Apache Tomcat; Firefox, Thunderbird Info Leak

Some vulnerabilities in Apache Tomcat have been discovered. These vulnerabilities could allow for the manipulation of an SSL session or the disclosure of session ID’s. Administrators running Tomcat should update to version 5.5.26 or 6.0.16.
Multiple vulnerabilities in Firefox, Thunderbird, and Seamonkey have been reported. These vulnerabilities could result in memory corruption, information exposure, directory traversal, and potentially other issues. A proof of concept exists for Firefox Users should update their Mozilla software to the latest version, and keep an eye out for any additional updates to this issue.

Quicktime PoC, IBM Lotus DoS

There’s a vulnerability in IBM Lotus Domino, which could result in a Denial of Service. There aren’t any details regarding the specifics of the vulnerability at this time. The vulnerability is reported in versions below 7.0.2 Fix Pack 3. Administrators should look in to updating to 7.0.2 Fix Pack 3. More information can be obtained from the original advisory http://www-1.ibm.com/support/docview.wss?uid=swg27011539
McAfee E-Business Server is also vulnerable to a local Denial of Service. An error in the handling of authentication packets can be exploited to DoS the service or potentially execute arbitrary code. Version 8.5.2 and earlier are vulnerable. Version 8.5.3 is available.
An exploit has been released for the Quicktime RTSP vulnerability previously discusses. There is currently no fix available at this time. Users should be aware and alert to what they are watching/listening to and from who.

MS07-065 PoC, Scam Warning

A proof of concept has been released for one of the vulnerabilities announced in Decembers Microsoft Update. The vulnerability in Message Queuing Service (ms07-065) now has a working proof of concept exploit available to the public. If you have not updated, or do not have automatic updates enabled, please do so.

Also, with the recent death of a foreign former prime minister, be on the lookout for emails or website attempting to lure you there as most of these will likely been social engineering/scam attempts.

HP InfoCenter POC, Adobe Flash Player

On Wednesday, 12 December, we posted about a vulnerability in HP software installed on laptops. Well, we now have reports that a working POC exploit that grants remote access exists. HP has provided a workaround by disabling the HP Info Center. More information, including the workaround, can be found at the following URLs:


Clam AntiVirus is vulnerable to remote exploitation of an integer overflow. This error is in the processing of PE files packed with the MEW packer. Exploitation of this vulnerability can result in execution of code in the context of the application running libclamav. If the clamd process is exploited, code can be executed under the context of the clamav user.  This vulnerability exists within ClamAV 0.91.2. There is a workaround available by setting –no-pe when starting the clamscan. There is also an update available, which is version 0.92.

Multiple vulnerabilities have been reported in Adobe’s Flash Player. These affect Adobe Flash CS3, Adobe Flash Player 9.x, Adobe Flex 2.x, Macromedia Flash 8.x, Macromedia Flash Player 7.x, and Macromedia Flash Player 8.x. The vulnerabilities can result in a variety of outcomes, including Denial of Service and compromising users systems. There are updates available for each of the Flash players affected. Note that this will be the last update for Adobe Flash Player 7.

Additionally, there is a vulnerability that could allow system compromise in AIX 5.2, 5.3, and 6.1. The vulnerability is related to Perl Regular Expressions Unicode Data Buffer Overflow. There are interim fixes available here ftp://aix.software.ibm.com/aix/efixes/security/perl_ifix.tar.

Citrix Web Interface is vulnerable to an unspecified cross site scripting attack. The cross site scripting is in the online help portion of the software. More information can be found in the original advisory http://support.citrix.com/article/CTX115283