Multiple AV vendor vulns / updates / issues

[AplusWebMaster]

FYI...

Symantec/XP users BSOD ...
- http://www.symantec.com/docs/TECH192811
Updated: 2012-07-16 - "Problem: On July 11th, 2012 at approximately 22:30 PST, Symantec started receiving reports of customers experiencing blue screens after applying Proactive Threat Protection definition version July 11, 2012 rev 11. Machines may continue to blue screen after they reboot. This problem appears to occur only on Windows XP machines running SEP 12.1.
Error: Blue screen (BSOD) with code 0x000000CB after installing July 11, 2012 rev. 11 definitions.
Environment: SEP 12.1 Systems on Windows XP 32 bit and 64 bit
Cause: Symantec has reproduced the problem and is now trying to identify the root cause. We have posted updated signatures which resolve the issue to the public LiveUpdate production servers.
Solution: Symantec has posted updated signatures which resolve the issue to the public LiveUpdate production servers. To work around the issue please follow these steps on the impacted machines. For Enterprise customers, make sure you have updated to the latest virus definitions on the Symantec Endpoint Protection Manager(SEPM)..."
(More detail at the Symantec URL above.)

Hat tip to Heise:
- http://h-online.com/-1641046
13 July 2012

[AplusWebMaster]

FYI...

McAfee Security for MS SharePoint / MS Exchange Outside-In vulns
- https://secunia.com/advisories/50275/
Release Date: 2012-08-20
Criticality level: Highly critical
Impact: System access
Where: From remote ...
CVE Reference(s): CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, CVE-2012-3110
... vulnerabilities are caused due to the software bundling a vulnerable Outside In library.
For more information see vulnerabilities #1 through #13 in: https://secunia.com/SA49936/
Solution: Apply Patch 1 and Hotfix HF788523.
Original Advisory: McAfee:
https://kc.mcafee.com/corporate/inde...ent&id=KB75998 ...

[AplusWebMaster]

FYI...

DAT 6807/6808 causing issues...
- https://kc.mcafee.com/corporate/inde...ent&id=KB76004
Last Modified: August 23, 2012
- https://kc.mcafee.com/corporate/inde...ent&id=KB76048
Last Modified: August 24, 2012

McAfee DAT versions 6807 or 6808 ...
- http://www.theregister.co.uk/2012/08...et_cutoff_bug/
23rd August 2012 16:29 GMT

> http://service.mcafee.com/faq/TS101446.htm

> https://btbusiness.custhelp.com/app/..._cat/2468,2470
"... some of our customers have lost access to the internet after recent updates by McAfee. If you right-click on your McAfee icon and then select About, you will be able to see the "DAT version". If this is 6807 or 6808, you are likely to be affected. This issue has only affected certain Operating Systems but can be fixed by re-installing your security software.
Affected Operating Systems:
Windows XP
Windows Vista
Windows 7 ...
>> http://www.mcaf.ee/s3b79
Document ID: TS101446

? reinstall... see TS100342.
> http://service.mcafee.com/faq/TS100342.htm

[AplusWebMaster]

FYI...

Sophos - False positives ...
- http://www.sophos.com/en-us/support/...se/118311.aspx
Updated: 25 Sep 2012
"Issue: Numerous binaries are falsely detected as ssh/updater-B.
Cause: An identity released by SophosLabs for use with our Live Protection system is causing False Positives against many binaries that have updating functionality.
What To Do: Customer should ensure that endpoints are update to date with the latest IDE files. This issue is resolved with javab-jd.ide which was released at Wed, 19 Sep 2012 18:48:35 +0000... (more info at the URL above.)
If you need more information or guidance, then please contact technical support*."
* http://www.sophos.com/en-us/support/...t-support.aspx

- http://www.sophos.com/en-us/support/...se/118322.aspx
Updated: 25 Sep 2012

- http://www.sophos.com/en-us/support/...se/118323.aspx
Updated: 25 Sep 2012

- http://www.sophos.com/en-us/support/...se/118315.aspx
Updated: 25 Sep 2012
___

- http://h-online.com/-1713840
20 Sep 2012

[AplusWebMaster]

FYI...

Symantec Enterprise Outside In Filters vulns - update available
- https://secunia.com/advisories/50824/
Release Date: 2012-10-01
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote...
Software: Symantec Enterprise Vault 10.x
CVE Reference(s): CVE-2012-1744, CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, CVE-2012-3110
... more information: https://secunia.com/SA49936/
... vulnerabilities are reported in versions prior to 10.0.2.
Solution: Update to version 10.0.2.
Original Advisory: Symantec (SYM12-015):
http://www.symantec.com/security_res...id=20120928_00
... Reference:
- http://www.kb.cert.org/vuls/id/118913
Last revised: 29 Sep 2012

[AplusWebMaster]

FYI...

Trend Micro Control Manager SQL injection vuln - updates available
- http://h-online.com/-1721385
01 Oct 2012 - "... Trend Micro's platform for centralised security management is vulnerable to SQL injection attacks. According to US-CERT*, versions 5.5 and 6.0 of the Trend Micro Control Manager are vulnerable. The company has provided patches** for both affected versions. The vulnerability in question concerns a blind SQL injection attack which means the web frontend does not divulge any information from the database. According to a report by security consulting firm Spentera which includes a proof-of-concept, the vulnerable system can be made to leak information like password hashes by analysing the timing of SQL queries."
* http://www.kb.cert.org/vuls/id/950795
Last revised: 27 Sep 2012

** http://esupport.trendmicro.com/solut...s/1061043.aspx
"... Critical patches for this vulnerability are now available..."

- http://www.securitytracker.com/id/1027584
CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2998 - 7.5 (HIGH)
Sep 28 2012
Impact: Disclosure of system information, Disclosure of user information, User access via network...
... vendor's advisory is available at:
- http://esupport.trendmicro.com/solut...s/1061043.aspx

[AplusWebMaster]

FYI....

Sophos - critical security vulnerabilities
- http://h-online.com/-1744777
6 Nov 2012 - "... critical security vulnerabilities in Sophos anti-virus software. This includes the publication of a proof of concept (PoC) for a root exploit for Sophos 8.0.6 for Mac OS X, which utilises a stack buffer overflow when searching through PDF files. The vulnerability is also likely to affect Linux and Windows versions. Ormandy has published a full analysis on the SecLists.org security mailing list newsletter. A module for the Metasploit penetration testing software is now also available... the anti-virus company is not aware of any of the vulnerabilities having been exploited in the wild..."
* http://www.sophos.com/en-us/support/...se/118424.aspx
Updated: 07 Nov 2012 - "... roll-out of fixes to Sophos customers will begin on November 28th 2012..."
___

- https://secunia.com/advisories/51156/
Release Date: 2012-11-07
Criticality level: Highly critical
Impact: Cross Site Scripting, Privilege escalation, System access
Where: From remote...
Original Advisory: Sophos:
http://www.sophos.com/en-us/support/...se/118424.aspx

[AplusWebMaster]

FYI...

Sophos v9.004 released
- https://secunia.com/advisories/51339/
Release Date: 2012-11-19
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
Operating System: Sophos UTM 9.x
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-5671 - 6.8
Solution: Update to version 9.004.
Original Advisory: http://www.astaro.com/blog/up2date/UTM9004
Support for UTM100 licenses
Fix: issues with Endpoint Protection on HA/Cluster systems
Fix: WebAdmin login problems when using French as language
System will be rebooted
Configuration will be upgraded...

- http://securitytracker.com/id/1027788
Nov 20 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.004 ...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the Sophos UTM web interface, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (9.004)...
> https://www.astaro.com/blog/up2date/UTM9004

[AplusWebMaster]

FYI...

SYM12-019 - Symantec Endpoint - multiple issues
- https://secunia.com/advisories/51527/
Release Date: 2012-12-11
Criticality level: Moderately critical
Impact: System access
Where: From local network
... vulnerabilities are reported in the following versions:
* Symantec Endpoint Protection version 11.0
* Symantec Endpoint Protection version 12.0
* Symantec Endpoint Protection version 12.1
Solution: Update to a fixed version.
CVE Reference(s): CVE-2012-4348, CVE-2012-4349
Original Advisory: Symantec (SYM12-019):
http://www.symantec.com/security_res...id=20121210_00
"... SEP 12.0 Small Business Edition... Updates are available through customers’ normal support/download locations..."

[AplusWebMaster]

FYI...

SYM12-020 Symantec Enterprise Security ...
- http://www.securitytracker.com/id/1027874
CVE Reference: CVE-2012-4350
Dec 13 2012
Impact: Root access via local system, User access via local system
Version(s): 10.x and prior ...
Solution: The vendor has issued a fix (Security Update SU44, or 11.0).
The vendor's advisory is available at:
https://www.symantec.com/security_re...id=20121213_00