HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - February 16, 2007

by Marianna Schmudlach / February 15, 2007 10:26 AM PST

MySQL Multiple Local Vulnerabilities

Bugtraq ID: 11357
Class: Design Error
CVE: CVE-2004-0835
CVE-2004-0837

MySQL is reported prone to multiple local vulnerabilities. Exploiting these issues may allow an attacker to bypass security restrictions or cause a denial-of-service condition in the application.

Rportedly, an attacker can bypass certain security restrictions and gain access to and corrupt potentially sensitive data due to an error in 'ALTER TABLE ... RENAME' operations.

A denial-of-service condition occurs when multiple threads ALTER MERGE tables to change the UNION.

Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.

Updated: Feb 16 2007 12:37AM
Credit: These issues were disclosed by Oleksandr Byelkin and Dean Ellis.

http://www.securityfocus.com/bid/11357/info

Discussion is locked
You are posting a reply to: VULNERABILITIES - February 16, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - February 16, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
EasyMail Objects Connect Method Remote Stack Buffer Overflow
by Marianna Schmudlach / February 15, 2007 10:28 AM PST

EasyMail Objects Connect Method Remote Stack Buffer Overflow Vulnerability

Bugtraq ID: 22583
Class: Boundary Condition Error

EasyMail Objects is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data prior to copying it to an insufficiently sized buffer.

An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Versions prior to 6.5 are vulnerable.

Updated: Feb 16 2007 12:17AM
Credit: Paul Craig of Security-Assessment.com is credited with the discovery of this issue.
Vulnerable: Quiksoft EasyMail Objects 6.4
Quiksoft EasyMail Objects 6.3
Quiksoft EasyMail Objects 6.2
Quiksoft EasyMail Objects 6.1
Quiksoft EasyMail Objects 6.0

http://www.securityfocus.com/bid/22583/info

Collapse -
Mac OS X Security Update Fixes Multiple Vulnerabilities
by Marianna Schmudlach / February 15, 2007 11:55 PM PST

TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA24198

VERIFY ADVISORY:
http://secunia.com/advisories/24198/

CRITICAL:
Highly critical

IMPACT:
Privilege escalation, DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/

DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

1) A boundary error exists in Finder, which can be exploited by
malicious people to cause a buffer overflow by tricking a user to
mount a malicious disk image.

Successful exploitation may allow execution of arbitrary code.

2) A null-pointer dereference error in iChat Bonjour can be exploited
by malicious people to cause the application to crash.

For more information:
SA23945

NOTE: A similar issue exists in Mac OS X 10.3.

3) A format string error in the handling of AIM URLs in iChat can be
exploited by malicious people to possibly execute arbitrary code.

Successful exploitation requires that a user is tricked into
accessing a specially crafted AIM URL.

4) An error in the UserNotificationCenter can be exploited by
malicious, local users to gain escalated privileges.

For more information:
SA23846

SOLUTION:
Apply Security Update 2007-002:

Security Update 2007-002 (10.4.8 Universal):
http://www.apple.com/support/downloads/securityupdate2007002universal.html

Security Update 2007-002 (10.4.8 PPC):
http://www.apple.com/support/downloads/securityupdate2007002ppc.html

Security Update 2007-002 (10.3.9 Panther):
http://www.apple.com/support/downloads/securityupdate2007002panther.html

PROVIDED AND/OR DISCOVERED BY:
1) Kevin Finisterre, DigitalMunition
3) LMH

ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=305102

OTHER REFERENCES:
MOAB:
1) http://projects.info-pull.com/moab/MOAB-09-01-2007.html
3) http://projects.info-pull.com/moab/MOAB-20-01-2007.html

SA23846:
http://secunia.com/advisories/23846/

SA23945:
http://secunia.com/advisories/23945/

Collapse -
Funky Apple Updates after 2007-0002 (Fixed?)
by Marianna Schmudlach / February 16, 2007 7:15 AM PST

Published: 2007-02-16,
Last Updated: 2007-02-16 22:09:33 UTC
by Joel Esler (Version: 2)
/** I am an Apple fanboy, so I am not picking on Apple **/

That being said, it seems we have found a buggy little feature of OSX after installing Security Update 2007-0002.

It asks us to reinstall Security Update 2007-0001 and iTunes/Quicktime update of 7.0.2.

Now, we have been testing this on many OSX Machines, it appears to be isolated to:


PPC Arch Only (We haven't been able to reproduce on Intel based machines)
10.4.8 (We can't reproduce on 10.3, only 10.4) and
Those machines that are patched to 2007-0001 level

More: http://isc.sans.org/

Collapse -
Gentoo update for fail2ban
by Marianna Schmudlach / February 15, 2007 11:56 PM PST

TITLE:
Gentoo update for fail2ban

SECUNIA ADVISORY ID:
SA24184

VERIFY ADVISORY:
http://secunia.com/advisories/24184/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has issued an update for fail2ban. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

For more information:
SA23237

SOLUTION:
Update to "net-analyzer/fail2ban-0.6.2" or later.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200702-05.xml

OTHER REFERENCES:
SA23237:
http://secunia.com/advisories/23237/

Collapse -
Red Hat update for ImageMagick
by Marianna Schmudlach / February 15, 2007 11:57 PM PST

TITLE:
Red Hat update for ImageMagick

SECUNIA ADVISORY ID:
SA24186

VERIFY ADVISORY:
http://secunia.com/advisories/24186/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
RedHat Enterprise Linux AS 2.1
http://secunia.com/product/48/
RedHat Enterprise Linux AS 3
http://secunia.com/product/2534/
RedHat Enterprise Linux AS 4
http://secunia.com/product/4669/
RedHat Enterprise Linux ES 2.1
http://secunia.com/product/1306/
RedHat Enterprise Linux ES 3
http://secunia.com/product/2535/
RedHat Enterprise Linux ES 4
http://secunia.com/product/4668/
RedHat Enterprise Linux WS 2.1
http://secunia.com/product/1044/
RedHat Enterprise Linux WS 3
http://secunia.com/product/2536/
RedHat Enterprise Linux WS 4
http://secunia.com/product/4670/
RedHat Linux Advanced Workstation 2.1 for Itanium
http://secunia.com/product/1326/

DESCRIPTION:
Red Hat has issued an update for ImageMagick. This fixes some
vulnerabilities, which can be exploited by malicious people to cause
a DoS (Denial of Service) and potentially compromise a vulnerable
system.

For more information:
SA18261
SA22572

SOLUTION:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2007-0015.html

OTHER REFERENCES:
SA18261:
http://secunia.com/advisories/18261/

SA22572:
http://secunia.com/advisories/22572/

Collapse -
EasyMail Objects IMAP4 Component "Connect" Buffer Overflow
by Marianna Schmudlach / February 15, 2007 11:58 PM PST

TITLE:
EasyMail Objects IMAP4 Component "Connect" Buffer Overflow

SECUNIA ADVISORY ID:
SA24199

VERIFY ADVISORY:
http://secunia.com/advisories/24199/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
EasyMail Objects 6.x
http://secunia.com/product/13496/

DESCRIPTION:
Paul Graig has reported a vulnerability in EasyMail Objects, which
can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the IMAP4
component of EasyMail Objects when processing arguments passed to the
"Connect" method. This can be exploited to cause a stack-based buffer
overflow via an overly long (greater than 500 bytes) string passed as
the host name argument to the said method.

Successful exploitation allows execution of arbitrary code and
requires that the user is e.g. tricked into visiting a malicious web
site.

SOLUTION:
Update to version 6.5.

PROVIDED AND/OR DISCOVERED BY:
Paul Craig, Security-Assessment.com

ORIGINAL ADVISORY:
Security-Assessment.com:
http://security-assessment.com/files/advisories/easymail_advisory.pdf

Collapse -
SpamAssassin Long URI Denial of Service
by Marianna Schmudlach / February 15, 2007 11:59 PM PST

TITLE:
SpamAssassin Long URI Denial of Service

SECUNIA ADVISORY ID:
SA24197

VERIFY ADVISORY:
http://secunia.com/advisories/24197/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
SpamAssassin 3.x
http://secunia.com/product/4506/

DESCRIPTION:
A vulnerability has been reported in SpamAssassin, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error and can be
exploited to cause a DoS via overly long URIs in the message content.

SOLUTION:
Update to version 3.1.8.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt

Collapse -
Fedora update for spamassassin
by Marianna Schmudlach / February 16, 2007 12:01 AM PST

TITLE:
Fedora update for spamassassin

SECUNIA ADVISORY ID:
SA24200

VERIFY ADVISORY:
http://secunia.com/advisories/24200/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Fedora Core 5
http://secunia.com/product/8808/
Fedora Core 6
http://secunia.com/product/12487/

DESCRIPTION:
Fedora has issued an update for spamassassin. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

For more information:
SA24197

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://fedoranews.org/cms/node/2657
http://fedoranews.org/cms/node/2659

OTHER REFERENCES:
SA24197:
http://secunia.com/advisories/24197/

Collapse -
ClamAV MIME Header Handling and CAB File Processing Vulnerab
by Marianna Schmudlach / February 16, 2007 12:02 AM PST

ClamAV MIME Header Handling and CAB File Processing Vulnerabilities

TITLE:
ClamAV MIME Header Handling and CAB File Processing Vulnerabilities

SECUNIA ADVISORY ID:
SA24187

VERIFY ADVISORY:
http://secunia.com/advisories/24187/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
Clam AntiVirus (clamav) 0.x
http://secunia.com/product/2538/

DESCRIPTION:
Two vulnerabilities have been reported in ClamAV, which can be
exploited by malicious people to cause a DoS (Denial of Service).

1) Input passed via the "id" parameter when parsing MIME headers is
not properly sanitised before being used to create local files. This
can be exploited to e.g. overwrite the anti-virus signature file via
directory traversal attacks, preventing malware from being detected.

2) An file descriptor leak error in the processing of CAB files can
be exploited to e.g. prevent legitimate users from sending out valid
archives via a specially crafted CAB file with a cabinet header
containing a record length of zero.

The vulnerabilities are reported in versions prior to 0.90.

SOLUTION:
Update to version 0.90.

PROVIDED AND/OR DISCOVERED BY:
Discovered by anonymous researchers and reported via iDefense Labs.

ORIGINAL ADVISORY:
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=475
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=476

Collapse -
Mozilla Firefox "locations.hostname" DOM Property Handling V
by Marianna Schmudlach / February 16, 2007 12:04 AM PST

TITLE:
Mozilla Firefox "locations.hostname" DOM Property Handling
Vulnerability

SECUNIA ADVISORY ID:
SA24175

VERIFY ADVISORY:
http://secunia.com/advisories/24175/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, Manipulation of data

WHERE:
From remote

SOFTWARE:
Mozilla Firefox 2.0.x
http://secunia.com/product/12434/

DESCRIPTION:
Michal Zalewski has reported a vulnerability in Mozilla Firefox,
which can be exploited by malicious people to bypass certain security
restrictions.

The vulnerability is caused due to an error in the handling of the
"locations.hostname" DOM property. This can be exploited to e.g.
manipulate authentication cookies for an arbitrary web site via
assigning a URL including a NULL character ("\x00") to
"locations.hostname".

Successful exploitation requires that the user is e.g. tricked into
visiting a malicious web site.

The vulnerability is reported in version 2.0.0.1. Other versions may
also be affected.

NOTE: Other issues have also been reported, some of which are also
related to the "locations.hostname" DOM property.

SOLUTION:
Do not browse untrusted web sites.

PROVIDED AND/OR DISCOVERED BY:
Michal Zalewski

ORIGINAL ADVISORY:
Full-Disclosure:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052447.html

OTHER REFERENCES:
https://bugzilla.mozilla.org/show_bug.cgi?id=370445

Collapse -
WebTester "typeID" SQL Injection Vulnerability
by Marianna Schmudlach / February 16, 2007 12:05 AM PST

TITLE:
WebTester "typeID" SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA24157

VERIFY ADVISORY:
http://secunia.com/advisories/24157/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
WebTester 5.x
http://secunia.com/product/13494/

DESCRIPTION:
Moran Zavdi has reported a vulnerability in WebTester, which can be
exploited by malicious people to conduct SQL injection attacks.

Input passed to the "typeID" parameter in directions.php is not
properly sanitised before being used in an SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

NOTE: Other parameters and files are also reported to be vulnerable
to SQL injection and cross-site scripting attacks.

The vulnerability is reported in version 5.0. Other versions may also
be affected.

SOLUTION:
Filter malicious characters and character sequences in a proxy.

PROVIDED AND/OR DISCOVERED BY:
Moran Zavdi

ORIGINAL ADVISORY:
http://archives.neohapsis.com/archives/bugtraq/2007-02/0229.html

Collapse -
Red Hat update for samba
by Marianna Schmudlach / February 16, 2007 12:06 AM PST

TITLE:
Red Hat update for samba

SECUNIA ADVISORY ID:
SA24188

VERIFY ADVISORY:
http://secunia.com/advisories/24188/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
RedHat Enterprise Linux AS 3
http://secunia.com/product/2534/
RedHat Enterprise Linux AS 4
http://secunia.com/product/4669/
RedHat Enterprise Linux ES 3
http://secunia.com/product/2535/
RedHat Enterprise Linux ES 4
http://secunia.com/product/4668/
RedHat Enterprise Linux WS 3
http://secunia.com/product/2536/
RedHat Enterprise Linux WS 4
http://secunia.com/product/4670/

DESCRIPTION:
Red Hat has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

For more information:
SA24046

SOLUTION:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2007-0060.html

OTHER REFERENCES:
SA24046:
http://secunia.com/advisories/24046/

Collapse -
Trend Micro OfficeScan Client Unspecified ActiveX Buffer Ove
by Marianna Schmudlach / February 16, 2007 12:08 AM PST

TITLE:
Trend Micro OfficeScan Client Unspecified ActiveX Buffer Overflow

SECUNIA ADVISORY ID:
SA24193

VERIFY ADVISORY:
http://secunia.com/advisories/24193/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Trend Micro OfficeScan Corporate Edition 7.x
http://secunia.com/product/5007/

DESCRIPTION:
A vulnerability has been reported in Trend Micro OfficeScan, which
can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error within an unspecified
ActiveX control on an OfficeScan client. This can be exploited to
cause a buffer overflow when a user e.g. visits a specially crafted
web site.

Successful exploitation allows execution of arbitrary code, but
requires that OfficeScan client was installed using web deployment.

SOLUTION:
Apply patches.

OfficeScan 7.0:
http://www.trendmicro.com/ftp/products/patches/osce_70_win_en_securitypatch_b1344.exe

OfficeScan 7.3:
http://www.trendmicro.com/ftp/products/patches/osce_73_win_en_securitypatch_b1241.exe

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
Trend Micro:
http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1344_readme.txt
http://www.trendmicro.com/ftp/documentation/readme/osce_73_win_en_securitypatch_1241_readme.txt

Collapse -
Debian update for postgresql
by Marianna Schmudlach / February 16, 2007 12:10 AM PST

TITLE:
Debian update for postgresql

SECUNIA ADVISORY ID:
SA24158

VERIFY ADVISORY:
http://secunia.com/advisories/24158/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information, DoS

WHERE:
From local network

OPERATING SYSTEM:
Debian GNU/Linux 3.1
http://secunia.com/product/5307/
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/

DESCRIPTION:
Debian has issued an update for postgresql. This fixes a
vulnerability, which can be exploited by malicious users to gain
knowledge of potentially sensitive information and cause a DoS
(Denial of Service).

For more information:
SA24033

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.us.debian.org/security/2007/dsa-1261

OTHER REFERENCES:
SA24033:
http://secunia.com/advisories/24033/

Collapse -
Ubuntu update for imagemagick
by Marianna Schmudlach / February 16, 2007 12:12 AM PST

TITLE:
Ubuntu update for imagemagick

SECUNIA ADVISORY ID:
SA24196

VERIFY ADVISORY:
http://secunia.com/advisories/24196/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Ubuntu Linux 6.06
http://secunia.com/product/10611/
Ubuntu Linux 6.10
http://secunia.com/product/12470/
Ubuntu Linux 5.10
http://secunia.com/product/6606/

DESCRIPTION:
Ubuntu has issued an update for imagemagick. This fixes a
vulnerability, which can be exploited by malicious people to
potentially compromise a vulnerable system.

For more information:
SA22572

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-422-1

OTHER REFERENCES:
SA22572:
http://secunia.com/advisories/22572/

Collapse -
Secure Site Module for Drupal Unspecified String Handling Se
by Marianna Schmudlach / February 16, 2007 12:37 AM PST

Secure Site Module for Drupal Unspecified String Handling Security Bypass Vulnerability

Advisory ID : FrSIRT/ADV-2007-0637
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-16
Technical Description

A vulnerability has been identified in Secure Site (module for Drupal), which could be exploited by attackers to bypass security restrictions. This issue is due to an unspecified input validation error when processing certain URLs, which could be exploited by attackers to bypass security checks and gain unauthorized access to protected data.

Affected Products

Secure site (module for Drupal) versions 4.7.x-1.x-dev
Secure site (module for Drupal) versions 5.x-1.x-dev

Solution

Upgrade to the latest version :
http://drupal.org/project/image_pager

References

http://www.frsirt.com/english/advisories/2007/0637
http://drupal.org/project/securesite

Credits

Vulnerability reported by Steven Wittens

Collapse -
Microsoft Windows Shell Hardware Detection Service Privilege
by Marianna Schmudlach / February 16, 2007 1:00 AM PST

Microsoft Windows Shell Hardware Detection Service Privilege Escalation Vulnerability

Bugtraq ID: 22481
Class: Input Validation Error
CVE: CVE-2007-0211

A local attacker can exploit this issue to elevate user privileges. Successful exploits will result in the complete compromise of vulnerable computers.

Updated: Feb 16 2007 03:57PM
Credit: The vendor disclosed this issue.

http://www.securityfocus.com/bid/22481/info

Collapse -
Drive-by Pharming Threat
by Marianna Schmudlach / February 16, 2007 1:04 AM PST

Cisco Security Response: Potential exploitation of default administrative credentials

Cisco Response
==============

This is a response to a Symantec published research paper posted on their
website at:
http://www.symantec.com/enterprise/security_response/weblog/2007/02/driv
eby_pharming_how_clicking_1.html

and entitled 'Drive-by Pharming'. In particular, this response focuses on
the information in the Symantec paper, as relevant to certain of Cisco's
non-consumer products. These products are specified in the "Cisco
Routers Impacted' section below.

Purpose of this Response
+-----------------------

As the paper does not disclose any new vulnerability in Cisco products,
Cisco is issuing this response and not a Security Advisory. The purpose
of this response is to inform customers how to change any default
credentials which may ship pre-configured on an impacted Cisco router
(identified below), upon initial configuration and before the device is
connected to a public network.

This response is available at:
http://www.cisco.com/warp/public/707/cisco-sr-20070215-http.shtml

Collapse -
Novell Issues Daylight-Saving Time Warning And Update Utilit
by Marianna Schmudlach / February 16, 2007 4:28 AM PST

Novell Issues Daylight-Saving Time Warning And Update Utility

ZenWorks patch management tool will automatically flag computers on a network that are vulnerable to the March 11 clock change.

By Paul McDougall
InformationWeek

Feb 16, 2007 01:00 PM

Citing the early move to daylight-saving time's "significant" implications for corporate computing, Novell has created a software tool designed to help businesses update their systems to account for the March 11 clock change.

Novell's updated ZenWorks patch management tool will automatically flag computers on a network that are vulnerable to the time change and require a fix, possibly saving IT staffs hours of detective work.

"The implications of this federally mandated time change are significant for both corporate and government networks," Novell said in a company statement issued Thursday. "Companies across all industries face potential disruption from the new DST mandate," Novell warned.

More: http://www.informationweek.com/story/showArticle.jhtml?articleID=197006791&cid=RSSfeed_IWK_Security

Collapse -
Microsoft Internet Explorer WinINet.DLL FTP Server Response
by Marianna Schmudlach / February 16, 2007 7:22 AM PST

Microsoft Internet Explorer WinINet.DLL FTP Server Response Parsing Memory Corruption Vulnerability


Bugtraq ID: 22489
Class: Boundary Condition Error
CVE: CVE-2007-0217


Microsoft Internet Explorer is prone to a memory-corruption vulnerability when parsing certain FTP server responses.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.

Updated: Feb 16 2007 10:27PM
Credit: Greg MacManus of iDefense Labs discovered this vulnerability.

http://www.securityfocus.com/bid/22489/info

Collapse -
Microsoft Internet Explorer COM Object Instantiation Variant
by Marianna Schmudlach / February 16, 2007 7:24 AM PST

Microsoft Internet Explorer COM Object Instantiation Variant Memory Corruption Vulnerability


Bugtraq ID: 22504
Class: Design Error
CVE: CVE-2007-0219


Internet Explorer 7 on Microsoft Vista is not affected by this issue; Internet Explorer 7 on other Windows versions is affected only if COM objects have been enabled by the ActiveX opt-in feature.

This issue is similar to the ones described in previous COM object instantiation records, but it affects a different set of COM objects.

Updated: Feb 16 2007 10:27PM
Credit: H D Moore of BreakingPoint Systems reported this issue to the vendor.

http://www.securityfocus.com/bid/22504/info

Collapse -
Firefox: about:blank is phisher's best friend
by Marianna Schmudlach / February 16, 2007 7:30 AM PST

Feb 16 2007 10:50PM
Michal Zalewski

Firefox suffers from a design flaw that can be used to confuse casual
users and evoke a false sense of authority when visiting a fraudulent
website. The flaw can be also used to bypass a fix for an old UI spoofing
bug that was thought to be addressed. This is a relatively minor issue,
but I thought it's worth reporting.

It is possible for a script to open 'about:blank' URL in a new tab; this
tab will be opened with a blank address bar (the behavior is different for
new windows, where the bar will be grayed out or hidden).

The script can then interact with this document as if it were a page in
the same domain, including the ability to inject of custom HTML. Some
methods of adding this HTML, such as win.document.write(), will update
document.location and the address bar to that of the interacting script,
which seems like an intuitive choice - the user is informed about the
origin of the displayed data.

More: http://www.securityfocus.com/archive/1/460369/30/0/threaded

Collapse -
Oracle Database Remote Password Authentication Downgrade Wea
by Marianna Schmudlach / February 16, 2007 7:33 AM PST

Oracle Database Remote Password Authentication Downgrade Weakness

Bugtraq ID: 22596
Class: Design Error

Oracle Database 9i and 10i are affected by a weakness that may allow attackers to launch brute-force attacks agains the remote authentication protocol.

Successfully exploiting this issue allows remote attackers to downgrade the protocol used during the challenge-response authentication process. This may aid them in further attacks, since they may be able to perform offline brute-force attacks against captured authentication traffic. Other attacks may also be possible.

Published: Feb 16 2007 12:00AM
Updated: Feb 16 2007 10:47PM
Credit: This issue was discovered by László Tóth, with thanks to Balázs Boda, Lajos Antal and Pete Finnigan.

http://www.securityfocus.com/bid/22596/info

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.