zencurity

Red Hat update for freetype

michaelburger — Wed, 17 Nov 2010 08:43:43 +0000

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

DESCRIPTION:
Red Hat has issued an update for freetype. This fixes a
vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

SOLUTION:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
RHSA-2010:0889-1:
https://rhn.redhat.com/errata/RHSA-2010-0889.html

OpenSSL TLS Server Extension Parsing Race Condition Vulnerability

michaelburger — Wed, 17 Nov 2010 07:30:08 +0000

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

DESCRIPTION:
A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise an application using the library.

The vulnerability is caused due to a race condition within the TLS extension parsing code, which can be exploited to cause a heap-based buffer overflow.

Successful exploitation requires that the server is multi-threaded and uses the internal caching mechanism of OpenSSL. Multi-processed servers or servers with disabled internal caching session (e.g. Apache HTTP server, Stunnel) are not affected.

The vulnerability is reported in versions 0.9.8f through 0.9.8o and versions 1.0.0 and 1.0.0a.

SOLUTION:
Update to version 0.9.8p and 1.0.0b or apply patches.

ORIGINAL ADVISORY:
http://www.openssl.org/news/secadv_20101116.txt

Apple QuickTime Sorenson Video 3 Array-Indexing Vulnerability

michaelburger — Thu, 11 Nov 2010 11:00:42 +0000

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

DESCRIPTION:
Secunia Research has discovered a vulnerability in QuickTime, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to an array-indexing error when parsing Sorenson Video 3 content and can be exploited to corrupt memory during decompression via a specially crafted file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in versions 7.6.6 and 7.6.8. Other versions may also be affected.

SOLUTION:
This will be addressed in an upcoming version for Windows. A fix is available for Mac OS X.

ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4435

Apple Mac OS X ATSServer CFF Font Parsing Vulnerability

michaelburger — Tue, 09 Nov 2010 09:01:27 +0000

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

DESCRIPTION:
A vulnerability has been reported in Apple Mac OS X, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to a signedness error in ATSServer when handling the CharStrings INDEX structure and can be exploited to cause a buffer overflow via e.g. a PDF file containing a specially crafted CFF font.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 10.5.

SOLUTION:
Upgrade to version 10.6, which is reportedly not affected.

Internet Explorer CSS Tag Parsing Code Execution Vulnerability

michaelburger — Thu, 04 Nov 2010 09:09:51 +0000

CRITICAL:
Extremely critical

IMPACT:
System access

WHERE:
From remote

DESCRIPTION:
A vulnerability has been reported in Internet Explorer, which can be
exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to insufficient memory being
allocated to store a certain combination of CSS (Cascading Style
Sheets) tags. This can be exploited to overwrite a byte in a virtual
table pointer and call into user-controlled data in memory via a
specially crafted web page.

Successful exploitation allows execution of arbitrary code.

NOTE: The vulnerability is currently being actively exploited.

SOLUTION:
Apply a custom CSS to override website CSS styles (please see the
Microsoft advisory for details).

ORIGINAL ADVISORY:
Microsoft:
http://www.microsoft.com/technet/security/advisory/2458511.mspx
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
http://blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx

Microsoft Windows DAO 3.6 Object Library Insecure Library Loading Vulnerability

michaelburger — Fri, 29 Oct 2010 16:29:27 +0000

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

DESCRIPTION:
A vulnerability has been discovered in Microsoft Windows, which can
be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to the Data Access Objects library
(dao360.dll) loading libraries (e.g. msjet49.dll) in an insecure
manner. This can be exploited to load arbitrary libraries by tricking
a user into e.g. opening a file located on a remote WebDAV or SMB
share via an application using the library.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in fully patched versions of Windows
XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3,
Windows Vista Business SP1, and Windows 7 Professional. Other
versions may also be affected.

SOLUTION:
Do not open untrusted files.

Red Hat update for cups

michaelburger — Fri, 29 Oct 2010 09:02:39 +0000

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From local network

DESCRIPTION:
Red Hat has issued an update for cups. This fixes some
vulnerabilities, which can be exploited by malicious people to
potentially compromise a vulnerable system.

SOLUTION:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
RHSA-2010-0811:
https://rhn.redhat.com/errata/RHSA-2010-0811.html

Red Hat update for thunderbird

michaelburger — Fri, 29 Oct 2010 09:01:21 +0000

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

DESCRIPTION:
Red Hat has issued an update for thunderbird. This fixes a
vulnerability, which can be exploited by malicious people to
compromise a user’s system.

SOLUTION:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
RHSA-2010:0812-1:
http://rhn.redhat.com/errata/RHSA-2010-0812.html

Red Hat update for xulrunner

michaelburger — Thu, 28 Oct 2010 13:15:18 +0000

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

DESCRIPTION:
Red Hat has issued an update for xulrunner. This fixes a
vulnerability, which can be exploited by malicious people to
compromise a user’s system.

SOLUTION:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
RHSA-2010:0809-1:
https://rhn.redhat.com/errata/RHSA-2010-0809.html

Microsoft Windows Environment Variable Expansion Library Loading Vulnerability

michaelburger — Thu, 28 Oct 2010 12:12:03 +0000

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

DESCRIPTION:
A vulnerability has been discovered in Microsoft Windows, which can
be exploited by malicious people to potentially compromise a user’s
system.

The vulnerability is caused due to Windows not properly expanding
certain values in environment variables (e.g. "%APPDATA%" in the
"PATH" environment variable), leading to the unexpanded value being
used as relative search path when loading resources. This can be
exploited to load arbitrary resources by tricking a user into opening
a file located on a remote WebDAV or SMB share with certain
applications.

Successful exploitation allows execution of arbitrary code.
Currently, known applications presenting valid attack vectors are
e.g. Apple iTunes and Safari.

The vulnerability is confirmed in a fully patched Windows XP
Professional SP3 and is also reported in Windows Vista Business, and
Windows 7 Professional. Other versions may also be affected.

SOLUTION:
Do not open untrusted files.

ORIGINAL ADVISORY:
Windows KB32908:
http://support.microsoft.com/kb/329308

EXTENDED SOLUTION:
Install the tool available from Microsoft and change the search path
for the application:
http://support.microsoft.com/kb/2264107