* You are viewing the archive for October, 2010
CVE-2010-3933 has been fixed in the latest release of Ruby on Rails. The problem was confined to versions 3.0.0 and 2.3.9 only. For more details, please refer to the link below.
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Adobe has released Shockwave Player version 11.5.9.615. This version contains several security updates – including a fix for a vulnerability that is being actively exploited in the wild right now.
References:
http://www.adobe.com/support/security/bulletins/apsb10-25.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Mozilla Firefox versions 3.6.12 and 3.5.15 have been released. The new versions contain a security patch for a vulnerability that is currently being exploited in the wild.
References:
http://www.mozilla.org/security/announce/
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
http://www.mozilla.com/en-US/firefox/3.6.12/releasenotes/
http://www.mozilla.com/en-US/firefox/3.5.15/releasenotes/
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Get the benefit of the former $3500 Verisign iDefense Advanced Malware class for the price of a single book. The “Malware Analyst’s Cookbook” has been released, and it appears to be a much better value than it might seem at first glance. Michael Hale Ligh (formerly of iDefense, now Terremark) is one of the authors and he taught the well-regarded iDefense Malware analysis class that I am comparing this book to. He is also one of the top 10 malware reverse engineers in the world – and I do include the best among the intelligence services, military, … Continue Reading
The following is a list of Sun Java runtime vulnerabilites that have reliable exploits and are commonly found in today’s crimeware packs. This list is current for all publicly available crimeware packs as of 07 April 2011.
For organizations that cannot simply update all Sun Java runtime instances to the latest fully patched version available, this list can be used as a starting point to ensure that you have appropriate blocks configured in your IPS systems. If any of these aren’t enabled by default from your IPS vendor, you should consider adding those to your block/notify list.
Sun Java Calendar … Continue Reading
Exploit code now exists for Adobe Shockwave player vulnerability CVE-2010-3653. Adobe hasn’t released an update for us to deploy, and other than disabling the Adobe Shockwave player itself, there is no other known workaround. So for now we will have to use any IPS signatures we get to protect ourselves until Adobe releases a patched version of the Shockwave player.
References:
http://www.adobe.com/support/security/advisories/apsa10-04.html
http://threatpost.com/en_us/blogs/attack-code-published-adobe-shockwave-zero-day-102110
http://www.exploit-db.com/exploits/15296/
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
A security update for WinAmp has been released. NullSoft WinAmp versions 5.581 and below are vulnerable. Exploit code is publicly available.
References:
http://www.winamp.com/
http://aluigi.org/adv/winamp_1-adv.txt
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
TIBCO has released a fix for a remotely exploitable vulnerability in their ActiveMatrix products.
According to TIBCO, the following versions are vulnerable:
TIBCO ActiveMatrix Service Grid versions prior to 2.3.1
TIBCO ActiveMatrix Service Bus versions prior to 2.3.1
TIBCO ActiveMatrix BusinessWorks Service Engine versions prior to 5.8.1
TIBCO ActiveMatrix Service Performance Manager versions prior to 1.3.2
More details are available at the link below.
References:
http://www.tibco.com/multimedia/activematrix_advisory_tcm8-12488.txt
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Lenovo’s www.lenovoservicetraining.com service and support training site was detected spreading malware recently. Hopefully none of your desktop support people were affected by this. The site appears to be clean now. See the link below for details.
References:
http://www.h-online.com/security/news/item/Trojan-trouble-at-Lenovo-1110581.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
The Java releases from Apple for Mac OS X 10.5 Update 8 and Mac OS X 10.6 Update 3 contain important security fixes. For details, please see the links below.
References:
http://support.apple.com/kb/HT4417
http://support.apple.com/kb/HT4418
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Unpatched Linux implementations of the Reliable Datagram Sockets (RDS) protocol starting with 2.6.30 have a vulnerability that can allow root access to be obtained by remote attackers. Proof-of-concept exploit code exists for this vulnerability. Patched versions of Linux are available.
References:
http://www.vsecurity.com/resources/advisory/20101019-1/
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=799c10559d60f159ab2232203f222f18fa3c4a5f
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Mozilla Firefox versions 3.6.11 and 3.5.14 have been released. The new versions contain important security fixes – including an important one for DLL hijacking,
References:
http://www.mozilla.org/security/announce/
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
RealNetworks has released security fixes for their RealPlayer and RealPlayer Enterprise products for Windows. Details are at the link below.
References:
http://service.real.com/realplayer/security/10152010_player/en/
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
IBM has announced a vulnerability in Informix Dynamic Server. There is a bug in the handling of the keyword ‘DBINFO’ in SQL queries. The list of vulnerable versions is below:
IBM Informix IDS 10.0.tc1
IBM Informix IDS 10.0
IBM Informix IDS 10.0.xC4
IBM Informix IDS 10.0.xc3
IBM Informix IDS 10.00.xC11
IBM Informix IDS 10.00.xC7W1
IBM Informix IDS 10.00.xC8
IBM Informix IDS 10.00.xC10
IBM Informix IDS 10.00.TC9
IBM Informix IDS 11.10
IBM Informix IDS 11.10.xC2
IBM Informix IDS 11.10.xC4
IBM Informix IDS 11.10.xC2W2
IBM Informix IDS 11.10.xC3
IBM Informix IDS 11.50.xC5
IBM Informix IDS 11.50.xC1
IBM Informix IDS 11.50.xC3
IBM Informix IDS 11.10.TC3
References:
http://www.zerodayinitiative.com/advisories/ZDI-10-217/
email: david @ sharpesecurity.com
website: … Continue Reading
IBM has announced a vulnerability in Informix Dynamic Server in versions prior to 7.31.xD11, 9.40.xC10, 10.00.xC8, and 11.10.xC2.
The vulnerability is caused due to an integer overflow in librpc.dll and can be exploited to cause a heap-based buffer overflow via a specially crafted RPC packet sent to TCP port 36890.
Specifically, the following versions are vulnerable:
IBM Informix IDS 10.0.tc1
IBM Informix IDS 10.0
IBM Informix IDS 10.0.xC4
IBM Informix IDS 10.0 xC3
IBM Informix IDS 10.00.xC11
IBM Informix IDS 10.00.xC7W1
IBM Informix IDS 10.00.xC8
IBM Informix IDS 10.00.xC10
IBM Informix IDS 10.00.TC9
IBM Informix IDS 11.10
IBM Informix IDS 11.10.xC2
IBM Informix … Continue Reading
IBM has published details on a vulnerability in its Informix Dynamic Server product. According to the article, the vulnerabability is remotely exploitable, although no public exploit code yet exists.
From the link below:
The specific flaw exists within the oninit.exe process bound by default to TCP port 9088 or 1526. A lack of sanity checking within a logging function can result in a stack based buffer overflow leading to arbitrary code execution under the context of the SYSTEM user.
Fixes are available in 11.50.xC1 and 11.10.xC2W2.
References:
http://www.zerodayinitiative.com/advisories/ZDI-10-216/
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Google Chrome 7.0.517.41 has been released for Windows, Mac, and Linux. The update includes fixes for 10 vulnerabilities, 6 of which are classified as high or critical.
References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
SAP has released a security patch for certain versions of SAP BusinessObjects for the Axis2 component. According to the US-CERT write-up:
… anyone with access to the Axis2 port can gain full access to the machine via arbitrary remote code execution. This requires the attacker to upload a malicious web service and to restart the instance of Tomcat. This issue may apply to other products and vendors that embed the Axis2 component. The username is “admin” and the password is “axis2″, this is also the default for standalone Axis2 installations.
For further details please refer to the links below. … Continue Reading
RIM has published a bulletin announcing a possible remotely exploitable issue with their Blackberry Attachment Service PDF Distiller. There is no known publicly available exploit code at this time (as of 13 Oct 2010).References:http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24547#email: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity
Oracle has released its October 2010 set of patch. There are 85 total security fixes. 29 of those are for Java. Several of these fixes address remotely exploitable vulnerabilities. For details please refer to the links below.References:http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html (for Java-related patches)http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlemail: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity
Adobe has released versions 9.4 and 8.2.5 of their Acrobat and Reader products. These versions contain fixes for several vulnerabilities – one of which is being actively exploited in the wild.References:http://www.adobe.com/support/security/bulletins/apsb10-21.htmlemail: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity
Hex-Rays has released version 1.4 of their x86 and ARM decompilers. The major update is that the decompilers can now be used on the Linux and Apple Mac OS X platforms now. See the link below for a list of all of the fixes and updates.References:http://www.hex-rays.com/news1.shtml#101001email: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity
Hex-Rays has released IDA Pro 6.0. The major change is that the GUI for MS Windows, Linux, and Mac OS X are all the same now (Qt framework-based). A complete list of fixes and updates is at the link below.References:http://www.hex-rays.com/idapro/60/index.htmlemail: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity
Certain downlevel versions of ISC BIND 9.7 have both a security bypass vulnerability and a denial of service vulnerability. ISC Bind versions 9.7.2 and 9.7.2-P1 are vulnerable. ISC Bind 9.7.2-P2 is not.
References:
http://www.kb.cert.org/vuls/id/784855
https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity