May 29, 2008 - Current Activity

Samba Releases Version 3.0.30

Samba has released version 3.0.30 to address a vulnerability. This vulnerability is due to a heap-based buffer overflow condition in the receive_smb_raw() routine. By sending a specially crafted SMB response, an attacker may be able to execute arbitrary code on the affected system.

US-CERT encourages users to review the Samba Security Announcement and apply appropriate patches from their vendor, upgrade to Samba 3.0.30, or apply the patch supplied by the Samba development team.

Apple Releases Security Updates

Apple has released Mac OS X v10.5.3 and Security Update 2008-003 to address multiple vulnerabilities. These vulnerabilities affect a number of applications, libraries and the kernel. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, access the system with escalated privileges, obtain sensitive information, conduct cross-site scripting attacks or cause a denial-of-service condition.

US-CERT encourages users to review Apple Article HT1897 and apply any necessary updates.

Adobe Flash Player Vulnerability

US-CERT is aware of public reports of active exploitation of a vulnerability in Adobe Flash Player. By convincing a user to open a specially crafted Flash file, which may be embedded in a compromised website, a remote, unauthenticated attacker may be able to execute arbitrary code.

US-CERT encourages users to review the following and apply any necessary workarounds to help mitigate the risks:

• Technical Cyber Security Alert TA08-149A
• Vulnerability Notes Database VU#395473
• Adobe Product Security Incident Response Team Blog

Cisco Releases Security Advisory

Cisco has released a Security Advisory to address a vulnerability in CiscoWorks Common Services. This vulnerability may allow a remote attacker to execute arbitrary code.

US-CERT encourages users to review Cisco Security Advisory cisco-sa-20080528-cw and apply any necessary updates or workarounds.

IBM Lotus Sametime Vulnerability

IBM has released a Technote to address a vulnerability in Lotus Sametime. This vulnerability is due to an error in the way long URLs are processed within the Community Services Multiplexer (StMux.exe). By sending a specially crafted URL, an attacker may be able to cause a stack-based buffer overflow and execute arbitrary code.

US-CERT encourages users to review the IBM Technote "Potential stack overflow vulnerability with IBM Lotus Sametime Community Services multiplexer (MUX)" and apply any necessary updates or workarounds.

Cisco Releases Security Advisories

Cisco has released three security advisories to address multiple vulnerabilities in Cisco IOS Secure Shell, Service Control Engine, and Voice Portal. These vulnerabilities may allow an attacker to take control of the affected system or cause a denial-of-service condition.

US-CERT encourages users to review the following Cisco Security Advisories and apply any necessary updates or workarounds.

• Cisco IOS Secure Shell Denial of Service Vulnerabilities - cisco-sa-20080521-ssh
• Cisco Service Control Engine Denial of Service Vulnerabilities - cisco-sa-20080521-sce
• Cisco Voice Portal Privilege Escalation Vulnerability - cisco-sa-20080521-cvp

CA ARCserve Backup Vulnerabilities

CA has released updates to address two vulnerabilities in BrightStor ARCserve Backup. The first vulnerability is due to an input validation error within the logging service, "caloggerd." The second vulnerability is due to a buffer overflow conditions within multiple "xdr" functions. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users to review the CA Security Notice and apply any necessary updates or workarounds.

Natural Disasters and Phishing Scams

In the past, US-CERT has received reports of an increased number of phishing scams that take advantage of natural disasters. Due to recent natural disasters, US-CERT would like to remind users to remain cautious when receiving unsolicited email that could be a potential phishing scam.

Phishing scams may appear as requests for donations from a charitable organization asking users to click on a link that will take them to a fraudulent website that appears to be a legitimate charity. The users are then asked to provide personal information that can further expose them to future compromises.

Users are encouraged to take the following measures to protect themselves from this type of phishing scam:

• Do not follow unsolicited web links received in email messages.
• Review the Federal Trade Commission's Charity Checklist.
• Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.
  

• Recognizing and Avoiding Email Scams (pdf)
• Avoiding Social Engineering and Phishing Attacks

United States Tax Court Spear-Phishing Attack

US-CERT is aware of public reports of a spear-phishing attack circulating via email messages that claim to be petitions from the US Tax Court. These messages appear to be legitimate because they may contain very specific information about the message recipient. The message requests that the user follow a link to download additional information about the petition, but if a user clicks on this link, malicious code may be installed on the system.

US-CERT encourages users to do the following to help mitigate the risk:

• Review the alert posted by the United States Tax Court regarding this issue.
• Do not follow unsolicited web links received in email messages.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
• Install anti-virus software and keep virus signature files up to date.

Debian and Ubuntu OpenSSL and OpenSSH Vulnerabilities

Debian and Ubuntu have released multiple security advisories to address vulnerabilities in their OpenSSL package and other cryptographic application packages that rely on it. These vulnerabilities are due to weaknesses in the random number generator that is used to create SSL and SSH cryptographic keys. As a result of the vulnerability, the keys generated using the flawed OpenSSL package may be weak. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to conduct brute force attacks and obtain sensitive information. These vulnerabilities may affect any Debian-based systems, such as Ubuntu, and may indirectly affect other systems if these weak keys have been imported into them.

US-CERT encourages users to review the following advisories and apply any necessary workarounds or updates:

• Debian Security Advisory DSA-1571-1
• Debian Security Advisory DSA-1576-1
• Ubuntu Security Notice USN-612-1
• Ubuntu Security Notice USN-612-2
• Ubuntu Security Notice USN-612-3
• Ubuntu Security Notice USN-612-4
• Ubuntu Security Notice USN-612-5
• Ubuntu Security Notice USN-612-6