April 27, 2007 - Current Activity

Cisco Releases Security Advisory to Address a Vulnerability in NetFlow Collection Engine

Cisco has released Security Advisory cisco-sa-20070425-nfc to address a vulnerability in Cisco NetFlow Collection Engine. Upon installation, default user credentials are created on the system. A remote attacker with knowledge of these hard-coded credentials may be able to gain access to an affected system.

US-CERT encourages administrators to apply the fixes and workarounds described in Vulnerability Note VU#127545 and Security Advisory cisco-sa-20070425-nfc.

Adobe Photoshop Bitmap File Handling Vulnerability

US-CERT is aware of a possible vulnerability in Adobe Photoshop that may allow an attacker to cause a stack-based buffer overflow. By persuading a user to open a crafted bitmap file (e.g., .BMP, .DIB, .RLE), an attacker may be able to execute arbitrary code on the user's system.

US-CERT recommends that users not open untrusted bitmap files, and will continue to investigate and provide additional information as it becomes available.

Vulnerability in HP-UX Running Sendmail

US-CERT is aware of a vulnerability in HP-UX running sendmail that may allow a remote user to cause a denial-of-service condition.

US-CERT recommends users apply the patches as described in HP Technical Knowledge Base Document c00841370.  Please note that logon credentials may be needed to access this document.

More information regarding this vulnerability is available in Vulnerability Note VU#349305.

Vulnerability Involving Apple QuickTime and Java

US-CERT is aware of a new vulnerability involving Apple QuickTime and Java. Any platform supporting QuickTime and Java may be affected. Details about the vulnerability are currently limited; however, it is reported that disabling Java will protect users.

US-CERT recommends users follow the Securing Your Web Browser document to disable Java.

US-CERT will continue to investigate this vulnerability and provide more information as it becomes available.

New Attack Technique for ARM Architecture

US-CERT is aware of a new attack technique presented at CansecWest and Black Hat Amsterdam. This technique affects devices that use the ARM (including Xscale) architecture, such as routers, wireless access points and mobile phones. The technique demonstrates that a vulnerability that results in a NULL pointer dereference can be used to execute arbitrary code.

US-CERT has been working with vendors to inform them of this attack technique and provide mitigation strategies.

US-CERT will continue to investigate and provide additional information as it becomes available.

Multiple Vulnerabilities in MIT Kerberos 5

US-CERT is aware of multiple vulnerabilities affecting the MIT Kerberos 5 implementation. The most severe of these vulnerabilities may allow a remote attacker to execute arbitrary code on a Kerberos Distribution Center (KDC), which may result in a compromise of the Kerberos key database.

More information about these vulnerabilities can be found in the following:

• US-CERT Technical Cyber Security Alert TA07-093B
• Vulnerability Notes Database
• MIT krb5 Security Advisory 2007-001
• MIT krb5 Security Advisory 2007-002
• MIT krb5 Security Advisory 2007-003

US-CERT recommends users apply the patches as described in MIT krb5 Security Advisories 2007-001, 2007-002, and 2007-003.

Apple Releases Security Update to Address Multiple Vulnerabilities in Various Products

Apple has released Security Update 2007-004 to address multiple vulnerabilities in various products. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, SYSTEM level access, information disclosure, and denial of service.

US-CERT encourages users to apply the appropriate updates as soon as possible.