Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - March 15, 2007

by Marianna Schmudlach / March 14, 2007 3:14 PM PDT

OpenSSH GSSAPI Credential Disclosure Vulnerability


Bugtraq ID: 14729
Class: Design Error
CVE: CVE-2005-2798

OpenSSH is susceptible to a GSSAPI credential-delegation vulnerability.

Specifically, if a user has GSSAPI authentication configured, and 'GSSAPIDelegateCredentials' is enabled, their Kerberos credentials will be forwarded to remote hosts. This occurs even when the user employs authentication methods other than GSSAPI to connect, which is not usually expected.

This vulnerability allows remote attackers to improperly gain access to GSSAPI credentials, allowing them to use those credentials to access resources granted to the original principal.

This issue affects versions of OpenSSH prior to 4.2.

Updated: Mar 15 2007 03:34AM
Credit: Paul Moore disclosed this issue to the vendor.

http://www.securityfocus.com/bid/14729/info

Discussion is locked
You are posting a reply to: VULNERABILITIES - March 15, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - March 15, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
IMP Script Insertion and Cross-Site Scripting Vulnerabilitie
by Marianna Schmudlach / March 15, 2007 1:11 AM PDT

TITLE:
IMP Script Insertion and Cross-Site Scripting Vulnerabilities

SECUNIA ADVISORY ID:
SA24541

VERIFY ADVISORY:
http://secunia.com/advisories/24541/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

SOFTWARE:
IMP Webmail Client 4.x
http://secunia.com/product/6376/

DESCRIPTION:
Some vulnerabilities have been reported in IMP, which can be
exploited by malicious people to conduct cross-site scripting
attacks.

1) An input validation error in the processing of mails in thread.php
where the "Subject" header is not properly sanitised before being
displayed can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site via a
specially crafted mail.

2) Input passed to the "edit_query" parameter and other unspecified
parameters in search.php is not properly sanitised before being
returned to a user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.

Successful exploitation requires that the target user is logged in.

The vulnerabilities are reported in version 4.1.3. Prior versions may
also be affected.

SOLUTION:
Update to version 4.1.4.

PROVIDED AND/OR DISCOVERED BY:
Immerda Project Group and Moritz Naumann

ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052977.html

Collapse -
Internet Explorer 7 navcancl.htm Cross-Site Scripting Vulner
by Marianna Schmudlach / March 15, 2007 1:14 AM PDT

TITLE:
Internet Explorer 7 navcancl.htm Cross-Site Scripting Vulnerability

SECUNIA ADVISORY ID:
SA24535

VERIFY ADVISORY:
http://secunia.com/advisories/24535/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting, Spoofing

WHERE:
From remote

SOFTWARE:
Microsoft Internet Explorer 7.x
http://secunia.com/product/12366/

DESCRIPTION:
Aviv Raff has discovered a vulnerability in Internet Explorer 7,
which can be exploited by malicious people to conduct phishing
attacks.

An input validation error exists in the local resource page
"navcancl.htm" when generating the "Refresh the page" link. This can
be exploited to inject arbitrary script code to e.g. spoof the
contents of an arbitrary site when the user clicks on the "Refresh
the page" link.

Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/Internet_Explorer_7_navcancl.htm_Cross-Site_Scripting_Vulnerability/

The vulnerability is confirmed in Internet Explorer 7 on a fully
patched Windows XP SP2 system. Other versions may also be affected.

SOLUTION:
Do not follow links from untrusted sources.

Do not click the "Refresh the page" link when the "Navigation
Canceled" page is displayed.

PROVIDED AND/OR DISCOVERED BY:
Aviv Raff

ORIGINAL ADVISORY:
http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx

Collapse -
Gentoo net-misc/ssh Vulnerability
by Marianna Schmudlach / March 15, 2007 1:17 AM PDT

TITLE:
Gentoo net-misc/ssh Vulnerability

SECUNIA ADVISORY ID:
SA24516

VERIFY ADVISORY:
http://secunia.com/advisories/24516/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has acknowledged a vulnerability in net-misc/ssh, which
potentially can be exploited by malicious users to compromise a
vulnerable system.

For more information:
SA18828

SOLUTION:
The vendor recommends removing the vulnerable net-misc/ssh package.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200703-13.xml

OTHER REFERENCES:
SA18828:
http://secunia.com/advisories/18828/

Collapse -
unrarlib "urarlib_get()" Multiple Buffer Overflow Vulnerabil
by Marianna Schmudlach / March 15, 2007 1:20 AM PDT

TITLE:
unrarlib "urarlib_get()" Multiple Buffer Overflow Vulnerabilities

SECUNIA ADVISORY ID:
SA24472

VERIFY ADVISORY:
http://secunia.com/advisories/24472/

CRITICAL:
Less critical

IMPACT:
Privilege escalation, System access

WHERE:
From remote

SOFTWARE:
unrarlib 0.x
http://secunia.com/product/13654/

DESCRIPTION:
starcadi has reported some vulnerabilities in unrarlib, which
potentially can be exploited by malicious people to gain escalated
privileges or compromise a vulnerable system.

The vulnerabilities are caused due to boundary errors within the
"urarlib_get()" function in urarlib.c when processing the "filename",
"rarfile", and "libpassword" arguments. These can be exploited to
cause buffer overflows via setting an overly long string (greater
than 255 bytes) as one of the mentioned arguments.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in version 0.4.0. Other versions and
products that use the application may also be affected.

SOLUTION:
Do not process untrusted files in applications using the vulnerable
library.

PROVIDED AND/OR DISCOVERED BY:
starcadi

Collapse -
Sun Solaris Adobe Acrobat Multiple Vulnerabilities
by Marianna Schmudlach / March 15, 2007 1:21 AM PDT

TITLE:
Sun Solaris Adobe Acrobat Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA24533

VERIFY ADVISORY:
http://secunia.com/advisories/24533/

CRITICAL:
Highly critical

IMPACT:
Cross Site Scripting, System access

WHERE:
From remote

OPERATING SYSTEM:
Sun Solaris 10
http://secunia.com/product/4813/

DESCRIPTION:
Sun has acknowledged some vulnerabilities within the Adobe Reader,
which can be exploited by malicious people to conduct cross-site
scripting attacks and potentially compromise a user's system.

For more information:
SA23666
SA23483

Reportedly, Solaris 10 for the x86 platform is not affected.

SOLUTION:
A final resolution is pending.

The vendor recommends to open trusted PDF files only and to disable
JavaScript in your browser.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1

OTHER REFERENCES:
SA23666:
http://secunia.com/advisories/23666/

SA23483:
http://secunia.com/advisories/23483/

Collapse -
Trend Micro Products UPX Processing Denial of Service
by Marianna Schmudlach / March 15, 2007 1:23 AM PDT

TITLE:
Trend Micro Products UPX Processing Denial of Service

SECUNIA ADVISORY ID:
SA24450

VERIFY ADVISORY:
http://secunia.com/advisories/24450/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
Trend Micro Client Server Messaging Security for SMB 2.x
http://secunia.com/product/13521/
Trend Micro Client Server Messaging Security for SMB 3.x
http://secunia.com/product/13440/
Trend Micro Client Server Security for SMB 3.x
http://secunia.com/product/13442/
Trend Micro InterScan AppletTrap 2.x
http://secunia.com/product/63/
Trend Micro InterScan eManager 3.x
http://secunia.com/product/62/
Trend Micro InterScan Messaging Security Suite 5.x
http://secunia.com/product/61/
Trend Micro InterScan VirusWall 3.x
http://secunia.com/product/60/
Trend Micro InterScan Web Security Suite 1.x
http://secunia.com/product/4085/
Trend Micro InterScan Web Security Suite 2.x
http://secunia.com/product/4086/
Trend Micro InterScan WebManager 2.x
http://secunia.com/product/64/
Trend Micro OfficeScan Corporate Edition 3.x
http://secunia.com/product/855/
Trend Micro InterScan WebProtect for ISA 3.x
http://secunia.com/product/65/
Trend Micro OfficeScan Corporate Edition 5.x
http://secunia.com/product/854/
Trend Micro OfficeScan Corporate Edition 6.x
http://secunia.com/product/4323/
Trend Micro OfficeScan Corporate Edition 7.x
http://secunia.com/product/5007/
Trend Micro PC-cillin 2000
http://secunia.com/product/851/
Trend Micro PC-cillin 2002
http://secunia.com/product/852/
Trend Micro PC-cillin 2003
http://secunia.com/product/853/
Trend Micro PC-cillin for Wireless 3.x
http://secunia.com/product/8133/
Trend Micro PC-cillin Internet Security 2005
http://secunia.com/product/4708/
Trend Micro PC-cillin Internet Security 2006 / 14.x
http://secunia.com/product/8828/
Trend Micro PC-cillin Internet Security 2007
http://secunia.com/product/13436/
Trend Micro PortalProtect for SharePoint 1.x
http://secunia.com/product/4709/
Trend Micro ScanMail eManager 3.x
http://secunia.com/product/68/
Trend Micro ScanMail eManager 5.x
http://secunia.com/product/4710/
Trend Micro ScanMail for Lotus Notes 2.x
http://secunia.com/product/1021/
Trend Micro ScanMail for Lotus Notes 3.x
http://secunia.com/product/4711/
Trend Micro ScanMail for Microsoft Exchange 3.x
http://secunia.com/product/66/
Trend Micro ScanMail for Microsoft Exchange 6.x
http://secunia.com/product/67/
Trend Micro ScanMail for Microsoft Exchange 7.x
http://secunia.com/product/8046/
Trend Micro ScanMail for Openmail 2.x
http://secunia.com/product/1022/
Trend Micro ServerProtect for EMC Celerra 5.x
http://secunia.com/product/13528/
Trend Micro ServerProtect for Linux 1.x
http://secunia.com/product/4712/
Trend Micro ServerProtect for Linux 2.x
http://secunia.com/product/13531/
Trend Micro ServerProtect for Network Appliance Filer 5.x
http://secunia.com/product/13527/
Trend Micro ServerProtect for Windows/NetWare 5.x
http://secunia.com/product/1153/

DESCRIPTION:
A vulnerability has been reported in Trend Micro products, which can
be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a divide-by-zero error within the
anti-virus engine when processing UPX compressed executables. This
can be exploited to e.g. crash the system (Windows-based system) or
application (library-based engine) when scanning a specially crafted
UPX compressed executable file.

The vulnerability reportedly affects all Trend Micro products that
use Scan Engine version 8.0 and above with Pattern File technology.

SOLUTION:
Update the virus pattern file to OPR 4.335.00 or higher.

PROVIDED AND/OR DISCOVERED BY:
Discovered by an anonymous person and reported via iDefense Labs.

ORIGINAL ADVISORY:
Trend Micro:
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034587

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=488

Collapse -
SUSE update for php4 and php5
by Marianna Schmudlach / March 15, 2007 1:25 AM PDT

TITLE:
SUSE update for php4 and php5

SECUNIA ADVISORY ID:
SA24514

VERIFY ADVISORY:
http://secunia.com/advisories/24514/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, Exposure of sensitive information, DoS, System
access

WHERE:
From remote

OPERATING SYSTEM:
SUSE Linux 10
http://secunia.com/product/6221/
SUSE Linux 10.1
http://secunia.com/product/10796/
openSUSE 10.2
http://secunia.com/product/13375/
UnitedLinux 1.0
http://secunia.com/product/2003/
SuSE Linux Enterprise Server 8
http://secunia.com/product/1171/
SuSE Linux Openexchange Server 4.x
http://secunia.com/product/2001/
SuSE Linux Standard Server 8
http://secunia.com/product/2526/
SUSE Linux Enterprise Server 9
http://secunia.com/product/4118/
SUSE Linux Enterprise Server 10
http://secunia.com/product/12192/

SOFTWARE:
Novell Open Enterprise Server
http://secunia.com/product/4664/

DESCRIPTION:
SUSE has issued an update for php4 and php5. This fixes some
vulnerabilities, which can be exploited by malicious people to
disclose potentially sensitive information, bypass certain security
restrictions, cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.

For more information:
SA24089

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html

OTHER REFERENCES:
SA24089:
http://secunia.com/advisories/24089/

Collapse -
Sun Java System Web Server Revoked Certificate Security Bypa
by Marianna Schmudlach / March 15, 2007 1:28 AM PDT

TITLE:
Sun Java System Web Server Revoked Certificate Security Bypass

SECUNIA ADVISORY ID:
SA24531

VERIFY ADVISORY:
http://secunia.com/advisories/24531/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
Sun Java System Web Server (Sun ONE/iPlanet) 6.x
http://secunia.com/product/92/

DESCRIPTION:
Sun has acknowledged a vulnerability in Sun Java System Web Server,
which can be exploited by malicious users to bypass certain security
restriction.

If a secure non-root server instance is set up by an admin server
running as root, an unspecified error can be exploited to gain access
to the web server instance using a revoked client certificate even if
the server instance has a valid Certificate Revocation List (CRL)
file installed.

SOLUTION:
Install Service Pack 7 for Sun Java System Web Server 6.1 or apply
patches.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102822-1

Collapse -
Red Hat update for wireshark
by Marianna Schmudlach / March 15, 2007 1:29 AM PDT

TITLE:
Red Hat update for wireshark

SECUNIA ADVISORY ID:
SA24515

VERIFY ADVISORY:
http://secunia.com/advisories/24515/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
RedHat Enterprise Linux ES 3
http://secunia.com/product/2535/
Red Hat Enterprise Linux Desktop (v. 5 client)
http://secunia.com/product/13653/
Red Hat Enterprise Linux (v. 5 server)
http://secunia.com/product/13652/
RHEL Desktop Workstation (v. 5 client)
http://secunia.com/product/13651/
RedHat Enterprise Linux AS 2.1
http://secunia.com/product/48/
RedHat Enterprise Linux AS 3
http://secunia.com/product/2534/
RedHat Enterprise Linux AS 4
http://secunia.com/product/4669/
RedHat Enterprise Linux ES 2.1
http://secunia.com/product/1306/
RedHat Enterprise Linux ES 4
http://secunia.com/product/4668/
RedHat Enterprise Linux WS 2.1
http://secunia.com/product/1044/
RedHat Enterprise Linux WS 3
http://secunia.com/product/2536/
RedHat Enterprise Linux WS 4
http://secunia.com/product/4670/
RedHat Linux Advanced Workstation 2.1 for Itanium
http://secunia.com/product/1326/

DESCRIPTION:
Red Hat has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to cause
a DoS (Denial of Service).

For more information:
SA24016

SOLUTION:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2007-0066.html

OTHER REFERENCES:
SA24016:
http://secunia.com/advisories/24016/

Collapse -
Fedora update for kernel
by Marianna Schmudlach / March 15, 2007 1:32 AM PDT

TITLE:
Fedora update for kernel

SECUNIA ADVISORY ID:
SA24518

VERIFY ADVISORY:
http://secunia.com/advisories/24518/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information, Privilege escalation, DoS

WHERE:
Local system

OPERATING SYSTEM:
Fedora Core 6
http://secunia.com/product/12487/
Fedora Core 5
http://secunia.com/product/8808/

DESCRIPTION:
Fedora has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, and potentially gain escalated privileges.

For more information:
SA24436
SA24493

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://fedoranews.org/cms/node/2787
http://fedoranews.org/cms/node/2788

OTHER REFERENCES:
SA24436:
http://secunia.com/advisories/24436/

SA24493:
http://secunia.com/advisories/24493/

Collapse -
Redhat Security Update Fixes Kernel Privilege Escalation and
by Marianna Schmudlach / March 15, 2007 2:03 AM PDT

Redhat Security Update Fixes Kernel Privilege Escalation and Denial of Service Issues

Advisory ID : FrSIRT/ADV-2007-0955
CVE ID : CVE-2007-0005 - CVE-2007-0006 - CVE-2007-0958
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-03-15
Technical Description

Redhat has released security updates to address multiple vulnerabilities identified in Kernel. These issues could be exploited by local attackers to cause a denial of service or execute arbitrary commands. For additional information, see : FrSIRT/ADV-2007-0872 - FrSIRT/ADV-2007-0907 - FrSIRT/ADV-2007-0612

Affected Products

RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Solution

Upgrade the affected packages :
https://rhn.redhat.com/

References

http://www.frsirt.com/english/advisories/2007/0955
https://rhn.redhat.com/errata/RHSA-2007-0099.html

Collapse -
Redhat Security Update Fixes Samba "smbd" Remote Denial of S
by Marianna Schmudlach / March 15, 2007 2:04 AM PDT

Redhat Security Update Fixes Samba "smbd" Remote Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0953
CVE ID : CVE-2007-0452
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-15
Technical Description

Redhat has released security updates to address a vulnerability identified in Samba. This issue could be exploited by authenticated attackers to cause a denial of service. For additional information, see : FrSIRT/ADV-2007-0483

Affected Products

Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Solution

Upgrade the affected packages :
https://rhn.redhat.com/

References

http://www.frsirt.com/english/advisories/2007/0953
https://rhn.redhat.com/errata/RHSA-2007-0061.html

Collapse -
Redhat Security Update Fixes Bind Multiple Remote Denial of
by Marianna Schmudlach / March 15, 2007 2:05 AM PDT

Redhat Security Update Fixes Bind Multiple Remote Denial of Service Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0952
CVE ID : CVE-2007-0493 - CVE-2007-0494
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-15
Technical Description

Redhat has released security updates to address multiple vulnerabilities identified in Bind. These issues could be exploited by attackers to cause a denial of service. For additional information, see : FrSIRT/ADV-2007-0349

Affected Products

RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Solution

Upgrade the affected packages :
https://rhn.redhat.com/

References

http://www.frsirt.com/english/advisories/2007/0952
https://rhn.redhat.com/errata/RHSA-2007-0057.html

Collapse -
Fedora update for cups
by Marianna Schmudlach / March 15, 2007 3:17 AM PDT

TITLE:
Fedora update for cups

SECUNIA ADVISORY ID:
SA24530

VERIFY ADVISORY:
http://secunia.com/advisories/24530/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From local network

OPERATING SYSTEM:
Fedora Core 5
http://secunia.com/product/8808/

DESCRIPTION:
Fedora has issued an update for cups. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

For more information:
SA24517

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://fedoranews.org/cms/node/2785

OTHER REFERENCES:
SA24517:
http://secunia.com/advisories/24517/

Collapse -
Multiple Cisco Products Online Help Cross Site Scripting Vul
by Marianna Schmudlach / March 15, 2007 9:19 AM PDT

Multiple Cisco Products Online Help Cross Site Scripting Vulnerability

Bugtraq ID: 22982
Class: Input Validation Error

Multiple Cisco products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.

An attacker may leverage this issue by enticing a victim into following a maliciously crafted URI.

Attackers may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Published: Mar 15 2007 12:00AM
Updated: Mar 15 2007 07:54PM
Credit: Erwin Paternotte from Fox-IT and Cassio Goldschmidt are credited with the discovery of this issue.

http://www.securityfocus.com/bid/22982/info

Collapse -
OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
by Marianna Schmudlach / March 15, 2007 9:22 AM PDT

OpenSSL is prone to a vulnerability that may allow an attacker to forge an RSA signature. The attacker may be able to forge a PKCS #1 v1.5 signature when an RSA key with exponent 3 is used.

An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.

All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available.

Updated: Mar 15 2007 06:44PM
Credit: Daniel Bleichenbacher reported this issue to the vendor.

http://www.securityfocus.com/bid/19849/info

Collapse -
Symantec Norton Personal Firewall 2006 SymTDI Driver Local D
by Marianna Schmudlach / March 15, 2007 9:25 AM PDT

Symantec Norton Personal Firewall 2006 SymTDI Driver Local Denial of Service Vulnerability


Bugtraq ID: 22977
Class: Failure to Handle Exceptional Conditions

Norton Personal Firewall 2006 is prone to a local denial-of-service vulnerability. This issue occurs when attackers send malformed data to the 'SymTDI' driver.

A local authenticated attacker may exploit this issue to crash affected computers, denying service to legitimate users.

This issue is similar to the one described in BID 22961. Symantec is currently investigating this issue; this BID will be updated as more information becomes available.

Published: Mar 15 2007 12:00AM
Updated: Mar 15 2007 06:24PM
Credit: Discovery is credited to David Matousek.
Vulnerable: Symantec Norton Personal Firewall 2006 9.1.1 .7
Symantec Norton Personal Firewall 2006 9.1 .33


http://www.securityfocus.com/bid/22977/info

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Turn up the volume with our Apple Byte sweeps!

Two lucky winners will take home the coveted smart speaker that lets Siri help you around your connected house. This sweepstake ends Feb. 25, 2018.