Spyware, Viruses, & Security forum

General discussion

SECURITY ALERTS - June 30, 2004

by Marianna Schmudlach / June 30, 2004 12:50 AM PDT

Internet Explorer Frame Injection Vulnerability

CRITICAL:
Moderately critical

IMPACT:
Spoofing

WHERE:
From remote

SOFTWARE:
Microsoft Internet Explorer 6
http://secunia.com/product/11/
Microsoft Internet Explorer 5.5
http://secunia.com/product/10/
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/

DESCRIPTION:
http-equiv has discovered a 6 year old vulnerability in Microsoft
Internet Explorer, allowing malicious people to spoof the content of
websites.

The problem is that Internet Explorer fails to stop a malicious
website from loading arbitrary content in an arbitrary frame in
another browser window. An example has been posted, which shows
arbitrary content in a frame on windowsupdate.microsoft.com.

Successful exploitation allows a malicious site to load arbitrary
content, which appears to originate from a trusted site.

This vulnerability is similar to an old vulnerability fixed by
MS98-020 in Internet Explorer version 3 and 4.

The vulnerability has been confirmed in a fully patched Internet
Explorer 6 running on Microsoft Windows XP. Other versions of
Internet Explorer may also be affected.

SOLUTION:
Do not visit or follow links from untrusted websites.

Use another browser.

PROVIDED AND/OR DISCOVERED BY:
http-equiv

http://secunia.com/advisories/11966/

Discussion is locked
You are posting a reply to: SECURITY ALERTS - June 30, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: SECURITY ALERTS - June 30, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Juniper JUNOS Packet Forwarding Engine IPv6 Denial of Servic
by Marianna Schmudlach / June 30, 2004 12:52 AM PDT

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
JUNOS 6.x
http://secunia.com/product/3418/

DESCRIPTION:
A vulnerability has been discovered in Juniper JUNOS, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a memory leak within the IPv6
Packet Forwarding Engine (PFE) when processing certain IPv6 packets.
This can be exploited by sending multiple specially crafted IPv6
packets to a vulnerable network device.

Successful exploitation consumes all available memory and causes a
vulnerable network device to reboot.

The vulnerability affects all Juniper routers running JUNOS with a
PFE released after February 24, 2004.

SOLUTION:
A solution is available at:
https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2004-06-009&actionBtn=Search

Disable IPv6 support in the PFE.

http://secunia.com/advisories/11950/

Collapse -
D-Link DI-614+ DHCP Service "LEASETIME" Option Denial of Ser
by Marianna Schmudlach / June 30, 2004 12:54 AM PDT

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From local network

OPERATING SYSTEM:
D-Link DI-614+ AirPlus
http://secunia.com/product/3602/

DESCRIPTION:
Gregory Duchemin has reported a vulnerability in D-Link DI-614+,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

The vulnerability is reportedly caused due to a signedness error
within the DHCP service when processing certain DHCP options. This
can be exploited by sending a DHCP request with an overly large value
in the "LEASETIME" option, which causes it to be interpreted as a
negative value.

Successful exploitation consumes all available leases for a much
longer time (13+ years) than specified by an administrator.

The vulnerability has been reported in firmware release 2.30 for
Revision A. Firmware releases prior to 3.41 B5 for Revision B may
also be affected.

SOLUTION:
Firmware release 2.32 for Revision A has been released and may fix
the vulnerability. This has not been confirmed, though.
http://support.dlink.ca/ProductView.asp?ProdID=220

Reportedly, firmware release 3.41 B5 for Revision B fixes the
vulnerability.
http://support.dlink.ca/ProductView.asp?ProdID=221

Disable the DHCP service.

PROVIDED AND/OR DISCOVERED BY:
Gregory Duchemin

http://secunia.com/advisories/11961/

Collapse -
HP-UX Netscape Multiple Vulnerabilities
by Marianna Schmudlach / June 30, 2004 12:56 AM PDT

CRITICAL:
Highly critical

IMPACT:
Exposure of system information, Exposure of sensitive information,
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
HP-UX 11.x
http://secunia.com/product/138/

DESCRIPTION:
HP has acknowledged multiple vulnerabilities in Netscape for HP-UX,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service), gain knowledge of sensitive information, or
compromise a user's system.

The vulnerabilities reportedly affect Netscape for HP-UX B.11.00,
B.11.11, B.11.22, and B.11.23.

SOLUTION:
HP recommends users to remove Netscape and upgrade to Mozilla.
http://www.hp.com/go/mozilla

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

http://secunia.com/advisories/11971/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!