates are available for: Mac OS X v10.3.9 or later, Windows Vista, and XP SP2. The relevant CVEs are CVE-2007-6166, CVE-2007-4706 and CVE-2007-4707 respectively.
Sun released two advisories today. The first details Coss-Site Scripting vulnerabilites in Sun Java System Identity Manager. They consist of input validation errors in the parameters “cntry” and “lang” of /idm/login.jsp, the “resultsForm” parameter of /idm/account/findForSelect.jsp and the “helpUrl” parameter of /idm/help/index.jsp. The original advisory can be found at:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1
The second involves
There’s a vulnerability in IBM Lotus Domino, which could result in a Denial of Service. There aren’t any details regarding the specifics of the vulnerability at this time. The vulnerability is reported in versions below 7.0.2 Fix Pack 3. Administrators should look in to updating to 7.0.2 Fix Pack 3. More information can be obtained from the original advisory http://www-1.ibm.com/support/docview.wss?uid=swg27011539
McAfee E-Business Server is also vulnerable to a local Denial of Service. An error in the handling of authentication packets can be exploited to DoS the service or potentially execute arbitrary code. Version 8.5.2 and earlier are vulnerable. Version 8.5.3 is available.
An exploit has been released for the Quicktime RTSP vulnerability previously discusses. There is currently no fix available at this time. Users should be aware and alert to what they are watching/listening to and from who.
MS08-001
Addresses vulnerabilities in the TCP/IP stack that could lead to the execution of arbitrary code or Denial of Service conditions. It is rated Critical. This bulletin replaces MS06-032. The Microsoft security bulletin can be found at:http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx
MS08-002
Addresses vulnerabilities in input validation errors in Local Security Authority Subsystem Service (LSASS) that could lead to execution of code or privilege escalation. The Microsoft security bulletin can be found at: http://www.microsoft.com/technet/security/Bulletin/MS08-002.mspx
VMWare has released new patches that address vulnerabilities in Tomcat and Java JRE that could lead to compromise of systems, Denial of Service or the ability to circumvent security restrictions. The updates are for VirtualCenter 2.0.2, ESX 3.0.1 and ESX Server 3.0.2.
The original VMWare announcement can be found at: http://lists.vmware.com/pipermail/security-announce/2008/000003.html
Novell ZENworks Endpoint Security Management (ESM) Security Client contains a vulnerability that could allow a local user to call cmd.exe thus giving them command line access and escalate privileges. The vulnerability is reported in version 3.5. Administrators should upgrade to version 3.5.0.82.
An unspecified vulnerability has been reported in IBM AIX. Hardly any detail is available except that it occurs when the wrong path name is passed to the “trustchk_block_write()” function and prevents trusted files from being modified. This issue is reported in AIX 6.1 and administrators are urged to apply APAR IZ12119.
When Firefox creates an authentication dialog box it displays the actual source of the website at the end of the dialog text, where other browsers may create it at the beginning. This could lead to luring unsuspecting users to phishing websites and stealing authentication credentials. Mozilla has assigned this a security rating of low. Users should be vigilant about where they put their authentication credentials and make sure it’s to the proper website.
RealNetworks has not yet patched the vulnerability for the issue we discussed a few days ago. With proof of concept code already released, its assumed that there are malicious versions of the exploit already out there, or at least being worked on. We highly recommend that real video files be blocked, or real player be uninstalled on machines for the time being. RealNetworks is still investigating the issue, and its unknown when a fix is expected.
According to the latest Microsoft security advanced bulletin, January 8th will give us 1 new Critical and 1 new Important security updates. Both affect a large cross section of Windows Operating systems. Additionally a new version of the Microsoft Windows Malicious Software Removal Tool and 7 non-security updates will also be released. For full details see: http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx
The latest release of the 4.4 branch of php was released today. This release addresses several vulnerabilities including a couple of integer overflows, input handling and file and database interaction issues. We encourage anyone running earlier versions of this branch to upgrade as soon as is possible. For full details see http://www.php.net
There is a guide available from Adobe on creating secure Flash applications. In the wake of the mid December Adobe Shockwave Flash vulnerabilities, Adobe has released a white paper on “Creating more secure SWF web applications”. This, combined with flash data validation libraries available from Google, allow for a complete solution to any potential vulnerabilities. Developers of Flash animations/movies/applications should take the time to read over this document and see where they could use the data validation libraries within their environment. Security teams should be testing all of their environments Flash applications for any vulnerabilities and coordinate to get these resolved. From what I’ve read, when Adobe makes the second update for these issues available early 2008, the issues will not be completely resolved in already developed Flash applications.
Here’s a link to the article http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps.html and the validation libraries http://code.google.com/p/flash-validators/
Also, it appears a few SIP vendors have had vulnerabilities reported in them today. Avaya is affected by two issues, one in pam and the other in OpenSSH. The issue in pam could allow for the disclosure of sensitive data, or allow the injection of characters into log entries. The issue with OpenSSH could allow arbitrary code execution (race condition) and the discovery of valid usernames. Here’s the original Avaya advisories: http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm and http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm
Asterisk is vulnerable to a Denial of Service when handling the “BYE/Also” transfer method. Exploitation requires that a dialog already be established between the two parties. Asterisk versions prior to 1.4.17 are vulnerable. The issue is fixed in version 1.4.17.