Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - November 16, 2006

by roddy32 / November 15, 2006 10:47 PM PST

TITLE:
Outpost Firewall Pro Hooked Functions Denial of Service

SECUNIA ADVISORY ID:
SA22913

VERIFY ADVISORY:
http://secunia.com/advisories/22913/

CRITICAL:
Not critical

IMPACT:
DoS

WHERE:
Local system

SOFTWARE:
Outpost Firewall Pro 4.x
http://secunia.com/product/12472/

DESCRIPTION:
Matousec has discovered a vulnerability in Outpost Firewall Pro,
which can be exploited by malicious, local users to cause a DoS
(Denial of Service).

The vulnerability is caused due to an error within Sandbox.sys when
handling the parameters of certain hooked functions. This can be
exploited to cause a DoS by calling NtAssignProcessToJobObject,
NtCreateKey, NtCreateThread, NtDeleteFile, NtLoadDriver,
NtOpenProcess, NtProtectVirtualMemory, NtReplaceKey,
NtTerminateProcess, NtTerminateThread, NtUnloadDriver, and
NtWriteVirtualMemory with specially crafted parameters.

The vulnerability is confirmed in version 4.0.971.7030 (584). Other
versions may also be affected.

SOLUTION:
Restrict access to trusted users only.

PROVIDED AND/OR DISCOVERED BY:
Matousec Transparent Security

ORIGINAL ADVISORY:
Matousec Transparent Security:
http://www.matousec.com/info/advisories/Outpost-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php

Discussion is locked
Flag
Permalink
You are posting a reply to: VULNERABILITIES - November 16, 2006
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - November 16, 2006
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Track this discussion
Thread display: Collapse / Expand
8 total posts
Collapse -
Panda ActiveScan Multiple Vulnerabilities
by Donna Buenaventura / November 16, 2006 12:00 AM PST

Software: Panda ActiveScan 5.x
Description:
Secunia Research has discovered two vulnerabilities and a weakness in Panda ActiveScan, which can be exploited by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a user's system.

1) The "Reinicializar()" method in the "ActiveScan.1" ActiveX control allows rebooting the system when invoked. This can be exploited by e.g. a malicious website to reboot a user's system without any user confirmation.

2) The "ObtenerTamano()" method in the "PAVPZ.SOS.1" ActiveX control returns the file size of a given local filename. This can be exploited by e.g. a malicious website to determine the presence of local files and the corresponding file sizes.

3) The "Analizar()" method in the "ActiveScan.1" ActiveX control is not thread safe. This can be exploited by e.g. a malicious website via a race condition to corrupt memory and execute arbitrary code.

The vulnerabilities are confirmed in version 5.53.00. Other versions may also be affected.

Solution: Update to version 5.54.01.
http://www.pandasoftware.com/products/ActiveScan.htm

http://secunia.com/advisories/21763/

Flag
Permalink
This was helpful (0)
Collapse -
Kerio WebSTAR "libucache.dylib" Privilege Escalation
by Marianna Schmudlach / November 16, 2006 12:18 AM PST

TITLE:
Kerio WebSTAR "libucache.dylib" Privilege Escalation

SECUNIA ADVISORY ID:
SA22906

VERIFY ADVISORY:
http://secunia.com/advisories/22906/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
Kerio WebSTAR 5.x
http://secunia.com/product/12631/

DESCRIPTION:
Kevin Finisterre has reported a vulnerability in Kerio WebSTAR, which
can be exploited by malicious, local users to gain escalated
privileges.

The vulnerability is caused due to the "WSAdminServer" and
"WSWebServer" applications trying to load the "libucache.dylib"
library from the current directory. This can be exploited to execute
arbitrary code with "root" privileges.

Successful exploitation requires that the attacker is part of the
"admin" group or the "webstar" user.

The vulnerability is reported in version 5.4.2. Other versions may
also be affected.

SOLUTION:
Restrict access to trusted people only.

PROVIDED AND/OR DISCOVERED BY:
Kevin Finisterre

ORIGINAL ADVISORY:
http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt

----------------------------------------------------------------------

Flag
Permalink
This was helpful (0)
Collapse -
Fedora Core "init_journal()" Denial of Service
by Marianna Schmudlach / November 16, 2006 12:19 AM PST

TITLE:
Fedora Core "init_journal()" Denial of Service

SECUNIA ADVISORY ID:
SA22886

VERIFY ADVISORY:
http://secunia.com/advisories/22886/

CRITICAL:
Not critical

IMPACT:
DoS

WHERE:
Local system

OPERATING SYSTEM:
Fedora Core 6
http://secunia.com/product/12487/

DESCRIPTION:
LMH has reported a vulnerability in Fedora Core, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

The vulnerability is caused due to a NULL pointer dereference error
within the "init_journal()" function. This can be exploited to cause
a crash by mounting a specially crafted image as gfs2 file system.

The vulnerability is reported in Fedora Core 6. Other versions may
also be affected.

SOLUTION:
Allow only trusted users to mount images.

PROVIDED AND/OR DISCOVERED BY:
LMH

ORIGINAL ADVISORY:
http://projects.info-pull.com/mokb/MOKB-15-11-2006.html

----------------------------------------------------------------------

Flag
Permalink
This was helpful (0)
Collapse -
Debian update for openssh
by Marianna Schmudlach / November 16, 2006 12:22 AM PST

TITLE:
Debian update for openssh

SECUNIA ADVISORY ID:
SA22926

VERIFY ADVISORY:
http://secunia.com/advisories/22926/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Debian GNU/Linux 3.1
http://secunia.com/product/5307/
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/

DESCRIPTION:
Debian has issued an update for openssh. This fixes some
vulnerabilities, which can be exploited by malicious people to cause
a DoS (Denial of Service) and potentially compromise a vulnerable
system.

For more information:
SA22091
SA22173

SOLUTION:
Apply updated packages.

-- Debian GNU/Linux 3.1 alias sarge --

-- Debian GNU/Linux unstable alias sid --

Fixed in version 1:4.3p2-4.

ORIGINAL ADVISORY:
http://www.us.debian.org/security/2006/dsa-1212

OTHER REFERENCES:
SA22091:
http://secunia.com/advisories/22091/

SA22173:
http://secunia.com/advisories/22173/

Flag
Permalink
This was helpful (0)
Collapse -
SGI Advanced Linux Environment Multiple Updates
by Marianna Schmudlach / November 16, 2006 12:24 AM PST

TITLE:
SGI Advanced Linux Environment Multiple Updates

SECUNIA ADVISORY ID:
SA22929

VERIFY ADVISORY:
http://secunia.com/advisories/22929/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Cross Site Scripting, Privilege escalation, DoS,
System access

WHERE:
From remote

OPERATING SYSTEM:
SGI Advanced Linux Environment 3
http://secunia.com/product/4493/

DESCRIPTION:
SGI has issued a patch for SGI Advanced Linux Environment. This fixes
some vulnerabilities, which can be exploited by malicious, local users
to perform certain actions with escalated privileges, and by malicious
people to bypass certain security restrictions, conduct cross-site
scripting attacks, to cause a DoS (Denial of Service), or potentially
to compromise a vulnerable system.

For more information:
SA13123
SA16816
SA22380
SA22590
SA22653
SA22722

SOLUTION:
Apply patch 10345 for SGI ProPack 3 Service Pack 6.
http://support.sgi.com/

ORIGINAL ADVISORY:
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P.asc

OTHER REFERENCES:
SA13123:
http://secunia.com/advisories/13123/

SA16816:
http://secunia.com/advisories/16816/

SA22380:
http://secunia.com/advisories/22380/

SA22590:
http://secunia.com/advisories/22590/

SA22653:
http://secunia.com/advisories/22653/

SA22722:
http://secunia.com/advisories/22722/

----------------------------------------------------------------------

Flag
Permalink
This was helpful (0)
Collapse -
Red Hat update for elinks
by Marianna Schmudlach / November 16, 2006 12:26 AM PST

TITLE:
Red Hat update for elinks

SECUNIA ADVISORY ID:
SA22923

VERIFY ADVISORY:
http://secunia.com/advisories/22923/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data, Exposure of system information, Exposure of
sensitive information

WHERE:
From local network

OPERATING SYSTEM:
RedHat Enterprise Linux WS 4
http://secunia.com/product/4670/
RedHat Enterprise Linux ES 4
http://secunia.com/product/4668/
RedHat Enterprise Linux AS 4
http://secunia.com/product/4669/

DESCRIPTION:
Red Hat has issued an update for elinks. This fixes a vulnerability,
which can be exploited by malicious people to expose sensitive
information and manipulate data.

For more information:
SA22920

SOLUTION:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2006-0742.html

OTHER REFERENCES:
SA22920:
http://secunia.com/advisories/22920/

----------------------------------------------------------------------

Flag
Permalink
This was helpful (0)
Collapse -
[Adobe security bulletin - 11/16/06
by Marianna Schmudlach / November 16, 2006 12:50 AM PST

- Adobe security bulletin -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, November 16, 2006 - Adobe has published a security bulletin, at http://www.adobe.com/support/security/bulletins/apsb06-18.html, informing of the availability of updates to fix several vulnerabilities in Flash player.

One of them is an update for Flash Player 9, which resolves multiple flaws that could allow remote attackers to modify HTTP headers of client requests and launch HTTP Request Splitting attacks. The effect of these attacks depends on the web browser used.

Adobe recommends users of Adobe Flash Player 9.0.20.0 and earlier to upgrade their applications to version 9.0.28.0. This can be downloaded from the Download Center, at http://www.adobe.com/go/getflashplayer/, or through the auto-update mechanism within the product.

------------------------------------------------------------

Flag
Permalink
This was helpful (0)
Back to Spyware, Viruses, & Security forum 8 total posts
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?