Network Security

AERAsec
Network Security
Current Security Messages


Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!


This is some information you send:

Your Browser

CCBot/2.0 (http://commoncrawl.org/faq/)

Your IP address

ec2-54-82-170-223.compute-1.amazonaws.com [54.82.170.223]

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen month 08 / 2009

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in java-1.5.0-ibm
Links: RHSA-2009-1236, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, ESB-2009.1229
ID: ae-200908-087

Several vulnerabilities were found in the IBM 1.5.0 Java release. Fixed packages are available now.

System: Red Hat Enterprise Linux 3
Topic: Vulnerabilities in the Kernel
Links: RHSA-2009-1233, CVE-2009-2692, CVE-2009-2698
ID: ae-200908-086

Two vulnerabilities have been found in the kernel of RHEL. The macro SOCKOPS_WRAP doesn't initialize the sendpage operation in the proto_ops structure correctly. Local unprivileged users might use this flaw to cause a local Denial-of-Service (DoS) or escalate their privileges. The same effect can be reached due to a flaw in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. Updated kernel packages are available now.

System: Sun Solaris
Topic: Vulnerability in Solaris Print Service
Links: Sun Alert #264608, CVE-2008-2972, ESB-2009.1228
ID: ae-200908-085

A security vulnerability in the Solaris print service (see in.lpd(1M)) may allow a local or remote unprivileged user to cause the system to slow down and become unresponsive. This is a type of Denial-of-Service (DoS). A patch is available now.

System: Various
Topic: Vulnerabilities in Drupal 3rd party modules
Links: DRUPAL-SA-CONTRIB-2009-053, DRUPAL-SA-CONTRIB-2009-054, ESB-2009.1226
ID: ae-200908-084

The Ajax Table module lacks access checks, which makes it possible for any user to delete arbitrary users and nodes. Further on, a Cross-Site-Scripting (XSS) Attack is possible here. The Go - url redirects (gotwo) module offers also XSS, but also arbirtrary PHP code execution. Updated software is available now and should be installed immediately when these modules are used. Please be aware that Drupal core is not affected.

System: Cisco
Topic: Vulnerabilities in Cisco Unified Communications Manager
Links: Cisco, CVE-2009-2050, CVE-2009-2051, CVE-2009-2052, CVE-2009-2053, CVE-2009-2054, ESB-2009.1225
ID: ae-200908-083

The Cisco Unified Communications Manager contains multiple Denial-of-Service (DoS) vulnerabilities that if exploited could cause an interruption to voice services. The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities. Cisco has released free software updates.

System: Red Hat Enterprise Linux 4, 5
Topic: Vulnerability in gnutls
Links: RHSA-2009-1232, CVE-2009-2730, ESB-2009.1224
ID: ae-200908-082

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. An update is available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in xulrunner and nss
Links: DSA-1873, CVE-2009-2654, ESB-2009.1222,
DSA-1874, CVE-2009-2404, CVE-2009-2408, CVE-2009-2409, ESB-2009.1223
ID: ae-200908-081

Incorrect handling of invalid URLs could be used for spoofing the location bar and the SSL certificate status of a web page. For the stable distribution (lenny) this problem has been fixed now. Several vulnerabilities have been discovered in the Network Security Service libraries (nss). They might lead to the execution of arbitrary code or man-in-the-middle attacks. Also for these problems a patch is available now.

System: Sun Solaris 10
Topic: Vulnerabilities in Adobe Reader
Links: APSB09-07, TA09-161A, Sun Alert #265330, ESB-2009.1221
ID: ae-200908-080

Multiple security vulnerabilities in Adobe Reader and Acrobat versions prior to 9.1.2, 8.1.6, and 7.1.3 may allow a remote unprivileged user to execute arbitrary code with the privileges of the user running Adobe Reader or crash the Adobe Reader application, thereby causing a Denial-of-Service (DoS) condition. Please update to the latest version.

System: Sun Solaris, OpenSolaris
Topic: Vulnerability in xscreensaver and Assistive Technology Support
Links: Sun Alert #259388, ESB-2009.1219
ID: ae-200908-079

A security vulnerability involving xscreensaver(1) and Assistive Technology Support may allow a local user with physical access to a system to be able to unlock an X display which has been locked using xscreensaver(1) and thus gain unauthorized access to the system. Patches are available now.

System: Microsoft Windows
Topic: Vulnerability in Autonomy KeyView SDK
Links: iDEFENSE #823, IBM, SYM09-010, ESB-2009.1218
ID: ae-200908-078

Autonomy KeyView SDK is a commercial SDK that provides many file format parsing libraries. It supports a large number of different document formats, one of which is the Microsoft Excel 97 (XLS) format. It's used by several popular vendors for processing documents. Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView SDK allows attackers to execute arbitrary code with the privileges of the targeted application. The vulnerability occurs when parsing a Shared String Table (SST) record inside of an Excel file. All versions of the KeyView SDK that include the "xlssr.dll" filter module are suspected to be vulnerable. They are used in e.g. IBM Lotus Notes or Symantec Mail Security for MS Exchange. One option is to disable this library. A second option is to install an update, as far as it's available.

System: Mandriva Linux
Topic: Vulnerabilities in libneon
Links: MDVSA-2009:221, CVE-2008-2473, CVE-2008-2474
ID: ae-200908-077

Neon before 0.28.6, when expat is used, doesn't properly detect recursion during entity expansion, which allows context-dependent attackers to cause a Denial-of-Service via a crafted XML document containing a large number of nested entity references. Further on, when using OpenSSL, a NUL character in the domain name isn't handled correctly so a man-in-the-middle attack is possible. A patch is available now.

System: Sun Solaris 10, OpenSolaris
Topic: Vulnerability in pollwakeup
Links: Sun Alert #265248, ESB-2009.1217
ID: ae-200908-076

A security vulnerability in Solaris pollwakeup(9F) may allow a local unprivileged user to panic the system and thereby cause a Denial-of-Service (DoS). Patches are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in Kernel 2.6
Links: DSA-1872, CVE-2009-2698, CVE-2009-2846, CVE-2009-2847, CVE-2009-2848, CVE-2009-2849, ESB-2009.1215
ID: ae-200908-075

Several vulnerabilities have been discovered in the Linux kernel 2.6 that may lead to Denial-of-Service, privilege escalation or a leak of sensitive memory. Updated kernel packages are available now.

System: Red Hat Enterprise Linux 4, 5
Topic: Vulnerabilities in the Kernel
Links: RHSA-2009-1222, RHSA-2009-1223, CVE-2009-2692, CVE-2009-2698, ESB-2009.1214
ID: ae-200908-074

Two vulnerabilities have been found in the kernel of RHEL. The macro SOCKOPS_WRAP doesn't initialize the sendpage operation in the proto_ops structure correctly. Local unprivileged users might use this flaw to cause a local Denial-of-Service (DoS) or escalate their privileges. The same effect can be reached due to a flaw in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. Updated kernel packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in wordpress
Links: DSA-1871, ESB-2009.1212
ID: ae-200908-073

Several vulnerabilities have been discovered in wordpress, weblog manager. They might allow many kinds of attacks which also are remotely exploitable. Updated packages are available now.

System: Various
Topic: Vulnerabilities in VMware Workstation, Player, ACE
Links: VMSA-2009-0010, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-0040, ESB-2009.1211
ID: ae-200908-072

Several vulnerabilities have been found in the products of VMware. Exploiting them remote and unauthenticated, might lead to the execution of arbitrary code, Cross-Site Scripting (XSS) or a Denial-of-Service (DoS). Please check your installation for updates addressing these vulnerabilities.

System: Mandriva Linux
Topic: Vulnerability in expat, w3c-libwww, python, wxgtk, python-celementtree, and davfs
Links: MDVSA-2009:211, MDVSA-2009:212, MDVSA-2009:213, MDVSA-2009:214, MDVSA-2009:218, CVE-2008-2625
ID: ae-200908-071

A vulnerability has been found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a Denial-of-Service (DoS) attack. A patch is available now.

System: SUSE Linux Enterprise, openSuSE
Topic: Vulnerabilities in Kernel
Links: SUSE-SA:2009:045, CVE-2008-5033, CVE-2009-0676, CVE-2009-1046, CVE-2009-1385, CVE-2009-1389, CVE-2009-1630, CVE-2009-1758, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407, CVE-2009-2692, ESB-2009.1213
ID: ae-200908-070

Several vulnerabilities were found in the kernel of SuSE Linux. Exploiting these vulnerabilities might have security impact, e.g. local users getting privileged access to the system. Fixed kernel packages are available now.

System: Mandriva Linux
Topic: Vulnerabilities in libgadu and gnutls
Links: MDVSA-2009:208, CVE-2008-4776,
MDVSA-2009:210, CVE-2009-2730,
ID: ae-200908-069

Libgadu before 1.8.2 allows remote servers to cause a Denial-of-Service via a contact description with a large length, which triggers a buffer over-read. A vulnerability in GnuTLS before 2.8.2 might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Updated packages are available now.

System: Sun Solaris, OpenSolaris
Topic: Vulnerability in the Solaris sendfile/sendfilev
Links: Sun Alert #258588, ESB-2009.1210
ID: ae-200908-068

A security vulnerability in the Solaris sendfile(3EXT) and sendfilev(3EXT) extended library functions may allow a local unprivileged user to panic the system, causing a Denial-of-Service (DoS). Patches are available now.

System: Sun Solaris, OpenSolaris
Topic: Vulnerability in the Solaris Kernel
Links: Sun Alert #257848, CVE-2009-2857, ESB-2009.1209
ID: ae-200908-067

A security vulnerability in the Solaris kernel related to the interaction of the filesystem and virtual memory subsystems may allow a local unprivileged user to cause the system to slow down and eventually cease operating, thereby resulting in a Denial-of-Service (DoS). Patches are available now.

System: Many
Topic: Vulnerability in Adobe Flex 3.3 SDK
Links: APSB09-13, CVE-2009-1879, ESB-2009.1207
ID: ae-200908-066

An important vulnerability has been identified within template files contained in the Flex 3.3 SDK and earlier versions. This vulnerability could allow an attacker to execute a reflected cross-site scripting (XSS) attack on web sites using the affected code. Adobe recommends all users of Flex 3.3 SDK and earlier versions update to the newest version, Flex 3.4 SDK.

System: Debian GNU/Linux
Topic: Vulnerabilities in KDE
Links: DSA-1866, DSA-1867, DSA-1868, CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1709, ESB-2009.1204
ID: ae-200908-065

Several security issues have been discovered in kdegraphics, the graphics apps from the official KDE release. They might lead to the execution of arbitrary code. Updated packages are available now.

System: Cisco
Topic: Vulnerability in Cisco Firewall Services Module (FWSM)
Links: Cisco, CVE-2009-0638, ESB-2009.1203
ID: ae-200908-064

A vulnerability exists in the Cisco Firewall Services Module (FWSM) for the Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, specially crafted ICMP messages. Cisco has released free software updates that address this vulnerability.

System: Sun Solaris
Topic: Vulnerabilities in Sun Virtual Desktop Infrastructure (VDI)
Links: Sun Alert #265488, CVE-2009-2856, ESB-2009.1201
ID: ae-200908-063

A security vulnerability in Sun Virtual Desktop Infrastructure (VDI) Software 3.0 may allow a remote privileged user to be able to view client LDAP requests for VDI configuration data. A patch is available now.

System: Mandriva Linux
Topic: Vulnerabilities in CA Host-Based Intrusion Prevention and Internet Security Suite
Links: CA20090818-01, CA20090818-02, CVE-2009-0682, CVE-2009-2740, ESB-2009.1200
ID: ae-200908-062

A vulnerability exists in the CA Host-Based Intrusion Prevention System, named in the kmxIds.sys driver which doesn't handle malformed packets not correctly. It might allow a remote attacker to cause a Denial-of-Service (DoS). A DoS can also be initiated by local users due to a vulnerability in the CA Internet Security Suite. This is reasoned by an insufficient verification of IOCTL calls by the vetmonnt.sys driver. CA has issued patches to address these vulnerabilities.

System: Mandriva Linux
Topic: Vulnerability in wget
Links: MDVSA-2009:206, CVE-2009-2408
ID: ae-200908-061

SuSE has found a vulnerability in wget which can be corrected now by installing the latest patch.

System: Red Hat Enterprise Linux
Topic: Vulnerability in libvorbis
Links: RHSA-2009-1219, CVE-2009-2663, ESB-2009.1196
ID: ae-200908-060

An insufficient input validation flaw was found in the way libvorbis processes the codec file headers (static mode headers and encoding books) of the Ogg Vorbis audio file format (Ogg). A remote attacker might provide a specially-crafted Ogg file that would cause a Denial-of-Service (DoS) or the execution of arbitrary code. Updated packages are available now.

System: Linux
Topic: Vulnerability in Libpurple
Links: CORE-2009-0727, CVE-2009-2694, RHSA-2009-1218, ESB-2009.1197, ESB-2009.1198, DSA-1870, ESB-2009.1206, VU#582244
ID: ae-200908-059

Pidgin (formerly named Gaim) is one among many multi-platform instant messaging clients, based on a library named libpurple. A remote arbitrary-code-execution vulnerability has been found in Libpurple, which can be triggered by a remote attacker by sending a specially crafted MSNSLP packet with invalid data to the client through the MSN server. Updated packages address this issue.

System: Microsoft Windows
Topic: Vulnerability in HP Network Node Manager
Links: HPSBMA02448, SSRT061231, CVE-2009-0819, ESB-2009.1195
ID: ae-200908-058

A potential vulnerability has been identified with HP Network Node Manager (NNM) Remote Console running on Windows. The vulnerability could be exploited by a local user to execute arbitrary code or to create a Denial-of-Service (DoS). Due to the file permissions required, only trusted users should be given access to the system running HP Network Node Manager (NNM) Remote Console 7.5x.

System: Microsoft Windows
Topic: Vulnerability in Acer AcerCtrls.APlunch ActiveX control
Links: VU#485961, CVE-2009-2627
ID: ae-200908-057

The Acer AcerCtrls.APlunch ActiveX control contains methods that can allow a remote, unauthenticated attacker to run arbitrary commands on a vulnerable system. Updated software isn't available yet, so if possible disable this ActiveX control.

System: Cisco IOS XR
Topic: Vulnerability in Border Gateway Protocol
Links: Cisco, CVE-2009-2055, ESB-2009.1194
ID: ae-200908-056

Cisco IOS XR will reset a Border Gateway Protocol (BGP) peering session when receiving a specific invalid BGP update. The vulnerability manifests when a BGP peer announces a prefix with a specific invalid attribute. On receipt of this prefix, the Cisco IOS XR device will restart the peering session by sending a notification. The peering session will flap until the sender stops sending the invalid/corrupt update. Cisco is preparing to release free software maintenance upgrade (SMU) that address this vulnerability. A workaround is described in the advisory.

System: Many
Topic: Vulnerabilities in ColdFusion and JRun
Links: APSB09-12, CVE-2009-1872, CVE-2009-1873, CVE-2009-1874, CVE-2009-1875, CVE-2009-1876, CVE-2009-1877, CVE-2009-1878, ASB-2009.1053
ID: ae-200908-055

Critical vulnerabilities have been identified in ColdFusion v8.0.1 and earlier versions, and JRun 4.0. These vulnerabilities could lead to the potential compromise of user accounts or the affected system. Further on, Cross-Site Scripting (XSS) may be possible as remote code execution is. Adobe recommends affected ColdFusion and JRun customers update their installations.

System: Avaya Appliances / Red Hat Enterprise Linux 4
Topic: Vulnerabilities in Kernel
Links: ASA-2009-277, ESB-2009.1193, RHSA-2009-1132, CVE-2009-1072, CVE-2009-1192, CVE-2009-1385, CVE-2009-1630, CVE-2009-1758, ESB-2009.1001
ID: ae-200908-054

Several vulnerabilities were found in the kernel of Red Hat Enterprise Linux 4. Avaya appliances are based on it, so they show the same vulnerablities as reported for RH EL in June 2009. Fixed kernel packages are available now.

System: Mandriva Linux
Topic: Vulnerability in wxgtk
Links: MDVSA-2009:204, CVE-2009-2369
ID: ae-200908-053

An Integer Overflow in a function might allow attackers to create a Denial-of-Service (DoS) or even the execution of arbitrary code via a specially crafted JPEG file. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in zope2.10/zope2.9
Links: DSA-1863, CVE-2009-0668, CVE-2009-0669
ID: ae-200908-052

Zope is a web application written in Python. Some vulnerabilities might lead to arbitrary code execution in the worst case. Updated packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in Kernel 2.6
Links: DSA-1862, DSA-1864, CVE-2009-2692, ESB-2009.1190
ID: ae-200908-051

An issue has been found with how the sendpage function is initialized in the proto_ops structure. Local users can exploit this vulnerability to gain elevated privileges due to this vulnerability in Kernel 2.6. Updated kernel packages are available now.

System: Linux
Topic: Vulnerabilities in HP Insight Control Suite For Linux
Links: HPSBMA02447, SSRT090062, CVE-2008-1720, CVE-2008-4309, CVE-2008-5161, CVE-2009-0590, CVE-2009-1272, CVE-2009-2677, ESB-2009.1189
ID: ae-200908-050

Potential security vulnerabilities have been identified with Insight Control Suite For Linux (ICE-LX). The vulnerabilities could be remotely exploited to allow Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial-of-Service (DoS) and other vulnerabilities. An updated product kit is available now.

System: SuSE Linux
Topic: Vulnerabilities in memcached, libtiff/libtiff3, nagios, libsndfile, gaim/finch, open-, strong, freeswan, libapr-util1, websphere-as_ce, and libxml2
Links: SUSE-SR:2009:011
ID: ae-200908-049

A SUSE Security Summary reports about vulnerabilities in the packages memcached, libtiff/libtiff3, nagios, libsndfile, gaim/finch, open-, strong, freeswan, libapr-util1, websphere-as_ce, and libxml2. Updated packages are available now and should be installed on vulnerable systems.

System: Linux
Topic: Vulnerability in curl
Links: CVE-2009-2417, RHSA-2009-1209, ESB-2009.1186, MDVSA-2009:203, DSA-1869, ESB-2009.1205, secadv_20090817, secadv_20090817a, ESB-2009.1199
ID: ae-200908-048

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. Due to this, a man-in-the-middle attack is possible. New packages are available now, fixing this potential problem.

System: Red Hat Enterprise Linux 4
Topic: Vulnerabilities in Kernel
Links: RHSA-2009-1211, CVE-2009-1389, CVE-2009-1439, CVE-2009-1633, ESB-2009.1187
ID: ae-200908-047

Updated kernelt packages that fix some security issues and various bugs are now available for Red Hat Enterprise Linux 4. These vulnerablities allow Denial-of-Service (DoS), privilege escalation as well as execution of arbitrary code. Due to these facts, this update should be installed as soon as possible.

System: Mandriva Linux
Topic: Vulnerability in fetchmail
Links: MDVSA-2009:201, CVE-2009-2666
ID: ae-200908-046

Fetchmail is a remote mail retrieval and forwarding utility. It's vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. It allows an attacker to perform undetected man-in-the-middle attacks. Fixed packages are available now.

System: Mac OS X
Topic: Vulnerability in BIND
Links: APPLE-SA-2009-08-12-1, CVE-2009-0696, ESB-2009.1185
ID: ae-200908-045

A potential security vulnerability has been identified with Mac OS X running the BIND server. The vulnerability could be remotely exploited to create a Denial-of-Service (DoS). An updated version is available now.

System: Red Hat Enterprise Linux EUS (v. 5.2.z server)
Topic: Vulnerabilities in nspr and nss
Links: RHSA-2009-1207, CVE-2009-2404, CVE-2009-2408, CVE-2009-2409, ESB-2009.1184
ID: ae-200908-044

Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. In these packages some vulnerabilities have been found. Based on a heap overflow in a regular expression parser used by browsers it's possible to execute arbitrary code on the system. Problems with NULL charackters in a certificate might allow man-in-the-middle attacks. New versions are available now, also having disabled MD2 and MD4 by default.

System: HP Tru64
Topic: Vulnerability in Samba on HP Internet Express
Links: HPSBTU02454, SSRT080172, CVE-2008-4314, ESB-2009.1183
ID: ae-200908-043

A potential security vulnerability has been identified in Samba running on the Internet Express for Tru64 UNIX. The vulnerability could be exploited remotely to disclose information on the Samba server. A first Early Release Patch is available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in ruby
Links: DSA-1860, CVE-2009-0642, CVE-2009-1904, ESB-2009.1182,
ID: ae-200908-042

Two vulnerabilities have been found in ruby 1.8 and ruby 1.9. The return value from the OCSP_basic_verify function was not checked properly, allowing continued use of a revoked certificate. Additionally, an issue in parsing BigDecimal numbers can result in a Denial-of-Service (DoS) condition. Updated packages are available now.

System: Some
Topic: New version of Apple Safari
Links: APPLE-SA-2009-08-11-1, CVE-2009-2188, CVE-2009-2195, CVE-2009-2196, CVE-2009-2199, CVE-2009-2200, CVE-2009-2468, ESB-2009.1181
ID: ae-200908-041

Safari 4.0.3 is now available and addresses quite many security related vulnerabilities. An update is recommended.

System: Microsoft Windows
Topic: Vulnerabilities in Remote Desktop Connection
Links: MS09-044, CVE-2009-1133, CVE-2009-1929, ESB-2009.1173
ID: ae-200908-040

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Office Web Components
Links: MS09-043, CVE-2009-0562, CVE-2009-1136, CVE-2009-1534, CVE-2009-2496, ESB-2009.1172, iDEFENSE #819
ID: ae-200908-039

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Telnet
Links: MS09-042, CVE-2009-1930, ESB-2009.1180
ID: ae-200908-038

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Microsoft Windows Workstation Service
Links: MS09-041, CVE-2009-1544, ESB-2009.1177
ID: ae-200908-037

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Message Queuing
Links: MS09-040, CVE-2009-1922, ESB-2009.1178
ID: ae-200908-036

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in WINS
Links: MS09-039, CVE-2009-1923, CVE-2009-1924, ESB-2009.1174
ID: ae-200908-035

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Windows Media
Links: MS09-038, CVE-2009-1545, CVE-2009-1546, ESB-2009.1175
ID: ae-200908-034

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Active Template Library (ATL)
Links: MS09-037, CVE-2008-0015, CVE-2008-0020, CVE-2009-0901, CVE-2009-2493, CVE-2009-2494, ESB-2009.1176, iDEFENSE #820, iDEFENSE #822
ID: ae-200908-033

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Microsoft Windows ASP.NET
Links: MS09-036, CVE-2009-1536, ESB-2009.1179
ID: ae-200908-032

No further comment due to legal reasons

System: Various
Topic: Vulnerabilities in Sun Java System Access Manager Policy Agent 2.2
Links: Sun Alert #265329 CVE-2008-3529, CVE-2008-4225, CVE-2008-4226, ESB-2009.1171
ID: ae-200908-031

Security vulnerabilities in Sun Java System Access Manager Policy Agent 2.2 (Web Agents) may allow a local or remote user to cause a Denial-of-Service (DoS) to the Policy Agent in the form of a program crash or an infinite loop, or possibly to execute arbitrary code by sending crafted XML documents. New versions of the agent solve this problem.

System: HP-UX
Topic: Vulnerability in ttrace
Links: HPSBUX02450, SSRT090141, CVE-2009-1427, ESB-2009.1170
ID: ae-200908-030

A potential security vulnerability have been identified with HP-UX programs using the ttrace(2) system call. The vulnerability could be exploited locally to create a Denial-of-Service (DoS). A patch remedies this problem.

System: Red Hat Enterprise Linux 3
Topic: Vulnerabilities in Apache httpd
Links: RHSA-2009-1205, CVE-2009-1891, CVE-2009-2412, ESB-2009.1168
ID: ae-200908-029

The Apache HTTP Server is a popular Web server. The httpd package shipped with Red Hat Enterprise Linux 3 contains embedded copies of the Apache Portable Runtime (APR) libraries. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime (APR) manages memory pool and relocatable memory allocations. An attacker could use these flaws to issue a specially-crafted request for memory allocation, which would lead to a Denial-of-Service (DoS) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. Further on, a DoS flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed.
Updated packages are available now.

System: Linux
Topic: Vulnerabilities in subversion
Links: CVE-2009-2411, DSA-1855, ESB-2009.1158, RHSA-2009-1203, ESB-2009.1166, MDVSA-2009:199, SUSE-SA:2009:044, ESB-2009.1192
ID: ae-200908-028

Subversion (SVN) is a concurrent version control system. Multiple heap overflow flaws in Subversion (server and client) have been found when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution.
Updated packages address this issue.

System: Linux
Topic: Vulnerabilities in libxml / libxml2
Links: CVE-2009-2414, CVE-2009-2416, DSA-1859, DSA-1861, ESB-2009.1165, ESB-2009.1188, RHSA-2009-1206, ESB-2009.1169, MDVSA-2009:200
ID: ae-200908-027

Libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw has been found in the way libxml processes the root XML document element definition in a DTD. Further on, multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. Both issues might allow remote attackers to provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to Denial-of-Service (DoS). Updated packages are available now.

System: Debian GNU/Linux
Topic: Several vulnerabilities in imagemagick
Links: DSA-1858, CVE-2007-1667, CVE-2007-1797, CVE-2007-4985, CVE-2007-4986, CVE-2007-4987, CVE-2007-4988, CVE-2008-1096, CVE-2008-1097, CVE-2009-1882, ESB-2009.1164,
ID: ae-200908-026

Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause a Denial-of-Service (DoS). Updated packages are available now.

System: Many
Topic: Vulnerability in EMC Replication Manager Client
Links: ZDI-09-051, ESB-2009.1163
ID: ae-200908-025

A vulnerability in EMC Replication Manager Client allows remote attackers to execute arbitrary code on vulnerable installations. The flaw exists within the irccd.exe process which listens by default on a TCP port around 6700. The XML-based protocol this service communicates over accepts a RunProgram message. By supplying a malicious payload and requesting this functionality a remote attacker can execute arbitrary code on the remote system. Fixes are available now.

System: Microsoft Windows
Topic: Vulnerability in CA Unicenter
Links: CA20090806-02, CVE-2009-1232, ESB-2009.1162
ID: ae-200908-024

A security risk has been found with CA Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, and Unicenter Patch Management. The release of Tomcat as included with the products is potentially susceptible to a cross-site scripting (XSS) vulnerability. CA has issued a solution to address the issue.

System: Microsoft Windows
Topic: Vulnerability in CA Data Transport Services
Links: CA20090806-01, CVE-2009-2026, ESB-2009.1161
ID: ae-200908-023

Products like e.g. CA Software Delivery use the Data Transport Services. They show a vulnerability that enable remote attackers to execute arbitrary code with privileged access on a vulnerable system. This is due to insufficient bounds checking in the dtscore library. CA has issued patches to address the issue.

System: HP NonStop
Topic: Vulnerability in HP NonStop Servers with Telco CLIMs
Links: HPSBNS02449, SSSRT090149, CVE-2009-0065, ESB-2009.1152
ID: ae-200908-022

A potential security vulnerability has been identified with HP NonStop Servers with Telco CLIMs. The vulnerability could be exploited remotely to execute arbitrary code or to create a Denial-of-Service (DoS). Until an update is available to resolve this vulnerability, it can be avoided by disabling the Partial Reliable Stream Control Transmission Protocol (PR-SCTP).

System: HP Tru64
Topic: Vulnerability in BIND
Links: HPSBTU02453, SSRT091037, CVE-2009-0696, ESB-2009.1151
ID: ae-200908-021

A potential security vulnerability has been identified with Tru64 UNIX running the BIND server. The vulnerability could be remotely exploited to create a Denial-of-Service (DoS). An updated version is available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in subversion, mantis, and camlimages
Links: DSA-1855, CVE-2009-2411, ESB-2009.1157,
DSA-1856, ESB-2009.1158,
DSA-1857, CVE-2009-2660, ESB-2009.1159
ID: ae-200908-020

Subversion performs insufficient input validation of svndiff streams. Malicious servers could cause heap overflows in clients, and malicious clients with commit access could cause heap overflows in servers, possibly leading to arbitrary code execution in both cases.
The Debian Mantis package, a web based bug tracking system, installed the database credentials in a file with world-readable permissions onto the local filesystem. This allows local users to acquire the credentials used to control the Mantis database.
CamlImages is an open source image processing library. It suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of JPEG and GIF Images.
Fixed packages are available now.

System: SuSE Linux
Topic: Vulnerabilities in Sun Java
Links: SUSE-SA:2009:043, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, ESB-2009.1160
ID: ae-200908-019

The Sun Java JRE /JDK 5 was updated to Update 20 fixing various security issues. These issues also affect openSuSE as well as SLES and SLED, respectively.

System: Debian GNU/Linux
Topic: Vulnerabilities in fetchmail and memcached
Links: DSA-1852, CVE-2009-2666, eSB-2009.1154,
DSA-1853, CVE-2009-1415, eSB-2009.1155
ID: ae-200908-018

Fetchmail is a remote mail retrieval and forwarding utility. It's vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. It allows an attacker to perform undetected man-in-the-middle attacks.
Memcached is a memory object caching system. It is vulnerable to several heap-based buffer overflows due to integer conversions when parsing certain length attributes. An attacker can use this to execute arbitrary code on the system running memcached
Fixed packages are available now.

System: Many
Topic: Vulnerabilities in Adobe Flash Player, Adobe Reader and Acrobat
Links: APSB09-10, CVE-2009-0901, CVE-2009-1862, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870, CVE-2009-2493, CVE-2009-2495, iDEFENSE #816, iDEFENSE #818, TLSA-2009-24, Sun Alert #266108, ESB-2009.1216, APPLE-SA-2009-09-10-1, ESB-2009.1280
ID: ae-200908-017

Critical vulnerabilities have been identified in the current versions of Adobe Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. These vulnerabilities might cause the application to crash and could potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 9.x and 10.x and earlier versions update to Adobe Flash Player 9.0.246.0 and 10.0.32.18. Adobe recommends users of Adobe AIR version 1.5.1 and earlier versions update to Adobe AIR 1.5.2. Adobe recommends users of Adobe Reader 9 and Acrobat 9 and earlier versions update to Adobe Reader 9.1.3 and Acrobat 9.1.3.

System: Various
Topic: Vulnerability in IBM Tivoli Key Lifecycle Manager
Links: IBM, CVE-2009-2667, ESB-2009.1150
ID: ae-200908-016

A password security vulnerability exists on Tivoli Key Lifecycle Manager V1. Change the Administrator password to resolve the issue.

System: Various
Topic: Vulnerability in Sun VirtualBox
Links: Sun Alert #265268, ESB-2009.1146
ID: ae-200908-015

A security vulnerability in Sun VirtualBox 3.0 may allow a local unprivileged user inside of a VirtualBox virtual machine to be able to reboot the host operating system, which is a type of Denial of Service (DoS). Patches are available now.

System: Various
Topic: Vulnerabilities in Sun Java System Access Manager and OpenSSO
Links: Sun Alert #255968, Sun Alert #256668, ESB-2009.1145
ID: ae-200908-014

A security vulnerability in Sun Java System Access Manager related to the CDCServlet component may result in policy advice being presented to the wrong client. A security vulnerability in Sun Java System Access Manager may disclose clear text passwords in debug files when the debug flag is enabled. Patches are available now.

System: Linux/Unix
Topic: Vulnerability in apr
Links: CVE-2009-2412, MDVSA-2009:195, ESB-2009.1149, DSA-1854, ESB-2009.1156, RHSA-2009-1204, ESB-2009.1167
ID: ae-200908-013

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) allow remote attackers to cause a Denial-of-Service or execute arbitrary code. Fixed packages are available now.

System: Red Hat Linux
Topic: Vulnerabilities in java-1.6.0-ibm, java-1.5.0-sun, java-1.6.0-sun, and java-1.6.0-openjdk
Links: RHSA-2009-1198, RHSA-2009-1199, RHSA-2009-1200, RHSA-2009-1201, ESB-2009.1144
ID: ae-200908-012

Several vulnerabilities were found in the Java packages of Red Hat Enterprise Linux. Affected are java-1.6.0-ibm, java-1.5.0-sun, java-1.6.0-sun, and java-1.6.0-openjdk. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in gst-plugins-bad
Links: DSA-1851, CVE-2009-1438, ESB-2009.1140
ID: ae-200908-011

It has been discovered that gst-plugins-bad, the GStreamer plugins from the "bad" set, are prone to an integer overflow, when processing a MED file with a crafted song comment or song name. Fixed packages are available now.

System: Mac OS X
Topic: Mac OS X Version 10.5.7 available
Links: APPLE-SA-2009-08-05, ESB-2009.1138
ID: ae-200908-010

The Apple Security Update 2009-003 describes many vulnerabilities that can be fixed now by installing Mac OS X v10.5.8, which is now available. Other version should not be used any more.

System: Various
Topic: Vulnerability in Drupal 3rd party module
Links: DRUPAL-SA-CONTRIB-2009-050, ESB-2009.1136
ID: ae-200908-009

A vulnerability allowing cross-site scripting (XSS) was found in the Third-Party Drupal module "Webform report". Updated software is available now. Please be aware that Drupal core is not affected.

System: Mandriva Linux
Topic: Vulnerability in ruby
Links: MDVSA-2009:193, CVE-2009-0642
ID: ae-200908-008

Openssl fuctions in Ruby do not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. Fixed packages are available now.

System: Various
Topic: Vulnerabilities in Sun Java JRE/JDK
Links: Sun Alert #263408, Sun Alert #263409, Sun Alert #263428, Sun Alert #263429, Sun Alert #263488, Sun Alert #266468, CVE-2009-0217, ESB-2009.1132
ID: ae-200908-007

Several security vulnerabilities were found in the Sun Java Runtime Environment. Fixed software is available now.

System: Red Hat Enterprise Linux 5
Topic: Vulnerabilities in Kernel
Links: RHSA-2009-1193, CVE-2007-5966, CVE-2009-1385, CVE-2009-1388, CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407, ESB-2009.1131
ID: ae-200908-006

Updated kernelt packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 5. These vulnerablities allow Denial-of-Service (DoS) as well as execution of arbitrary code. So the update should be installed as soon as possible.

System: Debian GNU/Linux
Topic: Vulnerabilities in libmodplug
Links: DSA-1850, CVE-2009-1438, CVE-2009-1513, ESB-2009.1130
ID: ae-200908-005

Several vulnerabilities have been discovered in libmodplug, the shared libraries for mod music based on ModPlug. Fixed packages are available now.

System: Various
Topic: Vulnerabilities in HP Serviceguard Manager
Links: HPSBMA02445 SSRT090058, CVE-2008-5349, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, ESB-2009.1128
ID: ae-200908-004

Several security vulnerabilities have been identified with HP Serviceguard Manager B8325BA (Stand alone). These vulnerabilities can be exploited remotely to allow execution of arbitrary code and to create a Denial of Service (DoS). Fixed software is available now.

System: Various
Topic: Vulnerability in Bugzilla
Links: ESB-2009.1129
ID: ae-200908-003

An information leak was found in Bugzilla, a Web-based bug-tracking system. The names of all products are exposed on show_bug.cgi to any user who can edit bugs, even products that are normally invisible to that user. Fixed software is available now.

System: Sun Solaris, OpenSolaris
Topic: Vulnerability in Solaris Trusted Extensions
Links: Sun Alert #264808, ESB-2009.1127
ID: ae-200908-002

A security vulnerability in Solaris Trusted Extensions when parsing labeled packets may allow a remote privileged user to be able to panic the system which is a type of Denial of Service (DoS). Patches are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in znc and xml-security-c
Links: DSA-1848, ESB-2009.1124,
DSA-1849, CVE-2009-0217, ESB-2009.1123
ID: ae-200908-001

It was discovered that znc, an IRC proxy, did not properly process certain DCC requests, allowing attackers to upload arbitrary files.
It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation.
Fixed packages are available now.



(c) 2000-2014 AERAsec Network Services and Security GmbH