Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - June 28, 2006

by Donna Buenaventura / June 27, 2006 5:12 PM PDT

Apple Mac OS X Multiple Command Execution and Privilege Escalation Vulnerabilities

Apple has released security updates to address multiple vulnerabilities identified in Mac OS X. These flaws could be exploited by remote or local attackers to execute arbitrary commands, cause a denial of service, or disclose sensitive information.

The first issue is due to an error in the AFP server when displaying search results, which could be exploited by malicious users to disclose the names of files and folders for which they have no access.

The second vulnerability is due to a stack overflow error in ImageIO when handling malformed TIFF images, which could be exploited by attackers to crash an affected application or compromise a vulnerable system via a specially crafted TIFF image.

The third flaw is due to an error in the OpenLDAP server that fails to properly handle invalid LDAP requests, which could be exploited by remote attackers to cause a denial of service.

The fourth issue is due to a format string error in the setuid utility "launchd" when logging messages, which could be exploited by malicious users to execute arbitrary commands with elevated privileges.

The fifth vulnerability is due to an error in ClamAV, which could be exploited by attackers to execute arbitrary code by tricking a user into downloading virus signature updates from a malicious web server.

Affected Products

Apple Mac OS X version 10.4 through 10.4.6
Apple Mac OS X Server version 10.4 through 10.4.6

Solution

Upgrade to version 10.4.7 :
http://www.apple.com/support/downloads/

http://www.frsirt.com/english/advisories/2006/2566

Discussion is locked
You are posting a reply to: VULNERABILITIES - June 28, 2006
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - June 28, 2006
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Nokia PC Suite and Sony Products Vulnerability
by Donna Buenaventura / June 27, 2006 5:22 PM PDT

A vulnerability has been identified in Nokia PC Suite and in various Sony products, which could be exploited by remote attackers to take complete control of an affected system. This flaw is due to a buffer overflow error in the Gracenote CDDB (CD Data Base) ActiveX Control when handling an overly long option, which could be exploited by remote attackers to execute arbitrary commands on a vulnerable system via a specially crafted Web page.

Affected Products

Nokia PC Suite version 6.8
Nokia PC Suite version 6.7
Sony CONNECT Player
Sony SonicStage version 3.3
Sony SonicStage version 3.4
Sony SonicStage Mastering Studio version 2.1
Sony SonicStage Mastering Studio version 2.2

Solution

For Nokia PC Suite:
Install PC Suite version 6.8 Update
http://europe.nokia.com/nokia/0,,72026,00.html
For Sony Products:
Apply patch :
http://www.gracenote.com/sec062706/GracenoteUpdateForSony.exe

References
http://www.frsirt.com/english/advisories/2006/2563
http://europe.nokia.com/nokia/0,,93034,00.html
http://www.gracenote.com/sec062706/SonySecurityNotification.html
http://www.zerodayinitiative.com/advisories/ZDI-06-019.html
http://www.kb.cert.org/vuls/id/701121
http://www.frsirt.com/english/advisories/2006/2562
http://www.gracenote.com/sec062706/SonySecurityNotification.html
http://www.zerodayinitiative.com/advisories/ZDI-06-019.html
http://www.kb.cert.org/vuls/id/701121

Collapse -
Trend Micro Control Manager Access Log Client-Side Cross
by Donna Buenaventura / June 27, 2006 5:26 PM PDT

Cross Site Scripting Vulnerability

A vulnerability has been identified in Trend Micro Control Manager, which could be exploited by attackers to execute arbitrary scripting code. This flaw is due to an input validation error in the logging feature that does not validate user-supplied parameters (e.g. "username") before being stored in the log file and displayed via the administrative interface, which could be exploited by attackers to cause arbitrary scripting code to be executed by the administrator's browser in the security context of an affected Web site.

Affected Products:
Trend Micro Control Manager version 3.5 and prior

Solution:
The FrSIRT is not aware of any official supplied patch for this issue.

http://www.frsirt.com/english/advisories/2006/2526

Collapse -
F-Secure Antivirus Products Scanning Bypass Vulnerability
by roddy32 / June 27, 2006 10:21 PM PDT

TITLE:
F-Secure Antivirus Products Scanning Bypass Vulnerability

SECUNIA ADVISORY ID:
SA20858

VERIFY ADVISORY:
http://secunia.com/advisories/20858/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
F-Secure Anti-Virus 2004
http://secunia.com/product/3500/
F-Secure Anti-Virus 2005
http://secunia.com/product/4299/
F-Secure Anti-Virus 2006
http://secunia.com/product/6882/
F-Secure Anti-Virus Client Security 5.x
http://secunia.com/product/2718/
F-Secure Anti-Virus Client Security 6.x
http://secunia.com/product/5786/
F-Secure Anti-Virus for Citrix Servers 5.x
http://secunia.com/product/5198/
F-Secure Anti-Virus for MIMEsweeper 5.x
http://secunia.com/product/455/
F-Secure Anti-Virus for Windows Servers 5.x
http://secunia.com/product/452/
F-Secure Anti-Virus for Workstations 5.x
http://secunia.com/product/457/
F-Secure Internet Security 2004
http://secunia.com/product/3499/
F-Secure Internet Security 2005
http://secunia.com/product/4300/
F-Secure Internet Security 2006
http://secunia.com/product/6883/
F-Secure Service Platform for Service Providers (Personal Express)
6.x
http://secunia.com/product/6885/

DESCRIPTION:
Two vulnerabilities have been reported in various F-Secure Antivirus
products, which can be exploited by malware to bypass the scanning
functionality.

1) An unspecified error within the handling of executable programs
where the name has been manipulated in a certain way can be exploited
to bypass the anti-virus scanning functionality.

2) An error causes files on removable media to not be scanned when
the "Scan network devices" option has been disabled.

Successful exploitation of the vulnerabilities bypasses the real-time
scanning functionality and may result in execution of malware on the
system.

SOLUTION:
Apply patches (see patch matrix in the vendor's advisory).

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
F-Secure:
http://www.f-secure.com/security/fsc-2006-4.shtml

Collapse -
Opera SSL Certificate "Stealing" Weakness
by roddy32 / June 27, 2006 10:25 PM PDT

TITLE:
Opera SSL Certificate "Stealing" Weakness

SECUNIA ADVISORY ID:
SA19480

VERIFY ADVISORY:
http://secunia.com/advisories/19480/

CRITICAL:
Not critical

IMPACT:
Spoofing

WHERE:
From remote

SOFTWARE:
Opera 8.x
http://secunia.com/product/4932/

DESCRIPTION:
Secunia Research has discovered a weakness in Opera, which can be
exploited to display the SSL certificate from a trusted site on an
untrusted site.

The weakness is caused due to Opera not resetting the SSL security
bar after displaying a download dialog from a SSL enabled web site.
This allows an untrusted web site to display yellow SSL security bar
from a trusted web site.

NOTE: A more convincing exploit can be done using pop-up windows,
which do not have a visible address bar.

The weakness has been confirmed in Opera 8.54. Prior versions may
also be affected.

SOLUTION:
Upgrade to version 9.0.

PROVIDED AND/OR DISCOVERED BY:
Jakob Balle, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2006-49/

Collapse -
CA Products Scan Job Description Format String Vulnerability
by Donna Buenaventura / June 28, 2006 3:11 AM PDT

Affected Software:

CA eTrust PestPatrol Anti-Spyware Corporate Edition 8.x
CA Integrated Threat Management (ITM) 8.x
eTrust Antivirus 8.x

A vulnerability has been reported in some CA products, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

The vulnerability is caused due to a format string error within the handling of the description field of a scan job. This can be exploited to cause the affect products to crash and may allow arbitrary code execution via a specially crafted scan job description that contains format string specifiers.

Successful exploitation requires that the user is able to create a scan job.

The vulnerability has been reported in the following products:
* CA Integrated Threat Management r8
* eTrust Antivirus r8
* eTrust PestPatrol Anti-Spyware Corporate Edition r8

Solution: The vulnerability has been fixed in Content Update build 432 via the content update mechanism.

http://secunia.com/advisories/20856/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?