Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
June 2009
 Right Arrow
Su M Tu W Th F Sa
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    June 01, 2009 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    May 29VMware Releases Security Advisory
    May 28Microsoft Releases Security Advisory 971778
    May 27BlackBerry Security Advisory
    May 26Microsoft Releases Service Pack 2 for Windows Vista and Windows Server 2008
    May 22Novell Releases Updates for GroupWise
    May 20NSD DNS Buffer Overflow Vulnerability
    May 20Cisco Releases Security Advisory for CiscoWorks TFTP Vulnerability
    May 20Mac OS X Includes Known Vulnerable Version of Java
    May 19Microsoft Internet Information Services (IIS) WebDAV Request Vulnerability
    May 18Gumblar Malware Exploit Circulating


    VMware Releases Security Advisory

    added May 29, 2009 at 09:02 am

    VMware has released a security advisory to address multiple vulnerabilities in VMware Workstation, Player, ACE, Server, Fusion, ESX, and ESXi. The first of these vulnerabilities is due to a error in the VMware Descheduled Time Accounting driver. Exploitation of this vulnerability may result in denial of service in Windows-based virtual machines. The second vulnerability is due to a known error in the libpng package used by some VMware products. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

    US-CERT encourages users and administrators to review the VMware security advisory and apply any necessary updates to help mitigate the risks.


    Microsoft Releases Security Advisory 971778

    added May 28, 2009 at 04:44 pm

    Microsoft has released security advisory 971778 indicating that it is investigating public reports of a vulnerability in DirectX. This vulnerability exists in the way Microsoft DirectShow handles QuickTime files and does not require Apple QuickTime to be installed on the system. By convincing a user to open a specially crafted QuickTime media file, a remote attacker may be able to execute arbitrary code. Additionally, the advisory indicates that Microsoft Windows 2000 Service Pack 4, Windows XP, and Server 2003 are vulnerable.

    US-CERT encourages users and administrators to review Microsoft security advisory 971778 and apply the workarounds provided in the document to help mitigate the risks.

    US-CERT will provide additional information as it becomes available.


    BlackBerry Security Advisory

    added May 27, 2009 at 08:55 am

    Research In Motion has released security advisory KB18327 to address multiple vulnerabilities in the PDF distiller of the BlackBerry Attachment Service. By convincing a user to open a specially crafted PDF file on a BlackBerry smartphone, an attacker may be able to execute arbitrary code on the computer hosting the BlackBerry Attachment Service.

    US-CERT encourages users and administrators to review BlackBerry security advisory KB18327 and apply the update or implement the workarounds provided in the document to help mitigate the risks.


    Microsoft Releases Service Pack 2 for Windows Vista and Windows Server 2008

    added May 26, 2009 at 05:13 pm

    Microsoft has released Service Pack 2 for Windows Vista and Windows Server 2008. This service pack contains multiple security updates and hotfixes. US-CERT encourages users and administrators to review Microsoft Knowledge Base article 948465 and follow best-practice security policies to determine if the update should be applied.


    Novell Releases Updates for GroupWise

    added May 22, 2009 at 12:07 pm

    Novell has released updates for GroupWise 7 and 8 to address multiple vulnerabilities in GroupWise WebAccess and Internet Agents. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, or obtain unauthorized access.

    US-CERT encourages users and administrators to review the following Novell documents and apply any necessary updates to help mitigate the risks:


    NSD DNS Buffer Overflow Vulnerability

    added May 20, 2009 at 09:23 am | updated May 20, 2009 at 03:54 pm

    NLnet Labs has released a patch to address a vulnerability in NSD DNS versions 2.0.0 through 3.2.1. This vulnerability is due to an error in the way NSD processes certain types of packets that may lead to a buffer overflow. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to cause the DNS software to crash, resulting in a denial-of-service condition.

    US-CERT encourages users and administrators to review the NSD announcement regarding this vulnerability and apply any necessary updates or patches to help mitigate the risks. Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.


    Cisco Releases Security Advisory for CiscoWorks TFTP Vulnerability

    added May 20, 2009 at 01:31 pm

    Cisco has released a security advisory to address a vulnerability in CiscoWorks TFTP. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to view or modify application and host operating system files, possibly resulting in arbitrary code execution or a denial-of-service condition. The security advisory indicates that the following Cisco products are affected by this vulnerability:

    • Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and 2.1
    • CiscoWorks QoS Policy Manager versions 4.0 and 4.1
    • CiscoWorks LAN Management Solution versions 2.5, 2.6, and 3.0
    • Cisco Security Manager versions 3.0, 3.1, and 3.2
    • Cisco TelePresence Readiness Assessment Manager version 1.0
    • CiscoWorks Voice Manager versions 3.0 and 3.1
    • CiscoWorks Heath and Utilization Monitor versions 1.0 and 1.1
    • Cisco Unified Operations Manager versions 1.0, 1.1, 2.0 and 2.1
    • Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2 and 1.3
    US-CERT encourages users and administrators to review Cisco Security Advisory cisco-sa-20090520-cw and apply any necessary updates to help mitigate the risks.


    Mac OS X Includes Known Vulnerable Version of Java

    added May 20, 2009 at 11:22 am

    Current releases of Mac OS X (version 10.5.7 and version 10.4.11 with security update 2009-002) include a version of Java Runtime Environment (JRE) containing known security vulnerabilities. US-CERT is aware of publicly available exploit code for one of these vulnerabilities. This vulnerability may allow untrusted applets to obtain read, write, and execute permissions to local files and applications with the privileges of the local user. A fix for this vulnerability has been released by Sun, but Mac OS X users cannot apply the fix directly. Mac OS X users must use Apple updates to obtain updated JRE versions. At this time, Apple has not yet released an update to address this issue.

    US-CERT encourages Mac OS X users to disable Java in each web browser they use until a patch is available from Apple. Guidance for disabling Java can be found in the Securing Your Web Browser document. Please note that disabling Java may affect the functionality of websites that use Java.

    US-CERT will provide additional information as it becomes available.


    Microsoft Internet Information Services (IIS) WebDAV Request Vulnerability

    added May 18, 2009 at 08:54 am | updated May 19, 2009 at 08:02 am

    US-CERT is aware of public reports of a vulnerability affecting Microsoft Internet Information Services 6 (IIS6). Reports indicate that this vulnerability is due to improper handling of unicode tokens. Exploitation of this vulnerability may allow a remote attacker to bypass authentication methods, allowing an attacker to upload files to a WebDAV folder or obtain sensitive information. NTFS file ACLs will generally prevent the anonymous internet user from writing to an unauthorized area. US-CERT is also aware of publicly available exploit code and active exploitation of this vulnerability.

    US-CERT encourages users to implement the following workaround to help mitigate the risks until a patch or update is available from the vendor:

    Disable WebDAV. Administrators who are unable to disable WebDAV may be able to mitigate some risk by configuring their IDS to refuse external HTTP requests containing "Translate: f" headers. Please note that disabling WebDAV may affect the functionality of other applications such as SharePoint.

    Microsoft has released Security Advisory 971492 to provide information about this vulnerability. Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.


    Gumblar Malware Exploit Circulating

    added May 18, 2009 at 12:47 pm

    US-CERT is aware of public reports of a malware exploit circulating. This is a drive-by-download exploit with multiple stages and is being referred to as Gumblar. The first stage of this exploit attempts to compromise legitimate websites by injecting malicious code into them. Reports indicate that these website infections occur primarily through stolen FTP credentials but may also be compromised through poor configuration settings, vulnerable web applications, etc.  The second stage of this exploit occurs when users visit a website compromised by Gumblar. Users who visit these compromised websites and have not applied updates for known PDF and Flash Player vulnerabilities may become infected with malware. This malware may be used by attackers to monitor network traffic and obtain sensitive information, including FTP and login credentials, that can be used to conduct further exploits. Additionally, this malware may also redirect Google search results for the infected user.

    US-CERT encourages users and administrators to apply software updates in a timely manner and use up-to-date antivirus software to help mitigate the risks.

    US-CERT will provide additional information as it becomes available.