Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES March 18, 2005

TITLE:
McAfee Multiple Products LHA File Handling Buffer Overflow

SECUNIA ADVISORY ID:
SA14628

VERIFY ADVISORY:
http://secunia.com/advisories/14628/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
McAfee WebShield Appliances
http://secunia.com/product/278/

SOFTWARE:
McAfee Active Threat Protection
http://secunia.com/product/4795/
McAfee Active Virus Defense SMB Edition
http://secunia.com/product/4793/
McAfee Active VirusScan SMB Edition
http://secunia.com/product/4794/
McAfee GroupShield 6.x for Microsoft Exchange
http://secunia.com/product/3615/
McAfee GroupShield for Exchange 2000 5.x
http://secunia.com/product/225/
McAfee GroupShield for Exchange 5.5 v4.x
http://secunia.com/product/353/
McAfee GroupShield for Exchange 5.5 v5.x
http://secunia.com/product/224/
McAfee GroupShield for Lotus Domino on AIX 5.x
http://secunia.com/product/229/
McAfee GroupShield for Lotus Domino on Windows 5.x
http://secunia.com/product/230/
McAfee GroupShield for Mail Servers with ePO
http://secunia.com/product/4797/
McAfee LinuxShield 1.x
http://secunia.com/product/4798/
McAfee Managed VirusScan
http://secunia.com/product/4801/
McAfee Netshield for Netware 4.x
http://secunia.com/product/227/
McAfee PortalShield for Microsoft SharePoint
http://secunia.com/product/4799/
McAfee SecurityShield for Microsoft ISA Server
http://secunia.com/product/4800/
McAfee Virex
http://secunia.com/product/274/
McAfee VirusScan 4.x
http://secunia.com/product/275/
McAfee VirusScan 8.x/2004
http://secunia.com/product/4740/
McAfee VirusScan 9.x/2005
http://secunia.com/product/4792/
McAfee VirusScan Command Line
http://secunia.com/product/4802/
McAfee VirusScan Enterprise 8.x
http://secunia.com/product/3948/
McAfee VirusScan NetApp
http://secunia.com/product/4803/
McAfee VirusScan Professional 7.x
http://secunia.com/product/265/
McAfee WebShield SMTP 4.x
http://secunia.com/product/228/
McAfee Active Mail Protection
http://secunia.com/product/4796/

DESCRIPTION:
ISS X-Force has reported a vulnerability in multiple McAfee products,
which can be exploited by malicious people to compromise a vulnerable
system.

The vulnerability is caused due to a boundary error in the AV
scanning engine when processing LHA archives and can be exploited to
cause a buffer overflow via a specially crafted LHA file.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been reported in version 4320 of the AV
scanning engine and affects the following products:
* Internet Security Suite
* VirusScan (all versions)
* VirusScan Professional
* Active Virus Defense SMB Edition
* Active VirusScan SMB Edition
* Active Threat Protection
* Active Mail Protection
* GroupShield for Exchange
* GroupShield for Exchange 5.5
* GroupShield for Lotus Domino
* GroupShield for Mail Servers with ePO
* LinuxShield
* NetShield for Netware
* PC Security Suite
* PortalShield for Microsoft SharePoint
* SecurityShield for Microsoft ISA Server
* Virex
* VirusScan ASaP
* Managed VirusScan
* VirusScan Command Line
* VirusScan for NetApp
* VirusScan Enterprise 8.0i
* Web Essentials
* WebShield Appliances
* WebShield SMTP

SOLUTION:
The vendor recommends applying the latest .DAT files and updating to
AV scanning engine version 4400.

PROVIDED AND/OR DISCOVERED BY:
Alex Wheeler, ISS X-Force.

ORIGINAL ADVISORY:
McAfee:
http://us.mcafee.com/root/support.asp?id=4320_faqs

ISS X-Force:
http://xforce.iss.net/xforce/alerts/id/190

Discussion is locked
You are posting a reply to: VULNERABILITIES March 18, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES March 18, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
My Firewall Plus Arbitrary File Corruption Vulnerability

In reply to: VULNERABILITIES March 18, 2005

TITLE:
My Firewall Plus Arbitrary File Corruption Vulnerability

SECUNIA ADVISORY ID:
SA13577

VERIFY ADVISORY:
http://secunia.com/advisories/13577/

CRITICAL:
Not critical

IMPACT:
Manipulation of data, DoS

WHERE:
Local system

SOFTWARE:
My Firewall Plus 5.x
http://secunia.com/product/4276/

DESCRIPTION:
Secunia Research has discovered a vulnerability in My Firewall Plus,
which can be exploited by malicious, local users to manipulate the
content of arbitrary files on a vulnerable system.

The vulnerability is caused due to the Log Viewer's export
functionality saving log files without dropping its privileges first.
This can be exploited to corrupt arbitrary files on the system with
logging information.

Successful exploitation requires that the user has access to the Log
Viewer (all users by default).

The vulnerability has been confirmed in version 5.0 (build 1117).
Other versions may also be affected.

NOTE: This vulnerability has been rated "Not critical" as only
trusted users should have access to the configuration and logging
functionality.

SOLUTION:
Update to version 5.0 (build 1119) or apply patch.

Patch:
http://www.webroot.com/services/mfp_patch.exe

Use the "Password Protection" feature to restrict access to the
configuration and logging functionality.

PROVIDED AND/OR DISCOVERED BY:
Carsten Eiram, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2004-20/

Webroot:
http://www.webroot.com/services/mfp_advisory.php

Collapse -
Microsoft Windows EMF File Denial of Service Vulnerability

In reply to: VULNERABILITIES March 18, 2005

TITLE:
Microsoft Windows EMF File Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA14631

VERIFY ADVISORY:
http://secunia.com/advisories/14631/

CRITICAL:
Not critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
http://secunia.com/product/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/product/1177/
Microsoft Windows 2000 Professional
http://secunia.com/product/1/
Microsoft Windows 2000 Server
http://secunia.com/product/20/

DESCRIPTION:
Hongzhen Zhou has discovered a vulnerability in Microsoft Windows,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

The vulnerability is caused due to an error in the processing of EMF
(Microsoft Enhanced Metafile) files in the
"GetEnhMetaFilePaletteEntries()" API in "GDI32.DLL". This can be
exploited to crash an affected application using the vulnerable API.

The vulnerability has been confirmed in Microsoft Windows 2000
Professional. Other versions may also be affected.

SOLUTION:
Don't view or process untrusted EMF files.

PROVIDED AND/OR DISCOVERED BY:
Hongzhen Zhou

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

DEALS, DEALS, DEALS!

Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.