HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

Vulnerabilities - November 5, 2004

by Donna Buenaventura / November 5, 2004 10:08 AM PST

Symantec LiveUpdate Zip Decompression Routine May Let Users Deny Service

Version(s): 1.80.19.0, 2.5.56.0

Description: A vulnerability was reported in Symantec LiveUpdate, a component of several Symantec security products. A user may be able to cause denial of service conditions in certain cases.

HexView reported that the LiveUpdate decompression routine does not check for uncompressed file sizes before attempting to decompress a downloaded LiveUpdate zip file and does not properly validate directory names before creating the directories on the target system.

A user that can replace a downloaded zip archive (or spoof the Symantec site) can cause denial of service conditions if the zip archive is crafted to contain an overly large file. The user can also cause arbitrary directories to be created on the target system by including directory names that contain '..' directory traversal characters. LiveUpdate will not, however, overwrite existing files. If the directory name to be created already exists, this can cause LiveUpdate to crash or have unpredictable results.

The report indictates that LiveUpdate version 1.80.19 will delete its temporary files if an error occurs, but not any directories that were created. LiveUpdate version 2.5.56 will not delete files when an error occurs.

[Editor's note: The report did not indicate if the Symantec download site uses cryptographic mechanisms to prevent spoofing or man-in-the-middle attacks.]

The vendor was notified on November 3, 2004.

Impact: A user may be able to cause denial of service conditions on the target system, such as consuming large amounts of disk space or trigger an error in LiveUpdate.

Solution: No solution was available at the time of this entry.

http://www.securitytracker.com/alerts/2004/Nov/1012095.html

Discussion is locked
You are posting a reply to: Vulnerabilities - November 5, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Vulnerabilities - November 5, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Sophos MailMonitor Unspecified Email Processing
by Donna Buenaventura / November 5, 2004 10:17 AM PST

Vulnerability

Description: A vulnerability with an unknown impact has been reported in Sophos MailMonitor.

The vulnerability is caused due to an unspecified error within the processing of malformed emails.

The vulnerability has been reported in MailMonitor for SMTP - Unix version 2.1.

Solution: Apply updates.

http://secunia.com/advisories/13103/

Collapse -
Cisco Secure Access Control Server EAP-TLS Authentication
by Donna Buenaventura / November 5, 2004 10:22 AM PST

Vulnerability

Cisco Secure Access Control Server provides centralized authentication, authorization, and accounting (AAA) services to network devices that function as AAA clients, such as a network access servers, PIX firewalls, routers and switches. With Cisco Secure ACS, network administrators can quickly administer accounts and globally change levels of service offerings for entire groups of users.

A Cisco Secure Access Control Server (ACS) that is configured to use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) to authenticate users to the network will allow access to any user that uses a cryptographically correct certificate as long as the user name is valid. Cryptographically correct means that the certificate is in the appropriate format and contains valid fields. The certificate can be expired, or come from an untrusted Certificate Authority (CA) and still be cryptographically correct.

Vulnerable Systems:
* Cisco Secure ACS for Windows and Cisco Secure ACS Solution Engine version 3.3.1

Immune Systems:
* Cisco Secure ACS for UNIX and Cisco Secure ACS Solution Engine versions prior to 3.3.1 and 3.3.2 and above

Vendor Status:
The vulnerability described in this advisory is fixed in version 3.3.2 of the Cisco Secure ACS for Windows software and of the Cisco Secure ACS Solution Engine. If you are currently running the identified vulnerable software and are using EAP-TLS, you should obtain fixed software, as detailed in http://www.securiteam.com/securitynews/6S0090UBPS.html

The information has been provided by Cisco Systems Product Security Incident Response Team. The original article can be found at: Cisco Bug ID CSCef62913

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.