Current Activity Calendar

	July 2007
Su	M	Tu	W	Th	F	Sa
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

Please click on a date above to see current activity for that day.

July 25, 2007 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*July 25*	Multiple Vulnerabilities in ISC BIND 9
*July 24*	Cisco Releases Security Advisory for Multiple Vulnerabilities in Wireless LAN Controllers
*July 20*	Oracle Releases July Critical Patch Update
*July 19*	Multiple Vulnerabilities in Mozilla Firefox
*July 18*	Internet Explorer Code Execution Vulnerability
*July 16*	McAfee Products Contain Multiple Vulnerabilities
*July 12*	Apple Releases Security Update to Address Multiple Vulnerabilities in QuickTime

Multiple Vulnerabilities in ISC BIND 9

added July 25, 2007 at 04:44 pm

US-CERT is aware of two vulnerabilities in ISC BIND that may allow an arbitrary, remote user to make recursive queries or poison the name server cache contents. More information regarding these vulnerabilities, workarounds, and fixes can be found on the ISC BIND Vulnerabilities page.

US-CERT recommends that administrators of this product apply the workarounds and fixes described on the ISC BIND Vulnerabilities page, and will continue to investigate and provide additional information as it becomes available.

Cisco Releases Security Advisory for Multiple Vulnerabilities in Wireless LAN Controllers

added July 24, 2007 at 02:45 pm

Cisco has released Security Advisory cisco-sa-20070724-arp to address several vulnerabilities in Cisco Wireless LAN Controllers that may allow an attacker to cause a denial-of-service condition on a network that utilizes affected equipment.

US-CERT recommends that administrators of these products apply the updates described in Cisco Security Advisory cisco-sa-20070724-arp, and will continue to investigate and provide additional information as it becomes available.

Oracle Releases July Critical Patch Update

added July 18, 2007 at 01:32 pm | updated July 20, 2007 at 07:55 am

Oracle has released their July Critical Patch Update (CPU) to address vulnerabilities across all products, some of which have a maximum severity rating of High. This CPU contains eighteen security fixes for Oracle Database; one for Oracle Application Express; four for Oracle Application Server; five for Oracle Collaboration Suite; fourteen for Oracle E-Business Suite; and seven for Oracle PeopleSoft Enterprise.

More information about this vulnerability is located in the Technical Cyber Security Alert TA07-200A.

US-CERT strongly encourages users to review the July CPU and follow best-practice security policies to determine which updates to apply.

Multiple Vulnerabilities in Mozilla Firefox

added July 18, 2007 at 09:36 am | updated July 19, 2007 at 03:01 pm

US-CERT is aware of multiple vulnerabilities affecting the Mozilla Firefox web browser. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code, inject and execute arbitrary script, or cause memory corruption on an affected system.

More information about this vulnerability is located in the following:

Technical Cyber Security Alert TA07-199A
Vulnerability Notes Database
Mozilla Foundation Secuity Advisories

To mitigate the security risks, US-CERT recommends users upgrade to Firefox 2.0.0.5 as soon as possible.

Internet Explorer Code Execution Vulnerability

added July 16, 2007 at 02:42 pm | updated July 18, 2007 at 07:52 am

US-CERT is aware of publicly available exploit code for a vulnerability that uses Microsoft Internet Explorer to send malicious input to the Trillian instant messenger client. The public exploit code demonstrates the vulnerability using the AIM URI handler. To trigger this vulnerability, an attacker must persuade a user who has an Instant Messaging client installed to access a specially crafted web page with Internet Explorer. This exploit is similar to the "Web Browser Code Execution Vulnerability" reported by US-CERT on July 10, 2007.

This vulnerability may not be isolated to this specific application. Any malicious input that Internet Explorer handles may be passed to other applications and executed.

More information regarding this vulnerability can be found in Vulnerability Note VU#786920.

McAfee Products Contain Multiple Vulnerabilities

added July 16, 2007 at 01:42 pm

McAfee ePolicy Orchestrator, ProtectionPilot, and Common Management Agent products contain several vulnerabilities. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition on an affected system.

More information regarding these vulnerabilities can be found in the following McAfee Security Bulletins:
Stack corruption of Common Management Agent
Stack based buffer overflow of Common Management Agent
Heap based buffer overflow of Common Management Agent
Crash of Framework service of McAfee Common Management Agent

US-CERT recommends that administrators of this product apply the updates described in the McAfee Security Bulletin listed above, and will continue to investigate and provide additional information as it becomes available.

Apple Releases Security Update to Address Multiple Vulnerabilities in QuickTime

added July 12, 2007 at 11:18 am | updated July 12, 2007 at 05:06 pm

Apple has released an update to address multiple vulnerabilities in QuickTime. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, execute arbitrary commands, or cause a denial-of-service condition on an affected system.

More information regarding these vulnerabilities can be found in the following:

Technical Cyber Security Alert TA07-193A
Vulnerability Notes Database
Apple Security Update

To mitigate the security risks, US-CERT recommends users upgrade to QuickTime 7.2 as soon as possible.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory