March 31, 2008 - Current Activity

Internal Revenue Service Scams

US-CERT is aware of a series of scams circulating that are related to the United States Internal Revenue Service.

The first of these attacks attempts to convince users to open bogus tax documents that may contain malicious code. Additional attacks attempt to convince users to follow a link in an email message to an unofficial tax website that may contain malicious code or request personal information as part of a phishing scam.

US-CERT encourages users to do the following to help mitigate the risks:

• Install anti-virus software and keep virus signature files up-to-date.
• Do not follow unsolicited links.
• Block executable and unknown file types at the email gateway.
• Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
• Refer to the Internal Revenue Service Suspicious e-Mails and Identity Theft website for more information on current scams.
  

Mozilla Releases Firefox 2.0.0.13

Mozilla has released Firefox 2.0.0.13. This version addresses multiple vulnerabilities that may allow an attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information, or conduct cross-site scripting or phishing attacks.  As described in the Mozilla Foundation Security Advisories, some of these vulnerabilities may also affect Thunderbird and SeaMonkey.

US-CERT encourages users to do the following to help mitigate the risks:

• Review the Mozilla Foundation Security Advisories.
• Update to Firefox 2.0.0.13.
• Update to SeaMonkey 1.1.9.
• Disable JavaScript in Thunderbird mail until a fixed version is available.
  

Cisco Releases Security Advisories

Cisco has released five security advisories to address multiple vulnerabilities in Cisco IOS. These vulnerabilities may allow a remote, unauthenticated attacker to cause a denial-of-service condition on the affected device.

US-CERT encourages users to review the Cisco Security Advisories and apply the appropriate updates or workarounds.

Novell eDirectory Vulnerability

Novell has released Security Vulnerability document 3382120 to address a vulnerability in eDirectory. This vulnerability is caused by improper handling of large LDAP Extended Request messages. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review Novell document 3382120 and update to eDirectory 8.8.2.

VLC Media Player Vulnerability

VLC has released a patch to address an integer overflow vulnerability in VLC Media Player. By convincing a user to open an MP4 file with a specially crafted RDRF atom, a remote attacker may be able to execute arbitrary code.

For users who compile VLC Media Player from source, VLC has provided a patch to address this issue.

US-CERT will provide more information as it becomes available.

Microsoft Jet Database Engine Vulnerability

Microsoft has released a Security Advisory to address a vulnerability in Microsoft Jet Database Engine. This vulnerability is due to a buffer overflow condition in msjet40.dll. By convincing a user to open a Word document that is designed to load a specially crafted database file using msjet40.dll, an attacker may be able execute arbitrary code.

US-CERT encourages users to review Microsoft Security Advisory 950627 and apply the suggested workarounds.

US-CERT will provide more information as it becomes available.

Apple Aperture and iPhoto Vulnerability

Apple has released Digital Camera RAW Compatibility Update 2.0 to address a vulnerability in Apple Aperture and iPhoto. This vulnerability is due to a boundary error that occurs when processing DNG image files. By convincing a user to open a specially crafted image file, a remote attacker may be able to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review Apple knowledgebase article HT1232 and apply any necessary updates.

US-CERT will provide more information as it becomes available.

Microsoft Releases Windows Vista Service Pack 1

Microsoft has released Windows Vista Service Pack 1.  This Service Pack provides updates to increase reliability, performance, compatibility, and security.

US-CERT encourages users review the following Microsoft articles:

• Notable Changes in Windows Vista Service Pack 1
  
• Overview of Windows Vista SP1
• Hotfixes and Security Updates included in Windows Vista Service Pack 1

MIT Kerberos Security Advisories

MIT has released two Security Advisories to address multiple vulnerabilities in Kerberos 5. These vulnerabilities affect krb4-enabled KDC servers and the GSS RPC library used by kadmind. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code, obtain sensitive information, or cause a denial of service condition.

US-CERT encourages users to do the following to help mitigate the risks:

• Review Kerberos Security Advisory 2008-001, 2008-002, and apply any necessary updates.
• Review VU#895609 and VU#374121 in the Vulnerability Notes Database.
• Review Technical Cyber Security Alert TA08-079B.
  

Apple Security Updates

Apple has released Safari 3.1 and Security Update 2008-002 to address multiple vulnerabilities.

These vulnerabilities may allow an attacker to do the following:

• Execute arbitrary code
• Cause a denial-of-service condition
• Bypass authentication
• Elevate privileges
• Obtain sensitive information
• Cause untrusted certificates to appear trusted

• Review Apple Article 307563 and upgrade to Safari 3.1.
• Review Apple Security Update 2008-002 and apply any necessary updates.
• Review Technical Cyber Security Alert TA08-079A.