 |
OSISoft PI Server Authentication Weakness
updated: 25-Oct-09
A vulnerability was reported on all versions of PI server. An attacker can gain access to the PI Server databases, allowing him to gain access to confidential operational information, cause permanent data loss or presentation of misleading decision support data, and attempt to find additional vulnerabilities in the server to attack the corporate network control center.
Upgrade to a safer version.
Local Privilege Escalation Vulnerability in Trustport Security Software
updated: 25-Oct-09
TrustPort Antivirus 2.8.0.2265, TrustPort Antivirus Business 2.8.0.2265, TrustPort PC Security 2.0.0.1290 and TrustPort PC Security Business 2.0.0.1290 install their own program files with Everyone Full Control permissions. Local attacker can replace some files including executable files of Trustport services by malicious files and execute arbitrary code with SYSTEM privileges.
Install the fixed version from vendor.
cURL Certificate Validation Error
updated: 25-Oct-09
cURL < 7.19.6 does not properly handle fields in X.509 certificates that contain an ASCII NUL (\0) character.
Specifically, the processing of such fields is stopped at the first occurence of a NUL character. This type of vulnerability was recently discovered by Dan Kaminsky and Moxie Marlinspike.
A remote attacker might employ a specially crafted X.509 certificate (that for instance contains a NUL character in the Common Name field) to conduct man-in-the-middle attacks.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417
Cisco IOS Software Network Time Protocol Packet Vulnerability
updated: 25-Oct-09
Cisco IOS. Software with support for Network Time Protocol (NTP) version (v4) contains a vulnerability processing specific NTP packets that will result in a reload of the device. This results in a remote denial of service (DoS) condition on the affected device.
Install the update from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml
Cisco IOS Software H.323 Denial of Service Vulnerability
updated: 25-Oct-09
The H.323 implementation in Cisco IOS. Software contains a
vulnerability that can be exploited remotely to cause a device that is running Cisco IOS Software to reload.
Install the update from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
updated: 25-Oct-09
A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS. Software that could allow an unauthenticated attacker to cause a denial of service (DoS) condition on an affected device when the Cisco Unified Border Element feature is enabled.
Install the update from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml
Cisco IOS Software Object-group Access Control List Bypass Vulnerability
updated: 25-Oct-09
A vulnerability exists in Cisco IOS. software where an unauthenticated attacker could bypass access control policies when the Object Groups for Access Control Lists (ACLs) feature is used.
Install the update from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml
Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability
updated: 25-Oct-09
Cisco IOS. Software contains a vulnerability that could allow an attacker to cause a Cisco IOS device to reload by remotely sending a crafted encryption packet.
Install the update from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml
Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability
updated: 25-Oct-09
Cisco IOS. devices that are configured for Internet Key Exchange
(IKE) protocol and certificate based authentication are vulnerable to a resource exhaustion attack. Successful exploitation of this vulnerability may result in the allocation of all available Phase 1 security associations (SA) and prevent the establishment of new IPsec sessions.
Install the update from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml
Cisco IOS Software Zone-Based Policy Firewall Vulnerability
updated: 25-Oct-09
Cisco IOS. devices that are configured with Cisco IOS Zone-Based Policy Firewall Session Initiation Protocol (SIP) inspection are vulnerable to denial of service (DoS) attacks when processing a specific SIP transit packet. Exploitation of the vulnerability could result in a reload of the affected device.
Install the update from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml
Cisco Unified Communications Manager Session Initiation Protocol Denial of Service
updated: 25-Oct-09
Cisco Unified Communications Manager, which was formerly Cisco Unified CallManager, contains a denial of service (DoS) vulnerability in the Session Initiation Protocol (SIP) service. An exploit of this vulnerability may cause an interruption in voice services.
Install the update from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20090923-cm.shtml
Cisco Unified Communications Manager Express Vulnerability
updated: 25-Oct-09
Cisco IOS. devices that are configured for Cisco Unified Communications Manager Express (CME) and the Extension Mobility feature are vulnerable to a buffer overflow vulnerability. Successful exploitation of this vulnerability may result in the execution of arbitrary code or a Denial of Service (DoS) condition on an affected device.
Install the update from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml
Check Point Connectra R62 Login Script Injection Vulnerability scip AG Vulnerability
updated: 25-Oct-09
An input validation error was reported in the current release, of Check Point Connectra, which enabled an attacker to perform various web-based attacks.
The initial logon script at /Login/Login, that is being used for unauthenticated users to log in, fails to perform proper input validation on the data that is being submitted via HTTP POST. While certain fields are escaped before being sent back to users browser, the parameter "vpid_prefix" lacks any validation and is therefore vulnerable to script injection.
Other parts of the application might be affected too.
This vulnerability has been tested on version R62, other versions might be affected as well.
Install the hotfix from Check Point.
Reference
https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk42793
Apple iPhone OS AudioCodecs Heap Buffer Overflow
updated: 25-Oct-09
iPhone OS AudioCodecs library contains a heap buffer overflow vulnerability while parsing maliciously crafted AAC or MP3 files. The vulnerability may be exploited by an attacker to execute arbitrary code in the context of an application using the vulnerable library.
One attack vector are iPhone ringtones with malformed sample size table entries. It was successfully tested that iTunes uploads such malformed ringtones to the phone.
Upgrade to iPhone OS 3.1 or iPhone OS 3.1.1 for iPod touch.
Local Privilege Escalation Vulnerability In Protector Plus Antivirus Software
updated: 25-Oct-09
Protector Plus installs the own program files with insecure permissions (Everyone - Full Control). Local attacker (unprivileged user) can replace some files (for example, executable files of Protector services) by malicious file and execute arbitrary code with SYSTEM privileges. This is local privilege escalation vulnerability.
Wireshark Denial of Service
updated: 25-Oct-09
Multiple vulnerabilities have been discovered in Wireshark < 1.2.1 which allow for Denial of Service.
A remote attacker could exploit these vulnerabilities by sending specially crafted packets on a network being monitored by Wireshark or by enticing a user to read a malformed packet trace file to cause a Denial of Service.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563
Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server
updated: 13-Sep-09
is a lightweight DNS forwarder and DHCP server. A vulnerability has been found in Dnsmasq prior to 2.49 that may allow an attacker to execute arbitrary code on servers or home routers running dnsmasq with the TFTP service enabled ('--enable-tfp').
This service is not enabled by default on most distributions; in particular it is not enabled by default on OpenWRT or DD-WRT. Chances of successful exploitation increase when a long directory prefix is used for TFTP. Code will be executed with the privileges of the user running dnsmasq, which is normally a non-privileged one.
Additionally there is a potential DoS attack to the TFTP service by exploiting a null-pointer dereference vulnerability.
Upgrade to dnsmasq 2.50.
Reference
http://www.coresecurity.com/content/dnsmasq-vulnerabilities
Apple QuickTime FlashPix Sector Size Overflow
updated: 13-Sep-09
An overflow flaw exists in Apple QuickTime during the parsing of malformed FlashPix (.fpx) files. While parsing the SectorShift and cSectFat fields from the header, the application will multiply 2 user-controlled 32-bit values and utilize this for an allocation. If the result of the multiplication is greater than 32bits, the application will allocate an undersized heap chunk. Later, the application will copy file data directly into this buffer leading to a buffer overflow which can allow for code execution under the context of the currently logged in user.
Install the update from Apple.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-09-064
http://support.apple.com/kb/HT3859
Apple QuickTime H.264 Nal Unit Length Heap Overflow
updated: 13-Sep-09
A heap overflow flaw exists in Apple QuickTime during the parsing of samples from a malformed MOV file utilizing the H.264 codec. While parsing data to render the stream, the application will mistrust a length that is used to initialize a heap chunk that was allocated in a header. If the length is larger than the size of the chunk allocated, then a memory corruption will occur leading to code execution under the context of the currently logged in user.
Install the update from Apple.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-09-063
http://support.apple.com/kb/HT3859
Mozilla Firefox TreeColumns Dangling Pointer Vulnerability
updated: 13-Sep-09
A vulnerability was reported in Mozilla Firefox during the redrawing of tree columns contained within a XUL document. Due to the reuse of a previously freed object, attacker controlled memory can be executed. Successful exploitation of this vulnerability can lead to remote compromise of the affected system under the credentials of the currently logged in user.
Install the update from developer.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-09-065
http://www.mozilla.org/security/announce/2009/mfsa2009-49.html
Apache Portable Runtime Utility Library Execution of Arbitrary Code
updated: 13-Sep-09
Multiple integer overflows in the Apache Portable Runtime < 1.3.9 and its Utility Library might allow for the remote execution of arbitrary code.
A remote attacker could entice a user to connect to a malicious server with software that uses the APR or act as a malicious client to a server that uses the APR (such as Subversion or Apache servers), possibly resulting in the execution of arbitrary code with the privileges of the user running the application.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
Clam AntiVirus Multiple Vulnerabilities
updated: 13-Sep-09
Multiple vulnerabilities were reported in ClamAV < 0.95.2 that allow for the remote execution of arbitrary code or Denial of Service.
A remote attacker could entice a user or automated system to process a specially crafted UPack archive or a file containing a specially crafted URL, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Furthermore, a remote attacker could cause a Denial of Service by supplying a specially crafted TAR archive or PE executable to a Clam AntiVirus instance.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1372
Openswan Denial of Service
updated: 13-Sep-09
Multiple vulnerabilities were reported in the pluto IKE daemon of Openswan < 2.4.15 that might allow remote attackers to cause a Denial of Service.
A remote attacker could exploit these vulnerabilities by sending specially crafted R_U_THERE or R_U_THERE_ACK packets, or a specially crafted X.509 certificate containing a malicious Relative Distinguished Name (RDN), UTCTIME string or GENERALIZEDTIME string to cause a Denial of Service of the pluto IKE daemon.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2185
aMule Parameter Injection
updated: 13-Sep-09
An input validation error in aMule < 2.2.5 since the aMule preview function does not properly sanitize file names.
A remote attacker could entice a user to download a file with a specially crafted file name to inject arbitrary arguments to the victim's video player.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1440
TkMan Insecure Temporary File Usage
updated: 13-Sep-09
An insecure temporary file usage has been reported in TkMan < 2.2-r1.
A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5137
Screenie Insecure Temporary File Usage
updated: 13-Sep-09
An insecure temporary file usage has been reported in Screenie < 1.30.0-r1.
A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5371
LMBench Insecure Temporary File Usage
updated: 13-Sep-09
Multiple insecure temporary file usage issues have been reported in LMBench <= 3.
A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.
Use the alternative of LMBench.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4968
GCC-XML Insecure Temporary File Usage
updated: 13-Sep-09
An insecure temporary file usage has been reported in GCC-XML < 0.9.0_pre20090516 allowing for symlink attacks.
A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.
Upgrade GCC-XML to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4957
MS09-049 - Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution
updated: 13-Sep-09
A remote code execution vulnerability exists in the way that the Wireless LAN AutoConfig Service (wlansvc) parses specific frames received on the wireless network. This vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Windows Vista and Windows Server 2008 are affected.
Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/MS09-049.mspx
MS09-048 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution
updated: 13-Sep-09
Several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
All supported editions of Windows Vista and Windows Server 2008, Important for all supported editions of Microsoft Windows 2000 and Windows Server 2003, and Windows XP are affected.
Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx
MS09-047 - Vulnerabilities in Windows Media Format Could Allow Remote Code Execution
updated: 13-Sep-09
Two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, Windows Media Format Runtime 11, Microsoft Media Foundation, Windows Media Services 9.1, and Windows Media Services 2008 are affected.
Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/MS09-047.mspx
MS09-046 - Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution
updated: 13-Sep-09
A remote code execution vulnerability exists in the DHTML Editing Component ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
All supported editions of Microsoft Windows 2000 and Windows XP and Windows Server 2003 are affected.
Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/MS09-046.mspx
MS09-045 - Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution
updated: 13-Sep-09
A remote code execution vulnerability exists in the way that the JScript scripting engine processes scripts in Web pages. The vulnerability could allow remote code execution if a user opened a specially crafted file or visited a Web site that is running a specially crafted script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
JScript 5.1 on Microsoft Windows 2000 Service Pack 4 and Critical for JScript 5.6, JScript 5.7 and JScript 5.8 on all supported releases of the Windows operating system except Windows 7 and Windows Server 2008 R2 are affected.
Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS09-045.mspx
IBM Lotus Notes 8.5 RSS Widget Privilege Escalation
updated: 13-Sep-09
A design vulnerability was reported in the RSS reader widget of IBM Lotus Release 8.5. This reader downloads the RSS file, extracts the items and saves them locally as HTML files.
The interpretation and display of the RSS items is handled by the Internet Explorer regarding the applied security zone.
The RSS items are handled like web documents which introduces the possibility of running script code or to embed multimedia objects (e.g. Flash or movies).
Because locally saved files run in the Local Zone of the Internet Explorer some privilege escalation is possible.
Reference
http://www.scip.ch/?vuldb.4021
Linux-PAM: Privilege Escalation
updated: 13-Sep-09
An error was reported in the handling of user names of Linux-PAM < 1.0.4, since Linux-PAM does not properly handle user names that contain Unicode characters. This is related to integer signedness errors in the pam_StrTok() function in libpam/pam_misc.c.
A remote attacker could exploit this vulnerability to cause a Denial of Service. A remote authenticated attacker could exploit this vulnerability to log in to a system with the account of a user that has a similar user name, but with non-ASCII characters.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0887
Libvorbis: User-Assisted Execution of Arbitrary Code
updated: 13-Sep-09
A processing error was reported in libvorbis < 1.2.3 since the software does not correctly process file headers, related to static mode headers and encoding books.
A remote attacker could entice a user to play a specially crafted OGG Vorbis file using an application that uses libvorbis, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663
VMWare VMnc Codec Mismatched Dimensions Buffer Overflow
updated: 13-Sep-09
A vulnerability was discovered in various VMWare Workstation version 6.5.2 build 156735, caused due to a boundary error in the VMnc codec (vmnc.dll) and can be exploited to cause a heap-based buffer overflow via a specially crafted video file with mismatched dimensions.
Successful exploitation may allow execution of arbitrary code.
Update to version 6.5.3 build 185404.
Reference
http://secunia.com/secunia_research/2009-25/
OpenOffice.org Word Document Table Parsing Integer Underflow
updated: 13-Sep-09
A vulnerability was discovered in OpenOffice.org 3.1, caused due to an integer underflow error when parsing certain records in the document table. This can be exploited to cause a heap-based buffer overflow via a specially crafted file.
Successful exploitation may allow execution of arbitrary code. Update to version 3.1.1.
Reference
http://secunia.com/secunia_research/2009-26/
|
|
