Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: 2006 Alerts - Q4

  1. #11
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox and Thunderbird v1.5.0.8 Released

    FYI...

    - http://isc.sans.org/diary.php?storyid=1834
    Last Updated: 2006-11-08 04:58:08 UTC
    "The Mozilla Foundation released version 1.5.0.8 of both their popular Firefox web browser and Thunderbird email clients today. These versions address some security issues* covered in MFSA2006-65, MFSA2006-66 and MFSA2006-67. If you have not already upgraded to the new Firefox 2.0 web browser, you should be sure to update to Firefox 1.5.0.8. You can download the new versions off their web site at:
    http://www.mozilla.com/firefox/releases/1.5.0.8.html -and-

    http://www.mozilla.com/thunderbird/ ..."

    * http://www.mozilla.org/projects/secu...firefox1.5.0.8

    > http://secunia.com/advisories/22722/
    =====================================

    - http://secunia.com/advisories/22722/
    Last Update: 2006-11-09
    Critical: Highly critical
    Impact: Security Bypass, Cross Site Scripting, DoS, System access ...
    > Solution: Update to Mozilla Firefox 1.5.0.8*...
    Changelog: 2006-11-09: Added links to US-CERT vulnerability notes.
    Original Advisory:
    MFSA-2006-65: http://www.mozilla.org/security/anno...sa2006-65.html
    MFSA-2006-66: http://www.mozilla.org/security/anno...sa2006-66.html
    MFSA-2006-67: http://www.mozilla.org/security/anno...sa2006-67.html
    Other References:
    US-CERT VU#815432: http://www.kb.cert.org/vuls/id/815432
    US-CERT VU#495288: http://www.kb.cert.org/vuls/id/495288
    US-CERT VU#390480: http://www.kb.cert.org/vuls/id/390480
    US-CERT VU#335392: http://www.kb.cert.org/vuls/id/335392
    US-CERT VU#714496: http://www.kb.cert.org/vuls/id/714496 ..."

    * http://www.mozilla.com/firefox/releases/1.5.0.8.html
    ~or~
    ...with Firefox open in an admin account, >Help >Check for Updates .

    .
    Last edited by AplusWebMaster; 2006-11-09 at 13:44. Reason: Added updated Secunia advisory info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #12
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Broadcom Wireless Vuln - ZERT advisory

    FYI...

    - http://isc.sans.org/diary.php?storyid=1845
    Last Updated: 2006-11-12 01:09:18 UTC

    - http://isotf.org/advisories/zert-01-111106.htm
    "...ZERT sees this vulnerability as critical, but can not patch it. This advisory comes to explain why this is a critical issue, why we can't patch it, and what can be done.
    MoKB's advisory states: "The Broadcom BCMWL5.SYS wireless device driver is vulnerable to a stack-based buffer overflow that can lead to arbitrary kernel-mode code execution. This particular vulnerability is caused by improper handling of 802.11 probe responses containing a long SSID field. The BCMWL5.SYS driver is bundled with new PCs from HP, Dell, Gateway, eMachines, and other computer manufacturers. Broadcom has released a fixed driver to their partners, which are in turn providing updates for the affected products. Linksys*, Zonet, and other wireless card manufactures also provide devices that ship with this driver...
    Q: Is it possible for Microsoft to push this update through their automatic updates system?
    A: We believe that has been done before (last week as an example, with a smaller Broadcom update). However, the only answer to that question can come from Microsoft. Patching third party software is never an easy task, even if in collaboration with the third party. Microsoft potentially helping to patch this third-party issue could be of a significant help to get ahead of this threat."
    ========================================================
    * Linksys driver:
    - http://preview.tinyurl.com/jchla

    Tip:
    - http://blog.washingtonpost.com/secur...y_deploye.html
    11/11/2006
    "A security researcher has released a set of instructions for exploiting a security flaw in the wireless Internet devices built into millions of new laptops from HP, Dell, Gateway and other computer makers. An attacker could use the flaw to take complete control over any vulnerable machine located within a few hundred feet... In the meantime, many laptops sold these days come with a button you can push to disable the built-in wireless card. If your laptop came with one of those, it might not be a bad idea to get into the habit of using it."
    ==================================================

    Broadcom Wireless Driver Probe Response SSID Buffer Overflow
    - http://secunia.com/advisories/22831/
    Release Date: 2006-11-13
    Critical: Moderately critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: Broadcom NIDS 5.0 Wireless Driver 3.x
    ...The vulnerability is caused due to a boundary error in the BCMWL5.SYS device driver when handling probe response requests with a long SSID. This can be exploited to cause a stack-based buffer overflow via a specially crafted packet. The vulnerability is reported in version 3.50.21.10. Other versions may also be affected.
    Solution: Update to the latest version.
    Linksys: http://preview.tinyurl.com/jchla
    Turn off the wireless card when not in use..."
    -----------------------------------------------------

    - http://blog.washingtonpost.com/secur...ecurity_h.html
    November 14, 2006
    "...It turns out that HP issued a patch in October to fix this flaw. HP users should be able to install this patch by visiting Microsoft Update, letting it scan, and then selecting the "Hardware/Optional" option at the left hand side of the screen. This worked on my HP laptop*, and there may be updates for this flaw from other affected PC makers (Dell and Gateway come to mind). I think it's great that Microsoft is offering Microsoft Update as a distribution mechanism for serious flaws in the PCs made by third parties, but most people probably would not know to check that portion of Microsoft Update, and I can't recall ever seeing any alerts from HP about this important patch."

    * http://blog.washingtonpost.com/securityfix/hpmu.html

    Last edited by AplusWebMaster; 2006-11-14 at 22:30. Reason: Added Biran Krebs blog info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #13
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation More fake codecs/security scam hijack sites

    FYI...

    Codec No. 107
    - http://www.f-secure.com/weblog/archi....html#00001021
    November 14, 2006
    "While browsing the Internet for movies – *cough* pr0n – people often end up downloading some DRM protected material, bundled with a license that uses social engineering tactics to push the victim into dowloading a "codec". These supposed codecs are downloading and installing malware... Sunbelt's blog* frequently posts fake codec site URL's to avoid. Good Guys. Kurt Wismer also has some good advice**: Get a good media player that handles multiple formats, and then be very suspicious of anything else prompting you for a new codec."

    * http://sunbeltblog.blogspot.com/2006...am-hijack.html

    ** http://anti-virus-rants.blogspot.com...-roulette.html

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #14
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Critical security vuln WinZip 10 - update available

    FYI...

    - http://isc.sans.org/diary.php?storyid=1861
    Last Updated: 2006-11-15 19:48:38 UTC
    "WinZip Computing released a new build of WinZip 10 that fixes a critical security vulnerability in this popular ZIP program. The vulnerability exists in an ActiveX component that is shipped with WinZip 10 only (so if you are running previous versions of WinZip you are not affected by this vulnerability). This ActiveX component is marked safe for scripting which means that a remote attacker can exploit it if you visit a web page hosting the exploit. Build 7245 of WinZip 10 is available at http://www.winzip.com/wz7245.htm . If you, for some reason, cannot upgrade, you should disable the affected ActiveX control (WZFILEVIEW.FileViewCtrl.61) – its CLSID is A09AE68F-B14D-43ED-B713-BA413F034904.

    UPDATE:
    *MS06-067 ( http://isc.sans.org/diary.php?storyid=1854 ) actually disables this vulnerability. Beside the other things that this update does, it also sets the kill bits for vulnerable ActiveX components...

    UPDATE 2:
    Couple of exploits for this vulnerability have been already released, so be sure to either patch WinZip or install MS06-067*..."

    - http://www.winzip.com/wz7245.htm
    "...Previous versions of WinZip are not affected by this vulnerability..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #15
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox Pwd Mgr Info Disclosure - workaround available

    FYI...

    - http://secunia.com/advisories/23046/
    Release Date: 2006-11-22
    Critical: Less critical
    Impact: Exposure of sensitive information
    Where: From remote
    Solution Status: Unpatched
    Software: Mozilla Firefox 1.x, Mozilla Firefox 2.x
    ...This may be exploited to steal user credentials via malicious forms in the same domain.
    The vulnerability is confirmed in version 2.0.0. Other versions may also be affected.
    Solution: Disable the "Remember passwords for sites" option in the preferences...
    Original Advisory: http://www.info-svc.com/news/11-21-2006/
    Other References: https://bugzilla.mozilla.org/show_bug.cgi?id=360493 ..."
    =================================

    - http://isc.sans.org/diary.php?storyid=1879
    Last Updated: 2006-11-22 14:43:18 UTC
    "... This type of attack vector appears to also affect Internet Explorer... The workaround in this particular case would be to never use Firefox to save passwords for any web site. The option is under Tools, Options, Security. Here is a link* showing how to disable it..."
    * http://www.mozilla.org/support/firefox/options#security
    ===================================================

    EDIT/ADD:
    - http://www.sans.org/newsletters/news...3&rss=Y#sID306

    Last edited by AplusWebMaster; 2006-11-27 at 17:15. Reason: Added additional reference...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #16
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Mac OS X Security Update 2006-007

    FYI...

    Security Update 2006-007
    - http://docs.info.apple.com/article.html?artnum=304829
    Date Modified: November 28, 2006

    Apple Patches 31 Security Holes
    - http://blog.washingtonpost.com/secur...ecurity_1.html
    November 28, 2006
    "...Users can download the free updates using OS X's Software Update feature*, or directly from Apple Downloads**..."

    * http://docs.info.apple.com/article.html?artnum=106704

    ** http://www.apple.com/support/downloads/

    - http://isc.sans.org/diary.php?storyid=1896

    - http://secunia.com/advisories/23155/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #17
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Symantec-Veritas NetBackup vuln - update available

    FYI...

    SYM06-023 - Symantec NetBackup Vuln
    > http://securityresponse.symantec.com...006.11.28.html

    - http://seer.support.veritas.com/docs/285984.htm
    Last Updated: November 29 2006
    "Symantec's Veritas NetBackup (tm) 6.0 PureDisk Remote Office Edition: PHP update to Address Reported Security Vulnerability...
    Severity: High
    ...Related Documents:
    > http://seer.support.veritas.com/docs/285985.htm
    Last Updated: November 29 2006
    ...Download Patch...

    - http://secunia.com/advisories/23139/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #18
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Reader, Acrobat v7 vuln in IE - update available

    FYI...

    - http://www.adobe.com/support/securit...apsa06-02.html
    November 28, 2006
    "... Platform: Windows
    Summary: Adobe is aware of a recently published report of potential vulnerabilities in Adobe Reader and Acrobat. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.
    Affected software versions: Adobe Reader 7.0.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0.0 through 7.0.8 on the Windows platform when using Internet Explorer. Users of other browsers are not affected...
    Solution: The Secure Software Engineering team is working with the Adobe Reader Engineering team on an update to Adobe Reader and Acrobat 7.0.8 that will resolve these issues, which is expected to be available in the near future. A security bulletin will be published on http://www.adobe.com/support/security as soon as that update is available. The vulnerability is in an ActiveX control used by Internet Explorer; users of other browsers are not affected. The following workaround will prevent these vulnerabilities from occurring in Adobe Reader 7.0.X on Windows using Internet Explorer:
    1. Exit Internet Explorer and Adobe Reader.
    2. Browse to <volume>:\Program Files\Adobe\Acrobat 7.0\ActiveX.
    Note: If you did not install Acrobat to the default location, browse to the location of your Acrobat 7.0 folder.
    3. Select AcroPDF.dll and delete it.
    NOTE: This workaround will prevent PDF documents from opening within an Internet Explorer window. After applying this workaround, clicking on PDF files within Internet Explorer will either open in a separate instance of Adobe Reader or the user will be prompted to download the file, which can then be opened in Adobe Reader. This workaround may disrupt some enterprise workflows and use of PDF forms..."

    > http://secunia.com/advisories/23138/
    =======================================

    - http://www.adobe.com/support/securit...apsb06-20.html
    December 5, 2006
    "Summary:
    Critical vulnerabilities have been identified in Adobe Reader and Acrobat 7.0 through 7.0.8 that could — although Adobe is not aware of any specific code exploits at this time — allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious file must be by the end user for an attacker to exploit these vulnerabilities. It is recommended that users update to Adobe Reader 8 or apply the workaround provided below.
    > Affected software versions
    Adobe Reader 7.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0 through 7.0.8 on the Windows platform when using Internet Explorer. Users of other browsers are not affected.
    > Solution:
    Adobe Reader 7.0 through 7.0.8 users should upgrade to Reader 8:
    http://www.adobe.com/products/acrobat/readstep2.html .
    Adobe Reader 7.0 through 7.0.8 users who cannot upgrade to Reader 8, as well as Adobe Acrobat 7.0 through 7.0.8 users, should follow the directions below to update their installations:
    1. Exit Internet Explorer, Adobe Reader, and Adobe Acrobat, if necessary.
    2. Browse to <volume>:\Program Files\Adobe\Acrobat 7.0\ActiveX.
    Note: If you did not install Acrobat to the default location, browse to the location of your Acrobat 7.0 folder.
    3. Select AcroPDF.dll and delete it.
    4. Download the AcroPDF.dll file provided here*.
    5. Copy the new AcroPDF.dll file in to the ActiveX directory..."

    * http://www.adobe.com/support/securit...ns/acropdf.dll

    Last edited by AplusWebMaster; 2006-12-06 at 15:41. Reason: Added Adobe v8 release advisory...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #19
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down 404dnserror -Adware-

    FYI...

    - http://isc.sans.org/diary.php?storyid=1903
    Last Updated: 2006-12-01 21:31:39 UTC by Johannes Ullrich (Version: 1)
    "...Site called "404dnserror/dot/com" (DO NOT VISIT)... User was infected with some spyware/adware. It kept redirecting them to the '404dnserror' page. The page looks like a generic server error, but also advertises an anti-spyware tool (System Doctor*) in the form of an ActiveX like installer toolbar at the top of the page. To save you the risk of exposing yourself to the site, I included a screen shot... Its probably safe to block/montor access to this domain."

    (Screenshot available at the URL above.)

    * Ref.: http://www.safer-networking.org/en/u...ory/index.html
    Updates - 10. November 2006
    "...Malware ...+ Systemdoctor..."

    Last edited by AplusWebMaster; 2006-12-02 at 13:38.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #20
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malicious Code: MySpace XSS QuickTime Worm

    FYI...

    - http://www.websense.com/securitylabs...hp?AlertID=708
    December 01, 2006
    "Websense® Security Labs™ has confirmed the existence of a worm spreading on the MySpace network. This worm is exploiting the Javascript support within Apple's embedded QuickTime player (1). This is used in conjunction with a MySpace vulnerability that was announced two weeks ago on the Full-Disclosure mailing list (2). The vulnerabilities are being used to replace the legitimate links on the user's MySpace profile with links to a phishing site.
    Once a user's MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is modified in two ways. The links in the user's page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user's site. Any other users who visit this newly-infected profile may have their own profile infected as well.
    An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, or both.
    1. http://www.gnucitizen.org/blog/backd...cktime-movies/
    2. http://seclists.org/fulldisclosure/2006/Nov/0275.html
    3. http://www.apple.com/quicktime/tutor...reftracks.html ..."

    (Site screenshot available at the Websense URL above.)
    -------------------------------------------------------------

    - http://www.f-secure.com/weblog/archi....html#00001038
    December 2, 2006
    "...Infected MySpace pages are easy to find. They've had their standard MySpace header replaced with a new one... The links here do not point to MySpace like they should. Instead they point to four different sites, hosting MySpace look-alike pages... When you visit an infected page with IE, an embedded MOV movie file (piAF2iuswo.mov) will be downloaded. The MOV file contains a Javascript snippet that will download a Javascript file (js.js) which will modify YOUR MySpace profile (if you have one). After that, everybody who visits your MySpace profile gets hit too.
    The final target seems to be to steal MySpace logins in mass quantities. The infected files are hosted on several different sites..."

    (Screenshots available at the URL above.)

    Also see:
    > http://www.f-secure.com/v-descs/js_quickspace_a.shtml

    > http://www.symantec.com/enterprise/s...523-99&tabid=2

    Last edited by AplusWebMaster; 2006-12-04 at 13:53. Reason: Added F-secure blog notes...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •