Software flaws

mimo2005 · 11-16-2004, 01:33 PM

check this thread for all Software flaws.

Skype plugs hole in VoIP software
November 15, 2004, 2:58 PM PST
By Robert Lemos

Peer-to-peer phone company Skype has updated its Internet telephony software, patching a critical flaw in its client for Microsoft Windows-based systems.

The vulnerability could allow attackers to take control of a Skype user's PC after the victim clicks on a specially created URL, security information provider Secunia said Monday. By including a long string of characters in the link, the attacker could trigger a memory error known as a buffer overflow that could then be exploited to run a program.

"Successful exploitation may allow execution of arbitrary code," Secunia said. It has ranked the flaw as "highly critical"--its second-highest rating.

Skype acknowledged the security hole in its release notes for the update. "We became aware of a security threat late last week and moved to correct it," said Kelly Larabee, a spokeswoman for Skype. "We encourage users to download the latest version."

Skype's software enables people to use the Internet to place voice calls. Calls to other Internet phone users are free, while calls to traditional phones and mobile phones are charged a per-minute fee. More than 34 million people have downloaded the software, and as many as 1 million people have used the service simultaneously, according to a posting on Skype's Web site.

Skype's voice over Internet Protocol (VoIP) client runs on Windows XP, Mac OS X, Linux and Microsoft PocketPC.

Secunia also recommended that Skype users update to the latest version of the VoIP software.

mimo2005 · 11-16-2004, 04:31 PM

Nullsoft has issued a fix for a newly discovered security vulnerability affecting Winamp 3.0, 5.0 and 5.0 Pro or newer.

The vulnerability takes advantage of the Winamp Skin installer mechanism coupled with a security hole within the Internet Explorer browser.

To be vulnerable, a user must navigate to a specifically crafted web page which automatically installs a malicious Winamp Skin.

This skin launches an embedded Internet Explorer browser within the Skin using a feature of the Winamp Modern Skin Engine. This malicious Winamp Skin then uses the browser to launch a malicious application bundled within the skin.

There have been reports of this exploit in use on the web to automatically install Adware or Spyware applications without the users consent.

Winamp 5.05 resolves this exploit in two ways:

Winamp will now prompt all users with a confirmation window before installing any skins.
Winamp will now only extract files considered low risk before loading a Winamp Skin.
We strongly urge ALL Winamp users to upgrade to Winamp 5.05 immediately.

mimo2005 · 11-17-2004, 03:49 PM

Secunia Advisory: SA13203
Release Date: 2004-11-17

Critical:
Moderately critical
Impact: Security Bypass
Spoofing

Where: From remote

Solution Status: Unpatched

Software: Microsoft Internet Explorer 6

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

Description:
cyber flash has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to bypass a security feature in Microsoft Windows XP SP2 and trick users into downloading malicious files.

1) Microsoft Windows XP SP2 has a security feature which warns users when opening downloaded files of certain types. The problem is that if the downloaded file was sent with a specially crafted "Content-Location" HTTP header in some situations, then no security warning will be given to the user when the file is opened.

2) An error when saving some documents using the Javascript function "execCommand()", can be exploited to spoof the file extension in the "Save HTML Document" dialog.

Successful exploitation requires that the option "Hide extension for known file types" is enabled (default setting).

A combination of vulnerability 1 and 2 can be exploited by a malicious website to trick a user into downloading a malicious executable file masqueraded as a HTML document.

The vulnerabilities have been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2.

Solution:
Disable Active Scripting support and the "Hide extension for known file types" option.

mimo2005 · 11-23-2004, 04:43 PM

Winamp "IN_CDDA.dll" Buffer Overflow Vulnerability

Secunia Advisory: SA13269
Release Date: 2004-11-23

Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch

Software: Winamp 5.x

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

Description:
Brett Moore has reported a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the "IN_CDDA.dll" file. This can be exploited in various ways to cause a stack-based buffer overflow e.g. by tricking a user into visiting a malicious web site containing a specially crafted ".m3u" playlist.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been reported in version 5.05. Prior versions may also be affected.

Solution:
Update to version 5.0.6.
http://www.winamp.com/player/

mimo2005 · 11-29-2004, 08:11 PM

Microsoft Windows WINS Replication Packet Handling Vulnerability

Secunia Advisory: SA13328
Release Date: 2004-11-29

Critical:
Moderately critical
Impact: System access

Where: From local network

Solution Status: Vendor Workaround

OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Server
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

Description:
Nicolas Waisman has reported a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error within WINS (Windows Internet Name Service) during the handling of replication packets. This can be exploited to write 16 bytes to an arbitrary memory location by sending a specially crafted WINS replication packet to a vulnerable server.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been reported in Windows 2000 SP2 through SP4. However, other versions are reportedly also believed to be affected.

Solution:
Restrict traffic to the WINS replication service (ports 42/tcp and 42/udp).

Use IPSec to secure traffic between WINS servers.

Disable WINS.

mimo2005 · 12-05-2004, 05:45 PM

Apple releases security update to Mac OS X

December 2, 2004, 4:11 PM PST
By Robert Lemos

Apple Computer published an update to its Mac OS X operating system Thursday, closing 17 security holes in open-source and proprietary components.

The advisory and patch addressed five vulnerabilities in the Apache Web server included with the operating system, as well as two flaws in the mail servers used by Mac OS X. Apple also fixed two flaws in the company's Safari Web browser and another problem with the QuickTime media server.

The patches come a month after Apple's last update for the Mac OS X. The advisory and patch information can be found on Apple's security site.

Apple did not classify the risk associated with the problems the update fixes.

mimo2005 · 12-11-2004, 11:57 PM

Kerio WinRoute Firewall Unspecified DNS Cache Poisoning Vulnerability

Secunia Advisory: SA13374
Release Date: 2004-12-10

Critical:
Moderately critical
Impact: Spoofing
Manipulation of data

Where: From remote

Solution Status: Vendor Patch

Software: Kerio WinRoute Firewall 6.x

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

Description:
A vulnerability has been reported in Kerio WinRoute Firewall, which can be exploited by malicious people to poison the DNS cache.

The vulnerability is caused due to an unspecified error and can be exploited to insert fake information in the DNS cache.

The vulnerability has been reported in version 6.0.8. Prior versions may also be affected.

NOTE: Other issues have also been fixed, where some may be security related.

Solution:
Update to version 6.0.9.http://www.kerio.com/kwf_download.html

mimo2005 · 12-12-2004, 12:07 PM

Opera Download Dialog Spoofing Vulnerability

Secunia Advisory: SA12981
Release Date: 2004-12-10

Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch

Software: Opera 7.x

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

Description:
Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files.

The vulnerability is caused due to the filename and the "Content-Type" header not being sufficiently validated before being displayed in the file download dialog. This can be exploited to spoof file types in the download dialog by passing specially crafted "Content-Disposition" and "Content-Type" headers containing dots and ASCII character code 160.

Successful exploitation may result in users being tricked into executing a malicious file via the download dialog.

The vulnerability has been confirmed on Opera 7.54 for Windows. Other versions may also be affected.

Solution:
Update to version 7.54u1.
http://www.opera.com/download/

mimo2005 · 12-15-2004, 10:15 AM

Linux Kernel IGMP and "__scm_send()" Vulnerabilities

Secunia Advisory: SA13469
Release Date: 2004-12-15

Critical:
Less critical
Impact: Exposure of sensitive information
Privilege escalation
DoS

Where: From local network

Solution Status: Unpatched

OS: Linux Kernel 2.4.x
Linux Kernel 2.6.x

CVE reference: CAN-2004-1016
CAN-2004-1137

Description:
Paul Starzetz has reported some vulnerabilities in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service), and by malicious, local users to cause a DoS, gain knowledge of sensitive information, or potentially gain escalated privileges.

1) An error in the "ip_mc_source()" function of the IGMP (Internet Group Management Protocol) subsystem can be exploited by malicious, local users to overwrite kernel memory, which crashes the system and may allow users to gain escalated privileges.

This vulnerability can also be further exploited via the "ip_mc_msfget()" and "ip_mc_gsfget()" user API functions to disclose large portions of kernel memory.

2) The "igmp_marksources()" function of the IGMP networking module does not validate received IGMP message parameters properly, which may result in an out-of-bounds memory access error. This can be exploited by malicious people to cause a vulnerable system to hang or potentially crash via specially crafted IGMP_HOST_MEMBERSHIP_QUERY messages.

Successful exploitation requires that the kernel is compiled with multicasting support and is processing incoming IGMP packets. It is further required that an application has a bound multicast socket with attached source filter.

3) A deadlock condition in the "__scm_send()" scm message parsing function can be exploited by malicious, local users to cause the system to hang via a specially crafted auxiliary message sent to a socket.

The vulnerabilities have been reported in versions 2.4 through 2.4.28 and 2.6 through 2.6.9.

Solution:
Filter IGMP traffic and grant only trusted users access to affected systems.

mimo2005 · 12-16-2004, 06:39 AM

Adobe Reader / Adobe Acrobat Multiple Vulnerabilities

Release Date: 2004-12-15

Critical:
Highly critical
Impact: Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch

Software: Adobe Acrobat 6.x
Adobe Reader 6.x

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

CVE reference: CAN-2004-0597
CAN-2004-1153

Description:
Some vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to disclose sensitive information or compromise a user's system.

1) A format string error within the eBook plug-in when parsing ".etd" files can be exploited to execute arbitrary code via a specially crafted eBook containing format specifiers in the "title" and "baseurl" fields.

2) Multiple vulnerabilities in libpng have been acknowledged, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA12219

3) An error within the handling of Flash files embedded in PDF documents can be exploited to read the content of files on a user's system.

For more information:
SA12809

The vulnerabilities have been reported in versions 6.0.0 through 6.0.2.

Solution:
Update to version 6.0.3.

mimo2005 · 12-22-2004, 09:51 AM

WinRAR Delete File Buffer Overflow Vulnerability

Release Date: 2004-12-22

Critical:
Less critical
Impact: System access

Where: From remote

Solution Status: Unpatched

Software: WinRAR 2.x
WinRAR 3.x

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

CVE reference: CAN-2004-1254

Description:
Vafa Khoshaein has discovered a vulnerability in WinRAR, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the handling of filenames when deleting files in archives. This can be exploited to cause a buffer overflow by tricking a user into deleting a file in an opened, malicious archive.

Successful exploitation may allow execution of arbitrary code.

The vulnerability has been confirmed on versions 3.40 and 3.41. Other versions may also be affected.

Solution:
Do not delete files in untrusted archives.

mimo2005 · 01-13-2005, 10:06 PM

January 12, 2005

Apple on Tuesday released an update of its iTunes software to address a vulnerability that could cause earlier versions to crash and execute arbitrary code.

With previous versions, the flaw could allow an attacker to inject more data into a particular memory location than the program could accommodate, thereby allowing the attacker to take over a computer. The new software, iTunes 4.7.1, is available at Apple's Web site.

The update is available for Mac OS X, Microsoft Windows XP and Microsoft Windows 2000.

Apple has faced fewer security issues than Microsoft, with its prevalent Windows operating system. Still, Apple has garnered some attention from hackers.

11-16-2004, 01:33 PM	#1 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,620 OS: xp	Software flaws check this thread for all Software flaws. Skype plugs hole in VoIP software November 15, 2004, 2:58 PM PST By Robert Lemos Peer-to-peer phone company Skype has updated its Internet telephony software, patching a critical flaw in its client for Microsoft Windows-based systems. The vulnerability could allow attackers to take control of a Skype user's PC after the victim clicks on a specially created URL, security information provider Secunia said Monday. By including a long string of characters in the link, the attacker could trigger a memory error known as a buffer overflow that could then be exploited to run a program. "Successful exploitation may allow execution of arbitrary code," Secunia said. It has ranked the flaw as "highly critical"--its second-highest rating. Skype acknowledged the security hole in its release notes for the update. "We became aware of a security threat late last week and moved to correct it," said Kelly Larabee, a spokeswoman for Skype. "We encourage users to download the latest version." Skype's software enables people to use the Internet to place voice calls. Calls to other Internet phone users are free, while calls to traditional phones and mobile phones are charged a per-minute fee. More than 34 million people have downloaded the software, and as many as 1 million people have used the service simultaneously, according to a posting on Skype's Web site. Skype's voice over Internet Protocol (VoIP) client runs on Windows XP, Mac OS X, Linux and Microsoft PocketPC. Secunia also recommended that Skype users update to the latest version of the VoIP software.

11-16-2004, 04:31 PM	#2 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,620 OS: xp	Winamp Security Bulletin Nullsoft has issued a fix for a newly discovered security vulnerability affecting Winamp 3.0, 5.0 and 5.0 Pro or newer. The vulnerability takes advantage of the Winamp Skin installer mechanism coupled with a security hole within the Internet Explorer browser. To be vulnerable, a user must navigate to a specifically crafted web page which automatically installs a malicious Winamp Skin. This skin launches an embedded Internet Explorer browser within the Skin using a feature of the Winamp Modern Skin Engine. This malicious Winamp Skin then uses the browser to launch a malicious application bundled within the skin. There have been reports of this exploit in use on the web to automatically install Adware or Spyware applications without the users consent. Winamp 5.05 resolves this exploit in two ways: Winamp will now prompt all users with a confirmation window before installing any skins. Winamp will now only extract files considered low risk before loading a Winamp Skin. We strongly urge ALL Winamp users to upgrade to Winamp 5.05 immediately.

11-17-2004, 03:49 PM	#3 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,620 OS: xp	Microsoft Internet Explorer 6 Secunia Advisory: SA13203 Release Date: 2004-11-17 Critical: Moderately critical Impact: Security Bypass Spoofing Where: From remote Solution Status: Unpatched Software: Microsoft Internet Explorer 6 Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. Description: cyber flash has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to bypass a security feature in Microsoft Windows XP SP2 and trick users into downloading malicious files. 1) Microsoft Windows XP SP2 has a security feature which warns users when opening downloaded files of certain types. The problem is that if the downloaded file was sent with a specially crafted "Content-Location" HTTP header in some situations, then no security warning will be given to the user when the file is opened. 2) An error when saving some documents using the Javascript function "execCommand()", can be exploited to spoof the file extension in the "Save HTML Document" dialog. Successful exploitation requires that the option "Hide extension for known file types" is enabled (default setting). A combination of vulnerability 1 and 2 can be exploited by a malicious website to trick a user into downloading a malicious executable file masqueraded as a HTML document. The vulnerabilities have been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Solution: Disable Active Scripting support and the "Hide extension for known file types" option.

11-23-2004, 04:43 PM	#4 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,620 OS: xp	Winamp player Winamp "IN_CDDA.dll" Buffer Overflow Vulnerability Secunia Advisory: SA13269 Release Date: 2004-11-23 Critical: Highly critical Impact: System access Where: From remote Solution Status: Vendor Patch Software: Winamp 5.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. Description: Brett Moore has reported a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "IN_CDDA.dll" file. This can be exploited in various ways to cause a stack-based buffer overflow e.g. by tricking a user into visiting a malicious web site containing a specially crafted ".m3u" playlist. Successful exploitation allows execution of arbitrary code. The vulnerability has been reported in version 5.05. Prior versions may also be affected. Solution: Update to version 5.0.6. http://www.winamp.com/player/ __________________ TSF has outgrown its server, again. Please help "Gutta cavat lapidem, non vi sed saepe cadendo"

11-29-2004, 08:11 PM	#5 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,620 OS: xp	Microsoft Windows WINS Replication Packet Handling Vulnerability Microsoft Windows WINS Replication Packet Handling Vulnerability Secunia Advisory: SA13328 Release Date: 2004-11-29 Critical: Moderately critical Impact: System access Where: From local network Solution Status: Vendor Workaround OS: Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Server Microsoft Windows NT 4.0 Server Microsoft Windows NT 4.0 Server, Terminal Server Edition Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. Description: Nicolas Waisman has reported a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within WINS (Windows Internet Name Service) during the handling of replication packets. This can be exploited to write 16 bytes to an arbitrary memory location by sending a specially crafted WINS replication packet to a vulnerable server. Successful exploitation allows execution of arbitrary code. The vulnerability has been reported in Windows 2000 SP2 through SP4. However, other versions are reportedly also believed to be affected. Solution: Restrict traffic to the WINS replication service (ports 42/tcp and 42/udp). Use IPSec to secure traffic between WINS servers. Disable WINS. __________________ TSF has outgrown its server, again. Please help "Gutta cavat lapidem, non vi sed saepe cadendo"

12-05-2004, 05:45 PM	#6 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,620 OS: xp	Apple releases security update to Mac OS X Apple releases security update to Mac OS X December 2, 2004, 4:11 PM PST By Robert Lemos Apple Computer published an update to its Mac OS X operating system Thursday, closing 17 security holes in open-source and proprietary components. The advisory and patch addressed five vulnerabilities in the Apache Web server included with the operating system, as well as two flaws in the mail servers used by Mac OS X. Apple also fixed two flaws in the company's Safari Web browser and another problem with the QuickTime media server. The patches come a month after Apple's last update for the Mac OS X. The advisory and patch information can be found on Apple's security site. Apple did not classify the risk associated with the problems the update fixes. __________________ TSF has outgrown its server, again. Please help "Gutta cavat lapidem, non vi sed saepe cadendo"

12-11-2004, 11:57 PM	#7 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,620 OS: xp	Kerio WinRoute Firewall Unspecified DNS Cache Poisoning Vulnerability Secunia Advisory: SA13374 Release Date: 2004-12-10 Critical: Moderately critical Impact: Spoofing Manipulation of data Where: From remote Solution Status: Vendor Patch Software: Kerio WinRoute Firewall 6.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. Description: A vulnerability has been reported in Kerio WinRoute Firewall, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to an unspecified error and can be exploited to insert fake information in the DNS cache. The vulnerability has been reported in version 6.0.8. Prior versions may also be affected. NOTE: Other issues have also been fixed, where some may be security related. Solution: Update to version 6.0.9.http://www.kerio.com/kwf_download.html __________________ TSF has outgrown its server, again. Please help "Gutta cavat lapidem, non vi sed saepe cadendo"

12-12-2004, 12:07 PM	#8 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,620 OS: xp	Opera Download Dialog Spoofing Vulnerability Opera Download Dialog Spoofing Vulnerability Secunia Advisory: SA12981 Release Date: 2004-12-10 Critical: Moderately critical Impact: Spoofing Where: From remote Solution Status: Vendor Patch Software: Opera 7.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. Description: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to the filename and the "Content-Type" header not being sufficiently validated before being displayed in the file download dialog. This can be exploited to spoof file types in the download dialog by passing specially crafted "Content-Disposition" and "Content-Type" headers containing dots and ASCII character code 160. Successful exploitation may result in users being tricked into executing a malicious file via the download dialog. The vulnerability has been confirmed on Opera 7.54 for Windows. Other versions may also be affected. Solution: Update to version 7.54u1. http://www.opera.com/download/ __________________ TSF has outgrown its server, again. Please help "Gutta cavat lapidem, non vi sed saepe cadendo"

12-15-2004, 10:15 AM	#9 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,620 OS: xp	Linux Kernel IGMP and "__scm_send()" Vulnerabilities Linux Kernel IGMP and "__scm_send()" Vulnerabilities Secunia Advisory: SA13469 Release Date: 2004-12-15 Critical: Less critical Impact: Exposure of sensitive information Privilege escalation DoS Where: From local network Solution Status: Unpatched OS: Linux Kernel 2.4.x Linux Kernel 2.6.x CVE reference: CAN-2004-1016 CAN-2004-1137 Description: Paul Starzetz has reported some vulnerabilities in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service), and by malicious, local users to cause a DoS, gain knowledge of sensitive information, or potentially gain escalated privileges. 1) An error in the "ip_mc_source()" function of the IGMP (Internet Group Management Protocol) subsystem can be exploited by malicious, local users to overwrite kernel memory, which crashes the system and may allow users to gain escalated privileges. This vulnerability can also be further exploited via the "ip_mc_msfget()" and "ip_mc_gsfget()" user API functions to disclose large portions of kernel memory. 2) The "igmp_marksources()" function of the IGMP networking module does not validate received IGMP message parameters properly, which may result in an out-of-bounds memory access error. This can be exploited by malicious people to cause a vulnerable system to hang or potentially crash via specially crafted IGMP_HOST_MEMBERSHIP_QUERY messages. Successful exploitation requires that the kernel is compiled with multicasting support and is processing incoming IGMP packets. It is further required that an application has a bound multicast socket with attached source filter. 3) A deadlock condition in the "__scm_send()" scm message parsing function can be exploited by malicious, local users to cause the system to hang via a specially crafted auxiliary message sent to a socket. The vulnerabilities have been reported in versions 2.4 through 2.4.28 and 2.6 through 2.6.9. Solution: Filter IGMP traffic and grant only trusted users access to affected systems. __________________ TSF has outgrown its server, again. Please help "Gutta cavat lapidem, non vi sed saepe cadendo"

12-16-2004, 06:39 AM	#10 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,620 OS: xp	Adobe Reader / Adobe Acrobat Multiple Vulnerabilities Adobe Reader / Adobe Acrobat Multiple Vulnerabilities Release Date: 2004-12-15 Critical: Highly critical Impact: Exposure of sensitive information System access Where: From remote Solution Status: Vendor Patch Software: Adobe Acrobat 6.x Adobe Reader 6.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. CVE reference: CAN-2004-0597 CAN-2004-1153 Description: Some vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to disclose sensitive information or compromise a user's system. 1) A format string error within the eBook plug-in when parsing ".etd" files can be exploited to execute arbitrary code via a specially crafted eBook containing format specifiers in the "title" and "baseurl" fields. 2) Multiple vulnerabilities in libpng have been acknowledged, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA12219 3) An error within the handling of Flash files embedded in PDF documents can be exploited to read the content of files on a user's system. For more information: SA12809 The vulnerabilities have been reported in versions 6.0.0 through 6.0.2. Solution: Update to version 6.0.3. __________________ TSF has outgrown its server, again. Please help "Gutta cavat lapidem, non vi sed saepe cadendo"

12-22-2004, 09:51 AM	#11 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,620 OS: xp	WinRAR Delete File Buffer Overflow Vulnerability WinRAR Delete File Buffer Overflow Vulnerability Release Date: 2004-12-22 Critical: Less critical Impact: System access Where: From remote Solution Status: Unpatched Software: WinRAR 2.x WinRAR 3.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. CVE reference: CAN-2004-1254 Description: Vafa Khoshaein has discovered a vulnerability in WinRAR, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the handling of filenames when deleting files in archives. This can be exploited to cause a buffer overflow by tricking a user into deleting a file in an opened, malicious archive. Successful exploitation may allow execution of arbitrary code. The vulnerability has been confirmed on versions 3.40 and 3.41. Other versions may also be affected. Solution: Do not delete files in untrusted archives. __________________ TSF has outgrown its server, again. Please help "Gutta cavat lapidem, non vi sed saepe cadendo"

01-13-2005, 10:06 PM	#12 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,620 OS: xp	iTunes January 12, 2005 Apple on Tuesday released an update of its iTunes software to address a vulnerability that could cause earlier versions to crash and execute arbitrary code. With previous versions, the flaw could allow an attacker to inject more data into a particular memory location than the program could accommodate, thereby allowing the attacker to take over a computer. The new software, iTunes 4.7.1, is available at Apple's Web site. The update is available for Mac OS X, Microsoft Windows XP and Microsoft Windows 2000. Apple has faced fewer security issues than Microsoft, with its prevalent Windows operating system. Still, Apple has garnered some attention from hackers. __________________ TSF has outgrown its server, again. Please help "Gutta cavat lapidem, non vi sed saepe cadendo"