McAfee Framework Format String
16 Mar. 2008
Summary
McAfee Framework is "a framework used for building various services for the McAfee products. These services include HTTP servers and agents implemented, for example, in McAfee ePolicy Orchestrator and possibly other products". A format string vulnerability has been found in the McAfee framework, which in turn can lead to elevated privileges as well as arbitrary code execution.
Credit:
The information has been provided by Luigi Auriemma.
The original article can be found at: http://aluigi.altervista.org/adv/meccaffi-adv.txt
http://www.securiteam.com/windowsntfocus/5PP0C1PNPO.html
Vulnerabilities in Microsoft Office Allows Code Execution (M
Vulnerabilities in Microsoft Office Allows Code Execution (MS08-016)
16 Mar. 2008
Summary
This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported editions of Microsoft Office 2000 and rated Important for supported editions of Microsoft Office XP, Microsoft Office 2003 Service Pack 2, Microsoft Excel Viewer 2003 and Microsoft Excel Viewer 2003 Service Pack 3, and Microsoft Office 2004 for Mac. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/MS08-016.mspx
http://www.securiteam.com/windowsntfocus/5OP0B1PNPG.html
Timbuktu Pro Path Traversal and Log Injection
16 Mar. 2008
Summary
Timbuktu Pro [1] is "a desktop-to-desktop remote control software for the Windows and Macintosh operating systems". The following vulnerabilities have been identified in Timbuktu Pro:
1) File transfer directory traversal (CVE-2008-1117): The '\' and '/' are not properly sanitized when checking the destination filename. The problem resides in the Notes feature implemented by tb2ftp.dll loaded by the tb2pro.exe. This is the main issue.
2) Log input manipulation (CVE-2008-1118): Several fields of the packet containing peer information (computer name, user name and IP address) are taken from the packet sent to the target and used to display this information on the screen of the target.
The vulnerabilities discovered in Timbuktu Pro allow a remote attacker to upload a file to an arbitrary location on the victim's machine and forge peer information on the log lines of the victim's application. For example, an attacker could write an executable in a startup directory of the victim's machine and wait for the user to restart his/her machine. Another example is to write a fake system DLL in an existing program directory, inducing Windows to load this module instead of the real DLL from C:\WINDOWS\system32\
Credit:
The information has been provided by Core Security Technologies Advisories.
The original article can be found at: http://www.coresecurity.com/?action=item&id=2166
http://www.securiteam.com/windowsntfocus/5PP0B1PNQI.html
Microsoft Excel Rich Text Memory Corruption Vulnerability (M
Microsoft Excel Rich Text Memory Corruption Vulnerability (MS08-014)
16 Mar. 2008
Summary
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file.
Credit:
The information has been provided by TippingPoint DVLabs.
The original article can be found at: http://dvlabs.tippingpoint.com/advisory/TPTI-08-03
http://www.securiteam.com/windowsntfocus/5WP0J1PNPE.html
Zabbix (zabbix_agentd) Denial of Service
16 Mar. 2008
Summary
ZABBIX offers "advanced monitoring, alerting and visualization features today which are missing in other monitoring systems, even some of the best commercial ones". There is some DoS issue with Zabbix which can be exploited by a malicious user from an authorized host.
Credit:
The information has been provided by Milen Rangelov.
http://www.securiteam.com/unixfocus/5OP0A1PNQE.html
CiscoWorks Internetwork Performance Monitor Command Executio
CiscoWorks Internetwork Performance Monitor Command Execution Vulnerability
16 Mar. 2008
Summary
CiscoWorks Internetwork Performance Monitor (IPM) version 2.6 for Sun Solaris and Microsoft Windows operating systems contains a vulnerability that allows remote, unauthenticated users to execute arbitrary commands. There are no workarounds for this vulnerability. Cisco has made free software available to address this issue for affected customers.
Credit:
The information has been provided by Cisco Systems Product Security Incident Response Team.
The original article can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml
http://www.securiteam.com/securitynews/5SP0F1PNPM.html
MG-SOFT Net Inspector Multiple Vulnerabilities
16 Mar. 2008
Summary
"MG-SOFT Net Inspector is a powerful fault management application with alarming subsystem that complies with the international alarm reporting recommendations (ITU X.733). The software lets you effectively monitor the status of network devices and manage alarms associated with devices in the supervised TCP/IP network." Multiple vulnerabilities have been discovered in MG-SOFT Net Inspector, these vulnerabilities allow attackers to crash the system, as well as cause it potentially execute arbitrary code.
Credit:
The information has been provided by Luigi Auriemma.
The original article can be found at: http://aluigi.altervista.org/adv/netinsp-adv.txt
http://www.securiteam.com/securitynews/5QP0D1PNPW.html
Airspan WiMAX ProST Authentication Bypass Vulnerability
16 Mar. 2008
Summary
Airspan is "a worldwide leader in broadband wireless with over 400 customers in more than 100 countries. As a founding member of the WiMAX forum, Airspan has led the way in WiMAX, being among the first wave of companies to achieve certification for its Base Station and End User Devices". A vulnerability in Airspan WiMAX product allows remote attackers to bypass the authentication mechanism used by the product with very simple means.
Credit:
The information has been provided by Francis Lacoste-Cordeau.
http://www.securiteam.com/securitynews/5RP0E1PNPE.html
IBM Informix Dynamic Server Authentication Password Stack Ov
IBM Informix Dynamic Server Authentication Password Stack Overflow Vulnerability
16 Mar. 2008
Summary
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM's Informix Dynamic Server. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability.
Credit:
The information has been provided by The Zero Day Initiative (ZDI).
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-08-012
http://www.securiteam.com/securitynews/5TP0G1PNPC.html
Ruby WEBrick Directory Traversal
16 Mar. 2008
Summary
WEBrick is an HTTP server library written in Ruby that uses servlets to extend its capabilities. Built into WEBrick are four servlets, handling CGI, ERb, file directories, and a generic Proc servlet. Ruby on Rails uses WEBrick as a quick and easy webserver to start developing your Rails applications. However, for whatever ease of development WEBrick adds to your application, it is generally considered not suitable for any production environment. The Ruby WEBrick HTTPd server has been found to contain a directory traversal security vulnerability.
Credit:
The information has been provided by Alexandr Polyakov.
http://www.securiteam.com/securitynews/5TP0F1PNQK.html
Sun JDK Image Parsing Library Vulnerabilities (More ICC Pars
16 Mar. 2008
Summary
A vulnerability in Sun JDK image parsing library allows attackers that can supply the JDK with a malformed JPEG file to trigger a buffer overflow which in turn can be used at the very least to crash the Java environment, but in more problematic cases to execute arbitrary code.
Credit:
The information has been provided by Chris Evans.
The original article can be found at: http://scary.beasts.org/security/CESA-2007-005.html
http://www.securiteam.com/securitynews/5SP0E1PNQA.html
Firebird Integer Overflow (Exploit)
16 Mar. 2008
Summary
Firebird is "a relational database offering many ANSI SQL-92 features that runs on Linux, Windows, and a variety of Unix platforms". A vulnerability in Firebird allows remote attackers to cause the server to overflow an internal buffer by causing it to overflow the value of an integer.
Credit:
The information has been provided by Eugene Minaev.
http://www.securiteam.com/exploits/5RP0D1PNQK.html
NetWin Surgemail LIST Universal (Exploit)
16 Mar. 2008
Summary
A vulnerability in NetWin's IMAP server allows authenticated users to cause an internal buffer to overflow which in turn can be used to cause the product to execute arbitrary code.
Credit:
The information has been provided by Matteo Memelli aka ryujin.
The original article can be found at: http://www.milw0rm.com/exploits/5259
http://www.securiteam.com/exploits/5UP0G1PNQC.html