* You are viewing the archive for January, 2011

Sourceforge Site Hacked

The popular Sourceforge site has announced that they their servers have been breached. Until we learn more about the specifics, we should probably consider anything recently downloaded from Sourceforge as possibly compromised or tampered with.

References:
http://sourceforge.net/apps/wordpress/sourceforge/2011/01/27/sourceforge-net-attack-update/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Good Example of IR Process for a Development Team’s Website

If you run or participate in such a project, you might want to give the Fedora team’s writeup of a recent intrusion a read. Kudos to the Fedora team for their resilient process, their advanced preparation for such an event, and their willingness to share their experiences publicly. The link is below.

References:
http://lists.fedoraproject.org/pipermail/announce/2011-January/002911.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Citrix Provisioning Services Security Update Released

Citrix has released hotfixes for their Citrix Provisioning Services product to fix possible remotely exploitable security issue.

UPDATE 22 Feb 2011 – There is a commercial-grade exploit available for this now (in the Core Impact pentest product).

References:
[version 5.6] http://support.citrix.com/article/CTX127149
[version 5.1 SP2] http://support.citrix.com/article/CTX127164
[version 5.1 SP1] http://support.citrix.com/article/CTX127155
[version 5.1] http://support.citrix.com/article/CTX127175

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Oracle January 2011 Patches Released

Oracle has released its January 2011 Critical Patch Update. The security patches affect the following products:

Oracle Database 11g Release 2, version 11.2.0.1
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Database 10g Release 1, version 10.1.0.5
Oracle Audit Vault 10g Release 2, version 10.2.3.2
Oracle Secure Backup 10g Release 3, version 10.3.0.2
Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0
Oracle Application Server 10g Release 2, version 10.1.2.3.0
Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3
Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3
Oracle Document Capture, versions 10.1.3.4, 10.1.3.5
Oracle GoldenGate Veridata, version 3.0.0.4
Oracle JRockit versions, R27.6.7 and earlier … Continue Reading

Share

Avaya Aura Application Enablement Services 4.x Vulnerability

Avaya has reported that a security bypass vulnerability exists in 4.x versions of their Avaya Aura Application Enablement Services 4.x. No 5.x version is reported as affected. The fix according to Avaya is to upgrade to the latest version of 5.x.

References:
https://support.avaya.com/css/P8/documents/100121813

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

[ICS] Sielco Sistemi Winlog Security Update Released

Sielco Sistemi Winlog version 2.07.01A fixes an important security issue. The underlying bug is present in all versions of Sielco Sistemi WinLog Lite and WinLog Pro up to and including version 2.07.00.

UPDATE 24 Jan 2011 – A reliable expoit is now available in the White Phosporous (commercial) add-on for Immunity CANVAS.

References:
http://www.us-cert.gov/control_systems/pdf/ICSA-11-017-02.pdf
[Updated Lite version] http://www.sielcosistemi.com/download/WinlogLite_Setup.exe
[Updated Pro version] http://www.sielcosistemi.com/download/Winlog_Setup_SF.exe

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Virginia HB 2271

Virginia HB 2271 is a proposal to not require PI license for computer or digital forensic services. This legislation might be of interest to you if you or your organization provide (or want to provide) computer or digital forensic services in the State of Virginia (USA).

Update 21 Mar 2011 – The governor of Virginia signed this into law. The change goes into effect 01 July 2011.

References:
http://leg1.state.va.us/cgi-bin/legp504.exe?111+ful+HB2271ER
http://leg1.state.va.us/cgi-bin/legp504.exe?ses=111&typ=bil&val=hb2271

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

IBM WebSphere MQ Security Update Released

IBM has released a fix for a potentially remotely exploitable buffer overflow bug in their IBM WebSphere MQ software. No exploit is publicly available as of this writing (13 Jan 2011).

The fixed versions are 7.0.1.5 WebSphere MQ 7.x and version 6.0.2.11 for WebSphere MQ 6.x.

References:
http://xforce.iss.net/xforce/xfdb/64550
https://www-304.ibm.com/support/docview.wss?rs=171&uid=swg21254675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0314

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

IBM Fixes XSS Vulnerability in WebSphere Application Server

IBM WebSphere Application Server versions 7.0.0.15 and 6.1.0.35 fix a cross site scripting vulnerability. An exploit is available.

References:
[7.x] http://www-01.ibm.com/support/docview.wss?uid=swg27004980
[6.x] http://www-01.ibm.com/support/docview.wss?uid=swg27007951

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Google Chrome 8.0.552.237 Released

Google Chrome 8.0.552.237 has been released for Windows, Mac, and Linux. The update includes fixes for 5 vulnerabilities, 2 of which are classified as high or critical.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Symantec Web Gateway Security Update Released

Symantec has released a security update to fix a SQL injection vulnerability in their Symantec Web Gateway product. The bug is in the management interface GUI. An exploit is available. Symantec Web Gateway 4.5.0.376 is not vulnerable.

References:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Red Hat Security Updates Released

Red Hat has released fixes for several security issues in their server and desktop OS products. Details are at the link below.

References:
https://rhn.redhat.com/errata/RHSA-2011-0007.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

[ICS] Wellintech KingView SCADA Security Update Released

A remotely exploitable vulnerability has been reported in the Wellintech KingView SCADA system. At least Wellintech KingView version 6.5.3 is affected. Exploit code is available (first link below). As of this writing, no patch has been released.

UPDATE 19 Jan 2011 – Wellintech has released a patched library to address the problem.

References:
http://downloads.securityfocus.com/vulnerabilities/exploits/45727.py
http://www.us-cert.gov/control_systems/pdf/ICS-Alert-11-011-01.pdf

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Atlassian Fisheye and Crucible Multiple Vulnerabilities

Atlassian Crucible 2.4.4 and Fisheye 2.4.4 fix several vulnerabilities, including some that allow remote code execution. Exploits are available.

The following versions are vulnerable:
Atlassian Crucible 2.2.3
Atlassian Crucible 2.3.2
Atlassian Crucible 2.3.3
Atlassian Crucible 2.4.3
Atlassian Fisheye 2.2.3
Atlassian Fisheye 2.3.0
Atlassian Fisheye 2.3.1
Atlassian Fisheye 2.3.2
Atlassian Fisheye 2.3.3
Atlassian Fisheye 2.3.4
Atlassian Fisheye 2.3.5
Atlassian Fisheye 2.3.6
Atlassian Fisheye 2.3.7
Atlassian Fisheye 2.4.3

References:
http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2011-01-12
http://confluence.atlassian.com/display/CRUCIBLE/FishEye+and+Crucible+Security+Advisory+2011-01-12

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

HP OpenView Network Node Manager Remotely Code Execution Vulnerabilities Patched

HP has released patches for several remote code execution issues affecting certain versions of their HP OpenView Network Node Manager software. OpenView Network Node Manager 7.51 and unpatched instances of 7.53 are vulnerable.

According to HP, you should upgrade to 7.53 and apply the following patches as applicable:
HP-UX (IA) – PHSS_41607 or subsequent
HP-UX (PA) – PHSS_41606 or subsequent
Linux RedHatAS2.1 – LXOV_00113 or subsequent
Linux RedHat4AS-x86_64 – LXOV_00114 or subsequent
Solaris – PSOV_03531 or subsequent
Windows – NNM_01208 or subsequent

References:
http://support.openview.hp.com/selfsolve/patches
HP Security Bulletin: HPSBMA02621 SSRT100352 rev.1

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Cisco ASA 5500 Series 8.3(x) Security Updates Released

Cisco ASA 5500 Series Adaptive Security Appliance version 8.3(2) includes fixes for several security issues. Details are in the link below. Exploits are available.

Vulnerable versions include:
Cisco ASA 5500 Series Adaptive Security Appliance 7.0
Cisco ASA 5500 Series Adaptive Security Appliance 7.0.0
Cisco ASA 5500 Series Adaptive Security Appliance 7.0.4
Cisco ASA 5500 Series Adaptive Security Appliance 7.0.4.3
Cisco ASA 5500 Series Adaptive Security Appliance 7.0(8.10)
Cisco ASA 5500 Series Adaptive Security Appliance 7.0(8.11)
Cisco ASA 5500 Series Adaptive Security Appliance 7.1
Cisco ASA 5500 Series Adaptive Security Appliance 7.2
Cisco ASA 5500 Series Adaptive Security Appliance 7.2(4.44)
Cisco ASA 5500 Series Adaptive Security Appliance 7.2(4.45)
Cisco ASA 5500 … Continue Reading

Share

Cisco ASA 5500 Series 8.2(x) Security Updates Released

Cisco ASA 5500 Series Adaptive Security Appliance version 8.2(3) includes fixes for several security issues. Details are in the link below. Exploits are available.

References:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Cisco Releases IOS Denial of Service and Security Bypass Vuln Fixes

Cisco’s new IOS 15.0(1)XA1 release contains patches for a set of denial of service and security bypass vulnerabilities. Details are in the link below.

The following IOS versions are vulnerable:
Cisco IOS 15.0 M
Cisco IOS 15.0(1)M1
Cisco IOS 15.0(1)M2
Cisco IOS 15.0(1)M3
Cisco IOS 15.0(1)XA

References:
http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Microsoft January 2011 Patches Released

Microsoft has released their January 2011 security updates. There are only two bulletins in this release.

It is important to bear in mind what is NOT in this January 2011 release. Microsoft has elected to not provide patches for two known vulnerabilities in Internet Explorer that are being exploited in the wild right now. One is CVE-2010-3971 (http://www.microsoft.com/technet/security/advisory/2490606.mspx) and the other is CVE-2010-3970 http://www.microsoft.com/technet/security/advisory/2488013.mspx. So if your IPS vendor provides detection you might want to consider getting the associated filters in place if possible.

One more final thought: Please consider if it is safe to deploy Outlook … Continue Reading

Share

BlackBerry PDF Distiller Remote Buffer Overflow Vulnerability Announced

RIM has announced a remote buffer overflow vulnerability exists in their BlackBerry Attachment Service PDF Distiller. You should upgrade to one of the fixed versions listed in the references link below.

The following BES and BPS versions are affected:
BlackBerry Enterprise Server Express version 5.0.1 and 5.0.2 for Microsoft Exchange
BlackBerry Enterprise Server Express version 5.0.2 for IBM Lotus Domino
BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 for Microsoft Exchange and IBM Lotus Domino
BlackBerry Enterprise Server versions 4.1.3 through 5.0.1 for Novell GroupWise
BlackBerry® Professional Software version 4.1.4 for Microsoft Exchange and IBM Lotus Domino

References:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB25382

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free … Continue Reading

Share

Blackberry Web Browser Denial of Service Issue Reported

This vulnerability only affects Blackberry phones, not BES servers or Blackberry Desktop Software. Blackberry software versions below 6.0.0 are affected. Affected handsets should be upgraded to a fixed version (listed in the link below).

References:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24841

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

SAP Releases Patch for Security Issues in SAP Management Console

SAP has released fixes for security vulnerabilities for certain versions of their SAP Management Console software. The bugs fixed are one information disclosure problem and one vulnerability that leads to a denial of service condition.

The following SAP Management Console versions are vulnerable:

SAP KERNEL RELEASE 6.40
SAP KERNEL RELEASE 7.00
SAP KERNEL RELEASE 7.01
SAP KERNEL RELEASE 7.10
SAP KERNEL RELEASE 7.11
SAP KERNEL RELEASE 7.20

References:
https://websmp130.sap-ag.de/sap/support/notes/1439348

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

TIBCO ActiveCatalog and Collaborative Information Manager Security Updates Released

TIBCO has released fixes for vulnerabilities in their ActiveCatalog and Collaborative Information Manager products. TIBCO ActiveCatalog 1.0.0 and TIBCO Collaborative Information Manager 8.0.0 are vulnerable. TIBCO ActiveCatalog 1.0.1 and TIBCO Collaborative Information Manager 8.1.0 are not vulnerable. Most of the issues are related to insufficiently sanitized user input.

References:
http://www.tibco.com/services/support/advisories/default.jsp

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Two Things Not Patched in the January 2011 Microsoft Patch Bundle

Next week’s January 2011 Microsoft patches will NOT include a fix for two of the known, currently exploited vulnerabilites in Internet Explorer. One is CVE-2010-3971 and the other is described at http://www.microsoft.com/technet/security/advisory/2488013.mspx. So if your IPS vendor provides detection you might want to consider getting the associated filters in place if possible.

References:
http://www.microsoft.com/technet/security/advisory/2488013.mspx.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3971

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Who Can Bypass Blackberry Passwords?

From time to time the question comes up from law enforcement and other investigators: Can Blackberry passwords be bypassed or cracked? To the best of my knowledge the answer is yes, but only by certain authorized entities. Currently the process takes about a year (backlog) and there is a cost associated with doing so.

Who is authorized? As far as I know in the United States federal level law enforcement and the intelligence services can: CIA, NSA, and the FBI. There may be elements of the the US Department of Defense and the US military, but I … Continue Reading

Share

Apple Mac OSX 10.6.6 Released

Apple Mac OSX version 10.6.6 has been released. It includes a fix for one security issue. The majority of the changes center support for the new Apple App Store.

References:
http://support.apple.com/kb/DL1343
http://support.apple.com/kb/HT4498

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

VMware Security Updates Released

VMware has published one new and updated two prior security advisories. The details of each are at the links below. No remotely exploitable issues have been reported – they are either denial of service conditions or escalation or privilege.

References:
http://www.vmware.com/security/advisories/VMSA-2011-0001.html
http://www.vmware.com/security/advisories/VMSA-2010-0017.html
http://www.vmware.com/security/advisories/VMSA-2010-0016.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

DerbyCon

I think the nightly 5 hours of training (OR 5 hours of Bsides content) is an attractive feature. This might end up better than Shmoocon. It seems to be priced similarly.

References:
http://www.secmaniac.com/january-2011/derbycon-teaser-video-and-website-launch-date-announced/
http://www.derbycon.com

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

CA ARCserve D2D Axis2 Remote Security Bypass Vulnerability

CA has confirmed that a remotely exploitable security issue exists in the Axis2 components of their ARCserve D2D product. CA ARCserve D2D r15 has been confirmed vulnerable.

Exploit code (instructions) exists for this. CA hasn’t provided a patch. The fix is to change the userName and password properties from their defaults (admin/axis2) to something secure in file “c:\program files\CA\ARCserve\D2D\TOMCAT\webapps\WebServiceImpl\WEB-INF\conf\axi22.xml”.

If you are thinking this sounds similar to the Axis2 vulnerability in SAP BusinessObjects described here, you are right – it is the same component in both products. If you have other systems that use Axis2, please review … Continue Reading

Share