PDA

View Full Version : Multiple AV vendor vulns - archived



AplusWebMaster
2007-03-15, 19:53
FYI...

(See: https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html
"...before applying the HotFix...")

- http://secunia.com/advisories/24466/
Release Date: 2007-03-14
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software:
McAfee ePolicy Orchestrator 3.x
McAfee ProtectionPilot 1.x
...Successful exploitation allows execution of arbitrary code.
The vulnerabilities affect the following products:
* McAfee ePolicy Orchestrator 3.5.0 (Patch 5 and earlier)
* McAfee ePolicy Orchestrator 3.6.0 (Patch 5 earlier)
* McAfee ePolicy Orchestrator 3.6.1
* McAfee ProtectionPilot 1.1.1 (Patch 3 and earlier)
* McAfee ProtectionPilot 1.5.0
Solution: Apply hotfix/patch.
https://mysupport.mcafee.com/eservice_enu/start.swe ..."

-----------------------------------------------------------
- http://secunia.com/advisories/24450/
Release Date: 2007-03-15
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
...The vulnerability reportedly affects all Trend Micro products that use Scan Engine version 8.0 and above with Pattern File technology.
Solution: Update the virus pattern file to OPR 4.335.00 or higher...
Original Advisory: Trend Micro:
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034587 ..."

-----------------------------------------------------------
- http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtml
F-Secure Anti-Virus Client Security 6.02 and 6.03
Mar 12, 2007 - Client Security Hotfix FSAVCS603_HF02 (675 KB)
"This hotfix improves error handling in the parts of F-Secure BackWeb Client responsible for setting the Management Server address on the Client side."

:fear: :fear:

FYI...

Kaspersky multiple vulns - updates available
- http://secunia.com/advisories/24778/
Release Date: 2007-04-05
Critical: Highly critical
Impact: Privilege escalation, DoS, System access, Exposure of sensitive information, Exposure of system information
Where: From remote
Solution Status: Vendor Patch
Solution: Update to version 6.0.2.614 or later.

Kaspersky Anti-Virus for Windows Workstations:
http://www.kaspersky.com/productupdates?chapter=146274385
Kaspersky Anti-Virus for Windows Server:
http://www.kaspersky.com/productupdates?chapter=146274391
Kaspersky Internet Security 6.0:
http://www.kaspersky.com/productupdates?chapter=186437046
Kaspersky Anti-Virus 6.0:
http://www.kaspersky.com/productupdates?chapter=186435857 ..."

.

FYI...

McAfee VirusScan vuln - update available
- http://secunia.com/advisories/24914/
Release Date: 2007-04-18
Critical: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: McAfee VirusScan Enterprise 8.x
...The vulnerability reportedly affects versions 8.0i Patch 11 and prior.
Solution: Apply Patch 12 or later.
https://mysupport.mcafee.com/eservice_enu/start.swe ...

McAfee e-Business Svr DoS vuln - update available
- http://secunia.com/advisories/24893/
Release Date: 2007-04-18
Critical: Less critical
Impact: DoS
Where: From local network
Solution Status: Vendor Patch
Software: McAfee e-Business Server 8.x ...
Solution: Apply updates.
https://secure.nai.com/apps/downloads/my_products/login.asp ...
Original Advisory: McAfee:
http://preview.tinyurl.com/2wlsg9 ...

.

FYI...

avast! DoS Vuln - update available
- http://secunia.com/advisories/25137/
Release Date: 2007-05-08
Critical: Less critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: avast! Home/Professional 4.x
...The vulnerability is reported in avast! Home Edition and avast! Professional Edition.
Solution: Update to version 4.7.981 or later...
Original Advisory:
avast!: http://www.avast.com/eng/avast-4-home_pro-revision-history.html ..."

.

FYI...

McAfee SecurityCenter ActiveX vuln - updates available
- http://secunia.com/advisories/25173/
Release Date: 2007-05-09
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch ...
...The vulnerability affects versions -prior- to 7.2.147 and 6.0.25.
Solution: The fix has reportedly been available via automatic updates since March 22, 2007.
Update to Security Center version 7.2.147 and 6.0.25, or higher.
http://us.mcafee.com/root/login.asp ..."

:fear:

FYI...

Trend Micro ServerProtect vuln - update available
- http://secunia.com/advisories/25186/
Last Update: 2007-05-09
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: Trend Micro ServerProtect for Windows/NetWare 5.x
...Successful exploitation of the vulnerabilities allows execution of arbitrary code...
Original Advisory: Trend Micro:
http://www.trendmicro.com/download_beta/product.asp?productid=17 ..."

> http://isc.sans.org/diary.html?storyid=2774
Last Updated: 2007-05-09 16:04:05 UTC

:fear:

FYI...

NOD32 AV vuln - update available
- http://secunia.com/advisories/25375/
Release Date: 2007-05-23
Critical: Moderately critical
Impact: Privilege escalation, System access
Where: From remote
Solution Status: Vendor Patch
Software: NOD32 for Windows NT/2000/XP/2003 2.x
...Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 2.70.37.
Solution: Update to version 2.70.39.
http://www.eset.com/download/registered_software.php ..."

.

FYI...

- http://secunia.com/advisories/25380/
Release Date: 2007-05-24
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
...Successful exploitation may allow execution of arbitrary code.
The vulnerability reportedly affects versions prior to 4.7.766 for servers and 4.7.700 for the Managed Client product.
Solution: Update to the latest versions.
http://www.avast.com/eng/download.html
Original Advisory: avast!:
http://www.avast.com/eng/adnm-management-client-revision-history.html
http://www.avast.com/eng/avast-4-server-revision-history.html ..."

.

FYI...

- http://secunia.com/advisories/25417/
Release Date: 2007-05-29
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to AVPack version 7.03.00.09 and Engine version 7.04.00.24. These updates have reportedly been made available since 2007-05-23...
Original Advisory: Avira:
http://forum.antivir-pe.de/thread.php?threadid=22528 ..."

.

FYI...

F-Secure Anti-Virus 5 hotfixes
> http://support.f-secure.com/enu/corporate/downloads/hotfixes/av5-hotfixes.shtml

------------------------------------------------

F-Secure Products vuln - updates available
- http://secunia.com/advisories/25426/
Release Date: 2007-05-30
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software:
F-Secure Anti-Virus 2005
F-Secure Anti-Virus 2006
F-Secure Anti-Virus 2007
F-Secure Anti-Virus 5.x
F-Secure Anti-Virus Client Security 6.x
F-Secure Anti-Virus for Citrix Servers 5.x
F-Secure Anti-Virus for Linux 4.x
F-Secure Anti-Virus for Microsoft Exchange 6.x
F-Secure Anti-Virus for MIMEsweeper 5.x
F-Secure Anti-Virus for Windows Servers 5.x
F-Secure Anti-Virus for Workstations 5.x
F-Secure Internet Gatekeeper 6.x
F-Secure Internet Gatekeeper for Linux 2.x
F-Secure Internet Security 2005
F-Secure Internet Security 2006
F-Secure Internet Security 2007 ...
The vulnerability is caused due to a boundary error in the processing of LHA archives and can be exploited to cause a buffer overflow when decompressing a specially crafted archive.
The vulnerability is related to #1 in: http://secunia.com/SA21996/
Successful exploitation may allow execution of arbitrary code.
Solution: Apply hotfixes.
F-Secure Internet Security 2005 - 2007: Hotfix distributed automatically.
F-Secure Anti-Virus 2005 - 2007: Hotfix distributed automatically.
F-Secure Protection Service for Consumers: Hotfix distributed automatically...
Original Advisory: F-Secure: http://www.f-secure.com/security/fsc-2007-1.shtml ..."
------------------------------------------------

F-Secure AV vuln - update available
- http://secunia.com/advisories/25439/
Release Date: 2007-05-30
Critical: Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch
Software:
F-Secure Anti-Virus 2005
F-Secure Anti-Virus 2006
F-Secure Anti-Virus 2007
F-Secure Anti-Virus 5.x
F-Secure Anti-Virus Client Security 6.x
F-Secure Anti-Virus for Citrix Servers 5.x
F-Secure Anti-Virus for MIMEsweeper 5.x
F-Secure Anti-Virus for Windows Servers 5.x
F-Secure Anti-Virus for Workstations 5.x
F-Secure Internet Security 2005
F-Secure Internet Security 2006
F-Secure Internet Security 2007
...The vulnerability is caused due to an error in the real-time scanning component and can be exploited to execute arbitrary code with escalated privileges via specially crafted I/O request packets.
Solution: F-Secure Internet Security 2005 - 2007: Hotfix distributed automatically.
F-Secure Anti-Virus 2005 - 2007: Hotfix distributed automatically.
F-Secure Protection Service for Consumers 5.00 - 6.40: Hotfix distributed automatically...
Original Advisory: F-Secure: http://www.f-secure.com/security/fsc-2007-2.shtml ..."
----------------------------

F-Secure Policy Mgr Svr DoS Vuln - update available
- http://secunia.com/advisories/25449/
Release Date: 2007-05-30
Critical: Less critical
Impact: DoS
Where: From local network
Solution Status: Vendor Patch
...The vulnerability is caused due to an error within the fsmsh.dll host module and can be exploited to e.g. crash the server by specifying NTFS reserved names as URL filenames. The vulnerability affects versions 7.00 and prior.
Solution: Update to 7.01 or apply hotfix. http://www.f-secure.com/webclub/fspm.html
ftp://ftp.f-secure.com/support/hotfix/fspm/fspms-700-60x-570-hotfix2.zip ...
Original Advisory: F-Secure:
http://www.f-secure.com/security/fsc-2007-4.shtml ..."

.

AplusWebMaster
2007-06-06, 13:44
FYI...

- http://secunia.com/advisories/25539/
Release Date: 2007-06-06
Critical: Less critical
Impact: DoS
Where: From local network
Solution Status: Vendor Patch
Software: Symantec Ghost Solution Suite 1.x, Symantec Ghost Solution Suite 2.x ...
Original Advisory: Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2007.06.05b.html ..."

- http://secunia.com/advisories/25543/
Release Date: 2007-06-06
Critical: Moderately critical
Impact: Security Bypass, Manipulation of data, Exposure of sensitive information
Where: From local network
Solution Status: Vendor Patch
Software: Symantec AntiVirus Corporate Edition 10.x, Symantec Client Security 3.x, Symantec Reporting Server 1.x ...
Solution: Update to version 1.0.224.0.
SAV 10.1 MR6 build 6000 (10.1.6.6000) or later / SCS 3.1 MR6 build 6000 (3.1.6.6000) or later:
https://fileconnect.symantec.com/licenselogin.jsp ...
Original Advisory:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2007.06.05.html
http://securityresponse.symantec.com/avcenter/security/Content/2007.06.05a.html ..."

.

AplusWebMaster
2007-06-06, 13:44
FYI...

CA Anti-Virus Engine CAB Archive Processing Buffer Overflows
- http://secunia.com/advisories/25570/
Release Date: 2007-06-06
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch ...
Solution: Content update 30.6 has been issued to address the vulnerabilities (please see the vendor's advisory for details)...
Original Advisory: CA:
http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp ..."


.

AplusWebMaster
2007-07-11, 16:13
FYI...

McAfee ePolicy Orchestrator / ProtectionPilot Common Management Agent Vulns
- http://secunia.com/advisories/26029/
Release Date: 2007-07-11
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: McAfee ePolicy Orchestrator 3.x, McAfee ProtectionPilot 1.x
...Successful exploitation of this vulnerability allows execution of arbitrary code...
Solution: Apply patches. Please see the vendor's advisories for details...
McAfee:
https://knowledge.mcafee.com/article/761/613364_f.SAL_Public.html
https://knowledge.mcafee.com/article/762/613365_f.SAL_Public.html
https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html
https://knowledge.mcafee.com/article/764/613367_f.SAL_Public.html ...

- http://www.us-cert.gov/current/#mcafee_products_code_execution_vulnerabilities
July 16, 2007

.

AplusWebMaster
2007-07-18, 15:21
FYI...

Trend Micro OfficeScan vuln - updates available
- http://atlas.arbor.net/briefs/index#-1118575019
July 17, 2007 - "A malicious web request with an overly long session cookie can be sent to the Trend Micro OfficeScan web interface to trigger a buffer overflow in the component CGIOCommon.dll. Successful exploitation can allow the remote, anonymous attacker to execute code on the system with the permissions of the IIS web server. Trend Micro has released updated code to address this issue.
Analysis: This is a relatively trivial attack to launch for most attackers. We have not yet seen tools to exploit this, but we expect that some will be developed soon.
Source:
> http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559
7.16.07 - "...Trend Micro has addressed this vulnerability by releasing the following patches for affected products.
CSM3.6 security patch 1149
CSM3.5 security patch 1152
CSM3.0 security patch 1209
http://www.trendmicro.com/download/product.asp?productid=39
OSCE 8.0 security patch 1042
OSCE 7.3 security patch 1293
OSCE 7.0 security patch 1364
OSCE 6.5 security patch 1364
OSCE 6.0 for SMB2.0 security patch 1398
http://www.trendmicro.com/download/product.asp?productid=5 ..."

.

AplusWebMaster
2007-07-19, 19:25
Updated:

Symantec AntiVirus Malformed RAR and CAB Compression Type Bypass - SYM07-019
- http://www.symantec.com/avcenter/security/Content/2007.07.11f.html
Last modified on: Wednesday, 18-Jul-07 16:53:13 ...
Revision History:
Removed invalid CVE information
Added missing product information
Updated Symantec AntiVirus Corporate addition version information
Added information and link to new update tool for Symantec AntiVirus and Symantec Client Security
Risk Impact: High
Remote Access: -Yes- ...

> http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007071111591448
Last Modified: 07/18/2007

.

AplusWebMaster
2007-07-24, 13:12
FYI...

> http://atlas.arbor.net/briefs/index#1027704494
Panda Antivirus EXE File Parsing Buffer Overflow Vulnerability
Severity: High Severity
Published: July 23, 2007
Panda AV is vulnerable to a buffer overflow when processing Windows EXE files. The error comes in an integer cast when parsing EXE header data. A malicious attacker could send the victim a malformed EXE file to be processed by Panda AV. This would then allow the attacker to run arbitrary code on the victim's computer. Updates have been made available.
Analysis: This is a similar issue to the Eset NOD32 file processing issue and nearly a dozen such vulnerabilities recently. We believe that this trend will continue for some time.
Source: http://secunia.com/advisories/26171/

NOD32 Antivirus Multiple File Processing Vulnerabilities
Severity: High Severity
Published: July 23, 2007
Eset NOD32 antivirus is vulnerable to file processing vulnerabilities that could be abused by a remote attacker to compromise a system. The AV software has problems processing CAB, ASPack, and FSG packed files. Malformed files could be sent to a victim to be processed by NOD32 and then run arbitrary code on the server. Eset has issued updated software to address this issue.
Analysis: This is another AV vulnerability in handling files. We do not expect it to be the last one, in this package or any other AV package.
Source: http://secunia.com/advisories/26124/

.

AplusWebMaster
2007-07-25, 20:19
FYI...

CA AV and other multiple products vuln - updates available
- http://secunia.com/advisories/26155/
Release Date: 2007-07-25
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch ...
Description: Two vulnerabilities have been reported in various CA products, which can be exploited by malicious people to cause a DoS...

(See the advisory for the long list of affected products.)

Also see: http://secunia.com/advisories/26190/
Release Date: 2007-07-25
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
...The vulnerability affects all versions of the CA Message Queuing software prior to v1.11 Build 54_4 on Windows and Netware..."

:fear:

AplusWebMaster
2007-08-22, 20:44
FYI...

ClamAV multiple vulns - update available
- http://secunia.com/advisories/26530/
Release Date: 2007-08-22
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x...
Solution:
Update to version 0.91.2.
- http://sourceforge.net/project/showfiles.php?group_id=86638&package_id=90197&release_id=533658
2007-08-21


Trend Micro ServerProtect multiple vulns - update available
- http://secunia.com/advisories/26523/
Release Date: 2007-08-22
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: Trend Micro ServerProtect for Windows/NetWare 5.x...
Solution: Apply Security Patch 4 - Build 1185.
http://www.trendmicro.com/ftp/products/patches/spnt_558_win_en_securitypatch4.exe
Original Advisory: Trend Micro:
http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt

Also see: http://secunia.com/advisories/26557/
Software: Trend Micro Anti-Spyware 3.x, Trend Micro PC-cillin Internet Security 2007

.

AplusWebMaster
2007-08-24, 16:49
FYI...

Sophos AV vuln - update available
- http://secunia.com/advisories/26580/
Release Date: 2007-08-24
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Sophos Anti-Virus...
The vulnerabilities are reported in Sophos Anti-Virus with engine versions prior to 2.48.0.
Solution: Update to engine version 2.48.0 or later...
Original Advisory: http://www.sophos.com/support/knowledgebase/article/28407.html
http://www.sophos.com/support/knowledgebase/article/14244.html ...

.

AplusWebMaster
2007-09-07, 14:45
FYI...

Sophos AV vuln - updates available
- http://secunia.com/advisories/26714/
Release Date: 2007-09-07
Critical: Moderately critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: Sophos Anti-Virus 7.x, Sophos Anti-Virus for Windows 6.x
...The vulnerability is reported in versions 6.x and 7.0.0.
Solution: Update to versions 6.5.8 or later, or 7.0.1 or later. The vendor also recommends users of version 6.x to upgrade to version 7.
Original Advisory:
http://www.sophos.com/support/knowledgebase/article/29150.html

.

AplusWebMaster
2007-09-08, 14:16
FYI...

AOL AV changes...
- http://isc.sans.org/diary.html?storyid=3360
Last Updated: 2007-09-08 01:29:38 UTC - "...It appears that AOL has switched from Kaspersky to McAfee and are now distributing "McAfee Virus Scan Plus-Special edition from AOL" according to this page*. It isn't entirely clear how (or if) this was communicated to the folks using the Kaspersky software. If you follow the link at the bottom of the page it looks like the old software may still get updates if you point back to a Kaspersky site, but that isn't entirely clear and I was unable to find anyone to answer that question for sure today (I'll update the story if I get more info). Without some action by the user, however, it appears that they will now be unprotected, which is unfortunate. In the meantime, if you have an AOL e-mail address, you can still get free anti-virus software from here**..."

* http://www.activevirusshield.com/antivirus/freeav/index.adp

** http://safety.aol.com/isc/BasicSecurity/

.

AplusWebMaster
2007-09-26, 15:32
FYI...

Kaspersky AV DoS vuln - update 11.2007
- http://secunia.com/advisories/26887/
Last Update: 2007-09-25
Critical: Not critical
Impact: DoS
Where: Local system
Solution Status: Unpatched
Software: Kaspersky Anti-Virus 6.x
Kaspersky Anti-Virus 7.x
Kaspersky Internet Security 6.x
Kaspersky Internet Security 7.x
...The vulnerabilities are reported in version 7.0 build 125. Other versions may also be affected.
Solution: The vendor is reportedly working on an update to be released November 2007.
Original Advisory: Kaspersky:
http://www.kaspersky.com/technews?id=203038706
"...This is not the first time that this author has failed to notify us about a vulnerability before making it public, despite the fact that notifying the vendor first is de facto an industry standard..."

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5043

.

AplusWebMaster
2007-10-11, 13:04
FYI...

Kaspersky Online Scanner ActiveX Vuln
- http://secunia.com/advisories/27187/
Release Date: 2007-10-11
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Kaspersky Online Scanner 5.x
...The vulnerability affects versions 5.0.93.1 and prior.
Solution: Update to version 5.0.98.0.
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html ...
Original Advisory: Kaspersky:
http://www.kaspersky.com/news?id=207575572 ...

:fear:

AplusWebMaster
2007-11-21, 13:51
FYI...

BitDefender Online Scanner ActiveX vuln - update available
- http://secunia.com/advisories/27717/
Release Date: 2007-11-21
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
...Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 8.0. Other versions may also be affected.
Solution: Update to the latest version (OScan82.ocx).
http://www.bitdefender.com/scan8/ie.html

:fear:

AplusWebMaster
2007-12-05, 18:10
FYI...

avast! vuln - update available
- http://secunia.com/advisories/27929/
Last Update: 2007-12-06
Critical: Highly critical
Impact: Unknown
Where: From remote
Solution Status: Vendor Patch
Software: avast! Home/Professional 4.x
...The vulnerability is reported in versions prior to 4.7.1098.
Solution: Update to version 4.7.1098.
http://www.avast.com/eng/download.html ...
Original Advisory:
http://www.avast.com/eng/avast-4-home_pro-revision-history.html

:fear:

AplusWebMaster
2007-12-12, 13:56
FYI...

Trend Micro AV plus AS 2008, Internet Security 2008, Internet Security Pro 2008
- http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464
12/10/07 - "...Remote memory corruption... long bogus file names from malformed ZIP files... Vulnerability only affects users with English Versions of TIS16 (Trend Micro Internet Security Pro, Trend Micro Internet Security/Virus Buster 2008) and TAV16 (TrendMicro Antivirus plus AntiSpyware 2008) build #1450 and older... You can download the TIS16.0 English language security patch here..."

:fear:

AplusWebMaster
2007-12-19, 16:33
FYI...

Clam AV vuln - update available
- http://secunia.com/advisories/28117/
Release Date: 2007-12-19
Critical: Highly critical
Impact: DoS, System access
Where: From remote
...The vulnerability is reported in versions prior to 0.92...
Solution: Update to version 0.92.

> http://www.clamav.org/
ClamAV Virus Databases: main.cvd ver. released on 09 Dec 2007 15:50 +0000

> http://www.clamwin.com/
The latest version of Clamwin Free Antivirus is 0.91.2

:fear:

AplusWebMaster
2007-12-21, 19:28
FYI...

- http://www.heise-security.co.uk/articles/100965
21.12.2007 - "...The list of manufacturers of antivirus software with critical security problems reads like a Who's Who of the industry: the blacklist of Zoller and Alvarez includes Avast, Avira, BitDefender, CA, ClamAV, Eset NOD32, F-Secure, Grisoft AVG, Norman, Panda and Sophos. iDefense uncovered critical buffer overflows in Kaspersky's scanner, McAfee's VirusScan and Trend Micro's security products. Secunia found the same thing in Symantec's E-mail Security, and ISS/IBM XForce caught out Microsoft's security products. All of these appeared just this year, and the list is by no means complete: the n.runs specialists alone say they have discovered more than 80 critical holes and passed them on to the manufacturers. As far as they know, only some thirty of them have been closed so far..."

:fear:

AplusWebMaster
2008-01-10, 12:56
FYI...

McAfee E-Business Svr vuln - update available
- http://secunia.com/advisories/28408/
Release Date: 2008-01-10
Critical: Moderately critical
Impact: System access, DoS
Where: From local network
Solution Status: Vendor Patch
Software: McAfee e-Business Server 8.x
...The vulnerability affects versions 8.5.2 and prior on Windows.
Solution: Update to version 8.5.3.
Original Advisory: McAfee:
https://knowledge.mcafee.com/article/542/614472_f.SAL_Public.html

AplusWebMaster
2008-02-14, 06:31
FYI...

ClamAV multiple vulns - update available
- http://secunia.com/advisories/28907/
Release Date: 2008-02-12
Last Update: 2008-02-13
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x
...The vulnerabilities are reported in versions prior to 0.92.1.
Solution: Update to version 0.92.1...
Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=575703 ...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6595

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0318

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0728

:fear:

AplusWebMaster
2008-02-20, 14:33
FYI...

F-Secure vuln - hotfix available
- http://www.f-secure.com/security/fsc-2008-1.shtml
Last updated: 2008-02-19 ...
Risk Factor: High
The gateway passes archives unscanned
Mitigating Factors:
* Exploitation of these vulnerabilities requires specially crafted archives
* The CAB issue has been fixed automatically in F-Secure database updates, while fixing the RAR archive scanning requires installing the hotfix..."

(More detail at the URL above.)

:fear:

AplusWebMaster
2008-02-27, 13:52
FYI...

Symantec RAR File vulns - updates available
- http://secunia.com/advisories/29140/
Release Date: 2008-02-27
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Symantec AntiVirus for Network Attached Storage 4.x
Symantec AntiVirus Scan Engine 4.x
Symantec AntiVirus/Filtering for Domino 3.x
Symantec Mail Security for Exchange 4.x
Symantec Mail Security for Microsoft Exchange 5.x
Symantec Scan Engine 5.x...
Original Advisory: SYM08-006:
http://www.symantec.com/avcenter/security/Content/2008.02.27.html ...
"...to ensure all available updates have been applied, users can manually launch and run LiveUpdate..."

AplusWebMaster
2008-03-10, 19:20
FYI...

Panda vuln - updates available
- http://secunia.com/advisories/29311/
Release Date: 2008-03-10
Critical: Less critical
Impact: Privilege escalation, DoS
Where: Local system
Solution Status: Vendor Patch
Software: Panda Antivirus + Firewall 2008, Panda Internet Security 2008 ...
Solution: Apply hotfix.
Panda Internet Security 2008 (hfp120801s1.exe):
http://www.pandasecurity.com/resources/sop/Platinum2008/hfp120801s1.exe
Panda Antivirus + Firewall 2008 (hft70801s1.exe):
http://www.pandasecurity.com/resources/sop/PAVF08/hft70801s1.exe ...
Original Advisory: Panda:
http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp
http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp ...

:fear:

AplusWebMaster
2008-03-17, 19:09
FYI...

F-Secure Security Advisory FSC-2008-2
- http://www.f-secure.com/weblog/archives/00001404.html
March 17, 2008 - "...The Secure Programming Group at Oulu University has created a collection of malformed archive files. These archive files break and crash products from at least 40 vendors - including several antivirus vendors...including us. We've fixed a long list of our products to resolve these issues. Home users will get these fixes via the normal update system and they don't have to do anything... Our guidance here is the same as for patches from any other vendor: Patch now before someone figures out how to exploit the vulnerability. At the moment we are not aware of any public exploit methods for these vulnerabilities. For more information, please consult F-Secure Security Advisory FSC-2008-2* and CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats**."
* http://www.f-secure.com/security/fsc-2008-2.shtml
(Hotfixes/patches available)

** https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
17 March 2008 - "...The vulnerabilities described in this advisory can potentially affect programs that handle the archive formats ACE, ARJ, BZ2, CAB, GZ, LHA, RAR, TAR, ZIP and ZOO. The Test Suite contains a set of fuzzed archive files in different formats, some of which may cause and some that are known to cause problems in common tools processing archived content..."

:fear:

AplusWebMaster
2008-04-05, 23:32
FYI...

CA Alert Notification Server service vuln - updates available
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103
Issued: April 3rd, 2008 - "CA's customer support is alerting customers to security risks in products that use the Alert Notification Server service. Multiple vulnerabilities exist that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities.
The vulnerabilities, CVE-2007-4620, are due to insufficient bounds checking in multiple procedures. A remote authenticated attacker or local user can exploit a buffer overflow to execute arbitrary code or cause a denial of service.
Risk Rating: High
Affected Products:
CA Anti-Virus for the Enterprise 7.1
CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8
CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8.1
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
Solution: CA has provided updates to address the vulnerabilities... (links at URL above)
Workaround: None..."

:fear:

AplusWebMaster
2008-04-14, 17:25
FYI...

ClamAV vuln
- http://secunia.com/advisories/29000/
Release Date: 2008-04-14
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Software: Clam AntiVirus (clamav) 0.x
...The vulnerability is confirmed in versions 0.92 and 0.92.1. Prior versions may also be affected.
Solution: An updated version should be available shortly. The PE scanning module has been remotely switched off after 10/03/2008.

Do not scan untrusted PE files...

:fear:

AplusWebMaster
2008-04-15, 13:48
FYI...

ClamAV multiple vulns - update available
- http://secunia.com/advisories/29000/
Last Update: 2008-04-15
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x
...The vulnerabilities are reported in version 0.92.1. Prior versions may also be affected.
Solution: Update to version 0.93.
Download:
- http://www.clamav.net/download/sources
Changelog:
- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1100

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1387

:fear:

AplusWebMaster
2008-06-17, 13:51
FYI...

ClamAV vuln - update available
- http://secunia.com/advisories/30657/
Release Date: 2008-06-17
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x...
The vulnerability is reported in versions prior to 0.93.1.
Solution: Update to version 0.93.1.
Original Advisory:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000 ...

Download:
http://sourceforge.net/project/showfiles.php?group_id=86638

:fear:

AplusWebMaster
2008-06-21, 19:33
Backtrack...

- http://atlas.arbor.net/briefs/index#-51119944
Severity: High Severity
Published: Friday, June 20, 2008 20:31

ClamAV vuln... now marked as "Unpatched"
- http://secunia.com/advisories/30657/
Last Update: 2008-06-20
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Unpatched ...
The vulnerability is confirmed in versions 0.93 and 0.93.1. Other versions may also be affected.
Solution: Disable the scanning of PE files.
NOTE: Version 0.93.1 only fixes a particular exploitation vector...
Changelog:
2008-06-20: Updated "Solution" section and marked the advisory as unpatched...

:fear::spider:

AplusWebMaster
2008-07-08, 00:14
FYI...

Panda ActiveScan vulns - update available
- http://secunia.com/advisories/30841/
Release Date: 2008-07-07
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Panda ActiveScan 2.0 1.x
...Successful exploitation allows execution of arbitrary code. According to the vendor, the vulnerabilities affect versions prior to version 1.02.00.
Solution: Update to version 1.02.00 or later.
http://www.pandasecurity.com/activescan

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3155
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3156

:fear:

AplusWebMaster
2008-07-30, 04:45
FYI...

ClamAV vuln - update available
- http://secunia.com/advisories/30657/
Last Update: 2008-07-28
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 0.93.3...
- http://sourceforge.net/project/shownotes.php?release_id=611890&group_id=86638

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2713
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3215

:fear:

AplusWebMaster
2008-07-30, 12:31
FYI...

AVG DoS vuln - update available
- http://secunia.com/advisories/31290/
Release Date: 2008-07-29
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: AVG Anti-Virus 8.x ...
...The vulnerability affects versions prior to 8.0.156.
Solution: Update to version 8.0.156 or later.
Original Advisory:
AVG: http://www.grisoft.com/ww.94247

n.runs AG: http://preview.tinyurl.com/6fcaye ...

- http://www.us-cert.gov/current/archive/2008/08/01/archive.html#avg_releases_update

Program update AVG Free 8.0 169: http://free.avg.com/ww.94096
August 25, 2008

:fear:

AplusWebMaster
2008-08-25, 14:59
FYI...

Trend Micro Web Mgmt authentication bypass...
- http://secunia.com/advisories/31373/
Last Update: 2008-08-29
Critical: Moderately critical
Impact: Security Bypass, Brute force
Where: From local network
Solution Status: Partial Fix
Software: Trend Micro Client Server Messaging Security for SMB 3.x
Trend Micro OfficeScan Corporate Edition 7.x
Trend Micro OfficeScan Corporate Edition 8.x
Trend Micro Worry-Free Business Security 5.x ...
Solution: Apply patches...
(See the URL above for links to patches.)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2433
Last revised: 09/05/2008

:fear:

AplusWebMaster
2008-09-12, 17:54
FYI...

Trend Micro OfficeScan Server - updates available
- http://secunia.com/advisories/31342/
Release Date: 2008-09-12
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Partial Fix
...Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 7.3 with Patch 4 build 1362 applied and also affects OfficeScan version 7.0 and 8.0, and Client Server Messaging Security version 3.6, 3.5, 3.0, and 2.0.
Solution: Apply patches...

(Links to patches/updates available at the URL above.)

:fear:

AplusWebMaster
2008-10-02, 15:44
FYI...

Trend Micro OfficeScan multiple vulns - update available
- http://secunia.com/advisories/32097/
Release Date: 2008-10-02
Critical: Moderately critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Trend Micro OfficeScan Corporate Edition 8.x
...The vulnerabilities are reported in Trend Micro OfficeScan 8.0.
Solution: Apply patches.
Trend Micro OfficeScan 8.0 Service Pack 1:
http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439.exe
Trend Micro OfficeScan 8.0 Service Pack 1 Patch 1:
http://www.trendmicro.com/ftp/products/patches/OSCE8.0_SP1_Patch1_CriticalPatch_3087.exe
Original Advisory: ...Trend Micro:
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt

:fear:

AplusWebMaster
2008-10-21, 15:19
FYI...

F-Secure vuln - update available
- http://secunia.com/advisories/32352/
Release Date: 2008-10-21
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Solution: Apply patches (please see the vendor's advisory for details).
Original Advisory: FSC-2008-3:
http://www.f-secure.com/security/fsc-2008-3.shtml ...

:fear:

AplusWebMaster
2008-10-21, 20:09
FYI...

McAfee update classifies Vista component as a Trojan
- http://www.theregister.co.uk/2008/10/21/mcafee_vista_trojan_false_alert/
21 October 2008 - "McAfee has fixed an update glitch that wrongly slapped a Trojan classification on components of Microsoft Vista. As a result of a misfiring update, published on Monday, the Windows Vista console IME executable was treated as a password-stealing Trojan. Depending on their setup, McAfee users applying would have typically found the component either quarantined or deleted. The antivirus firm fixed the glitch with a definition update on Tuesday that recognised the difference between the Vista component and malware, as explained in a write-up by McAfee here*. False positives with virus signature updates are a perennial problem for antivirus vendors, and the latest glitch is far from the first such occurrence to befall McAfee. Only two months ago in August McAfee wrongly categorised a plug-in for Microsoft Office Live Meeting as a Trojan."
* http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100683

AVG flags ZoneAlarm as malware
- http://news.cnet.com/8301-1009_3-10067148-83.html
October 15, 2008 - "Grisoft, makers of AVG antivirus, on Wednesday released a new update addressing a false positive in another security product. On Tuesday, AVG users reported desktops warnings that their desktop was infected with something called Trojan Agent r.CX... The ZoneAlarm user forum soon filled with concerned users... Laura Yecies, vice president and general manager of Check Point's ZoneAlarm consumer division said, "as soon as Check Point learned that AVG's recent antivirus update was mistakenly flagging a ZoneAlarm file as a virus, we contacted AVG and they issued an update within hours that corrected the problem. AVG users will automatically get the update that corrects the issue." In July, Grisoft modified its free AVG 8 due to complaints about a proactive scanning of a Web site feature. The feature that had been enabled in the paid version of the product did not scale with the free release causing spikes in Web traffic."
- http://www.theregister.co.uk/2008/10/16/avg_zonealarm_trojan_false_alarm/
16 October 2008 - "...The mis-firing AVG definition file tagged components of ZoneAlarm as infected with the Agent_r.CX Trojan horse and quarantined important files. As a result users running the popular antivirus package alongside security suite software from Check Point were left with a malfunctioning firewall, mystery infection reports and an inability to re-install their ZoneAlarm software..."

:fear::spider::sad:

AplusWebMaster
2008-10-22, 20:03
FYI...

Trend Micro OfficeScan vuln - update available
- http://secunia.com/advisories/32005/
Release Date: 2008-10-22
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: Trend Micro OfficeScan Corporate Edition 7.x, Trend Micro OfficeScan Corporate Edition 8.x...
Solution: Apply patches.
Trend Micro OfficeScan 8.0 SP1 Patch 1:
http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3110.exe
Trend Micro OfficeScan 7.3:
http://www.trendmicro.com/ftp/products/patches/OSCE_7.3_Win_EN_CriticalPatch_B1374.exe ...
Trend Micro:
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt ...

- http://www.us-cert.gov/current/current_activity.html#trend_micro_officescan_critical_patch
October 22, 2008

:fear:

AplusWebMaster
2008-11-10, 14:58
FYI...

ClamAV vuln - update available
- http://secunia.com/advisories/32663/
Release Date: 2008-11-10
Critical: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 0.94.1.
> http://sourceforge.net/project/shownotes.php?release_id=637952&group_id=86638
Download:
- http://www.clamav.net/download/sources
Changelog:
- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

Also see: ClamWin Free Antivirus 0.94.1 released
- http://www.clamwin.com/content/view/205/1/
Download:
- http://www.clamwin.com/content/view/18/46/
Version 0.94.1; 24.5MB

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5050

:fear:

AplusWebMaster
2008-12-02, 13:10
FYI...

ClamAV vuln - update available
- http://secunia.com/advisories/32926/
Release Date: 2008-12-02
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x
...The vulnerability is reported in versions prior to 0.94.2.
Solution: Update to version 0.94.2.
Original Advisory: ClamAV:
http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=643134

Download:
- http://www.clamav.net/download/sources
"...Latest stable release: ClamAV 0.94.2..."

Changelog:
- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

:fear:

AplusWebMaster
2008-12-19, 16:33
FYI...

ESET Smart Security vuln - update available
- http://secunia.com/advisories/33210/
Release Date: 2008-12-19
Critical: Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch
Software: ESET Smart Security 3.x
...The vulnerability is confirmed in version 3.0.672. Other versions prior to 3.0.684 may also be affected...
Solution: Update to version 3.0.684...
- http://www.eset.com/joomla/index.php?option=com_content&task=view&id=4113&Itemid=5
• stability and security fixes

:fear:

AplusWebMaster
2008-12-20, 16:34
FYI...

Sophos AV vuln - update available
- http://secunia.com/advisories/33177/
Release Date: 2008-12-19
Critical: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch...
...The vulnerability is caused due to an unspecified error when processing certain malformed CAB archives. This can be exploited to crash the application and may allow the execution of arbitrary code...
Solution: Fixed in the Sophos virus engine 2.82.1.
Original Advisory: Sophos:
http://www.sophos.com/support/knowledgebase/article/50611.html ...

:fear:

AplusWebMaster
2008-12-22, 13:06
FYI...

Trend Micro HouseCall ActiveX vuln - update available
- http://secunia.com/advisories/31583/
Release Date: 2008-12-21
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Trend Micro HouseCall ActiveX Control 6.x, Trend Micro HouseCall Server 6.x
...Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in versions 6.51.0.1028 and 6.6.0.1278. Other versions may also be affected.
Solution: Remove the ActiveX control and install version 6.6.0.1285.
http://prerelease.trendmicro-europe.com/hc66/launch/

:fear:

AplusWebMaster
2009-01-15, 16:56
FYI...

Avira Antivir vuln - update available
- http://secunia.com/advisories/33541/
Release Date: 2009-01-15
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Avira AntiVir Personal Edition Classic 7.x, 8.x, Premium 7.x, Premium 8.x, Premium Security Suite 7.x, Server 6.x, UNIX MailGate 2.x, Workstation 7.x, 8.x, Premium Security Suite 7.x
...The vulnerabilities are caused due to errors in the handling of RAR files. These can be exploited to crash an affected program via a specially crafted RAR archive.
Solution: Update the scanning engine to versions 7.9.0.54, 8.2.0.54, or later.
Original Advisory: Avira:
http://forum.avira.com/wbb/index.php?page=Thread&threadID=81148 ...

:fear:

AplusWebMaster
2009-02-23, 13:20
FYI...

F-Secure Anti-Virus Client Security hotfix
- http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtml
Feb 17, 2009 - "Client Security Hotfix fsav744-06
F-Secure Client Security versions 7.12 * All supported platforms
...After having applied this hotfix, the product gains ability to handle USB-carried malware known under the following aliases: Downadup and Conficker.
Note: A reboot is not required after installing the hotfix..."

:fear:

AplusWebMaster
2009-04-03, 13:27
FYI...

ClamAV multiple vulns - update available
- http://secunia.com/advisories/34566/
Release Date: 2009-04-03
Critical: Moderately critical
Impact: Security Bypass, DoS
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x ...
Solution: Update to version 0.95...
- http://www.clamav.net/download/sources

- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1241
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1270
Last revised: 04/10/2009

:fear:

AplusWebMaster
2009-04-29, 15:23
FYI...

Symantec Alert Management System 2 multiple vulns - SYM09-007
- http://preview.tinyurl.com/dngt55
April 28, 2009 Symantec Security Advisories:
Remote Access: Yes
Local Access: Yes...
"The version of Alert Management System 2 (AMS2) used by some versions of Symantec System Center, Symantec Antivirus Server, and Symantec AntiVirus Central Quarantine Server contains four vulnerabilities... (see) Affected Products table... Updates have been released to address these issues..."
- http://secunia.com/advisories/34856/2/
Release Date: 2009-04-29
Critical: Moderately critical
Impact: Privilege escalation, System access
Where: From local network
Solution Status: Vendor Patch
Software: Symantec AntiVirus Corporate Edition 10.x, Symantec AntiVirus Corporate Edition 9.x, Symantec Client Security 2.x, Symantec Client Security 3.x, Symantec Endpoint Protection 11.x...

- http://preview.tinyurl.com/cacnwe
Symantec Security Advisories
4/28/09 - Symantec Alert Management System 2 multiple vulnerabilities - SYM09-007
4/28/09 - Symantec Log Viewer JavaScript Injection Vulnerabilities - SYM09-006
4/28/09 - Symantec Reporting Server Improper URL Handling Exposure - SYM09-008

:fear::spider:

AplusWebMaster
2009-04-30, 23:38
FYI...

McAfee Security Bulletin - VirusScan Engine update fixes bypasses
- https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT
April 29, 2009
• Description
There is an issue with engine DAT versions where specially crafted archive files could cause a scanning process to miss files within the archive. These archives are corrupt, but still functional by some end user archive programs. This could allow malware to bypass a scanner on a gateway. Users utilizing on-access scanning on endpoint devices should not be affected, as the scanner will see the files after the archive is opened. An attack, even if it is successful at bypassing the gateway, will have no lasting effect on the endpoint running an on-access scanner, which is the default and recommended way of running our Anti-Virus products. Updating to the latest product version will resolve this issue.
• Remediation
Overview: Download appropriate DAT file 5600 or later.
Obtaining the Binaries: http://www.mcafee.com/apps/downloads/security_updates/dat.asp
• Workaround
All users should enable On-Access-Scanning on all endpoint devices. This is the default setting after installation. By using On-Access-Scanning, endpoints will catch any threats that may pass on gateway devices. McAfee has long supported a defense-in-depth strategy that includes running antivirus software on multiple points of your network, including gateways, file servers, and especially endpoints...

:fear::fear:

AplusWebMaster
2009-05-07, 14:53
FYI...

F-Secure ZIP and RAR archives vulns
- http://secunia.com/advisories/35008/2/
Release Date: 2009-05-06
Critical: Not critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software: F-Secure Anti-Virus...
Solution: Apply patches. Please see the vendor's advisory for details...
Original Advisory: FSC-2009-1:
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html ...
2009-05-06

:fear:

AplusWebMaster
2009-05-26, 21:08
FYI...

AVG 8.5 vuln - updates available
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1784
Last revised: 05/26/2009
CVSS v2 Base Score: 10.0 (HIGH)

- http://xforce.iss.net/xforce/xfdb/50426
... Platforms Affected:
* AVG, AVG Anti-Virus 6.0.710
* AVG, AVG Anti-Virus 7.0
* AVG, AVG Anti-Virus 7.0.251
* AVG, AVG Anti-Virus 7.0.323
* AVG, AVG Anti-Virus 7.1.308
* AVG, AVG Anti-Virus 7.1.407
* AVG, AVG Anti-Virus 7.5.448
* AVG, AVG Anti-Virus 7.5.476
* AVG, AVG Anti-Virus 8.0
* AVG, AVG Anti-Virus 8.0.156
Remedy: Upgrade to the latest version of AVG (8.5 build 323 or later), available from the AVG Web site...

Program update AVG 8.5.323 SP1
- http://www.avg.com/223363
... Fixes
• Core: Fixed problem with crash while scanning PDF files.
• Core: Fixed occasional crash of scanning engine.
• Core: Fixed problem of crash while healing Mozilla Firefox 3 cookies.
• Core: Fixed problem with processing slowdown during Resident Shield scanning LNK files.
• Core: Fixed problem with ZoneAlarm incompatibility.
• Core: Fixed problem with missed detection in corrupted *.cab and *.zip archives (thanks to Thierry Zoller)...

:fear:

AplusWebMaster
2009-06-10, 14:38
FYI...

McAfee false positive...
- http://www.theregister.co.uk/2009/06/09/mcafee_update_snafu/
9 June 2009 - "A recent McAfee service pack led to systems being rendered unbootable, according to posts on the security giant's support forums. The mandatory service pack for McAfee's corporate Virus scanning product, VSE 8.7, was designed to address minor security bugs but instead tagged windows system files as malware. The software update was issued on 27 May and pulled on 2 June, after problems occurred. Users were advised to keep the patch if they'd already installed it in a low-key announcement on McAfee's knowledge base*. Posts on McAfee's support forum** paint a different picture of PCs and server left unbootable after the update had automatically deleted Windows systems files wrongly identified as potentially malign..."
* https://kc.mcafee.com/corporate/index?page=content&id=KB65943
June 08, 2009
** http://community.mcafee.com/showthread.php?t=231060

:fear::oops::sad:

AplusWebMaster
2009-06-16, 15:24
FYI...

F-secure - Mail relay vuln - update available
- http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-2.html
2009-06-16 - "...Specially crafted messages may be used to bypass mail relay restrictions.
Mitigating factors:
* The issue only affects systems where the SMTP Turbo module is used for mail distribution.
* Incorrectly relayed messages still pass through spam filtering, which decreases the vulnerability’s usefulness for spam relaying.
Affected platforms: All supported platforms
Products: F-Secure Messaging Security Gateway 5.5.x...

- http://secunia.com/advisories/35475/2/
Release Date: 2009-06-16
Critical: Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
OS: F-Secure Messaging Security Gateway P-Series, F-Secure Messaging Security Gateway X-Series...
Solution: The vendor has fixed the vulnerability in patch 739, delivered automatically to affected systems. Approve the installation of patch 739 for systems not configured for automatic patch installation...

:fear:

AplusWebMaster
2009-06-19, 14:05
FYI...

ClamAV CAB/RAR/ZIP vuln - update available
- http://www.securityfocus.com/bid/35426/info
Published: Jun 18 2009
Updated: Jun 19 2009
"... Versions prior to ClamAV 0.95.2 are vulnerable..."

- http://www.clamav.net/
"Latest ClamAV® stable release is: 0.95.2 ..."

- http://www.clamav.net/download/sources

:fear::fear:

AplusWebMaster
2009-07-04, 16:59
FYI...

McAfee false-positive glitch...
- http://www.theregister.co.uk/2009/07/03/mcafee_false_positive_glitch/
3 July 2009 22:48 GMT - "IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attack their core system files. In some cases, this caused the machines to display the dreaded BSOD. Details are still coming in, but forums here* and here** show that it's affecting McAfee customers in Germany, Italy, and elsewhere... Based on anecdotes, the glitch appears to be caused when older VirusScan engines install DAT 5664..."
* http://forums.mcafeehelp.com/showthread.php?p=569669
** http://forums.mcafeehelp.com/showthread.php?t=231904

- http://www.eweek.com/index2.php?option=content&task=view&id=54685&pop=1&hide_ads=1&page=0&hide_js=1
2009-07-06 - "... On July 3, McAfee users running old versions of the VirusScan engine found themselves facing false positives after downloading a DAT file that labeled legitimate programs as malware. According to McAfee support forums, the glitch led to authorized programs being quarantined, and in some cases brought about the infamous "blue screen of death"... A McAfee spokesperson said the incorrect identification was resolved in the daily release, and stressed that customers running the most current software were not affected... According to McAfee, customers running Version 5200 or newer were not impacted by the problem. The most current versions are VirusScan Enterprise 8.7 and scanning engine 5301... "

:confused::fear:

AplusWebMaster
2009-07-10, 15:40
FYI...

CA - false positive
- http://www.theregister.co.uk/2009/07/10/ca_rogue_av_update/
10 July 2009 - "... The update, issued on Wednesday, falsely labeled important Windows system files as potentially malign, dispatching them into quarantine. The action prevents Windows XP systems from booting properly... In a statement (below), CA said it issued a revised update on Thursday that resolved the problem.
'On July 8, 2009 at 11:00am EST, a CA DAT file release contained improperly formed malware detections that errantly detected clean files from Microsoft Windows Service Pack 3 and from the commercial Cygwin application. Affected files were detected as "Win32\Amalum" variants with extensions such as ZZNRA, ZZOFK, ZZNPB, and ZZNRA.
All files falsely detected as malware by these errant signatures were quarantined and renamed with the following text added to the file name "*.AVB". This prevented the affected files from running as the ".exe" file. It's important to note that the affected files remain fully intact, only the file extensions were modified.
On July 9, 2009 at 3:30am EST the file was corrected and released.' ..."

> http://preview.tinyurl.com/lyh5s9
Document ID: 3413 - Modify Date: Thursday, July 09, 2009 - "... false positive due to CA Anti-Virus Update # 6604 and has been corrected with CA Anti-Virus Update # 6606 or later..."

:fear::lip::oops:

AplusWebMaster
2009-07-24, 17:59
FYI...

Kaspersky Anti-Virus / Kaspersky Internet Security 2010
Critical Fix 1 (version 9.0.0.463)
- http://www.kaspersky.com/technews?id=203038755
07.23.2009
"FIXES:
1. Problem with system instability after long period of program operation has been fixed.
2. Error causing BSOD while updating the emulator driver has been fixed.
3. Pop-up message in the URL checking module has been fixed (for the Spanish version).
4. Problem with pausing the scan task while third party programs are running in full-screen mode has been fixed.
5. Problem with the update task freezing at system startup has been fixed.
6. Vulnerability that allowed disabling of computer protection using an external script has been eliminated.
7. Driver crash in rare cases while processing a write operation has been fixed.
8. Crash while processing data incompliant with the protocol of Mail.Ru Agent has been fixed.
Download Here..."

:fear:

AplusWebMaster
2009-08-10, 01:32
FYI...

- http://www.theregister.co.uk/2009/08/06/vista_anti_virus_tests/
6 August 2009 - "Security vendors including CA and Symantec failed to secure Windows systems without fault in recent independent tests. Twelve of the 35 anti-virus products put through their paces by independent security certification body Virus Bulletin failed to make the grade for one reason or another and therefore failed to achieve the VB100 certification standard. The main faults were either a failure to detect a threat known to be in circulation (one particularly tricky polymorphic file infector caused the most grief in this area) or creating a false alarm about a file known to be benign. Virus Bulletin's VB100 tests benchmarks the performance of a vendor submitted anti-virus product against a set of malware from the WildList, a list of viruses known to be circulating. To gain VB100 certification, a security product must correctly detect all of these malware strains without blowing the whistle when scanning a batch of clean files. Vendors only get one run at passing the tests, which are conducted free of charge to security software manufacturers... The results of the August 2009 VB100 review can be seen here* (free registration required)... Virus Bulletin recently began assessing the reactive and proactive detection abilities of anti-virus products alongside the long-established VB100 tests. The new tests are a reflection that the malware landscape has changed radically over recent years, with greater malware volumes and targeted attacks... overall performance of security products in proactively detecting malware was "disappointingly low" in several cases (see chart here**). "We saw some particularly poor detection of emerging threats and the products in question have a lot of work to do if they are to provide acceptable protection for their customers...."

* http://www.virusbtn.com/vb100/archive/2009/08

** http://www.virusbtn.com/vb100/RAP/RAP-quadrant-Feb-Aug09.jpg

:fear:

AplusWebMaster
2009-08-12, 14:30
FYI...

Sophos SAVScan vuln - updates available
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6904
Last revised: 08/07/2009
CVSS v2 Base Score: 10.0 (HIGH)

> http://www.sophos.com/support/knowledgebase/article/50611.html
"... The vulnerability has been removed from all versions of Sophos Anti-Virus running the virus engine, version 2.82.1 and above...
1. Check that you have the latest version of Sophos Anti-Virus on your computers.
2. If necessary update to ensure you have virus engine version 2.82.1 or above..."

:fear:

AplusWebMaster
2009-08-13, 04:53
FYI...

CA false positives...
- http://www.dynamoo.com/blog/2009/08/ca-etrust-goes-nuts-with-stdwin32-and.html
12 August 2009 - "CA eTrust ITM has gone completely nuts today, with a load of seemingly random false positives mostly for StdWin32 in a large number of binaries, including some components of eTrust itself. The core problem seems to be a signature update from 31.6.6672 to 33.3.7051, there seems to be little consistency in what is being detected as a false positive although there are multiple occurrences of Nokia software, VNC and event DLLs and EXEs belonging to eTrust's core components...
Update 2: Signature pattern 34.0.6674 appears to fix this problem..."

CA / ITM False Positive Notice
> http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=214397
Published: 12 Aug 2009

> https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214394
___

- http://www.theregister.co.uk/2009/08/12/ca_auto_immune_update/
12 August 2009

- http://isc.sans.org/diary.html?storyid=6955
Last Updated: 2009-08-13 01:35:11 UTC

:fear::fear:

AplusWebMaster
2009-08-26, 13:26
FYI...

Symantec SYM09-010 - Symantec Products KeyView XLS Processing Buffer Overflow
- http://secunia.com/advisories/36421/2/
Release Date: 2009-08-26
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
OS: Symantec Brightmail Gateway 8.x, Symantec Mail Security Appliance 5.0.x ...
Solution: Please see the vendor advisory for a patch matrix.
Symantec (SYM09-010): http://preview.tinyurl.com/mp5rza ...

Norton 2009 product or Norton 360 Version 3.0 - Error: "Symantec Service Framework has encountered a problem and needs to close..." after you install the latest updates
- http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20090821103237EN
Last modified: 08/25/2009 - "Download and run the fix tool
1. Download the fix tool*.
Save the file to the Windows desktop.
DOWNLOAD
2. On the Windows desktop, double-click KB20090821103237EN.exe.
3. In the Open File - Security Warning window, click Run.
4. In the Norton Hotfix window, click Yes.
5. Accept the license agreement, and click OK.
6. Follow the on-screen instructions.
Restart your computer... In some cases you may need to restart the computer twice to apply the hotfix correctly. After you run the fix tool and restart the computer, if you still see this error message, restart the computer once again.
DOCID: 20090821103237EN
Operating System: Windows Vista, Windows XP
* ftp://ftp.symantec.com/public/english_us_canada/hotfix/KB20090821103237EN.exe

:fear::fear:

AplusWebMaster
2009-09-25, 17:32
FYI...

avast! vuln - update available
- http://secunia.com/advisories/36858/2/
Last Update: 2009-09-25
Impact: Privilege escalation, DoS
Where: Local system
Solution Status: Vendor Patch
Solution: Update to version 4.8.1356...
Original Advisory: avast!:
http://www.avast.com/eng/avast-4-home_pro-revision-history.html

:fear:

AplusWebMaster
2009-10-22, 14:57
FYI...

CA Anti-Virus Engine - CA20091008-01
- http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878
"... CA has issued fixes to address the vulnerabilities.
The first vulnerability, CVE-2009-3587, is due to improper handling of a specially crafted RAR archive file by the CA Anti-Virus engine arclib component. An attacker can create a malformed RAR archive file that results in heap corruption and allows the attacker to cause a denial of service or possibly further compromise the system.
The second vulnerability, CVE-2009-3588, is due to improper handling of a specially crafted RAR archive file by the CA Anti-Virus engine arclib component. An attacker can create a malformed RAR archive file that results in stack corruption and allows the attacker to cause a denial of service.
... If the file version is earlier than indicated below, the installation is vulnerable.
File Name File Version
arclib.dll 8.1.4.0
> For eTrust Intrusion Detection 2.0, the file is located in "Program Files\eTrust\Intrusion Detection\Common", and for eTrust Intrusion Detection 3.0 and 3.0 sp1, the file is located in "Program Files\CA\Intrusion Detection\Common".
> For CA Anti-Virus r8.1 on non-Windows platforms:
Use the compver utility provided on the CD to determine the version of Arclib. If the version is less than 8.1.4.0, the installation is vulnerable..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3587

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3588

:fear:

AplusWebMaster
2009-10-29, 16:10
FYI...

F-Secure PDF handling vuln - update available
- http://secunia.com/advisories/37192/2/
Release Date: 2009-10-29
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch...
Original Advisory: F-Secure:
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-3.html
Last updated: 2009-10-29
Risk level: High
"... A fix for the problem has been distributed through the malware definition database update channel. This advisory only affects systems that, for some reason, are not updated automatically..."

:fear::blink:

AplusWebMaster
2009-11-13, 20:30
FYI...

Panda vuln - update available
- http://secunia.com/advisories/37373/2/
Release Date: 2009-11-13 ...
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch
Software: Panda Antivirus Pro 2010 9.x, Panda Global Protection 2010 3.x, Panda Internet Security 2010 15.x ...
Original Advisory: Panda:
http://www.pandasecurity.com/homeusers/support/card?id=80164&idIdioma=2

:fear:

AplusWebMaster
2009-11-18, 16:13
FYI...

Kaspersky AV vuln - update available
- http://secunia.com/advisories/37398/2/
Release Date: 2009-11-18
Impact: DoS
Where: Local system
Solution Status: Vendor Patch
Software: Kaspersky Anti-Virus 2010
Solution: Update to version 9.0.0.736.
Original Advisory:
http://sysdream.com/article.php?story_id=323&section_id=78
"... Patch Updated: 2009/11/16..." (?)

- http://www.kaspersky.com/kav_latest_versions

- http://usa.kaspersky.com/support/home/anti_virus/av2010/208280872/?search=900463+pointer+dereference+vulnerability
October 21, 2009

:fear:

AplusWebMaster
2009-11-19, 22:13
FYI...

ClamAV v0.95.3 released
- http://www.clamav.net/download/sources
Latest stable release: ClamAV 0.95.3...

- http://wiki.clamav.net/bin/view/Main/UpgradeNotes0953
If you have trouble compiling ClamAV please apply this patch (see bug #1737)
You can apply the patch ...
- http://wiki.clamav.net/pub/Main/UpgradeNotes0953/patch-0.95.3-bug1737.diff

- http://wiki.clamav.net/Main/UninstallClamAV
... Make sure that you haven’t got old libraries (libclamav.so) lying around your filesystem. You can verify it using: $ ldd `which freshclam`
Also make sure there is really only one version of ClamAV installed on your system...

- http://www.clamwin.com/content/view/220/1/
11 November 2009

- http://www.securityfocus.com/bid/35410/info
Updated: Nov 18 2009 05:16PM

:fear::fear:

AplusWebMaster
2009-12-03, 15:18
FYI...

Avast false positives - fix released
- http://isc.sans.org/diary.html?storyid=7681
Last Updated: 2009-12-03 11:04:57 UTC - "We have received a number of reports of Avast Antivirus false positives... With a recent update the Avast antivirus product have started identifying legitimate products as containing Win32-Dell-MZG...
Update:
A new update was released fixing the issue. 091203-1. If you haven't used your computer between 12:00am UTC and 5.50 am UTC, then you will receive the new update and you should be fine. For those that were affected I recommend you keep an eye on the Avast blog http://forum.avast.com/index.php?topic=51647 as they are working on some how to's to help fix any issues."

:fear::fear:

AplusWebMaster
2009-12-17, 14:05
FYI...

Kaspersky - Insecure default directory permissions
- http://secunia.com/advisories/37730/2/
Release Date: 2009-12-17
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch
Software:
Kaspersky Anti-Virus for Windows Server 6.x
Kaspersky Anti-Virus for Windows Workstations 6.x
Kaspersky Internet Security 9.x ...
Solution:
Kaspersky Internet Security 2010:
Update to version 9.0.0.736.
Kaspersky Anti-Virus 6.0 for Windows Workstations:
Update to version 6.0.4.1212.
Kaspersky Anti-Virus 6.0 for Windows File Servers:
Update to version 6.0.4.1212...

- http://www.kaspersky.com/kav_latest_versions

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4114

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4452

:fear:

AplusWebMaster
2009-12-24, 04:19
FYI...

Latest: http://www.av-comparatives.org/en/comparativesreviews/dynamic-tests
Dec. 2010

- http://www.av-comparatives.org/comparativesreviews/performance-tests
Performance Tests
___

- http://www.av-test.org/certifications.php
AV-Test 2010/Q3 - XP // Product Review and Certification Report

:wink:

AplusWebMaster
2010-01-04, 23:02
FYI...

Symantec ...having 2010 date problems
- http://isc.sans.org/diary.html?storyid=7870
Last Updated: 2010-01-04 17:22:08 UTC - "... post from Symantec:
- http://www.symantec.com/connect/forums/official-status-sepm-definitions-stay-31-12-2009-last-updated-04-jan-2010
... stating that Symantec Endpoint Protection Manager considers any definition update with a date newer than 11:59PM December 31 2009 will be considered out of date. They say they are working on a fix but are currently handling this by releasing new definitions with higher version numbers but the same date. This is impacting:
* Symantec Endpoint Protection v11.x Product Line
* Symantec Endpoint Protection Small Business Edition v12.x Product Line ..."
- http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010308571348

:sad:

AplusWebMaster
2010-01-26, 01:47
FYI...

F-secure - false alarm in show_ads.js
- http://www.f-secure.com/weblog/archives/00001865.html
January 25, 2010 - "Some of our antivirus products had a brief false alarm today. The alert was from a common Javascript file called show_ads.js. The false alarm was for a trojan called Trojan.JS.Redirector.ar. The false alarm has been fixed in our update 2010-01-25_17. This only affected our older products, such as the 2009 product range. F-Secure Internet Security 2010 had no issues. We apologize for the false alarm. Sorry."

:sad:

AplusWebMaster
2010-01-26, 16:34
FYI...

Kaspersky - false positive
- http://www.theregister.co.uk/2010/01/25/kaspersky_adsense_false_positive/
25 January 2010 16:06 GMT - "Updated: An update to Kaspersky's popular anti-virus software on Monday falsely identified Google AdSense as a malicious script. As a result of the false alarm, Kaspersky users visiting sites in Google ad syndication network were falsely warned a site was infected with malicious Trojan-linked JavaScript... 'An incorrect signature was added to the company's antivirus databases on 25 January at 07:00 Moscow time (GMT+3). As a result, Kaspersky Lab products erroneously blocked some legitimate websites containing the link on script http://pagead2.googlesyndication.com/pagead/show_ads.js , which is used in the contextual advertising system Google AdSense. When users visited an affected web resource, a message was displayed stating that the page contained the malicious program Trojan.JS.Redirector.ar. The problem was quickly resolved and by 19:00 Moscow time the company's products had stopped generating alerts for legitimate internet pages. Kaspersky Lab would like to apologize for any inconvenience this problem may have caused users...'..."

:fear:

AplusWebMaster
2010-01-29, 00:52
FYI...

Symantec false positives...
- http://isc.sans.org/diary.html?storyid=8104
Last Updated: 2010-01-28 16:59:13 UTC - "... might be a false positive in Symantec's host based detection, flagging the Adobe Flash Installer as a Trojan Horse... Symantec is encouraging people that are affected to call Symantec support... Seems that the affected Revision is:
2010-01-27 rev 049..."

- http://www.theregister.co.uk/2010/01/28/symantec_spotify_false_alarm/
28 January 2010 - "...A misfiring anti-virus definition update caused Symantec's Norton security software to wrongly classified Spotify program files as malign and shuffled them off into quarantine. Symantec responded quickly to the problem by issuing a fix that quashed the false alarm. Even after they update their security software, Symantec users may still have to reinstall Spotify in order to listen to the service again..."

> ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_corp/rapidrelease/sequence/

:fear:

AplusWebMaster
2010-02-23, 22:09
FYI...

avast! vuln - updates available
- http://secunia.com/advisories/38689/
Release Date: 2010-02-23
Impact: Privilege escalation, DoS
Where: Local system
Solution Status: Vendor Patch...
Solution: The vulnerability is fixed in version 5.0.418...

- http://secunia.com/advisories/38677/
Release Date: 2010-02-23
Impact: Privilege escalation, DoS
Where: Local system
Solution Status: Vendor Patch...
Solution: Update to version 5.0.418...

> http://forum.avast.com/index.php?topic=55484.0

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0705
Last revised: 02/26/2010
CVSS v2 Base Score: 7.2 (HIGH)

:fear:

AplusWebMaster
2010-02-25, 00:15
FYI...

CA Service Desk Tomcat CSS vuln - workaround
- http://secunia.com/advisories/37606/
Release Date: 2010-02-23
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Workaround
Software: CA Service Desk 12.x
Original Advisory: CA20100222-01:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=229526

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1947

CA eHealth Performance Manager CSS vuln - patch available
- http://secunia.com/advisories/38694/
Release Date: 2010-02-24
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: CA eHealth Performance Manager 6.x
Solution: Enable "Scan user input for potentially malicious HTML content". Please see the vendor's advisory for more information.
Original Advisory: CA20100223-01:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=229652

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0640

Installation and Upgrade Issues... CA eHealth Performance Manager r6.1.x through r6.2
>>> https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=227051

:fear:

AplusWebMaster
2010-03-21, 07:29
FYI...

Faulty Update for 64 bit Operating Systems
- http://news.bitdefender.com/NW1431-en--Faulty-Update-for-64-bit-Operating-Systems.html
22 March 2010

- http://forum.bullguard.com/forum/15/TrojanFakeAlert5-Update-issue_84115.html
22-03-2010

BitDefender 2010 - false positive on X64 systems
- http://isc.sans.org/diary.html?storyid=8464
Last Updated: 2010-03-21 00:44:19 UTC (Version: 2) - "... BitDefender 2010 appears to have released a set of bad definitions. Unfortunately, these bad virus definitions appear to detect core DLL files and even parts of BitDefender, itself, as infected by "Trojan.FakeAlert.5". There is quite a thread discussing this issue on the BitDefender Forums*. If you or your organization uses BitDefender, I would heavily recommend that you disable auto-update of the definitions until corrected ones are released soon. Also, I would recommend preparing to do a lot of hands-on clean up to reverse those files which were quarantined by accident.
Update: BitDefender has been sharing more information about this incident involving 64-bit architecture via their twitter account**. They point users to their knowledge base*** for more details on how to recover from this problem. I hope that beyond the initial response of this major issue, BitDefender and all antivirus vendors will recheck how they test, do quality assurance, and prepare to use social media as a communication tool for their customers in the case of an emergency."
* http://forum.bitdefender.com/index.php?showtopic=18759&st=0

** http://twitter.com/bitdefender/

*** http://www.bitdefender.com/site/KnowledgeBase/consumer/#638
____

- http://www.krebsonsecurity.com/2010/03/bad-bitdefender-antivirus-update-hobbles-windows-pcs/
March 20, 2010

- http://twitter.com/bitdefender/status/10797005869
4:27 PM Mar 20th - "update: malware writers taking advantage of this update issue - please only use removal and fix tools from:
http://www.bitdefender.com/ ..."

:fear::sad:

AplusWebMaster
2010-04-07, 12:53
FYI...

ClamAV vuln - update available
- http://secunia.com/advisories/39329/
Release Date: 2010-04-07
Criticality level: Highly critical
Impact: Security Bypass, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x
CVE Reference: CVE-2010-0098
Solution: Update to version 0.96.

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0098
Last revised: 04/09/2010
CVSS v2 Base Score: 10.0 (HIGH)

Download
- http://www.clamav.net/
Latest ClamAV stable release is: 0.96

Changelog
- http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=master

:fear:

AplusWebMaster
2010-04-12, 15:29
FYI...

F-Secure advisory FSC-2010-1
- http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html
2010-04-12
Security Advisory FSC-2010-1
Malformed archive bypass vulnerability

- http://secunia.com/advisories/39396/

:fear:

AplusWebMaster
2010-04-21, 23:10
FYI...

McAfee DAT 5958 update issues
- http://isc.sans.org/diary.html?storyid=8656
Last Updated: 2010-04-21 19:22:30 UTC ...(Version: 2) - "McAfee's "DAT" file version 5958 is causing widespread problems with Windows XP SP3. The affected systems will enter a reboot loop and loose all network access. We have individual reports of other versions of Windows being affected as well. However, only particular configurations of these versions appear affected. The bad DAT file may infect individual workstations as well as workstations connected to a domain. The use of "ePolicyOrchestrator", which is used to update virus definitions across a network, appears to have lead to a faster spread of the bad DAT file. The ePolicyOrchestrator is used to update "DAT" files throughout enterprises. It can not be used to undo this bad signature because affected system will lose network connectivity. The problem is a false positive which identifies a regular Windows binary, "svchost.exe", as "W32/Wecorl.a", a virus. If you are affected, you will see a message like:
The file C:WINDOWSsystem32svchost.exe contains the W32/Wecorl.a Virus.
Undetermined clean error, OAS denied access and continued.
Detected using Scan engine version 5400.1158 DAT version 5958.0000.
McAfee released an updated DAT file, and an "EXTRA.DAT" file to fix the problem. An EXTRA.DAT file is a patch to just fix the bad signature. McAfee's support web sites currently respond slowly and are down at times, likely due to the increased load caused by this issue. Several readers reported that this procedure worked to recover:
1 - Boot the system in "Safe Mode"
2 - copy extra.dat in c:/program files/common files/mcafee/engine
3 - reboot.
If you lost "svchost.exe", then you need to copy it back to c:/Windows/system32/svchost.exe while in safe mode. This fix has to be applied locally at the workstation. However, it may be possible to do this remotely if your workstations support Intel's "vPro" technology. We should have a link to instructions shortly. Additional information from McAfee:
http://community.mcafee.com/thread/24056?tstart=0
McAfee Knowledgebase Article:
https://kc.mcafee.com/corporate/index?page=content&id=KB68780
EXTRA.DAT file:
http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=265240 ..."

Corporate or Business users
- http://vil.nai.com/vil/5958_false.htm
April 25, 2010 - Windows XP with SP3...
• If you receive a detection for w32/wecorl.a, Do not restart your computer until you have performed the remediation steps in this article...

Home Users
- http://service.mcafee.com/faqdocument.aspx?id=TS100969
___

- http://www.symantec.com/connect/blogs/malware-authors-taking-advantage-mcafee-false-positive
April 22, 2010 - "... We have seen poisoned search results since the problem first surfaced. Search terms such as McAfee, 5958, or DAT are returning results that can lead to malicious and fake antivirus scan sites, resulting in the installation of malware... This attack by the malware creators is quite insidious since many of the people searching for information about this problem are most likely already affected by the problem and are looking for a solution using another computer..."

:fear::sad:

AplusWebMaster
2010-05-10, 09:27
FYI...

- http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/
7th May 2010 - "... the technique might be combined with an exploit of another piece of software, say, a vulnerable version of Adobe Reader or Oracle's Java Virtual Machine to install malware without arousing the suspicion of the any AV software the victim was using. "Realistic scenario: someone uses McAfee or another affected product to secure their desktops," H D Moore, CSO and Chief Architect of the Metasploit project, told The Register in an instant message. "A malware developer abuses this race condition to bypass the system call hooks, allowing the malware to install itself and remove McAfee. In that case, all of the 'protection' offered by the product is basically moot." A user without administrative rights could also use the attack to kill an installed and running AV..."
- http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php#table-of-vulnerable-software
Published: 2010/05/05
Last update: 2010/05/07 - paragraph about which platforms are affected added to Final observations and notes...

- http://www.f-secure.com/weblog/archives/00001949.html
May 10, 2010 - "... this attack does not "break" all antivirus systems forever. Far from it. First of all, any malware that we detect by our antivirus will still be blocked, just like it always was. So the issue only affects new, unknown malware that we do not have signature detection for... We believe our multi-layer approach will provide sufficient protection level even if malicious code were to attempt use of Matousec's technique. And if we would see such an attack, we would simply add signature detection for it, stopping it in its tracks. We haven't seen any attacks using this technique in the wild. In a nutshell: We believe in defense in depth."

- http://www.darkreading.com/blog/archives/2010/05/is_khobe_an_ear.html
May 11, 2010 Graham Cluley, Sophos - "... describes a way in which the tamper protection implemented by some anti-malware products might be potentially bypassed. That's assuming, of course, you can get your malicious code past the anti-malware product in the first place. Hang on a minute. That means KHOBE is not really a way that hackers can avoid detection and get their malware installed on your computer. What Matousec is describing is a way of "doing something extra" if the malicious code manages to get past your antivirus software in the first place. In other words, KHOBE is only an issue if antivirus products miss the malware. And that's one of the reasons, of course, why vendors offer a layered approach using a variety of protection technologies..."

:fear:

AplusWebMaster
2010-05-18, 00:08
FYI...

Symantec - false positive - W.o.W....
- http://forums.wow-europe.com/thread.html?topicId=13525762488&sid=1
* 14. Re: Infostealer in scan.dll and scan.dll.new 15/05/2010 03:20:48 PDT
"Looks like Norton is giving a false positive* ... "
* http://www.virustotal.com/analisis/2c9d1b6b863dd4a4e83f87d74307e7b3ca3bd70e2d605f25ea3fecc7967c3b5e-1273917649
File Scan.dll received on 2010.05.15 10:00:49 (UTC)
Result: 1/40 (2.50%)

- http://www.theregister.co.uk/2010/05/17/symantec_wow_false_alarm/

- http://isc.sans.org/diary.html?storyid=8803

:scratch:

AplusWebMaster
2010-05-24, 23:13
FYI...

ClamAV v0.96.1 released
- http://secunia.com/advisories/39895/
Last Update: 2010-05-24
Criticality level: Moderately critical
Impact: DoS
Where: From remote
Solution: Update to version 0.96.1...

- http://www.clamav.net/lang/en/download/sources/
"... Latest stable release: ClamAV 0.96.1..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1639

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1640

:fear:

AplusWebMaster
2010-05-26, 14:13
FYI...

AV detection evasion...
- http://isc.sans.org/diary.html?storyid=8857
Last Updated: 2010-05-26 05:41:55 UTC - "... Authors of malware often build various modules that allow them to extend functionality of malware but also to make analysis more difficult. The rationale behind this is pretty simple – if this particular infected machine does not need the module that, for example, attacks a certain bank it will not be downloaded and installed. This makes it more difficult for the AV vendors to collect all samples of various modules as the attackers can target them. One example of such highly modular (and heavily protected) malware is certainly Clampi – you can see a series of articles about this malware family posted on Symantec's web site*. The attackers can also use modularization to rapidly change fingerprints of malware – if only one module is detected by an AV vendor, the attacker only has to modify that particular module... One very simple malicious file was submitted to us couple of days... found the file in the /Windows/SysWOW64 directory on his Windows 7 machine. The file was named netset.exe and it wasn't signed, so it immediately looked suspicious... However, online malware scanners all happily declared the file safe – when it was initially submitted to VirusTotal it resulted in 0 detections (yes – 0 out of 40 AV programs on VirusTotal, see the report here**)... attackers are using those simple tricks to make automated analysis more difficult. Since even emulators such as Anubis, which execute the malware in an isolated environment, will not know which argument it needs, the file will appear to be benign. And judging by the VirusTotal results they have no problems with evading signature based scanning..."

* http://www.symantec.com/connect/blogs/inside-jaws-trojanclampi

** http://www.virustotal.com/analisis/60db7717d40b0169d6db6f853c7719e16c44d8de81156fb4bb2cc602289aac7c-1272595124
File netset.exe received on 2010.04.30 02:38:44 (UTC)
Result: 0/40 (0.00%)
There is a more up-to-date report (30/43) for this file.
- http://www.virustotal.com/file-scan/report.html?id=60db7717d40b0169d6db6f853c7719e16c44d8de81156fb4bb2cc602289aac7c-1291654154
File name: netset.exe
Submission date: 2010-12-06 16:49:14 (UTC)
Result: 30/43 (69.8%)

:fear:

AplusWebMaster
2010-08-23, 21:11
FYI...

AV struggles against exploits
- http://krebsonsecurity.com/2010/08/anti-virus-products-struggle-against-exploits/
August 23, 2010 - "... a series of reports released earlier this month by anti-virus testing lab AV-Test* comes to similar conclusions as NSS report about the exploit-blocking abilities of the major anti-virus products. According to AV-Test, the industry average in protecting against exploits (both known and unknown) was 75 percent."

* http://www.av-test.org/certifications
AV-Test Product Review and Certification Report - 2010/Q3

(More detail available at both URLs above.)

:fear:

AplusWebMaster
2010-09-07, 22:22
FYI...

Trend Micro Internet Security Pro 2010 vuln - Hotfix available
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3189
Last revised: 09/01/2010
CVSS v2 Base Score: 9.3 (HIGH)
Patch Information
Hyperlink: http://esupport.trendmicro.com/pages/Hot-Fix-UfPBCtrldll-is-vulnerable-to-remote-attackers.aspx

- http://securitytracker.com/alerts/2010/Aug/1024364.html

- http://xforce.iss.net/xforce/xfdb/61397
High Risk

:fear:

AplusWebMaster
2010-09-13, 15:59
FYI...

avast! Antivirus v5.0.677 released
- http://secunia.com/advisories/41109/
Last Update: 2010-09-13
Impact: System access
Where: From remote
... The vulnerability is confirmed in avast! Free Antivirus version 5.0.594 for Windows. Other versions may also be affected.
Solution: Update to version 5.0.677 ...
Original Advisory: Avast!:

http://www.avast.com/en-eu/release-history
Version 5.1.889
2011-01-13

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3126
Last revised: 08/26/2010
CVSS v2 Base Score: 9.3 (HIGH)

:fear::fear:

AplusWebMaster
2010-09-21, 10:46
FYI...

ClamAV v0.96.3 released
- http://secunia.com/advisories/41503/
Release Date: 2010-09-21
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
CVE Reference: CVE-2010-0405
Solution: Update to version 0.96.3.

- http://www.clamav.net/lang/en/download/sources/

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3434
Last revised: 10/01/2010
CVSS v2 Base Score: 9.3 (HIGH)
___

- http://www.h-online.com/security/news/item/Free-ClamWin-virus-scanner-moves-most-of-Windows-into-quarantine-1139430.html
19 November 2010

:fear:

AplusWebMaster
2010-11-23, 18:04
FYI...

Sophos/Mac AV - Top malware seen
- http://sophosnews.files.wordpress.com/2010/11/top-malware-reported-mac.jpg?w=640
Nov. 2 - Nov. 16, 2010 [150K users]

> http://www.sophos.com/freemacav

- http://nakedsecurity.sophos.com/2010/11/18/free-anti-virus-for-mac-150000-active-users-and-plenty-of-malware-found/
November 18, 2010 - "... 50,000 malware reports from the Mac users during the time period... We don't see as much Mac malware as Windows malware... unfortunately, so long as Mac users don't properly defend themselves they will increasingly be perceived as a soft target by cybercriminals..."

:sad:

AplusWebMaster
2010-12-01, 22:28
FYI...

McAfee SB10013...
- http://isc.sans.edu/diary.html?storyid=10012
Last Updated: 2010-12-01 15:55:08 UTC - "McAfee Released Security Bulletin SB10013 this morning. The bulletin pertains to a potential code execution vulnerability for VirusScan Enterprise 8.5i and earlier versions. According to the information from McAfee they are investigating the publicly disclosed security issue and will publish a hotfix as soon as the investigation is complete. They have listed this as a Severity Rating of Medium. For more information and to check for the hotfix* ..."
* https://kc.mcafee.com/corporate/index?page=content&id=SB10013
December 01, 2010 - "... McAfee is aware of a publicly disclosed security issue that may affect VirusScan Enterprise version 8.5 and prior. We are investigating the claims and will update this KB with additional details when they are available. We will be publishing a hotfix for this issue as soon as we are certain the fix closes all avenues of attack. This hotfix will mitigate the issue in affected configurations. .. VSE 8.7i and beyond are not affected by this issue and are readily available immediately. Upgrading to the newest version effectively closes this issue completely... Remediation: Upgrade to or install VSE 8.7..."

- http://secunia.com/advisories/41482/
Release Date: 2010-11-29
Last Update: 2010-12-03
Criticality level: Highly critical
Impact: System access
Where: From remote
...The vulnerability is confirmed in version 8.5.0i (patch 8, 32bit scanmodule version 5400.1158, DAT version 6107.0000). Other versions may also be affected.
Solution: Fixed in McAfee VirusScan version 8.7i or later...

- https://kc.mcafee.com/corporate/index?page=content&id=SB10013
Last Modified: December 14, 2010

:fear:

AplusWebMaster
2010-12-03, 09:38
FYI...

AVG bad update bricks Win7 64-bit
- http://isc.sans.edu/diary.html?storyid=10030
Last Updated: 2010-12-03 04:24:55 UTC - "... reports on AVG updates breaking things on Windows 7 64 bit... The problem lies with the mandatory update. The AVG site has some info on how to deal with the issue here http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=94159
* Basically get the machine started somehow (use AVG rescue Disk or any Linux Live CD). In the windows/system32/drivers directory rename everything starting with avg. Reboot and your system will be back (minus the AV). I guess it will then be a matter of waiting for it to be fixed, reinstall or change to something else."
___

AVG fix for computers running on Windows 7 64-bit platform - updated
- http://product-team.blog.avg.com/2010/12/avg-fix-for-computers-running-on-windows-7-64-bit-platform.html
12/02/2010 - "... we have identified a potential conflict between one of our recent updates (3292) and a significant number of systems running on the Windows 7 64-bit platform that has caused systems to go into an infinite crash loop... video to help you solve this problem..."

- http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=132999#post_132999
[Read -entire- thread]

System crash after the recent AVG 2011 update 3292 (BSOD)
- http://free.avg.com/ww-en/faq?num=4080

- http://www.avg.com/us-en/faq?num=4079

Updated AVG 2011 Rescue CD/USB (for 3292 update)
- http://www.youtube.com/watch?v=Fam3-KSfA3A
___

- http://forums.avg.com/us-en/avg-free-forum?sec=thread&act=show&id=132917

- http://www.youtube.com/watch?v=x4hfiY55bkQ

:sad::confused::scratch:

AplusWebMaster
2010-12-08, 14:55
FYI...

ClamAV v0.96.5 released
- http://secunia.com/advisories/42426
Last Update: 2010-12-08
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
... The vulnerabilities are reported in versions prior to 0.96.5.
Solution: Update to version 0.96.5.

- http://www.clamav.net/lang/en/download/sources/
Latest stable release: ClamAV 0.96.5

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4260
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4261

- http://www.h-online.com/security/news/item/Free-ClamWin-virus-scanner-moves-most-of-Windows-into-quarantine-1139430.html
19 November 2010

:fear::fear:

AplusWebMaster
2010-12-09, 18:23
FYI...

Avira v10 SP1 updated
- http://techblog.avira.com/2010/12/08/update-for-paged-pool-problems/en/
December 8, 2010 - "We just published an update for Avira AntiVir 10 with Service Pack 1 that solves an issue some users were experiencing where their computers stopped to respond after a short time of running. An error message indicates in those cases that the paged pool memory isn’t sufficient. As a workaround it was possible to disable the process protection of Avira AntiVir. The now released update solves that issue. Those who disabled the process protection may enable it again after applying that update, which should happen automatically within the usual update cycle (exception: if the default configuration got changed and product updates explicitly got disabled)..."
Update 09.12.2010 - "On developer systems, this update may lead to problems when trying to debug software (thus only developers should be affected). We are still investigating the issue. As a workaround in case you experience this problem, disable the registry- and file-protection for the Avira AntiVir files in the configuration: Switch to expert mode in the configuration and scroll down to “general”, “security”. There untick the box next to the entry which protects from file- and registry manipulations. After that, reboot the computer. In some cases it is necessary to rename the Avira file avipbb.sys to avipbb.old (possible in safe mode)."

- http://secunia.com/advisories/40927/
Last Update: 2010-12-09
... The vulnerability is confirmed in version 10.0.0.565. Other versions may also be affected.
Solution: Reportedly fixed in avipbb.sys version 10.0.22.20 (available through the product update mechanism).

:confused::fear:

AplusWebMaster
2010-12-10, 17:46
FYI...

F-secure: false positive...
- http://www.f-secure.com/weblog/archives/00002073.html
December 10, 2010 07:22 GMT - "Unfortunately we had a nasty false alarm couple of hours ago. The false alarm involved the detection Adware.smartad.d, which was in the database update 2010-12-09_10, released on 9th Dec 2236 UTC. This detection inadvertently triggered on the file google-analytics.com/ga.js. This file is a script associated with Google Analytics, and it's found on a fair number of websites. An exclusion for the file was released in the database update 2010-12-10_01 at 10th Dec 0052 UTC - about 2.5 hours after the bad update went out.
Apologies for any disruptions caused by this false alarm. We're sorry. To minimize disruptions, please make sure your product has been updated to use the latest database updates."

:fear::sad:

AplusWebMaster
2010-12-15, 16:59
FYI...

F-Secure remote binary vuln - updates available
- http://secunia.com/advisories/42566/
Release Date: 2010-12-15
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Solution: Apply patches. Patches are also distributed via the automatic update channel.
Original Advisory: F-Secure Security Advisory FSC-2010-4:
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-4.html
Last updated: 2010-12-15
Risk level: High
Brief description: Under certain circumstances, an attacker can trick the system into executing a binary file that has been planted on a disk resource that the computer can access... Administrators should download and apply the hotfixes listed...

- http://www.securitytracker.com/id?1024895
Dec 15 2010

:fear::fear: