CERTStation Threat Management Advisory Serving over 52,000 professionals
   
Date 05.29.09
   
   
Microsoft pays no heed to IIS configuration flaw
DNS attack bogs down Telecom Network in five provinces of China
Mac OS X overlooked de-serialization issues of objects since December 2008
Bank of America and U.S. Bank websites vulnerable to XSS flaw
Conficker worm is still alive
Fri, May 29 2009
Michal Sajdak revealed at CONFidence 2009 in Krakow in mid-May that it's relatively easy to make the Linksys WAG54G2 WLAN DSL router execute arbitrary shell commands. He has now published further details.
Fri, May 29 2009
ISPs and carriers are still hesitating to deploy a DNS security technology to keep hackers from bay citing cost and lack of customer interest as a reason for the inertia.
Fri, May 29 2009
NitroSecurity introduced new core technology into its NitroGuard Intrusion Prevention Systems (IPS) for the protection of critical 10-Gigabit network links.
Thu, May 28 2009
While "Duke Nukem Forever" will now never appear, the legendary L0phtcrack password cracker is returning and in the form of a new version 6 too.
Thu, May 28 2009
Version 1.0.0.5, now in beta, of the Secunia software update tool - Personal Software Inspector (PSI), not only checks installed software for updates, but even advises users against using specific browsers.
Thu, May 28 2009
Microsoft today warned that hackers are using rigged QuickTime media files to exploit an unpatched vulnerability in DirectShow, the APIs used by Windows programs for multimedia support.
Thu, May 28 2009
A California judge has banned LifeLock, a company offering identity theft protection services, from placing fraud alerts on its customers' credit profiles.
Thu, May 28 2009
Given the increasing trend of cybercrooks using black-hat SEO techniques to push their malicious pages higher on search result pages, vendor McAfee decided to determine the most dangerous popular search keywords for 2008.
Thu, May 28 2009
Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach.
Wed, May 27 2009
It used to be that researchers could sometimes track a phishing exploit by the notorious cybercrime ring behind it, like the Rock Phish gang, but no more.
 
47 additonal records not shown
Exploit of the week
We at CERTStation Labs have selected an exploit that has been released for Oracle Weblogic IIS Connector for this week's exploit of the week. The exploit being publicly released belongs to metasploit framework and it sends an HTTP request with JSESSIONID parameter and overflows the buffer of the application. This exploit is simple but affective.
 
Security tool of the week
The security tool of the week is WarVOX. It is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders.
 
The website selected this week by CERTStation Labs is mtc.sri.com/Conficker/. This site provides detailed analysis of Conficker's logic and its rendezvous points established by malware authors. Furthermore it provides information on how to avoid or protect from this particular worm. Additionally it includes the latest news reviews and Conficker's new attack methods.
Fri, May 29, 2009
VMware has released security updates to fix a denial of service (DoS) vulnerability in its Descheduled Time Accounting driver. The vulnerability only affects Windows versions of the VMware software.
Fri, May 29, 2009
Microsoft has found a critical vulnerability in the DirectX library for Quicktime video playback, and it appears that the flaw is now being actively exploited.
Fri, May 29 2009
Baofeng products, version 3.09.04.17 and earlier are susceptible to buffer overflow vulnerability. The issue arises due to a boundary condition error in the 'Config.dll' as the "SetAttributeValue" method fails to enforce proper bounds checkimg mechanisms, as exploited in the wild in April and May 2009. This remotely exploitable vulnerability permits attackers to overflow the buffer, execute arbitrary code and compromise the vulnerable system.
Severity
Thu, May 28 2009
ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 are susceptible to crptographic negotiation vulnerability. The issue arises due to a design error in the Windows and Java client programs as RSA cryptography is not properly enforced while negotiating for a symmetric session-key. As a result of this, unspecified 'client-side calculations' can be repeated many a times which lead to reconstruction of the keystrokes. This remotely exploitable vulnerability permits attackers to decrypt network traffic and conduct man-in-the-middle attacks.
Severity
Thu, May 28 2009
ATEN KH1516i IP KVM switch with firmware 1.0.063 and KN9116 IP KVM switch with firmware 1.1.104 are susceptible to code execution vulnerability. The issue arises due to a design error of hardcoded AES encryption key in the client program while connecting to java client program on port 9002 and downloading, and running a new java class. This remotely exploitable vulnerability permits attackers to conduct man-in-the-middle attacks. Furthermore, this utimately leads to execution of arbitrary Java code that allows attackers to gain access to and hijack sessions of swicth-connected machines.
Severity
Wed, May 27 2009
Libsndfile, versions 1.0.15 to 1.0.19, as used in Winamp 5.552, are susceptible to heap-based buffer overflow vulnerability. The issue arises due to a boundary condition error in the 'aiff_read_header' as bounds checking mechanisms are not properly enforced while handling an AIFF file with an invalid header value. This remotely exploitable vulnerability requires user interaction and permits attackers to freeze the system resources and crash the application with intent to deny services to legitimate users and execute arbitrary code on the vulnerable system.
Severity
Tue, May 26 2009
Buffer overflow vulnerability has been discovered in Novell GroupWise, versions 7.x before 7.03 HP3 and 8.x before 8.0 HP2. The issue is triggered due to a boundary condition error in the Internet Agent (aka GWIA) component while handling a crafted e-mail address in an SMTP session or an SMTP command. This could allow the remote attacker to execute arbitrary code.
Severity
Tue, May 26 2009
Privileges escalation vulnerability has been discovered in Novell GroupWise, versions 7.x before 7.03 HP3 and 8.x before 8.0 HP2. The issue is triggered due to an error in the 'WebAccess' component which does not properly implement session management mechanisms. This could allow the remote attacker to gain access to user accounts.
Severity
Tue, May 26 2009
Libsndfile, versions 1.0.15 to 1.0.19, as used in Winamp 5.552, are susceptible to heap-based buffer overflow vulnerability. The issue arises due to a boundary condition error in the 'voc_read_header' as bounds checking mechanisms are not properly enforced while handling a VOC file with an invalid header value. This remotely exploitable vulnerability requires user interaction and permits attackers to freeze the system resources and crash the application with intent to deny services to legitimate users and execute arbitrary code on the vulnerable system.
Severity
Tue, May 26 2009
VidSharePro, versions 1.x are susceptible to SQL injection vulnerability. The issue arises due to an input validation error in the 'listing_video.php' script as the sanitization mechanisms are not properly enforced while handling user-supplied data passed to the "catid" parameter. This remotely exploitable vulnerability permits attackers to execute arbitrary SQL commands on the victim's browser within the trust relationship between the browser and ther server and add, view, modify or delete information in the back-end database.
Severity
Tue, May 26 2009
Microchip MPLAB Integrated Development Environment (IDE), version 8.30 is susceptible to stack-based buffer overflow vulnerability. The issue arises due to a boundary condition error in a [TOOL_SETTINGS] section within a '.mcp' file as bounds checking mechanisms are not properly enforced while handling a long '.cof'pathname. This remotely exploitable vulnerability requires user interaction and permits attackers to overflow the buffer, execute arbitrary code and compromise the vulnerable system.
Severity
Tue, May 26 2009
Directory traversal vulnerability has been discovered in Strawberry, version 1.1.1. The issue is triggered due to an input validation error in the 'plugins/ddb/foot.php' script while handling a dot dot sequence in the "file" parameter to the example/index.php' script. This could allow the remote attacker to include and execute arbitrary local files.
Severity
 
66 additonal records not shown
Tue, Apr 15 2008
Severity
Aliases:
Infects:Windows Me,Windows XP
Fri, Feb 22 2008
Severity
Aliases:
Infects:Windows 3.x,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP
Thu, Apr 12 2007
Severity
Aliases:W97M.Happy [symantec]
Infects:Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows XP
Thu, Mar 29 2007
Severity
Aliases:W32/Delbot-AB [Sophos]
Infects:Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows XP
Tue, Mar 27 2007
Severity
Aliases:
Infects:Windows Me,Windows XP
Wed, Feb 07 2007
Severity
Aliases:
Infects:Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows XP
Fri, Jan 19 2007
Severity
Aliases:CME-711 [Common Malware Enumeration],Downloader-BAI.sys [McAfee],Small.DAM [F-Secure],Troj/Dorf-Fam [Sophos],TROJ_SMALL.EDW [Trend Micro]
Infects:Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows XP
Thu, Jul 20 2006
Severity
Aliases:
Infects:Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows XP
Wed, Jun 21 2006
Severity
Aliases:Romride.G
Infects:Symbian OS
Mon, Apr 03 2006
Severity
Aliases:
Infects:Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows XP
 
-4 additonal records not shown
Do NOT reply to this message. For any queries or concerns please contact news-admin@certstation.com
This email is in compliance with the CAN-SPAM Act of 2003. Click here to view our CAN-SPAM Act compliance policy.
To unsubscribe from the CERTStation Security News Wire, go to http://www.certstation.com/tma/tmaforum.asp?qs=tmaform, enter your email address, and click Unsubscribe
* Number 52000 represents current users of CERTStation Lite and CERTStation Lite based components such as CERTStation RSS and CERTStation TMA
 
Security Sparklines
Microsoft
OS X
Windows XP
Linux
Internet Explorer
Mozilla
 
Sparklines show the number of articles that referenced a given topic everyday over the last 12 weeks
Podcast
Tips of the week
Make sure you have a security policy in place
The security policy is a formal statement of rules on how security will be implemented in your organization. A security policy should define levels of security and roles and responsibilities of users, administrators and managers. The only issue with implementing such policies is that it results in resistance from employees in most cases. Therefore the tip of the week is to have a senior board member in the implementation committee to keep the resistance level of all employees as low as possible.
Keep an inventory of your network devices
A lot of small to medium scale organizations do not have an inventory of what they have and what is running on their network. This causes mismanagement and results in security breaches. The tip of the week is develop and maintain a list of all hardware/software components, and understand which default software installations compromise security configurations.
Disable SSID Broadcast on Wireless
In Wi-Fi networking, the wireless access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may roam in and out of range. At home, this roaming feature is unnecessary, and it increases the likelihood of someone trying to log in to your home network. Fortunately, most Wi-Fi access points allow the SSID broadcast feature to be disabled by the administrator, therefore, the tip of the week is Disable SSID Broadcast.
Graph
Metrics
Last Week  
Viruses
1
Worms
1
Trojans
4
Vulnerabilities
72
Total Records*  
Viruses
373
Worms
1451
Trojans
1757
Vulnerabilities
12802
*since 2004
Podcasts
Name msword.mp3
Time 3:48 mins
Format mp3
Quality 96 Kbps
Published by CERTStation Media
Subject CERTStation's Critical
Threat Report about
the Zero Day Flaw in
MS Word
Name Examine-Sasser.mp3
Time 7:02 mins
Format mp3
Quality 128 Kbps
Published by CERTStation Media
Subject An audio podcast for a post-mortem analysis of the sasser worm, its
structure, propogation, and impact on data infrastructure
Name Spam-Prevent.mp3
Time 8:40 mins
Format mp3
Quality 128 Kbps
Published by CERTStation Media
Subject An audio podcast on how SPAM is generated along with an examination
on the frameworks and technologies that help manage and reduce SPAM.
Name Wireless-security.mp3
Time 7:52 mins
Format mp3
Quality 128 Kbps
Published by CERTStation Media
Subject An audio podcast discussion around the diverging wireless security
protocols and their impact on WLANs (WEP, WPA, EAP).
Name Vul-Assessment.mp3
Time 6:01 mins
Format mp3
Quality 128 Kbps
Published by CERTStation Media
Subject An audio podcast for understanding vulnerability assessment
components, mechanisms and technologies.
   
    ©2009 CERTStation Inc - All Rights Reserved    
 
Click here If you can't crawl it you can't test it Coverage of web application scanners