Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - May 12, 2005

TITLE:
Cisco Firewall Services Module TCP Packet URL Filtering Bypass

SECUNIA ADVISORY ID:
SA15349

VERIFY ADVISORY:
http://secunia.com/advisories/15349/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
Cisco Firewall Services Module (FWSM) 1.x
http://secunia.com/product/2273/
Cisco Firewall Services Module (FWSM) 2.x
http://secunia.com/product/5088/

DESCRIPTION:
A security issue has been reported in Cisco Firewall Services Module
(FWSM), which can result in certain traffic bypassing configured
ACLs.

The security issue is caused due to an error as URL, HTTPS, and FTP
filtering exceptions configured to exclude certain addresses from
being filtered for e.g. outbound connections on the internal
interface also causes TCP traffic matching the exception filters from
not being filtered on any interface.

Successful exploitation allows TCP traffic to bypass configured ACLs
meant to filter them, but requires that FWSM has been configured to
allow exceptions for content filtering.

The security issue affects Cisco Catalyst 6500 Series Switches and
Cisco 7600 Series Internet Routers with a FWSM installed running
version 2.3.1 or prior.

SOLUTION:
Update to version 2.3(2).

The security issue has also been addressed in interim images 2.2(1)18
and 1.1(4)4.

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20050511-url.shtml

Discussion is locked
You are posting a reply to: VULNERABILITIES - May 12, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - May 12, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Bugzilla Two Information Disclosure Weaknesses

In reply to: VULNERABILITIES - May 12, 2005

TITLE:
Bugzilla Two Information Disclosure Weaknesses

SECUNIA ADVISORY ID:
SA15338

VERIFY ADVISORY:
http://secunia.com/advisories/15338/

CRITICAL:
Not critical

IMPACT:
Exposure of system information, Exposure of sensitive information

WHERE:
From remote

SOFTWARE:
Bugzilla 2.x
http://secunia.com/product/396/

DESCRIPTION:
Two weaknesses have been reported in Bugzilla, which can be exploited
by malicious users to gain knowledge of sensitive information.

1) Users can determine whether or not a given invisible product
exists, as an access denied error is returned when the user attempts
to access a valid product.

Users can also enter bugs into products closed for bug entry, if a
valid product name is known.

This weakness affects versions 2.10 through 2.18, 2.19.1, and
2.19.2.

2) A user's password may be embedded as part of a report URL, which
causes it to be visible in the web logs.

This weakness affects versions 2.17.1 through 2.18, 2.19.1, and
2.19.2.

SOLUTION:
Update to version 2.18.1.
http://www.bugzilla.org/download/

The weaknesses have also been fixed in versions 2.16.9 and 2.19.3.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits the following people:
* Roman Pszonka
* Gervase Markham
* Fr

Collapse -
Apple QuickTime Quartz Composer Disclosure of System Informa

In reply to: VULNERABILITIES - May 12, 2005

TITLE:
Apple QuickTime Quartz Composer Disclosure of System Information

SECUNIA ADVISORY ID:
SA15307

VERIFY ADVISORY:
http://secunia.com/advisories/15307/

CRITICAL:
Not critical

IMPACT:
Exposure of system information

WHERE:
From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/

SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/

DESCRIPTION:
David Remahl has reported a weakness in Apple QuickTime, which can be
exploited by malicious people to disclose some system information.

The problem is that Quartz Composer compositions embedded in ".mov"
files can access certain system information, which can be disclosed
to web sites via JavaScript. This can e.g. be exploited to disclose
the local username and directory information by tricking a user into
visiting a malicious web site.

SOLUTION:
Disable the QuickTime browser plugin and do not open ".mov" and
Quartz Composer files from untrusted sources.

PROVIDED AND/OR DISCOVERED BY:
David Remahl

ORIGINAL ADVISORY:
http://remahl.se/david/vuln/018/

Collapse -
Mozilla Firefox Download Dialog Spoofing Vulnerabilities

In reply to: VULNERABILITIES - May 12, 2005

TITLE:
Mozilla Firefox Download Dialog Spoofing Vulnerabilities

SECUNIA ADVISORY ID:
SA12979

VERIFY ADVISORY:
http://secunia.com/advisories/12979/

CRITICAL:
Moderately critical

IMPACT:
Spoofing

WHERE:
From remote

SOFTWARE:
Mozilla Firefox 1.x
http://secunia.com/product/4227/
Mozilla Firefox 0.x
http://secunia.com/product/3256/

DESCRIPTION:
Secunia Research has discovered two vulnerabilities in Mozilla
Firefox, which can be exploited by malicious people to spoof file
types in the file download dialog.

1) The filename and the "Content-Type" header are not sufficiently
validated before being displayed in the file download dialog. This
can be exploited to spoof file types in the file download dialog by
sending specially crafted headers containing white spaces, dots, and
ASCII bytes 160.

Successful exploitation may trick a user into executing malware if
the file is opened through the file download dialog.

The vulnerability has been confirmed in Mozilla Firefox 0.10.1 for
Windows. Other versions may also be affected.

2) The "Content-Type" header is used for associating a file to a file
type in the file download dialog, but the file extension is left
intact when saving the file to disk with "Save to Disk". This can be
exploited to spoof file types in the file download dialog.

Successful exploitation may result in malware being saved to the
download directory, which by default is the desktop.

NOTE: If the downloaded malware is a shortcut or some executable
file, then the icon can be spoofed in the download manager and on the
desktop.

The vulnerability has been confirmed in Mozilla Firefox 1.0 for
Windows. Other versions may also be affected.

SOLUTION:
The vulnerabilities have been partially fixed in version 1.0.1.

PROVIDED AND/OR DISCOVERED BY:
Andreas Sandblad, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2004-11/advisory/

OTHER REFERENCES:
1) https://bugzilla.mozilla.org/show_bug.cgi?id=267122
2) https://bugzilla.mozilla.org/show_bug.cgi?id=267123
https://bugzilla.mozilla.org/show_bug.cgi?id=275441

Collapse -
Microsoft Security Advisories for May 2005

In reply to: VULNERABILITIES - May 12, 2005

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!