Spyware, Viruses, & Security forum

General discussion

Vulnerabilities - November 20, 2004

by Donna Buenaventura / November 20, 2004 1:12 AM PST

eTrust EZ Antivirus Password Protection Can Be Bypassed By Local Users

Version(s): prior to 7.0.2.1

Description: A vulnerability was reported in Computer Associates eTrust EZ Antivirus. A local user can bypass the GUI password protection feature.

The vendor reported that the proxy password in the GUI can be recovered by the local user.

Cengiz Aykanat is credited with discovering this flaw.

The vendor was notified on October 26, 2004.

Impact: A local user can obtain the password and use the password to access the application.

Solution: The vendor has issued a fixed version (7.0.2.1 or later).

http://www.securitytracker.com/alerts/2004/Nov/1012283.html

Discussion is locked
You are posting a reply to: Vulnerabilities - November 20, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Vulnerabilities - November 20, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Opera Java Sandbox Flaws Let Malicious Applets Access System
by Donna Buenaventura / November 20, 2004 1:23 AM PST

Information and Crash the Browser

Version(s): 7.54; prior versions may be affected
Description: Several vulnerabilities were reported in Opera in the Java sandbox mechanism. An applet can gain elevated privileges to access local information or cause the browser to crash.

Marc Schonefeld from illegalaccess.org reported that a remote user can create a Java applet that, when loaded by the target user, can exploit a number of flaws in the system.

It is reported that Opera's custom Java plugin has a flaw in the default Java policy configuration.

The policy grants applets access to internal sun-packages:

grant {
permission java.lang.RuntimePermission "accessClassInPackage.sun.*";
};

This access may let the applet invoke potentially destructive behavior or cause crashes.

It is also reported that the JRE version included with Opera is version 1.4.2_04, which is affected by a previously reported XSLT vulnerability.

It is also reported that the EcmaScriptObject public class in 'opera.jar' allows an applet to access a system memory pointer. A malicious applet can cause the browser to crash.

It is also reported that a malicious applet can monitor the URL classpath of the bootstrap class path to determine the JDK installation directory.

It is also reported that an applet can invoke the sun.security.krb5.Credentials class to determine the name of the currently logged in user and parse the user's home directory. An exception thrown by acquireDefaultCreds may let the applet determine the underlying operating system, the location of user files, and the username of the user running the applet.

It is reported that some other similar flaws exist but were not described in the report.

The vendor was notified on September 1, 2004.

Impact: A malicious applet can access user and system information and cause the target browser to crash.

Solution: The vendor has released a fixed version (7.60 beta).

http://www.securitytracker.com/alerts/2004/Nov/1012279.html

Collapse -
Zone Labs Security Advisory ZL04-019
by Donna Buenaventura / November 20, 2004 1:31 AM PST

Zone Labs Security Advisory ZL04-019
Zone Labs Ad-Blocking Instability

Date Published November 18, 2004
Date Last Revised November 18, 2004

Severity Low
____________________________________________________________

Overview
---------
ZoneAlarm Security Suite and ZoneAlarm Pro have been updated
to address a vulnerability in their ad-blocking functions.
Specially crafted JavaScript may cause a user's system to
become unstable or lock.

Impact
-------
The ad-blocking feature in Zone Labs products is turned off
by default. If this feature has not been enabled, you are
not impacted by this vulnerability.

Specially crafted JavaScript placed on a malicious website
may cause the software to become unstable and/or lock the
system.

This issue presents no other risks to the computer user.

Affected Products
o ZoneAlarm Security Suite, ZoneAlarm Pro

Unaffected Products
o No other Zone Labs products are affected by this issue

Description
------------
ZoneAlarm Security Suite and ZoneAlarm Pro provide features
to block specific types of advertising from websites.
However, using specially crafted JavaScript, a malicious web
page could cause the software or system to lock.

This vulnerability requires two specific prerequisites:

o Ad-blocking must be enabled
o The user must view a website with malicious Java
Script

This vulnerability has been resolved in version 5.5.062 of
affected Zone Labs products. Version 5.5.062 was released on
November 8, 2004.

Users configured to receive automatic product updates will
receive this update automatically. Users configured to
receive manual updates should use the "Check For Update"
option -- see the Recommended Actions section below.

Recommended Actions
-------------------
ZoneAlarm Security Suite and ZoneAlarm Pro users will
receive the update through a product update.

o Users with automatic updates:
You receive the update automatically. No further
action is required.

o Users with manual updates:
To manually update your Zone Labs software:

1. Select Overview | Preferences.

2. In the Check For Update section, click
"Check For Update".

3. If neccesary, follow the instructions to update
your software.

ZoneAlarm Security Suite and ZoneAlarm Pro versions 5.5.062
and newer are not impacted by this issue.

Related Resources
o Zone Labs Security Response Center:
http://www.zonelabs.com/security

Acknowledgments
Zone Labs would like to thank Nicolas Robillard for
reporting this issue.

Contact
Zone Labs customers may direct vulnerability concerns or
additional technical questions to the Technical Support
group at:

http://www.zonelabs.com/support/

To report security issues with Zone Labs products contact:
security zonelabs com

http://www.securityfocus.com/archive/1/381643/2004-11-17/2004-11-23/0

Collapse -
Gmail 'zx' Variable Input Validation Bug Lets Remote Users
by Donna Buenaventura / November 20, 2004 1:13 PM PST

Conduct Cross-Site Scripting Attacks

Description: Lostmon reported an input validation vulnerability in Gmail. A remote user can conduct cross-site scripting attacks.

It is reported that the zx variable is not properly validated. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the Gmail site and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the Gmail site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution: [Editor's note: From testing, it appears that this flaw has been corrected, but that was not confirmed in the report.]

http://www.securitytracker.com/alerts/2004/Nov/1012289.html

Collapse -
Microsoft IE Custom 404 Error Message and execCommand SaveAs
by Donna Buenaventura / November 20, 2004 1:16 PM PST

Lets Remote Users Bypass XP SP2 Download Warning Mechanisms

Description: A vulnerability was reported in Microsoft Internet Explorer (IE) on Windows XP SP2. A remote user can invoke the execCommand 'SaveAs' function via a custom HTTP 404 Not Found error message to download arbitrary files to the target user's system without the XP SP2 warning messages.

K-OTik posted technical details regarding the flaw disclosed by cyber_flash (vengy).

It is reported that Internet Explorer does not properly process URLs with certain extraneous characters.

A remote user can create a custom HTTP 404 error message and pass this message to the execCommand Method to bypass the 'File Download' and 'File Open' security warnings.

The original advisory is mirrored at:

http://www.k-otik.com/exploits/20041119.IESP2 disclosure.php
Impact: A remote user can create HTML that, when loaded by the target user, will prompt the user to download a file but will bypass the XP SP2 executable download warning messages.

Solution: No solution was available at the time of this entry.

http://www.securitytracker.com/alerts/2004/Nov/1012288.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.