VULNERABILITIES \ FIXES - December 31, 2008

31 Dec. 2008

Summary
"Trend Micro HouseCall is an application for checking whether your computer has been infected by viruses, spyware, or other malware. HouseCall performs additional security checks to identify and fix vulnerabilities to prevent reinfection." Secunia Research has discovered a vulnerability in Trend Micro HouseCall, which can be exploited by malicious people to compromise a user's system.

Credit:
The information has been provided by Secunia Research.
The original article can be found at: http://secunia.com/secunia_research/2008-34/

http://www.securiteam.com/windowsntfocus/6F00X0ANFC.html

PHP gd Library imageRotate() Function Information Leak Vulnerability 31 Dec. 2008




Summary
PHP is a popular web programming language which is normally used as a script engine in the server side. PHP 5 which is compiled with gd library, includes a function called imageRotate() for rotating an image resource by giving the rotation angle. This function fills the resulted empty areas with a given default coloring after rotation (clrBack).

Gd library works with both indexed images and truecolor images. A truecolor pixel is a DWORD which stores the color value of the pixel which would be displayed without any change. In indexed mode by using an index with a size of no more than 1 byte, the data would be fetched from a color palette which consists of parallel arrays of color bytes. The gd library uses the same data strcture for both of these image types (gdImageStruct). An implementation error in PHP's gd library can cause information leakage from the memory of the PHP (or possible the web server) process.

Information leak vulnerabilities allow access to e.g. the Apache memory which might contain the private RSA key for the SSL cert. If an attacker is able to read it he can perform real man in the middle attacks on all SSL connections. Aside from this in the days of ASLR, NX and canary protections it is often vital for the success of the exploit to know exact memory addresses.

Credit:
The information has been provided by Hamid Ebadi.

http://www.securiteam.com/unixfocus/6G00Y0ANFU.html

Published: 2008-12-31,
Last Updated: 2008-12-31 04:45:11 UTC
by David Goldsmith

Mozilla released Thunderbird 2.0.0.19 today. The release notes are here. This release addresses a number of security issues, most of which were also in the Firefox browser fixes 3.0.5 and 2.0.0.19/2.0.0.20 earlier this month.

More: http://isc.sans.org/

31 December 2008

In a Verisign blog, Tim Callan has detailed Verisign's response to the MD5 Collision CA Certificate crack presented at the 25th Chaos Communication Congress (25C3). Verisign's RapidSSL came in for particular attention in the presentation as vulnerabilities in the way it generated certificates allowed the researchers to predict the serial number of a certificate that would be generated in the near future. Callan confirmed that after a preliminary viewing, the presentation was accurate and stated that the vulnerability in the certificate generation was closed "shortly before this posting".

More: http://www.heise-online.co.uk/security/Verisign-RapidSSL-close-25C3-MD5-vulnerability--/news/112328

31 December 2008

RoundCube, the PHP based web mail client, was found to be vulnerable and just before christmas an exploit was published on the Milw0rm pages that allowed attackers to inject arbitrary code into the RoundCube application. Secunia has marked this bug as highly critical. RoundCube is free software written in PHP, designed to act as a web gateway for user mailboxes using the IMAP protocol, with support for MIME, an address book, searching and spell checking.

More: http://www.heise-online.co.uk/security/RoundCube-vulnerability-allows-injection-of-arbitrary-scripting-code--/news/112330

By Elizabeth Montalbano, IDG news service

31 December 2008

Microsoft has denied claims that a bug is affecting its Windows Media Player software, posing a security risk for PC users.

The company said the claims posted on SecurityFocus's Bugtraq site that a bug in Windows Media Player 9, 10 or 11 on Windows XP or Vista allowed remote code execution are "false."
"We've found no possibility for code execution in this issue," according to a Microsoft Security Response Center blog entry.
Microsoft acknowledged that the code posted on Bugtraq does crash Windows Media Player, Microsoft's software for playing music and video files, but the application can be restarted "right away" and doesn't affect the rest of the system.

More: http://www.techworld.com/security/news/index.cfm?RSS&NewsID=108908

By Robert McMillan, IDG news service
31 December 2008

A team of security researchers, armed with 200 Sony Playstations, has found a way to undermine the algorithms used to protect secure web sites and launch a nearly undetectable phishing attack.

To do this, they've exploited a bug in the digital certificates used by websites to prove that they are who they claim to be. By taking advantage of known flaws in the MD5 hashing algorithm used to create some of these certificates, the researchers were able to hack Verisign's RapidSSL.com certificate authority and create fake digital certificates for any website on the Internet.

More: http://www.techworld.com/security/news/index.cfm?RSS&NewsID=108907