Apache Tomcat; Firefox, Thunderbird Info Leak

Posted on by
Reply

Some vulnerabilities in Apache Tomcat have been discovered. These vulnerabilities could allow for the manipulation of an SSL session or the disclosure of session ID’s. Administrators running Tomcat should update to version 5.5.26 or 6.0.16.
Multiple vulnerabilities in Firefox, Thunderbird, and Seamonkey have been reported. These vulnerabilities could result in memory corruption, information exposure, directory traversal, and potentially other issues. A proof of concept exists for Firefox 2.0.0.12. Users should update their Mozilla software to the latest version, and keep an eye out for any additional updates to this issue.

Symantec Backup Exec Vulnerability

Posted on by
Reply

Backup Exec System Recovery Manager version 7.0 and 7.0.1 have been found to be vulnerable to a flaw that allows attackers to upload files without authentication. This can lead to the execution of arbitrary code. The attack vector is a specially crafted HTTP post. Symantec has released an advisory and update at: http://www.symantec.com/avcenter/security/Content/2008.02.04.html

HP Storage Essentials SRM Vulnerability

Posted on by
Reply

An undisclosed flaw has been discovered in HP’s Storage Essentials SRM. Exploitation can allow some unauthorized remote access and may lead to the execution of arbitrary code. All versions prior to 6.0.0 are vulnerable. HP’s original advisory is here: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01316132

Sun Java Updates

Posted on by
Reply

Two vulnerabilities in the Java Runtime Environment have been announced. These may allow an applet to gain elevated privileges and could allow for the execution of arbitrary code. The affected releases are:

JDK and JRE 6 Update 1 and earlier
JDK and JRE 5.0 Update 13 and earlier

We recommend that you update your systems. The original advisory is at:http://sunsolve.sun.com/search/document.do?assetkey=1-66-231261-1

Ubuntu updates

Posted on by
Reply

Updates for the Ubuntu kernel and for the apache2 server have been released. The kernel update fixes multiple vulnerabilities whihc could result in the corruption of the file system, Denial of Service conditions, bypassing certain security restrictions and the disclosure of sensitive information. Versions 6.10, 7.04 and 7.10 are vulnerable. The apache2 update addresses Cross Site Scripting and Denial of Service vulnerabilities on versions 6.06, 6.10, 7.04 and 7.10.

IBM DB2 UDB Vulnerabilities

Posted on by
Reply

IBM’s DB2 UDB has been reported to have several new vulnerabilities. Successful exploitation could allow for privilege escalation, the bypassing of some security restrictions or Denial of Service conditions. A “FixPak” is available from IBM at: http://www-1.ibm.com/support/docview.wss?rs=71&uid=swg21256235. Details on the specific vulnerabilities can be found at: ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT