Mailing Lists & Feeds
Current Activity Calendar
| February 26, 2007 - Current ActivityThis is an archived copy of current activity, if you would like to see the most recent version, please click here.Proof-of-Concept Code for Vulnerability in Mozilla Firefoxadded February 23, 2007 | updated February 26, 2007US-CERT is aware of proof-of-concept code for a memory corruption vulnerability in Mozilla Firefox. The vulnerability exists due to a flaw in the way Firefox handles freed data structures modified in the onUnload event handler, which may cause a memory corruption error. By persuading a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code or crash the Firefox browser. More information about this vulnerability is located in the following: Until Mozilla issues a security fix for this issue, US-CERT recommends the following workaround to help mitigate the security risk:
Mozilla Releases Security Advisories to Address Multiple Vulnerabilitiesadded February 23, 2007Mozilla has released Security Advisories to address multiple vulnerabilities in Mozilla products, such as Firefox and SeaMonkey. US-CERT encourages users to upgrade to the latest version or implement the workarounds for the affected products as described in the Security Advisories. Additionally, more information about these vulnerabilities can be found in the Vulnerability Notes Database. Exploit Code Posted for XSS Vulnerability in Google Desktop Search Engineadded February 22, 2007 | updated February 23, 2007US-CERT is aware of publicly available exploit code for a cross-site (XSS) scripting vulnerability in the Google Desktop Search engine. The vulnerability exists due to a flaw in the way the Google Desktop Search engine processes malformed user input. By persuading a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), a remote unauthenticated attacker may be able to execute existing arbitrary code, search and view files, or steal sensitive data. Note: Without the presence of another vulnerability, remote exploitation is not possible. Google has addressed this issue in the latest version of Google Desktop, which updates automatically. More information about this vulnerability is located in the following:
US-CERT recommends the following workaround to help mitigate the security risks:
Vulnerability in JBOSS Application Serveradded February 20, 2007 | updated February 22, 2007US-CERT is aware of a vulnerability in JBoss Application Server. If the JBoss Application Server is installed without using the advanced installer, and these steps are not taken to secure the server, a vulnerable condition may occur. If a JBoss Application Server is improperly configured to allow unauthenticated access to the administrative interface, and is accessible from a network, then an unauthenticated, remote attacker may be able to gain access to, and possibly modify, data on the server. Note: Using the advanced installer options will configure JBoss to allow only authenticated administrative access by default. More information about this vulnerability is located in the following:
Multiple Vulnerabilities in Trend Micro ServerProtectadded February 21, 2007 | updated February 21, 2007US-CERT is aware of multiple stack-based buffer overflow vulnerabilities in the Trend Micro ServerProtect "stcommon.dll" and "eng50.dll" modules. Exploitation of these vulnerabilities may allow execution of arbitrary code with SYSTEM privileges. More information about the vulnerabilities can be found in the following:
US-CERT recommends users apply the ServerProtect 5.58 for Windows Security Patch 1- Build 1171 patch as soon as possible. Vulnerability in Sourcefire Snort Preprocessoradded February 19, 2007 | updated February 20, 2007US-CERT is aware of a stack-based buffer overflow vulnerability in the Sourcefire Snort DCE/PRC preprocessor. Sourcefire Snort is an intrusion detection and prevention solution and is included with a variety of UNIX and Linux distributions. The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic. By sending a specially crafted TCP packet, a remote attacker could execute arbitrary code with privileges of the Snort process. Note: The DCE/RPC preprocessor is enabled by default. Users who have disabled the DCE/RPC preprocessor are not vulnerable. More information about this vulnerability is located in the following:
US-CERT recommends the following actions to help mitigate the security risks:
Apple Releases Security Update 2007-002 for Multiple Vulnerabilitiesadded February 16, 2007 | updated February 16, 2007Apple has released Security Update 2007-002 to address multiple vulnerabilities in Mac OS X and related products. The impacts of these vulnerabilities include remote code execution, denial of service, and system privilege elevation. These vulnerabilities were also announced during the Month of Apple Bugs. More information about these vulnerabilities is located in the Vulnerability Notes Database and Technical Cyber Security Alert TA07-047A. US-CERT encourages users to apply the appropriate updates as soon as possible. US-CERT will continue to investigate these vulnerabilities and provide additional information as it becomes available. Symantec Warns Users of New Drive-By Pharming Attackadded February 16, 2007In an announcement made yesterday, security researchers at Symantec and Indiana University School of Informatics revealed that they had uncovered a serious new security threat targeting home broadband routers. The attack, dubbed Drive-By Pharming, allows an attacker to change the configuration of a home router when a user unknowingly visits a malicious website. The website employs malicious JavaScript code that allows an attacker to log into many types of home routers if the default password has not been changed. Once logged in, the attacker is able to change the configuration of the home router, including the Domain Name Server (DNS) server settings. This type of attack is particularly concerning for a few reasons:
Symantec notes that the best defense against this type of attack is for home users to change their default password. The following links provide support resources for three of the more common home router vendors: US-CERT cautions users to avoid clicking on links sent in unsolicited emails. Users should also remain cautious when browsing the web and avoid visiting untrusted sites. More information can be found in Securing Your Web Browser document. To learn more, or to view a flash-animation of the attack, visit Security Response Weblog. Cisco Releases Security Advisories to Address Multiple Vulnerabilities in PIX, ASA, and FWSMadded February 16, 2007Cisco has released Security Advisory cisco-sa-20070214-pix to address multiple vulnerabilities in the PIX 500 Series Security Appliances and the ASA 5500 Series Adaptive Security Appliances. The vulnerabilities exist due to flaws in the way Cisco PIX and ASA appliances process malformed HTTP requests, SIP packets, and TCP-based packets. By sending specially crafted packets to a vulnerable appliance, an attacker may be able to cause a denial of service, escalate user privileges, or take complete control of the appliance. Note: The Security Advisory also states that some of these vulnerabilities affect the Cisco Firewall Services Module (FWSM). More information about these vulnerabilities is located in the following:
US-CERT encourages administrators to apply the fixes and workarounds described in the following documents:
US-CERT will continue to monitor this issue and provide additional information as it becomes available. Cisco Releases Security Advisory to Address Multiple Vulnerabilities in IPSadded February 16, 2007Cisco has released Security Advisory cisco-sa-20070213-iosips to address multiple vulnerabilities in the Intrusion Prevention System (IPS) feature set of IOS. The vulnerabilities exist due to flaws in the way the IPS engine processes malformed packets. By sending specially crafted packets to a vulnerable IPS, a remote attacker may be able to bypass IPS detection or crash the IPS. Secondary impacts may include the ability to gain access to devices that the IPS is protecting. More information about these vulnerabilities is located in the following:
US-CERT encourages administrators to apply the fixes and workarounds described in the following documents:
New Unpatched Vulnerability in Word Could Allow Remote Code Executionadded February 13, 2007 | updated February 15, 2007In Security Advisory 933052 issued yesterday, Microsoft confirmed very limited attacks against a new unpatched vulnerability in Word. The vulnerability is due to a memory corruption error that occurs when Word improperly processes a malformed string supplied in an Office document. By persuading a user to open a specially crafted Office document from an email attachment or web site, a remote attacker may be able to execute arbitrary code with privileges of the user. This vulnerability affects Microsoft Word which is a component of Microsoft Office. Microsoft reports that Office 2000 and Office XP are associated with this vulnerability. Note: Previous reports indicated that the impact of this vulnerability was limited to denial of service. After further analysis, Microsoft has confirmed that the impact of this vulnerability is remote code execution. More information about this vulnerability is located in the following:
Until Microsoft issues a security fix, or more information becomes available, US-CERT recommends the following actions to help mitigate the security risks:
US-CERT will continue to monitor this issue and provide additional information as it becomes available. Microsoft Releases February Security Bulletinadded February 13, 2007 | updated February 13, 2007Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Visual Studio, Windows, Interactive Training, Internet Explorer, and Antivirus as part of the Microsoft Security Bulletin Summary for February 2007. More information about these vulnerabilities is located in the Vulnerability Notes Database and Technical Cyber Security Alert TA07-044A. US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine what updates should be applied. Authentication Bypass Vulnerability in Sun Solaris Telnet Daemonadded February 12, 2007 | updated February 13, 2007US-CERT is aware of an authentication bypass vulnerability in the Sun Solaris telnet daemon (in.telnetd). The Sun Solaris telnet daemon does not properly sanitize the USER Environment variable before passing it to the login process. By supplying a specially crafted USER Environment variable over telnet, a remote attacker may be able to bypass authentication to gain access to the system with elevated privileges. Public exploit code is available. Note: An attacker must have knowledge of a user account other than root to exploit this vulnerability successfully. Additionally, in default Solaris configurations, this vulnerability cannot be used to gain root level access. More information about this vulnerability is located in the following:
US-CERT recommends the following actions to help mitigate the security risks:
US-CERT will continue to investigate and provide additional information as it becomes available. Multiple Vulnerabilities in Trend Micro Antivirus Softwareadded February 8, 2007 | updated February 9, 2007US-CERT is aware of multiple buffer vulnerabilities in Trend Micro AntiVirus software. There are flaws in the way the Trend Micro virus scan engine processes malformed UPX compressed executables, and in the Anti-Rootkit Common Module. The impacts include remote code execution with potential kernel level privileges, denial of service, and local privilege escalation. Both Microsoft and Linux versions of Trend Micro AntiVirus are impacted by this vulnerability. Note: The Trend Micro virus scanning engine may be licensed to other vendors; therefore, other scanning software products may also be affected by these vulnerabilities. More information about this vulnerability is located in the following:
Until a full upgrade becomes available, US-CERT recommends applying the updates for the virus pattern, scanning engine, and Anti-Rootkit Common Module to the latest version to address this vulnerability. US-CERT will continue to investigate and provide additional information as needed. Anomalous DNS Activityadded February 6, 2007US-CERT was made aware of anomalous Domain Name Server (DNS) traffic that began on 6 Feb 2007. It is not confirmed whether this is a DDOS attempt, or an incidental effect of something else, however it is likely that the traffic is Distributed Denial of Service (DDOS) related. At approximately 0001 GMT on 6 Feb 2007, several root-level DNS servers began receiving a large volume of malformed DNS queries. This initial attack appears to have been a warm-up for a much larger attack that began at 1000 GMT. DNS servers G (U.S. DOD Network Information Center), L (Internet Corporation for Assigned Names and Numbers), and M (WIDE Project) appear to have been the most severely impacted although none were ever unreachable. The servers were operational and reachable even with the high volume of traffic. US-CERT has been in contact with the various groups affected to ensure that appropriate actions are being taken. US-CERT will continue to investigate and provide additional information as needed. Microsoft Releases Security Advisory for Unpatched Vulnerability in Office involving Exceladded February 5, 2007 | updated February 5, 2007Microsoft has released Security Advisory 932553 to address a new vulnerability that affects multiple versions of Microsoft Office. When Office applications improperly process a malformed string, a corruption in system memory occurs. By persuading a user to open a specially crafted Office document from an email attachment or web site, a remote attacker may be able to execute arbitrary code with privileges of the user. The Security Advisory states that the following Office versions are vulnerable: Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, and Microsoft Office 2004 for Mac. According to the Microsoft Security Response Center Blog, there are very limited, targeted attacks attempting to use Excel documents as an attack vector to exploit this vulnerability in Microsoft Office. However, the issue can also affect all Office documents. More information about this vulnerability is located in the following:
Until Microsoft provides a security update, or more information becomes available, US-CERT recommends the following actions to help mitigate the security risks:
US-CERT will continue to investigate and provide additional information as it becomes available. Active Exploitation of Unpatched Vulnerability in Microsoft Wordadded January 31, 2007 | updated February 2, 2007US-CERT is aware of active exploitation of an unpatched vulnerability in Microsoft Word. There are reports indicating Microsoft has issued a response that this vulnerability is related to VU#166700, reported in December 2006. According to Symantec, there are different documents that use this same exploit from multiple organizations. Each document has been specifically crafted for the targeted organization in both language and content. Details are limited at this point. More information about this vulnerability is located in the following:
Until Microsoft issues a security fix, or more information becomes available, US-CERT recommends the following actions to help mitigate the security risks:
US-CERT will continue to monitor this issue and provide additional information as it becomes available. Public Exploit Code for Multiple Vulnerabilities in CA BrightStor ARCserve Backupadded February 1, 2007US-CERT is aware of public exploit code for multiple vulnerabilities in the Computer Associates BrightStor ARCserve Backup software product. The vulnerable process (Loginserver.exe) is susceptible to buffer overflows as the size of the data and the data received are improperly validated. By sending specially crafted data packets to ports 2200/tcp and 1900/tcp, a remote, unauthenticated attacker may be able to execute arbitrary code with SYSTEM level privileges or cause a denial of service. More information about these vulnerabilities is located in the Vulnerability Notes database and the Computer Associates Security Notice. US-CERT encourages users and administrators to take the following actions to help mitigate the security risks:
US-CERT will continue to monitor this issue and provide additional information as it becomes available. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
Information For
Sign Up
Reporting
DHS Threat Advisory
The threat level in the airline sector is High or Orange. Read more
Get Adobe Reader