Network Security

AERAsec
Network Security
Current Security Messages


Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!


This is some information you send:

Your Browser

CCBot/2.0 (http://commoncrawl.org/faq/)

Your IP address

ec2-54-82-117-121.compute-1.amazonaws.com [54.82.117.121]

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen month 08 / 2008

System: SuSE Linux
Topic: Vulnerabilities in powerdns, dnsmasq, python, mailman, ruby, Opera 9.5.2, neon, rxvt-unicode, perl, wireshark/ethereal, namazu, gnome-screensaver, and mysql
Links: SUSE-SR:2008:017
ID: ae-200808-089

A SUSE Security Summary reports about vulnerabilities in the packages powerdns, dnsmasq, python, mailman, ruby, Opera 9.5.2, neon, rxvt-unicode, perl, wireshark/ethereal, namazu, gnome-screensaver, and mysql. Updated packages are available now and should be installed on vulnerable systems.

System: Microsoft Windows
Topic: Vulnerability in Trend Micro Worry-Free Business Security
Links: Trend Micro, ESB-2008.0843
ID: ae-200808-088

When an OfficeScan administrator logs on, an attacker can illegally access the password authentication token and take full control of the Web console. Patches are available now.

System: Sun Solaris 10
Topic: Vulnerability in Solaris Kernel
Links: Sun Alert #240706, ESB-2008.0842
ID: ae-200808-087

A security vulnerability with system calls in the Solaris Kernel may allow two unprivileged local user processes to establish a covert communication channel bypassing system restrictions such as the multi-level security policy found in Solaris Trusted Extensions or the isolation policy implemented using zones(5) or chroot(2). A patch is available now.

System: HP-UX
Topic: Vulnerabilities in Apache
Links: HPSBUX02365 SSRT080118, CVE-2007-4465, CVE-2008-2168, CVE-2008-2364, ESB-2008.0841
ID: ae-200808-086

A security vulnerability has been identified with HP-UX running Apache. These vulnerabilities could be exploited remotely resulting in Cross Site Scripting (XSS) or Denial of Service (DoS). Patches are available now.

System: Microsoft Windows
Topic: Vulnerability in HP Enterprise Discovery
Links: HPSBMA02363 SSRT080106, ESB-2008.0839
ID: ae-200808-085

A security vulnerability has been identified in the HP Enterprise Discovery. The vulnerability could be exploited remotely by an authorized user to gain extended privileges. Patches are available now.

System: Mandriva Linux
Topic: Vulnerabilities in ipsec-tools
Links: MDVSA-2008:181, CVE-2008-3651, CVE-2008-3652
ID: ae-200808-084

Two denial of service vulnerabilities were discovered in the ipsec-tools racoon daemon, which could allow a remote attacker to cause it to consume all available memory. Fixed packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in Red Hat Directory Server
Links: RHSA-2008-0596, RHSA-2008-0601, RHSA-2008-0602, CVE-2008-2928, CVE-2008-2929, CVE-2008-2930, CVE-2008-3283, ESB-2008.0833, ESB-2008.0835, ESB-2008.0836, RHSA-2008-0858, ESB-2008.0866
ID: ae-200808-083

Several vulnerabilites were found in the Red Hat Directory Server. Fixed packages are available now.

System: NetBSD
Topic: Vulnerability in kernel
Links: NetBSD-SA2008-010, CVE-2008-3584, ESB-2008.0831
ID: ae-200808-082

A problem has been identified in the pppoe(4) code. A bug in range checking allows a malicious packet to make the kernel access memory outside of the allocated buffer and cause a kernel crash. A patch is available now.

System: Red Hat Enterprise Linux
Topic: Vulnerability in libtiff
Links: RHSA-2008-0847, RHSA-2008-0848, RHSA-2008-0863, CVE-2008-2327, CVE-2006-2193, ESB-2008.0840
ID: ae-200808-081

Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. Fixed packages are available now.

System: Red Hat Enterprise Linux 5
Topic: Vulnerabilities in kernel
Links: RHSA-2008-0585, CVE-2007-5966, CVE-2007-6282, CVE-2007-6712, CVE-2008-1615, CVE-2008-2136, CVE-2008-2148, CVE-2008-2372, CVE-2008-2729, CVE-2008-2826, ESB-2008.0829
ID: ae-200808-080

Several vulnerabilities were found in the Linux kernel of Red Hat Enterprise Linux 5. Fixed kernel packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in ipsec-tools, tomcat, and openoffice.org
Links: RHSA-2008-0849, CVE-2008-3651, CVE-2008-3652, ESB-2008.0828,
RHSA-2008-0648, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, ESB-2008.0838,
RHSA-2008-0835, CVE-2008-3282, ESB-2008.0837
ID: ae-200808-079

Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory.
Several vulnerabilities were found in the Apache Tomcat servlet container.
A numeric truncation error was found in the OpenOffice.org memory allocator. If a carefully crafted file was opened by a victim, an attacker could use this flaw to crash OpenOffice.org or, possibly, execute arbitrary code.
Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in tiff
Links: DSA-1632, CVE-2008-2327, ESB-2008.0830
ID: ae-200808-078

It was discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code. Fixed packages are available now.

System: SUSE Linux
Topic: Vulnerabilities in Sun Java
Links: SUSE-SA:2008:042
ID: ae-200808-077

Several vulnerabilities were found in the Sun Java packages of SUSE Linux. Fixed packages are available now.

System: Sun Solaris 10
Topic: Vulnerability in Solaris NFS Kernel Module
Links: Sun Alert #241066, ESB-2008.0825
ID: ae-200808-076

A security vulnerability in the NFS kernel module may allow a local unprivileged user to cause a NFS server to panic, resulting in a Denial-of-Service (DoS). A patch is available now.

System: Sun Solaris
Topic: Problem with Sun Fire 12K/15K/E20K/E25K Systems
Links: Sun Alert #200188, ESB-2008.0824
ID: ae-200808-075

Sun Fire 12K/15K/E20K/E25K systems equipped with UltraSPARC IV or UltraSPARC IV+ System Boards that use high traffic across a Quad GigaSwift (QGE-X) card may panic, leading to a Denial-of-Service (DoS). A patch solves this problem.

System: Red Hat Enterprise Linux
Topic: Problem with openssh
Links: RHSA-2008-0855, CVE-2007-4752, ESB-2008.0822
ID: ae-200808-074

OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. Updated openssh packages are now available for Red Hat Enterprise Linux 4, Red Hat Enterprise Linux 5, and Red Hat Enterprise Linux 4.5 Extended Update Support. This is due to last week Red Hat has detected an intrusion on certain of its computer systems. Red Hat is issuing this alert primarily for those who may obtain Red Hat binary packages via channels other than those of official Red Hat subscribers.

System: Mandriva Linux
Topic: Vulnerabilities in Metisse
Links: MDVSA-2008:179, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362
ID: ae-200808-073

An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a Denial-of-Service (DoS) or possibly execute arbitrary code with root privileges on the X.org server. The Metisse program is likewise affected by these issues. Updated packages have been patched to prevent them.

System: Many
Topic: Vulnerabilities in PowerDNS Recursor
Links: CVE-2008-1637, CVE-2008-3217, ESB-2008.0821
ID: ae-200808-072

The previous version of the PowerDNS Recursor (3.1.5) didn't properly address the issue, as UDP source port selection was insufficiently randomized. All users should upgrade to version 3.1.6 immediately.

System: Various
Topic: Vulnerability in vBulletin
Links: CORE, ESB-2008.0818
ID: ae-200808-071

vBulletin is a community forum solution for a wide range of users, including industry leading companies. A Cross-Site Scripting (XSS) vulnerability has been discovered that could allow an attacker to carry out an action impersonating a legal user, or to obtain access to a user's account. This flaw allows unauthorized disclosure and modification of information, and it allows disruption of service. A patch solves this potential problem.

System: Debian/GNU Linux
Topic: Vulnerabilities in kernel
Links: DSA-1630, CVE-2007-6282, CVE-2008-0598, CVE-2008-2729, CVE-2008-2812, CVE-2008-2826, CVE-2008-2931, CVE-2008-3272, CVE-2008-3275, ESB-2008.0817
ID: ae-200808-070

The Linux 2.6 kernel shows some vulnerabilities which may be solved now by installing Linux 2.6.18 kernel packages. These vulnerabilities might lead to a Denial-of-Service (DoS) or arbitrary code execution.

System: Linux
Topic: Vulnerability in libxml2
Links: CVE-2008-3281, RHSA-2008-0836, ESB-2008.0816, MDVSA-2008:180, DSA-1631, ESB-2008.0823
ID: ae-200808-069

The libxml2 packages provide a library to manipulate XML files. A Denial-of-Service vulnerability has been found in the way libxml2 processes certain content. If an application linked against libxml2 processes malformed XML content, it could cause the application to stop responding. An updated package is available now.

System: Mandriva Linux
Topic: Vulnerability in yelp
Links: MDVSA-2008:175, CVE-2008-3533. ESB-2008.0820
ID: ae-200808-068

A format string vulnerability in yelp after version 2.19.90 and before 2.24 might allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs. Fixed software is available now.

System: Mandriva Linux
Topic: Vulnerabilities in xine-lib
Links: MDVSA-2008:177, MDVSA-2008:178, CVE-2008-1878, CVE-2008-0073, CVE-2008-1110, CVE-2008-1161, CVE-2008-1878
ID: ae-200808-067

Remote execution of arbitrary code is possible due to various flaws in xine-lib, which is the library with most functionality for the xine media player. Fixed packages are available now.

System: Various
Topic: Vulnerabilities in Opera
Links: Opera, AA-2008.0177
ID: ae-200808-066

Opera is a well known web browswer. The new version 9.52 solves many problems and fixes some security relates issues, too. So it's recommended to use this version only.

System: Sun Solaris 10
Topic: Vulnerability in NFSv4 Client Kernel Module
Links: Sun Alert #240546, ESB-2008.0814
ID: ae-200808-065

A security vulnerability in the NFSv4 client kernel module may allow a local unprivileged user who cooperates with a remote privileged user on an NFSv4 server to be able to cause all NFSv4 mounts on client systems which have an NFSv4 mount of the above NFSv4 server to become unresponsive which is a Denial-of-Service (DoS). A patch is available now.

System: Microsoft Windows
Topic: Vulnerabilities in HP Storage Management Appliance
Links: HPSBST02360, SSRT080117, ESB-2008.0813
ID: ae-200808-064

Various potential security vulnerabilities have been identified in Microsoft software at the last Microsoft patch day. This software is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of the Security Bulletin.

System: Various
Topic: Vulnerability in Apache Tomcat
Links: VU#343355, CVE-2008-2938, ESB-2008.0815
ID: ae-200808-063

Apache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. If a context is configured with "allowLinking=true" and the connector is configured with URIEncoding="UTF-8" then a malformed request may be used to access arbitrary files on the server. This vulnerability is addressed in Apache Tomcat 4.1.38, 5.5.27, and 6.0.18.

System: Microsoft Windows
Topic: Vulnerability in Intrinsic Swimage Encore
Links: VU#778427
ID: ae-200808-062

Intrinsic Swimage Encore automates remote desktop, server, and device deployment. This product includes both a server and a client solution. The Swimage server sends to the client .bin files that contain encypted data. The Swimage client application, Conductor.exe, contains a hardcoded, unencrypted master password that can be used to access the data in these .bin files. Following a system installation the .bin files and Conductor.exe are deleted from the remote client by the Swimage server, but the memory is not wiped. Authentication credentials may be stored in plain text on client machines. The credentials may also be sent unencrypted over the network. This issue is addressed in Intrinsic Swimage Encore version 5.0.1.21.

System: Mandriva Linux
Topic: Vulnerability in amarok
Links: MDVSA-2008:172, CVE-2008-3699
ID: ae-200808-061

Amarok is a free software to manage and play audio files. A flaw in amarok prior to 1.4.10 might allow local users to overwrite arbitrary files via a symlink attack on a temporary file that amarok created with a predictable name.

System: Unix / Linux
Topic: Vulnerability in cups
Links: CVE-2008-1722, DSA-1625, S-371, ESB-2008.0768, MDVSA-2008:170, TLSA-2008-19, RHSA-2008-0498.html
ID: ae-200808-060

An integer overflow vulnerability in the PNG image handling filter in CUPS has been found. This could allow a malicious user to execute arbitrary code with the privileges of the user running CUPS, or cause a Denial-of-Service (DoS) by sending a specially crafted PNG image to the print server. Updated software is available now for many systems.

System: Microsoft Windows
Topic: Vulnerability in Cisco WebEx Meeting Manager
Links: Cisco, CVE-2008-2737, VU#661827, AA-2008.0169, S-359
ID: ae-200808-059

The WebEx meeting service is a hosted multimedia conferencing solution that is managed by and maintained by Cisco WebEx. When a meeting participant connects to the WebEx meeting service through a web browser, the WebEx meeting service installs several components of the WebEx Meeting Manager browser plugin on the meeting participant's system. WebEx Meeting Manager includes the ActiveX Control atucfobj.dll, a DLL that allows meeting participants to view Unicode fonts. This library contains a buffer overflow vulnerability that could allow an attacker to execute arbitrary code. Updated client software is provided when the client reconnects to the server.

System: Microsoft Windows
Topic: Vulnerability in Symantec Veritas Storage Foundation
Links: SYM08-015 , ZDI-08-053, AL-2008.0091
ID: ae-200808-058

A vulnerability exists in the functionality exposed by the Symantec Veritas Storage Foundation for Windows Scheduler Service, VxSchedService.exe, which listens by default on TCP port 4888. The management console allows NULL NTLMSSP authentication thereby enabling a remote attacker to add, modify, or delete snapshots schedules and consequently run arbitrary code under the context of the SYSTEM user. Authentication is not required to exploit this vulnerability. Symantec has issued an update to correct this vulnerability.

System: Unix / Linux
Topic: Vulnerability in Postfix
Links: gmane, CVE-2008-2936, VU#938323, RHSA-2008-0839, ESB-2008.0810, MDVSA-2008:171, DSA-1629, ESB-2008.0812, TLSA-2008-31, SUSE-SA:2008:040
ID: ae-200808-057

Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS. A flaw was found in the way Postfix dereferences symbolic links. If a local user has write access to a mail spool directory with no root mailbox, it may be possible for them to append arbitrary data to files that root has write permission to. Updated packages solve this problem.

System: Various
Topic: Vulnerability in Bugzilla
Links: Bugzilla, ESB-2008.0809
ID: ae-200808-056

Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. When importing bugs using importxml.pl, the --attach_path option can be specified, pointing to the directory where attachments to import are stored. If the XML file being read by importxml.pl contains a malicious node, the script follows this relative path and attaches the local file pointed by it to the bug, making the file public. A security fix makes sure the relative path is always ignored.

System: Various
Topic: Vulnerability in Sun Java System Web Proxy Server
Links: Sun Alert #240327, ESB-2008.0808
ID: ae-200808-055

A Security vulnerability in the FTP subsystem of Sun Java System Web Proxy Server 4.0 may allow a local or remote unprivileged user to prevent the proxy server from accepting new connections, resulting in a Denial-of-Service (DoS) to the proxy server. Fixed software is available now.

System: Red Hat Enterprise Linux
Topic: Vulnerability in yum-rhn-plugin
Links: RHSA-2008-0815, CVE-2008-3270, ESB-2008.0811
ID: ae-200808-054

It has been discovered that yum-rhn-plugin doesn't verify the SSL certificate for all communication with a Red Hat Network server. An attacker able to redirect the network communication between a victim and an RHN server could use this flaw to provide malicious repository metadata. This metadata could be used to block the victim from receiving specific security updates. An updated package solves this potential problem.

System: Microsoft Windows
Topic: Vulnerabilities in CA HIPS
Links: CA_36559, CA_36560, CVE-2008-2926, CVE-2008-3174, ESB-2008.0807
ID: ae-200808-053

CA HIPS (host based intrusion prevention system) contains a vulnerability that might allow local attackers to cause a system crash or potentially execute arbitrary code. The vulnerability is due insufficient verification of IOCTL requests by the kmxfw.sys driver. Another vulnerability might allow an attacker to cause a Denial-of-Service condition. The vulnerability is also due to insufficient validation by the kmxfw.sys driver. Updated software is available now.

System: Various
Topic: Vulnerabilities in Drupal
Links: DRUPAL-SA-2008-047, ESB-2008.0805
ID: ae-200808-052

Multiple vulnerabilities and weaknesses were discovered in Drupal. since some of them are remotely exploitable, the security risk is rated as highly critical. Due to this, updated software should be installed immediately.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in Red Hat Network
Links: RHSA-2008-0627, RHSA-2008-0629, RHSA-2008-0630, RHSA-2008-0636, RHSA-2008-0638, ESB-2008.0801, ESB-2008.0802, ESB-2008.0803,
ID: ae-200808-051

Several vulnerabilities in Red Hat Network Proxy Server and Red Hat Network Satellite Server can be fixed now by installing version 5.1.1 which is available now.

System: Mandriva Linux
Topic: Vulnerabilities in kernel and stunnel
Links: MDVSA-2008:167, CVE-2008-1375, CVE-2008-1615, CVE-2008-1669, CVE-2008-1675, CVE-2008-2136, CVE-2008-2148, CVE-2008-2358, CVE-2008-2750, CVE-2008-2826,
MDVSA-2008:168, CVE-2008-2420
ID: ae-200808-050

The Linux 2.6 kernel shows some vulnerabilities which may be solved now. These vulnerabilities might lead to a Denial-of-Service (DoS) or the privilege escalation of local users. Further on, a vulnerability in the OCSP search functionality in stunnel might allow a remote attacker to use a revoked certificate that would be successfully authenticated by stunnel. An updated package solves this problem, too.

System: Mandriva Linux
Topic: Vulnerability in ClamAV
Links: MDVSA-2008:166, CVE-2008-3215, ESB-2008.0806
ID: ae-200808-049

An incomplete fix for CVE-2008-2713 resulted in remote attackers being able to cause a Denial-of-Service via a malformed Petite file that triggered an out-of-bounds memory access. This issue is corrected with the 0.93.3 release which is being provided now.

System: Sun Solaris 10
Topic: Vulnerability in sendfilev system call
Links: Sun Alert #239186, ESB-2008.0800
ID: ae-200808-048

A security vulnerability in Solaris 10 related to the sendfilev() system call may allow a user who has the ability to create pages that are hosted on a Solaris 10 system using Apache 2.2.x, to create a carefully crafted web page which could cause a system panic resulting in a Denial-of-Service (DoS) condition. In addition, it may be possible for a local unprivileged user to be able to panic the system with a specially crafted program which calls the sendfile() system call (using either the sendfilev(3EXT) library routine or else directly). Patches solve these problems.

System: HP-UX
Topic: Vulnerability in ftpd
Links: HPSBUX02356, SSRT080051, CVE-2008-1668, ESB-2008.0799
ID: ae-200808-047

A potential security vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited to allow remote privileged access. A patch remedies this problem.

System: Linux
Topic: Vulnerabilities in hplip
Links: CVE-2008-2940, CVE-2008-2941, RHSA-2008-0818, ESB-2008.0798, MDVSA-2008:169
ID: ae-200808-046

The hplip (Hewlett-Packard Linux Imaging and Printing) packages provide drivers for Hewlett-Packard printers and multifunction peripherals. A flaw was discovered in the hplip alert-mailing functionality. A local attacker could elevate their privileges by using specially crafted packets to trigger alert mails, which are sent by the root account. Another flaw was discovered in the hpssd message parser. By sending specially-crafted packets, a local attacker could cause a Denial-of-Service, stopping the hpssd process. An updated package is available now.

System: VMware ESX Server
Topic: Vulnerabilities in OpenSSL, net-snmp, and perl
Links: VMSA-2008-0013, CVE-2007-3108, CVE-2007-5135, CVE-2008-0960, CVE-2008-1927, CVE-2008-2292, ESB-2008.0797, AU-2008.0018
ID: ae-200808-045

The packages mentioned above show vulnerabilities possibly leading toa remote execution of arbitrary code or increased privileges of local users. It's recommended to install this update on productive systems.

System: Microsoft Windows
Topic: Vulnerability in VMware VirtualCenter
Links: VMSA-2008-0012, CVE-2008-3514, ESB-2008.0796
ID: ae-200808-044

An information disclosure vulnerability is present in VMware VirtualCenter. Exploitation of this flaw might result in disclosure of the user names of system accounts. An update solves this problem.

System: Microsoft Windows, Mac OS X
Topic: Vulnerabilities in Microsoft PowerPoint
Links: MS08-051, CVE-2008-0120, CVE-2008-0121, CVE-2008-1455, iDEFENSE #738, iDEFENSE #739, AL-2008.0090, S-354
ID: ae-200808-043

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Windows Messenger
Links: MS08-050, CVE-2008-0082, ESB-2008.0795, S-357
ID: ae-200808-042

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Windows Event System
Links: MS08-049, CVE-2008-1456, CVE-2008-1457, ESB-2008.0794, S-353
ID: ae-200808-041

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Outlook Express and Windows Mail
Links: MS08-048, CVE-2008-1448, ESB-2008.0793, S-356
ID: ae-200808-040

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in IPSec
Links: MS08-047, CVE-2008-2246, ESB-2008.0792, S-355
ID: ae-200808-039

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Microsoft Windows Image Color Management System
Links: MS08-046, CVE-2008-2245, VU#309739, iDEFENSE #742, AL-2008.0089, S-352
ID: ae-200808-038

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Internet Explorer
Links: MS08-045, CVE-2008-2254, CVE-2008-2255, CVE-2008-2256, CVE-2008-2257, CVE-2008-2258, CVE-2008-2259, AL-2008.0088, S-351
ID: ae-200808-037

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Office Filters
Links: MS08-044, CVE-2008-3018, CVE-2008-3019, CVE-2008-3020, CVE-2008-3021, CVE-2008-3460, iDEFENSE #736, iDEFENSE #737, AL-2008.0087, S-350
ID: ae-200808-036

No further comment due to legal reasons

System: Microsoft Windows, Mac OS X
Topic: Vulnerabilities in Microsoft Excel
Links: MS08-043, MS08-026, MS08-014, CVE-2008-3003, CVE-2008-3004, CVE-2008-3005, CVE-2008-3006, iDEFENSE #740, iDEFENSE #741, AL-2008.0086, S-349
ID: ae-200808-035

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Microsoft Word
Links: MS08-042, MS08-026, CVE-2008-2244, ESB-2008.0791, S-348
ID: ae-200808-034

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Snapshot Viewer for Microsoft Access
Links: MS08-041, CVE-2008-2463, AL-2008.0085, S-347
ID: ae-200808-033

No further comment due to legal reasons

System: Mandriva Linux
Topic: Vulnerability in Perl
Links: MDVSA-2008:165, CVE-2008-2827
ID: ae-200808-032

The rmtree function in lib/File/Path.pm in Perl 5.10 doesn't properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack. Updated packages have been patched to fix this problem.

System: Microsoft Windows
Topic: Vulnerability in Trend Micro OfficeScan
Links: TrendMicro #1037899, ESB-2008-0790
ID: ae-200808-031

The OfficeScan Web Console utilizes several ActiveX controls when deploying the product through its Web interface. One of these controls, objRemoveCtrl, has been found to be vulnerable to a stack-based buffer overflow when embedded in a webpage. An attacker could exploit these issues by enticing a victim into viewing a malicious web page. A successful exploit would allow attacker-supplied code to run in the context of the currently logged-in user. As a workaround, the kill bit for the responsible ActiveX control should be set. As far as available, an update should be installed.

System: Various
Topic: Several vulnerabilities in Ruby
Links: Ruby, CVE-2008-1447, ESB-2008.0789
ID: ae-200808-030

Multiple vulnerabilities have been discovered in Ruby. They might lead to increased privileges, inappropriate access, providing misleading information or Denial-of-Service (DoS). Updated packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in condor and dnsmasq
Links: RHSA-2008-0814, RHSA-2008-0816, CVE-2008-3424, ESB-2008.0786,
RHSA-2008-0789, CVE-2008-1447, ESB-2008.0787,
ID: ae-200808-029

Condor is a specialized workload management system for compute-intensive jobs as part of Red Hat Enterprise MRG. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. A flaw has been found in the way Condor interprets wildcards in authorization lists. Due to this, remote users may be able to submit computation jobs, even when such access should have been denied. A patch remedies this potential problem.
An updated dnsmasq package that implements UDP source-port randomization is now available for Red Hat Enterprise Linux 5.

System: Debian GNU/Linux
Topic: Vulnerability in pdns
Links: DSA-1628, CVE-2008-3337, ESB-2008.0784
ID: ae-200808-028

It has been discovered that the PowerDNS (pdns) authoritative name server doesn't respond to DNS queries which contain certain characters, increasing the risk of successful DNS spoofing. An update changes PowerDNS to respond with SERVFAIL responses instead.

System: Sun Solaris
Topic: Vulnerability in Solaris Trusted Extensions
Links: Sun Alert #240099, ESB-2008.0785
ID: ae-200808-027

If a Solaris Trusted Extensions system has a labeled zone which is in the "installed" state, a security vulnerability in Solaris Trusted Extensions labeled networking may allow remote unauthorized users from another system (at the same label) to gain access to the global zone of the affected system, if that user has access to a username and password that is valid within the global zone. This is a Mandatory Access Control (MAC) policy violation. The global zone in the Solaris Trusted Extensions system is the administrative zone, which should only be accessible to administrative roles. A patch remedies this problem.

System: SuSE Linux
Topic: Vulnerabilities in moodle, Opera 9.5.1, libxcrypt, Acroread, and gnumeric
Links: SUSE-SR:2008:016
ID: ae-200808-026

A SUSE Security Summary reports about vulnerabilities in the packages moodle, Opera 9.5.1, libxcrypt, Acroread, and gnumeric. Updated packages are available now and should be installed on vulnerable systems.

System: Microsoft Windows
Topic: Vulnerabilities in Adobe Presenter
Links: APSB08-17, CVE-2008-3515, CVE-2008-3516, ESB-2008-0788
ID: ae-200808-025

Potential cross-site scripting vulnerabilities have been identified in code generated by Adobe Presenter 7 and Adobe Presenter 6. Adobe recommends customers update to Adobe Presenter 7.0.1, and update any previously deployed content.

System: Various
Topic: Vulnerability in Apache
Links: SecurityFocus, CVE-2008-2939, VU#663763
ID: ae-200808-024

The Apache mod_proxy_ftp module allows the Apache web server to act as a proxy for FTP sites. Filename globbing is the process of using wildcards to match filenames. The mod_proxy_ftp module contains an XSS vulnerability that occurs because the module does not properly filter globbed characters in FTP URIs. Apache has released updates to address this issue.

System: Mandriva Linux
Topic: Vulnerabilities in rxvt, qemu, and python
Links: MDVSA-2008:161, CVE-2008-1142,
MDVSA-2008:162, CVE-2007-1320, CVE-2007-1321, CVE-2007-1322, CVE-2007-1366, CVE-2007-5729, CVE-2007-5730, CVE-2007-6227, CVE-2008-0928, CVE-2008-1945, CVE-2008-2004,
MDVSA-2008:163, CVE-2008-1679, CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144
ID: ae-200808-023

A local user can hijack X11 connections. This is possible due to a vulnerability in rxvt, allowing to open a terminal on :0 if the environment variable isn't set correctly.
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to attempting to mark non-existent regions as dirty, aka the bitblt heap overflow. Fujrther on, Qeumu shows variouis other vulnerabilities, leading to a Denial-of-Service (DoS) or even the execution of arbitrary code.
Python shows some integer overflows and underflows, leading to the execution of arbitrary code or a Denial-of-Service.
Updated packages have been patches, solving these problems.

System: Sun Solaris
Topic: Vulnerability in Firmware for Netra T5220
Links: Sun Alert #239930, ESB-2008.0782
ID: ae-200808-022

A security vulnerability in the firmware for Sun Netra T5220 systems version 7.1.3 may allow a local unprivileged user to panic the system, which is a type of Denial-of-Service (DoS). Firmware version 7.1.4.a solves this problem.

System: Sun Solaris
Topic: Vulnerabilities in pthread mutex API and snoop
Links: Sun Alert #239387, ESB-2008.0781,
Sun Alert #240101, CVE-2008-0964, CVE-2008-0965, iDEFENSE #734, iDEFENSE #735, ESB-2008.0783
ID: ae-200808-021

Due to a security vulnerability in Solaris, usage of the pthread_mutex_reltimedlock_np(3C) API by a local unprivileged user or by an application, when the API is used in a particular way, can cause the system to hang or, if the deadman feature is enabled, to panic. This leads to a Denial-of-Service (DoS) condition.
A security vulnerability in the snoop(1M) network utility relating to the display of SMB traffic may allow a remote user the ability to execute arbitrary commands as the user "nobody" or possibly another local user.
Patches fix these problems.

System: HP-UX
Topic: Vulnerability in libc
Links: HPSBUX02355, SSRT080023, CVE-2008-1664, ESB-2008.0780
ID: ae-200808-020

A potential security vulnerability has been identified in HP-UX using libc. It might be exploited remotely to create a Denial-of-Service (DoS). Patches are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in JBoss Enterprise Application Platform
Links: RHSA-2008-0825, RHSA-2008-0826, RHSA-2008-0827, RHSA-2008-0828, CVE-2008-1285, CVE-2008-3273, ESB-2008.0779
ID: ae-200808-019

Updated JBoss Enterprise Application Platform (JBoss EAP) packages fix various security issues. These are various possibilities for Cross-Site Scripting (XSS) as well as unauthenticated access to the status servlet.

System: Microsoft Windows
Topic: Vulnerability in Sun xVM VirtualBox
Links: CoreSecurity, CVE-2008-3431, ESB-2008.0778
ID: ae-200808-018

Sun xVM VirtualBox is a virtualization solution for different operating systems. As far as this software runs unter Microsoft Windows, a flaw in the kernel driver might allow local users to execute arbitrary code in kernel context. Version 1.6.4 has fixed this vulnerability.

System: Debian GNU/Linux
Topic: Vulnerability in opensc
Links: DSA-1627, CVE-2008-2235, ESB-2008.0777, S-362
ID: ae-200808-017

Opensc is a a library and utilities to handle smart cards. The initialization of smart cards with the Siemens CardOS M4 card operating system is done without proper access rights. This allows everyone to change the card's PIN. An updated package remedies this problem.

System: Red Hat Enterprise Linux 5
Topic: Vulnerabilities in kernel
Links: RHSA-2008-0612, CVE-2008-1294, CVE-2008-2136, CVE-2008-2812, ESB-2008.0776
ID: ae-200808-016

Updated kernel packages fixing some security issues and several bugs are now available for Red Hat Enterprise Linux 5. The vulnerabilities concern a possible kernel leak in the Linux kernel Simple Internet Transition (SIT) INET6 implementation allowing local users to cause a Denial-of-Service. A flaw in the Linux kernel setrlimit system call could allow a local unprivileged user to bypass the CPU time limit. Further on, multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers are missing checks for terminal validity, which could allow privilege escalation.
Updated kernel packages fixing these problems are available now.

System: Microsoft Windows
Topic: Vulnerability in CA ARCserve Backup
Links: CA, CVE-2008-3175, ESB-2008.0773
ID: ae-200808-015

CA ARCserve Backup for Laptops and Desktops server contains a vulnerability that can allow a remote attacker to execute arbitrary code or cause a Denial-of-Service condition. The vulnerability occurs due to insufficient bounds checking by the LGServer service. An attacker can make a request that can result in arbitrary code execution or crash the service. An appropriate update solves this potential problem.

System: Various
Topic: Vulnerabilities in Apache Tomcat
Links: Tomcat, CVE-2008-1232, CVE-2008-2370, ESB-2008.0772
ID: ae-200808-014

Most versions of Apache Tomcat show a vulnerability allowing Cross-Site Scripting (XSS). Additionally, a vulnerability exposing information has been found. Please update your Tomcat installation.

System: Sun Solaris
Topic: Vulnerability in namefs Kernel module
Links: Sun Alert #2237986, ESB-2008.0771
ID: ae-200808-013

A security vulnerability in the namefs kernel module may allow a local unprivileged user the ability to execute arbitrary code in kernel context or panic the system. The ability to panic the system is a type of Denial-of-Service (DoS). A patch is available now.

System: Linux
Topic: Vulnerabilities in Ingres Database
Links: Ingres_080108, iDEFENSE #731, iDEFENSE #732, iDEFENSE #733, CVE-2008-3356, CVE-2008-3357, CVE-2008-3389, ESB-2008.0766
ID: ae-200808-012

Local exploitation of a file permissions modification vulnerability in the "verifydb" utility, as included with Ingres Database 2006 Release 2 for Linux, allows attackers to modify the permissions of files owned by the Ingres database user. A stack-based buffer overflow vulnerability in the "libbecompat" library allows attackers to execute arbitrary code with the privileges of the Ingres user. Finally, local exploitation of an untrusted library path vulnerability in the "ingvalidpw" utility allows attackers to execute arbitrary code with root privileges.
These problems have been identified and resolved by Ingres in the following releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release 1 (9.0.4), and Ingres 2.6.

System: SuSE Linux
Topic: Vulnerabilities in net-snmp
Links: SUSE-SA:2008:039, CVE-2008-0960, CVE-2008-2292
ID: ae-200808-011

The net-snmp daemon implements SNMP. Version 3 of SNMP as implemented in net-snmp uses the length of the HMAC in a packet to verify against a local HMAC for authentication. An attacker can therefore send a SNMPv3 packet with a one byte HMAC and guess the correct first byte of the local HMAC with 256 packets (max). Additionally, a buffer overflow in perl-snmp has been found, causing a Denial-of-Service by crashing the application. Updated packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in cupsys and httrack
Links: DSA-1625, CVE-2008-0053, CVE-2008-1373, CVE-2008-1722, ESB-2008.0768,
DSA-1626, ESB-2008.0767
ID: ae-200808-009

Several remote vulnerabilities have been discovered in the Common Unix Printing System (CUPS). They might lead to buffer overflows or an integer overflow. As a consequence, arbitrary code can be executed on the vulnerable system.
Httrack is a utility to create local copies of websites. It's vulnerable to a buffer overflow potentially allowing to execute arbitrary code when passed excessively long URLs.
Updated packages solving these problems are available now.

System: Various
Topic: Vulnerability in SAP MaxDB
Links: iDefense, CVE-2008-1810, ESB-2008.0764
ID: ae-200808-008

Local exploitation of an untrusted path vulnerability in the "dbmsrv" program, as distributed with SAP AG's MaxDB, allow attackers to elevate privileges to that of the "sdb" user. Fixed software is available now.

System: Sun Solaris
Topic: Vulnerability in picld
Links: Sun Alert #239728, ESB-2008.0763
ID: ae-200808-007

Due to a security vulnerability in the Solaris Platform Information and Control Library daemon (picld(1M)), a local unprivileged user may be able to disable system monitoring and prevent system utilities (prtdiag(1M), prtpicl(1M), prtfru(1M)) from operating properly. A patch is available now.

System: HP-UX
Topic: Vulnerability in System Administration Manager
Links: HPSBUX02286 SSRT071466, ESB-2008.0762
ID: ae-200808-006

A security vulnerability has been identified in HP-UX running System Administration Manager (SAM). This vulnerability may allow unintended remote access. Patche are available now.

System: Apple Mac OS X
Topic: New Apple Security Update available
Links: Apple Security Update 2008-005, iDEFENSE #730, ESB-2008.0761
ID: ae-200808-005

Apple has published the security update for Mac OS X. It fixes multiple vulnerabilities in Open Scripting Architecture, BIND, CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAP, OpenSSL, PHP, QuickLook, and rsync. It's recommended to install this update.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in java-1.5.0-ibm
Links: RHSA-2008-0790, CVE-2008-3104, CVE-2008-3105, CVE-2008-3106, CVE-2008-3108, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, ESB-2008.0757
ID: ae-200808-004

Several vulnerabilities were found in the Java Runtime Environment (JRE). Fixed packages are available now.

System: Red Hat Enterprise Linux 5
Topic: Vulnerability in nfs-utils
Links: RHSA-2008-0486, CVE-2008-1376, ESB-2008.0755
ID: ae-200808-003

A flaw was found in the nfs-utils package build. The nfs-utils package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. Fixed packages are available now.

System: Various
Topic: Vulnerability in libxslt
Links: CVE-2008-2935, DSA-1624, ESB-2008.0760, S-363, RHSA-2008-0649, ESB-2008.0758, MDVSA-2008:160
ID: ae-200808-002

It was discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code. Fixed software is available now.

System: Debian GNU/Linux
Topic: Vulnerability in newsx
Links: DSA-1622, CVE-2008-3252, ESB-2008.0753
ID: ae-200808-001

It was discovered that newsx, an NNTP news exchange utility, was affected by a buffer overflow allowing remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period. Fixed packages are available now.



(c) 2000-2014 AERAsec Network Services and Security GmbH