VMWare ESX and Java ASP Vulns, Akamai Exploit

Sun’s Java Active Server Pages version 4.0.2 contains multiple vulnerabilities. These vulnerabilities are numerous and could result in a variety of negative consequences; including remote system compromise, bypassing security restrictions, and manipulation of data. Sun has released version 4.0.3 that corrects the issues in 4.0.2.

VMWare ESX server versions 2.x and 3.x are vulnerable to information disclosure, denial of service, and in some cases remote system compromise. All administrators and users of VMWare should consider applying the vendor provided patches to their software. Full details can be found at http://www.vmware.com/security/advisories/VMSA-2008-0009.html.

The Akamai download manager contains and input validation error in its’ ActiveX control. This could result in system compromise or a denial of service when a user visits a malicious web page. The vulnerability affects versions 2.2.3.5 and prior. A working exploit has already been released. Update to version 2.2.3.7, available at http://dlm.tools.akamai.com/tools/upgrade.html

CA Content Mgr DoS, Unspecified WebSphere Issue

A denial of service vulnerability has been reported in CA eTrust Content Manager. This vulnerability can also be exploited to compromise a vulnerable system. The vulnerability is caused due to boundary errors in certain FTP requests that could result in a stack based buffer overflow. The vulnerabilities are reported in CA eTrust Secure Content Manager 8.0.
CA has provided a patch for this issue.

Also, an unspecified vulnerability in IBM WebSphere Application Server has been reported. Very little details are available regarding this vulnerability. IBM has released fix pack 17 to address this issue (whatever it is).

Perl 5.8.8 Vulnerability – Trillian 3.1 Long Nick

A double free vulnerability exists in perl 5.8.8. A result of a UTF8 crafted regular expression, this vulnerability could cause a denial of service on certain operating systems. This has not been fixed as of the time of this writing.

A curious vulnerability has been announced for Trillian 3.1 where a specially formed nickname can cause a buffer overflow in Windows. Very few details are available at this time, and an exploit hasn’t been released, but I wouldn’t expect it to be long before we see a real PoC.

OpenOffice Overflow

Several OpenOffice vulnerabilities have been released over the weekend. In total, four advisories have been released detailing various types of overflows in the software. These could be exploited in various ways, all resulting in complete system compromise. Version 2.3 and below are vulnerable, and OpenOffice has released version 2.4, which addresses these vulnerabilities.

Symantec Internet Security 2008 Vulnerable ActiveX

There appears to be two vulnerable ActiveX controls in Symantec Internet Security 2008. The following ActiveX controls are vulnerable:

Progid: SymAData.ActiveDataInfo.1

Clsid: 3451DEDE-631F-421c-8127-FD793AFC6CC8

File: C:\PROGRA~1\COMMON~1\SYMANT~1\SUPPOR~1\SymAData.dll

Version: 2.7.0.1

  Clsid: 3451DEDE-631F-421c-8127-FD793AFC6CC8
  File: C:\PROGRA~1\COMMON~1\SYMANT~1\SUPPOR~1\SymAData.dll
  Version 2.7.0.1

These ActiveX are marked safe for scripting by Symantec. According to Symantec, although they are marked safe for scripting, they will only run from the “symantec.com” domain. Successful exploitation would require the use of XSS or DNS poisoning techniques, but could allow for complete control over a users system simply by viewing a malicious page. Symantec has issued updates to fix these vulnerabilities.

Quicktime and Opera Multiple Vulnerabilities

Multiple vulnerabilities have been announced for Apple Quicktime. I counted 11 different vulnerabilities in the advisory, ranging in criticality from disclosure of personal information to buffer overflows. Apple has released an update, version 7.4.5, that fixes these vulnerabilities.

Opera versions prior to 9.27 are vulnerable to multiple issues. These vulnerabilities could allow for the execution of code on the local host. Users should update to version 9.27.

CA Products ActiveX Vuln, VMWare Update Fixes DoS

Multiple CA products containing the DSM ListCtrl ActiveX Control are vulnerable to buffer overflow. Exploit code has been posted to a public area for this issue. This could allow attackers to cause a denial of service or execute code in the context of the user running the browser. Some mitigating factors taken from the original advisory:

” Mitigating Factors: For BrightStor ARCserve Backup for Laptops &
Desktops, only the server installation is affected. Client
installations are not affected. For CA Desktop Management Suite,
Unicenter Desktop Management Bundle, Unicenter Asset Management,
Unicenter Software Delivery and Unicenter Remote Control, only the
Managers and DSM Explorers are affected. Scalability Servers and
Agents are not affected.”

CA has posted an update for the affected software.

VMWare has issued an update for VMWare ESX. This update fixes a vulnerability that could cause a denial of service. Users/Administrators should apply ESX 2.5.5 Upgrade Patch 6.

US-CERT Issues Warning for Excel Trojan

The US-CERT has issued a warning in response to a Trojan actively exploiting MS08-014. First off, MS08-014 is for Microsoft Excel. The patch was released today that fixes critical vulnerabilities in MS Excel. These vulnerabilities could be exploited via a maliciously crafted Excel file to take complete control over a users system. Secondly, the Trojan they speak of is spreading through email with Excel attachments. The two attachment file names that US-CERT is aware of are OLYMPIC.xls and SCHEDULE.xls. These files may also contain Windows executables that can compromise an affected system. Patch now please.

RealPlayer Active Exploitation, MaxDB, others

A vulnerability has been reported in RealPlayer. An activex control, rmoc3260.dll, is vulnerable to remote code execution. This can be exploited when a user browses to a malicious page, and will execute code in the context of the user running the application. SANS reports that this vulnerability is being actively exploited in the wild. If you have RealPlayer installed on your system, it is highly recommended that you update to the latest version, however there is no patch available for the issue. The only current work around is to disable the affected activex control.
Two vulnerabilities have been reported in SAP’s MaxDB. These vulnerabilities can be exploited remotely and could result in code execution under the context of the running user. SAP AG has addressed this vulnerability by releasing a new version of MaxDB. For more information, consult SAP note 1140135.
Multiple vulnerabilities have been reported for IBM Informix Dynamic Server. These vulnerabilities can be exploited to cause a buffer overflow. These vulnerabilities can be exploited remotely. There is not currently a patch available. For more information see CVE-2008-0727 and CVE-2008-0949.

Mozilla Vulnerabilities

Mozilla Firefox, Thunderbird, and SeaMonkey contain multiple vulnerabilities. These vulnerabilities could allow attackers to execute code remotely, cause a DoS, access sensitive information, and in general control your browsing. The vulnerabilities are in version 2.0.0.11 and prior. Thunderbird 2.0.0.9 and SeaMonkey 1.1.7 are vulnerable to many of the same issues. Mozilla has made upgrade available.