* You are viewing the archive for November, 2010

Adobe Reader 10 = Better

The Adobe Reader GDI object leak described that I described at http://sharpesecurity.blogspot.com/2010/02/gdi-object-leak-in-adobe-reader-92-and.html isn’t fixed in the Adobe Reader versions up to and including 9.4.1. However, it appears that the new Adobe Reader X (i.e. Adobe Reader 10) leaks handle and memory resources FAR LESS than its last several 8.x and 9.x predecessors. I think there might be hope for Adobe Reader after all!

Whether or not the re-engineered security in Adobe Reader 10 improves anything on the security front remains to be seen. The next few months will tell the tale.

For more information about Adobe Reader X … Continue Reading

Share

New IOS 4.2 Release – 40 Security Updates

The new Apple iOS 4.2 has been released and contains 40 security updates.

References:
http://support.apple.com/kb/HT4456

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Review of Apricorn Aegis Padlock Hardware Encrypted Drives

There don’t appear to be a large number of viable solutions available for secure hardware-encrypted hard external drives. I used to recommend the Maxtor BlackArmor for this type of application, but those are no longer available. The Seagate BlackArmor drives are NOT hardware-encrypted – so don’t be fooled by the continued and confusing reuse of the BlackArmor name.

The best choice on the market right now appears to be the Apricorn Aegis Padlock drives. These drives offer features and security comparable to the Ironkey or Kanguru Defender/Elite USB thumbdrives, but in an external USB drive form factor.

Pros
1). Works with both Windows and … Continue Reading

Share

IBM Releases Security Fixes for IBM Omnifind 8.x and 9.x

IBM has released fixes for several security holes in their IBM Omnifind product. Details of each vulnerability from the original researcher are at the “security.fatihkilic.de” link below.

Vulnerable versions:
List varies by CVE number but generally affects both the IBM OmniFind 8.5 and 9.0 series of releases.

Refererences:
http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
http://www-01.ibm.com/software/data/enterprise-search/omnifind-enterprise/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Apple Safari 5.0.3 (Mac) and Safari 4.1.3 (Win) Released

Apple has released Safari 5.0.3 (for Apple Mac) and Safari 4.1.3 (for Windows). These new versions contain several security-related fixes.

References:
http://support.apple.com/kb/HT4455

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

HP LaserJet Printers Directory Traversal Vulnerability

This vulnerability can be exploited to view local files on the printer through the printers built-in web server.

Affected units:
HP Color LaserJet 4730 MFP
HP Color LaserJet 6040 MFP
HP Color LaserJet CM4730 MFP
HP LaserJet 3035 MFP
HP LaserJet 4100
HP LaserJet 4100MFP
HP LaserJet 4200
HP LaserJet 4300
HP LaserJet 4345 MFP
HP LaserJet 5035 MFP
HP LaserJet 5100 Series
HP LaserJet 8150
HP LaserJet 9000MFP
HP LaserJet 9050 MFP
HP LaserJet M1522n MFP
HP LaserJet M4345x MFP
HP LaserJet M9050 MFP

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4107
https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

PHP Null Character Security Bypass Vulnerability Fixed

PHP version 5.3.4 RC1 includes a fix for a PHP flaw that can allow the contents of files to be leaked out unintentionally.

The following versions of PHP are vulnerable:
PHP 5.3.0 through 5.3.3

References:
http://bugs.php.net/39863

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Apache FastCGI ‘mod_fcgid’ Vulnerability Fixed

A security-related fix was included in the 2.3.6 release for Apache HTTP Server’s FastCGI ‘mod_fcgid’ module. No public exploit code is available at this time (18 Nov 2010).

This affected the following:
Apache Software Foundation mod_fcgid 2.3.3
Apache Software Foundation mod_fcgid 2.3.4
Apache Software Foundation mod_fcgid 2.3.5
Red Hat Fedora 12
Red Hat Fedora 13
Red Hat Fedora 14

References:
http://httpd.apache.org/mod_fcgid/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

IBM WebSphere MQ FDC Vulnerability Fixed

IBM has announced a vulnerability in their WebSphere product. The problem is a denial of service condition in WebSphere MQ FDC processing. The issue is fixed in IBM WebSphere MQ 7.0.1.5.

The following versions are affected:
IBM WebSphere MQ 7.0
IBM WebSphere MQ 7.0.0
IBM WebSphere MQ 7.0.0.1
IBM WebSphere MQ 7.0.1.0
IBM WebSphere MQ 7.0.1.2
IBM WebSphere MQ 7.0.1.3
IBM WebSphere MQ 7.0.1.4

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

SAP NetWeaver XRFC Vulnerability Fix Released

An fix for a remotely exploitable vulnerability in SAP NetWeaver XRFC has been released. A commercially available exploit exists. Details are in the link below.

The following versions are vulnerable:
SAP Netweaver XRFC 6.40
SAP Netweaver XRFC 7.00

References:
http://dsecrg.com/pages/vul/show.php?id=205

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

Cisco Unified Videoconferencing Updates Released

Cisco has released fixed for 9 security-related issues in their Cisco Unified Videoconferencing products.

The following systems and versions are vulnerable:
Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU)
Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway
Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway
Cisco Unified Videoconferencing 3545 System
Cisco Unified Videoconferencing 5110 System
Cisco Unified Videoconferencing 5115 System
Cisco Unified Videoconferencing 5230 System

References:
http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

OpenSSL Buffer Overflow Fix Released

OpenSSL versions 0.9.8f to 0.9.8o, 1.0.0, and 1.0.0a have a buffer overflow vulnerability in the TLS server extension parsing code as described in CVE-2010-3864. The problem affects OpenSSL instances which are multi-threaded and use the internal caching mechanism in Open SSL. If an OpenSSL server is multi-threaded or has its internal caching disabled (e.g. Apache HTTP and Stunnel), then according to the vendor you are OK.

No public exploits for this are known as of this writing (18 Nov 2010).

References:
http://www.openssl.org/news/secadv_20101116.txt

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

Adobe Reader 9.4.1 Released for Windows and Mac

Adobe has released versions 9.4.1 of their Acrobat and Reader products for Windows and Apple Mac. These versions contain fixes for two vulnerabilities. Adobe says there is no corresponding 8.x release because the issue fix does not affect 8.x versions.

References:
http://www.adobe.com/support/security/bulletins/apsb10-28.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

Mac OS X Server v10.6.5 Released

Apple has released Mac OS X Server v10.6.5 released. The security updates in this update are described in the link below.

References:
http://support.apple.com/kb/HT4452

email: david @ sharpesecurity.com
website: http://www.sharpesecurity.com/
Twitter: twitter.com/sharpesecurity

Share

New Vulns Used by Stuxnet Patched in Microsoft’s Sept 2010 Patches

Original article from Sept 2010:
According to this article by Symantec, it looks like the top countries affected Stuxnet (by infection count) were Iran and some of its closest neighbors geographically. To me, it looks like an intelligence service lost a couple of arrows out of its quiver here. Microsoft is closing one of the vulnerabilities used by Stuxnet in the September 2010 Microsoft monthly patches.

The smart money is on the U.S. or Israel, but I guess the public storyline will never tell us for sure. Nation-state intelligence services cannot wait for a time of war to … Continue Reading

Share

Adobe Flash Media Server Security Updates Released

Adobe has released updates to their Flash Media Server product. One of the problems fixed is potentially remotely exploitable. The fully updated versions are 4.0.1, 3.5.5, and 3.0.7.

References:
http://www.adobe.com/support/security/bulletins/apsb10-27.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

MySQL 5.1.52 Released

MySQL 5.1.52 has been released. Among the changes are fixes for three denial of service vulnerabilities.

References:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

Microsoft’s November 2010 Patches Released

Microsoft’s November 2010 Patch Tuesday release contains 3 new security bulletins:

MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) http://www.microsoft.com/technet/security/bulletin/ms10-087.mspx
Severity: Critical

MS10-088: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386) http://www.microsoft.com/technet/security/bulletin/ms10-088.mspx
Severity: Important

MS10-089: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074) http://www.microsoft.com/technet/security/bulletin/ms10-089.mspxSeverity: Important

References:
http://isc.sans.edu/diary.html?storyid=9910
http://www.microsoft.com/technet/security/bulletin/ms10-nov.mspx
http://blogs.technet.com/cfs-filesystemfile.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-45-71/0537.1011-deployment-slide.png

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

New Social-Engineer Toolkit Version Released

A significant upgrade of the Social-Engineer Toolkit was released this week. This is excellent work by one of the top 10 pentesters in the world, and you should consider adding it to your existing pentest toolkit.

http://www.secmaniac.com/november-2010/the-social-engineer-toolkit-set-v1-0-release-date-announced/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

Exploit Released for CA ARCserve Backup Vulnerability

Both Metaspoit and the D2 Exploitation Pack for Immunity CANVAS now contain working exploits for CVE-2007-3216 in the following software titles:

Computer Associates ARCserve Backup for Laptops and Desktops 11.0
Computer Associates ARCserve Backup for Laptops and Desktops 11.1
Computer Associates ARCserve Backup for Laptops and Desktops 11.1 SP1
Computer Associates ARCserve Backup for Laptops and Desktops 11.1 SP2
Computer Associates ARCserve Backup for Laptops and Desktops 11.5
Computer Associates Desktop Management Suite 11.1
Computer Associates Desktop Management Suite 11.2
Computer Associates Protection Suites r2

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

Vulnerability in Adobe AIR 2.0.3

If we have widely deployed the Adobe AIR runtime environment, please consider upgrading that to the latest version of 2.5. There is a security fix contained in Adobe AIR versions greater than 2.0.4.

References:
http://www.adobe.com/support/security/bulletins/apsb10-22.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

IDA Pro 6.0 Maintenance Pack Released

This update contains numerous fixes for IDA Qt. The download location is below.

References:
https://www.hex-rays.com/idafix.shtml

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

Adobe Flash Player 10.1.102.64 Released

Adobe has released version 10.1.102.64 of their Flash player product for Windows, Apple Mac, Solaris, and Linux. This new version contains 18 security fixes, inclding one that addresses a vulnerability that is being actively exploited in the wild.

References:
http://www.adobe.com/support/security/bulletins/apsb10-26.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

Google Chrome 7.0.517.44 Released

Google Chrome 7.0.517.44 has been released for Windows, Mac, and Linux. The update includes fixes for 12 vulnerabilities, all of which are classified as high or critical.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share