Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - February 9, 2005

by roddy32 / February 8, 2005 9:39 PM PST

TITLE:
Symantec Multiple Products UPX Parsing Engine Buffer Overflow

SECUNIA ADVISORY ID:
SA14179

VERIFY ADVISORY:
http://secunia.com/advisories/14179/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/

SOFTWARE:
Norton Internet Security 2004
http://secunia.com/product/2441/
Norton Internet Security 2004 Professional
http://secunia.com/product/2442/
Norton SystemWorks 2004
http://secunia.com/product/2796/
Symantec AntiVirus Corporate Edition 8.x
http://secunia.com/product/659/
Symantec AntiVirus Corporate Edition 9.x
http://secunia.com/product/3549/
Symantec AntiVirus for Caching 4.x
http://secunia.com/product/4626/
Symantec AntiVirus for Network Attached Storage 4.x
http://secunia.com/product/4625/
Symantec AntiVirus for SMTP Gateways 3.x
http://secunia.com/product/2231/
Symantec AntiVirus Scan Engine 4.x
http://secunia.com/product/3040/
Symantec AntiVirus/Filtering for Domino
http://secunia.com/product/2029/
Symantec Brightmail AntiSpam 4.x
http://secunia.com/product/4627/
Symantec Brightmail AntiSpam 5.x
http://secunia.com/product/4628/
Symantec Client Security 1.x
http://secunia.com/product/2344/
Symantec Client Security 2.x
http://secunia.com/product/3478/
Symantec Mail Security for Exchange 4.x
http://secunia.com/product/2820/
Symantec Mail Security for SMTP 4.x
http://secunia.com/product/3558/
Symantec Norton AntiVirus 2004
http://secunia.com/product/2800/
Symantec Norton AntiVirus for Microsoft Exchange 2.x
http://secunia.com/product/1017/
Symantec Web Security 3.x
http://secunia.com/product/2813/

DESCRIPTION:
ISS X-Force has reported a vulnerability in multiple Symantec
products, which can be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused due to a boundary error in the DEC2EXE
parsing engine used by the antivirus scanning functionality when
processing UPX compressed files. This can be exploited to cause a
heap-based buffer overflow via a specially crafted UPX file.

Successful exploitation allows execution of arbitrary code.

The vulnerability affects the following products:
* Norton AntiVirus for Microsoft Exchange 2.1 (prior to build
2.18.85)
* Symantec Mail Security for Microsoft Exchange 4.0 (prior to build
4.0.10.465)
* Symantec Mail Security for Microsoft Exchange 4.5 (prior to build
4.5.3)
* Symantec AntiVirus/Filtering for Domino NT 3.1 (prior to build
3.1.1)
* Symantec Mail Security for Domino 4.0 (prior to build 4.0.1)
* Symantec AntiVirus/Filtering for Domino Ports 3.0 for AIX (prior to
build 3.0.6)
* Symantec AntiVirus/Filtering for Domino Ports 3.0 for OS400, Linux,
Solaris (prior to build 3.0.7)
* Symantec AntiVirus Scan Engine 4.3 (prior to build 4.3.3)
* Symantec AntiVirus for Network Attached Storage (prior to build
4.3.3)
* Symantec AntiVirus for Caching (prior to build 4.3.3)
* Symantec AntiVirus for SMTP 3.1 (prior to build 3.1.7)
* Symantec Mail Security for SMTP 4.0 (prior to build 4.0.2)
* Symantec Web Security 3.0 (prior to build 3.0.1.70)
* Symantec BrightMail AntiSpam 4.0
* Symantec BrightMail AntiSpam 5.5
* Symantec AntiVirus Corporate Edition 9.0 (prior to build
9.01.1000)
* Symantec AntiVirus Corporate Edition 8.01, 8.1.1
* Symantec Client Security 2.0 (prior to build 9.01.1000)
* Symantec Client Security 1.0
* Symantec Gateway Security 2.0, 2.0.1 - 5400 Series
* Symantec Gateway Security 1.0 - 5300 Series
* Symantec Norton Antivirus 2004 for Windows
* Symantec Norton Internet Security 2004 (pro) for Windows
* Symantec Norton System Works 2004 for Windows
* Symantec Norton Antivirus 2004 for Macintosh
* Symantec Norton Internet Security 2004 for Macintosh
* Symantec Norton System Works 2004 for Macintosh
* Symantec Norton Antivirus 9.0 for Macintosh
* Symantec Norton Internet Security for Macintosh 3.0
* Symantec Norton System Works for Macintosh 3.0

SOLUTION:
Updates are available (see the vendor advisory for details).

PROVIDED AND/OR DISCOVERED BY:
Alex Wheeler, ISS X-Force.

ORIGINAL ADVISORY:
Symantec:
http://www.sarc.com/avcenter/security/Content/2005.02.08.html

ISS X-Force:
http://xforce.iss.net/xforce/alerts/id/187

Discussion is locked
You are posting a reply to: VULNERABILITIES - February 9, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - February 9, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Netscape Three Vulnerabilities
by roddy32 / February 8, 2005 11:47 PM PST

TITLE:
Netscape Three Vulnerabilities

SECUNIA ADVISORY ID:
SA14206

VERIFY ADVISORY:
http://secunia.com/advisories/14206/

CRITICAL:
Less critical

IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data

WHERE:
From remote

SOFTWARE:
Netscape 7.x
http://secunia.com/product/85/

DESCRIPTION:
mikx has discovered three vulnerabilities in Netscape, which can be
exploited by malicious people to plant malware on a user's system,
conduct cross-site scripting attacks and bypass certain security
restrictions.

1) Netscape validates an image against the "Content-Type" HTTP
header, but uses the file extension from the URL when saving an image
after a drag and drop event. This can e.g. be exploited to plant a
valid image with an arbitrary file extension and embedded script code
(e.g. .bat file) on the desktop by tricking a user into performing a
certain drag and drop event.

2) Missing URI handler validation when dragging a "javascript:" URL
to another tab can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an arbitrary site by
tricking a user into dragging a malicious link to another tab.

3) An error in the restriction of URI handlers loaded via plugins can
be exploited to link to certain restricted URIs (e.g. about:config).

This can further be exploited to trick a user into changing some
sensitive configuration settings.

The vulnerabilities have been confirmed in version 7.2. Other
versions may also be affected.

SOLUTION:
Use another browser.

PROVIDED AND/OR DISCOVERED BY:
Originally discovered by:
mikx

Reported in Netscape by:
Juha-Matti Laurio

ORIGINAL ADVISORY:
1) http://www.mikx.de/index.php?p=8
2) http://www.mikx.de/index.php?p=9
3) http://www.mikx.de/index.php?p=10

Collapse -
VeriSign i-Nav Plug-In IDN Spoofing Security Issue
by roddy32 / February 8, 2005 11:50 PM PST

TITLE:
VeriSign i-Nav Plug-In IDN Spoofing Security Issue

SECUNIA ADVISORY ID:
SA14209

VERIFY ADVISORY:
http://secunia.com/advisories/14209/

CRITICAL:
Moderately critical

IMPACT:
Spoofing

WHERE:
From remote

SOFTWARE:
VeriSign i-Nav Plug-In
http://secunia.com/product/4623/

DESCRIPTION:
Eric Johanson has reported a security issue in i-Nav Plug-In, which
can be exploited by a malicious web site to spoof the URL displayed
in the address bar, SSL certificate, and status bar.

The problem is caused due to an unintended result of the IDN
(International Domain Name) implementation, which allows using
international characters in domain names.

This can be exploited by registering domain names with certain
international characters that resembles other commonly used
characters, thereby causing the user to believe they are on a trusted
site.

Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/multiple_browsers_idn_spoofing_test/

The issue has been confirmed in the last build of i-Nav Plug-In
(downloaded 2005-02-09).

SOLUTION:
Don't follow links from untrusted sources.

Manually type the URL in the address bar.

PROVIDED AND/OR DISCOVERED BY:
Originally described by:
Evgeniy Gabrilovich and Alex Gontmakher

Reported by:
Eric Johanson

ORIGINAL ADVISORY:
http://www.shmoo.com/idn/homograph.txt

OTHER REFERENCES:
The Homograph Attack:
http://www.cs.technion.ac.il/~gabr/papers/homograph.html

ICANN paper on IDN Permissible Code Point Problems:
http://www.icann.org/committees/idn/idn-codepoint-paper.htm

Collapse -
RealArcade Two Vulnerabilities
by roddy32 / February 8, 2005 11:52 PM PST

TITLE:
RealArcade Two Vulnerabilities

SECUNIA ADVISORY ID:
SA14187

VERIFY ADVISORY:
http://secunia.com/advisories/14187/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data, System access

WHERE:
From remote

SOFTWARE:
RealArcade 1.x
http://secunia.com/product/4622/

DESCRIPTION:
Luigi Auriemma has reported two vulnerabilities in RealArcade, which
can be exploited by malicious people delete arbitrary files or
compromise a user's system.

1) An integer overflow in the handling of RGS files, where the size
of the GUID and game name is used insecurely, can be exploited to
execute arbitrary code by tricking a user into opening a malicious
RGS file.

2) An input validation error in the handling of RGP files can be
exploited to delete arbitrary files via directory traversal attacks
in the "FILENAME" tag by tricking a user into opening a malicious RGP
file.

The vulnerabilities have been reported in version 1.2.0.994 and
prior.

SOLUTION:
Do not open untrusted RGS and RGP files.

PROVIDED AND/OR DISCOVERED BY:
Luigi Auriemma

ORIGINAL ADVISORY:
http://aluigi.altervista.org/adv/realarcade-adv.txt

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.