Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
January 2008
 Right Arrow
Su M Tu W Th F Sa
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    January 24, 2008 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    January 24Sun Releases Java Update
    January 24GE Fanuc Product Vulnerabilities
    January 24IBM AIX Vulnerabilities
    January 24Mozilla Firefox Chrome Vulnerability
    January 24Microsoft Security Bulletin Re-Releases and Revisions
    January 23Cisco Releases Security Advisories to Address Vulnerabilities in PIX, ASA, and AVS
    January 22SymbianOS Worm
    January 18Skype Releases Security Bulletin to Address Cross Zone Scripting Vulnerability
    January 18Citrix Releases Update to Address Vulnerability
    January 17Adobe Releases Security Bulletins to Address Multiple Cross-Site Scripting Vulnerabilities


    Sun Releases Java Update

    added January 24, 2008 at 04:00 pm

    US-CERT is aware that Sun has released an update to Java SE 6 containing fixes for 375 bugs. Users are encouraged to install the appropriate updates and should be aware that installing this new version of Java SE may not remove previous versions of the software. 

    For more information please see the following:


    GE Fanuc Product Vulnerabilities

    added January 24, 2008 at 02:17 pm

    Vulnerabilities in GE Fanuc CIMPLICITY and Proficy Real-Time Information Portal could allow an attacker to execute arbitrary code, obtain user credentials, upload and execute arbitrary files, or cause a denial-of-service condition.

    US-CERT encourages users to review the following GE Fanuc Knowledgebase Articles for further information:

    • GE Fanuc Proficy Real-Time Information Portal allows arbitrary file upload and execution (KB12460)
    • GE Fanuc Proficy Real-Time Information Portal transmits authentication credentials in plain text (KB12459)
    • Buffer Overflow Allows Remote Code Execution (KB12458)

    US-CERT will provide more information as it becomes available.


    IBM AIX Vulnerabilities

    added January 24, 2008 at 02:16 pm

    US-CERT is aware of multiple vulnerabilities affecting IBM AIX.  These vulnerabilities may allow a local attacker to gain escalated privileges on an affected system, gain access to sensitive information, or alter the behavior of system software.

    US-CERT encourages users to use visit the IBM web site for further information regarding these vulnerabilities.

    US-CERT will provide more information as it becomes available.


    Mozilla Firefox Chrome Vulnerability

    added January 24, 2008 at 02:12 pm

    US-CERT is aware of reports of a vulnerability in Mozilla Firefox that may allow directory traversal within the chrome protocol scheme. This vulnerability could lead to information disclosure and affects users that have certain "flat" packaged add-ons installed. 

    US-CERT encourages users to:

    US-CERT will provide more information as it becomes available.


    Microsoft Security Bulletin Re-Releases and Revisions

    added January 24, 2008 at 02:07 pm

    Microsoft has re-released the following Security Bulletins:

    • MS08-001, Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution, has been updated to include Windows Small Business Server 2003 Service Pack 2 as an affected product.
    • MS07-064, Vulnerabilities in DirectX Could Allow Remote Code Execution, has been updated to reflect that DirectX 9.0 and 9.0b are included in the update.
    and has revised the following Security Bulletins:
    • MS07-068, Vulnerability in Windows Media File Format Could Allow Remote Code Execution, has been updated to include information about installing the updates for Windows Media Format Runtime 9.5 on Windows XP Professional x64 Edition.
    • MS07-057, Cumulative Security Update for Internet Explorer, has been updated to include information about address rendering issues.
    US-CERT strongly encourages users to review these bulletins and apply any listed updates or workarounds.


    Cisco Releases Security Advisories to Address Vulnerabilities in PIX, ASA, and AVS

    added January 23, 2008 at 03:16 pm

    Cisco has released Security Advisory cisco-sa-20080123-asa and cisco-sa-20080123-avs to address vulnerabilities in the PIX 500 Series Security Appliance (PIX), 5500 Series Adaptive Security Appliance (ASA), and Application Velocity System (AVS). 

    The vulnerability affecting the PIX and ASA devices could allow a remote attacker to cause a denial-of-service condition.  The vulnerability affecting AVS could allow an attacker to gain full administrative rights to the system or user-level access to the host operating system.

    More information about these vulnerabilities is located in the following Cisco documents:

    US-CERT encourages administrators to apply the fixes and workarounds described in the following documents:
    US-CERT will continue to monitor these issues and provide additional information as it becomes available.




    SymbianOS Worm

    added January 22, 2008 at 01:26 pm

    US-CERT is aware of public reports of a malicious SymbianOS worm that may be spreading on mobile phone networks.

    The SymbOS/Beselo.A! worm may affect mobile devices running SymbianOS using MMS and Bluetooth. It is reported that this worm spreads by convincing users to install an incoming file that contains the malicious code. These malicious files are noted to have, but are not limited to, the following file names:

    • Beauty.jpg
    • Sex.mp3
    • Love.rm
    US-CERT  encourages users to
    • Use caution when accepting incoming files via MMS and Bluetooth
    • Secure Bluetooth connections to prevent access from unauthorized devices
    • Install anti-virus software and keep its virus signature files up-to-date


    Skype Releases Security Bulletin to Address Cross Zone Scripting Vulnerability

    added January 18, 2008 at 03:18 pm

    Skype has released Security Bulletin SKYPE-SB/2008-001 to address a cross zone scripting vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.

    As per Security Bulletin SKYPE-SB/2008-001, Skype has temporarily disabled users' ability to add videos from Dailymotion gallery until an official fix has been made available.

    US-CERT will provide more information as it become available.


    Citrix Releases Update to Address Vulnerability

    added January 18, 2008 at 03:18 pm

    Citrix has released Knowledge Center Article CTX114487 to address a vulnerability in Citrix Presentation Server's IMA Service. This vulnerability may allow an attacker to execute arbitrary code on an affected system.

    US-CERT encourages users to review Citrix Knowledge Center Article CTX114487 and apply the appropriate hotfix as soon as possible.

    US-CERT will continue to investigate and provide additional information as it becomes available.


    Adobe Releases Security Bulletins to Address Multiple Cross-Site Scripting Vulnerabilities

    added January 17, 2008 at 02:35 pm

    Adobe has issued Security Bulletin APSB08-01 and Security Bulletin APSB08-02 to address multiple vulnerabilities in Adobe Dreamweaver, Adobe Contribute, and Adobe Connect Enterprise Server. These software packages may contain cross-site scripting vulnerabilities that could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.

    US-CERT encourages users to review Security Bulletin APSB08-01 for the Adobe Dreamweaver and Adobe Contribute updates and Security Bulletin APSB08-02 for the Adobe Connect Enterprise Server update. Users are also encouraged to apply the appropriate updates as soon as possible.

    US-CERT will continue to investigate and provide additional information as it becomes available.