* You are viewing the archive for December, 2010

WordPress 3.0.4 Released

WordPress version 3.0.4 fixes a critical security issue. Exploit code is available. I upgraded this blog already to the 3.0.4 release level and it seems to work fine.

References:
http://wordpress.org/news/2010/12/3-0-4-update/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

IBM Fix Released for Directory Traversal Hole in Tivoli Access Manager

IBM has released a fix for a directory traversal vulnerability in their Tivoli Access Manager product. Exploit code is available. The fix is included in a set of bug fixes described in the link below. In that document, the directory traversal issue is under “Internal defect: 102969″.

References:
http://www-01.ibm.com/support/docview.wss?uid=swg24028829

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Exploit Released for Unpatched Vuln in TRACE MODE Data Center SCADA System

An exploit (Agora Pack version 1.22 for Immunity CANVAS) has been released for an as yet unpatched vulnerability in TRACE MODE Data Center SCADA management system.

References:
http://www.tracemode.com/products/runtime/scada/DataCenter/
http://gleg.net/agora.shtml

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

IBM WebSphere Service Registry and Repository Authentication Bypass

IBM has released a fix for an authentication bypass vulnerability in its WebSphere Service Registry and Repository software. WSRR version 7.0 is vulnerable. Version 7.0 Fix Pack 1 includes the fix and is not vulnerable. Exploit code is available.

References:
http://xforce.iss.net/xforce/xfdb/63640
http://www-01.ibm.com/support/docview.wss?rs=3074&context=SW9Z0&dc=D400&uid=swg24026132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2644

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Unpatched Vulnerability in IE6, 7, and 8

Microsoft has acknowlegded that there is an unpatched security vulnerability affecting Internet Explorer versions 6, 7, and 8. The problem has to do with how IE processes CSS. Exploit code is publicly available. Until Microsoft makes a patch available, there is little else to do except press your IPS vendors for a filter and your antivirus vendors for detection.

References:
http://www.microsoft.com/technet/security/advisory/2488013.mspx
http://blogs.technet.com/b/msrc/archive/2010/12/22/microsoft-releases-security-advisory-2488013.aspx

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Microsoft IIS FTP Server Vulnerability

A vulnerability in Microsoft’s IIS FTP server has been reported. IIS version 7.5 is vulnerable. It is unknown at this point if other IIS versions are affected. No patch is available yet. Exploit code is publicly available, but results in a of denial of service condition only at this point. Microsoft indicates that remote code execution is unlikely. The IIS FTP service is not installed by default.

References:
http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx
http://www.securityfocus.com/bid/45542

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

ProFTPD Security Update Released

The security hole in ProFTPD used to upload the malicious backdoored ProFTPD versions that were available for download from November 28 2010 to December 2 2010 (described in http://blog.sharpesecurity.com/2010/12/02/malicious-backdoored-proftpd-1-3-3c-version/) has now been fixed in ProFTPD version 1.3.3d.

References:
http://www.proftpd.org/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

HP StorageWorks Storage Mirroring Security Update Released

HP has released a security fix for a remotely exploitable bug (CVE-2010-4116) in their StorageWorks Storage Mirroring product. Version 5.2.2.1771.1 is vulnerable. Version 5.2.2.1771.2 includes the fix.

References:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02660122

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

TIBCO ActiveMatrix Products Remotely Exploitable Bug Fix Released

TIBCO has released a fix for a remotely exploitable vulnerability in their ActiveMatrix product. Details are in the links below.

References:
http://www.tibco.com/services/support/advisories/default.jsp
http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Citrix Access Gateway Vulnerability Fix Released

Citrix has released a fix for a command injection vulnerability in their Citrix Access Gateway product.

UPDATE 04 March 2011 – Exploit code is now available (Metasploit).

These versions are vulnerable:
Access Gateway 4.5 Advanced Edition
Access Gateway 4.5 Standard Edition
Access Gateway 4.6 Advanced Edition
Access Gateway 4.6 Standard Edition
Access Gateway 8.0 Enterprise Edition
Access Gateway 8.1 Enterprise Edition
Access Gateway 9.0 Enterprise Edition
Access Gateway 9.1 Enterprise Edition
Access Gateway 9.2 Enterprise Edition
Access Gateway VPX 4.6

References:
http://support.citrix.com/article/CTX127613

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

RIM Releases Security Fix for Blackberry BES PDF Distiller

RIM has released a fix for another vulnerability in the PDF distiller of the BlackBerry attachment service for the BlackBerry Enterprise Server. Details including the affected BES versions are in the link below.

References:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24761

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

IBM Tivoli Storage Manager Security Fixes Released

IBM has released security updates for their Tivoli Storage Manager product. At least one of the fixed issues is remotely exploitable. Exploit code is publicly available for at least one of the vulnerabilities. Please refer to the links below for details of each reported vulnerability.

References:
http://www-01.ibm.com/support/docview.wss?uid=swg21454745
http://www-01.ibm.com/support/docview.wss?uid=swg24027432
http://www-01.ibm.com/support/docview.wss?uid=swg24028090
http://www-01.ibm.com/support/docview.wss?uid=swg24028681
http://www-01.ibm.com/support/docview.wss?uid=swg24024082

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Symantec SEP11 Reporting Module Remotely Exploitable Vulnerability

The reporting module in versions of Symantec Endpoint Protection 11 less than RU6 MP1 have a remotely exploitable vulnerability. The fix is to upgrade installations that include reporting module to at least SEP11 RU6 MP1. Proof of concept exploit code exists.

References:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101215_00

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Microsoft December 2010 Patch Tuesday Updates Released

Items of note include one of the outstanding Internet Explorer zero days is fixed, and the one remaining Stuxnet zero day is plugged.

References:
http://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx
http://isc.sans.edu/diary.html?storyid=10081

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Novell ZENworks Desktop Management Security Updates Released

Novell has released a patch to fix security issues in their ZENworks Desktop Management software. The issues affect even the latest ZENworks 7 SP1 version.

References:
http://www.novell.com/support/dynamickc.do?cmd=show&forward=nonthreadedKC&docType=kc&externalId=7007339&sliceId=1
http://download.novell.com/Download?buildid=r9kcCymJ7Os

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Google Chrome 8.0.552.224 Released

Google Chrome 8.0.552.224 has been released for Windows, Mac, and Linux. The update includes fixes for 16 vulnerabilities, 14 of which are classified as high or critical.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

PHP Version 5.3.4 Released

Alongside other bug fixes and enhancements, version 5.3.4 contains the following security fixes:

Fixed crash in zip extract method (possible CWE-170).
Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).
Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
Fixed symbolic resolution support when the target is a DFS share.
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).

References:
http://www.php.net/archive/2010.php#id2010-12-10-1

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Xerox WorkCentre Security Update Available

Xerox has released a security patch for their Xerox WorkCentre machines affected by a particular information disclosure vulnerability.

The following models are affected:
5735
5740
5745
5755
5765
5775
5790

References:
http://www.xerox.com/downloads/usa/en/c/cert_XRX10-005_v1.0.pdf

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

RealPlayer Security Updates Released

On 10 Dec 2010 Real Networks released fixes for 27 security vulnerabilities in their RealPlayer product.

Vulnerable versions are:
- RealPlayer for Windows SP 1.1.5 and all previous versions (RealPlayer 14.0 is not affected)
- RealPlayer Enterprise 2.1.3 and all previous versions
- RealPlayer for Mac 12.0.0.1444 and all previous versions
- RealPlayer for Linux 11.0.2.1744 and all previous versions

References:
http://www.real.com/
http://realnetworksblog.com/?p=2192

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Citrix Web Interface CSS Fix Released

Citrix has released a fix for a cross site scripting vulnerability in their Citrix Web Interface product. The issues is fixed in Citrix Web Interface 5.4 and above.

References:
http://support.citrix.com/article/CTX127541

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Novell iPrint Remotely Exploitable Vulnerabilities Announced

Multiple remotely exploitable vulnerabilities have been reported in Novell’s iPrint Client. As of this writing (09 Dec 2010), Novell hasn’t released any patches.

References:
http://www.novell.com/support/viewContent.do?externalId=7007342
http://www.novell.com/support/viewContent.do?externalId=7007343
http://www.novell.com/support/viewContent.do?externalId=7007344
http://www.novell.com/support/viewContent.do?externalId=7007345
http://www.novell.com/support/viewContent.do?externalId=7007346

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Items of Interest in December 2010 Microsoft Patches

The December 2010 Microsoft patches will include a fix for the last unpatched vulnerability exploited by Stuxnet, and a fix for the remotely exploitable Internet Explorer vulnerability covered in Microsoft Advisory 2458511.

References:
http://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx
http://www.microsoft.com/technet/security/advisory/2458511.mspx

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

CA XOsoft (ARCServe HA) Remotely Exploitable Vuln Fixed

CA has released a fix for a remotely exploitable vulnerability (CVE-2010-3984) in their XOsoft (ARCServe High Availability) software. The bug is fixed in CA ARCserve Replication and High Availability r15.2.

From the references link below, the following versions are affected:
CA XOsoft Replication r12.0 SP1
CA XOsoft High Availability r12.0 SP1
CA XOsoft Content Distribution r12.0 SP1
CA XOsoft Replication r12.5 SP2 rollup
CA XOsoft High Availability r12.5 SP2 rollup
CA XOsoft Content Distribution r12.5 SP2 rollup
CA ARCserve Replication and High Availability r15.0 SP1

UPDATE 11 Jan 2011 – A commercial exploit is now available from VUPEN Security.

References:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7bFEB41CE8-5023-46DF-B257-5299F492BF23%7d
http://www.vupen.com/english/advisories/2010/3167

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: … Continue Reading

Share

Exim Remote Exploit Detected

A remotely exploitable vulnerability in Exim has been detected. This article will be updated as soon as a fix has been released.

UPDATED 10 Dec 2010 to add two references links regarding the problem. No permanent fix is available right now.

UPDATE 13 Dec 2010 – The Exim development team is saying that only Exim versions 4.69 and below are affected. Exim 4.70 was released in November 2009, and the current latest available version is 4.72 (released June 2010).

References:
http://www.exim.org/
http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Mozilla Firefox 3.6.13 and 3.5.16 Released

Mozilla has released Firefox versions 3.6.13 and 3.5.16. These new versions contain updates for both security issues and several bugs.

References:
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/3.6.13/
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/3.5.16/
http://www.mozilla.com/en-US/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

IBM WebSphere Commerce 7.x Fix Pack 2 Closes Vulnerability

IBM has released a security fix for IBM WebSphere Commerce 7.x in Fix Pack 2. The fix closes an information disclosure bug in the Outbound Messaging System in downlevel versions of WebSphere Commerce 7.x.

References:
http://www-01.ibm.com/support/docview.wss?rs=3046&uid=swg1JR38114
http://www-01.ibm.com/support/docview.wss?uid=swg24028397

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

No Security Patches in New Sun Java 6 Update 23 Release

The newly released Sun Java 6 Update 23 contains no security updates. So unless there are bug fixes in Update 23 that you need, you can sit this one out.

References:
http://www.oracle.com/technetwork/java/javase/6u23releasenotes-191058.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

WordPress 3.0.3 Released

WordPress version 3.0.3 fixes a security issue. The issue only affects WordPress installations that have remote publishing enabled (feature is disabled by default). Exploit code is available. I upgraded this blog already to the 3.0.3 release level and it seems to work fine.

References:
http://wordpress.org/news/2010/12/wordpress-3-0-3/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Apple Quicktime Player 7.6.9 Released

Apple has released Quicktime Player 7.6.9. 7.6.9 includes fixes for 15 security issues.

References:
http://support.apple.com/kb/HT1222

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

HP Fixes Remote DoS Vulnerability in HP-UX 11.x

HP has released patches to address a remote denial of service issue in HP-UX B.11.11, B.11.23 and HP-UX B.11.31 running threaded processes. Details are in the references link below.

References:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02586517

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share