Vulnerabilities of Interest:
- Gimp PSD Image Parsing Integer Overflow Vulnerability – Secunia Research has discovered a vulnerability in Gimp, which potentially can be exploited by malicious people compromise a user's system. The vulnerability is caused due to an integer overflow within the "read_channel_data()" function in plug-ins/file-psd/psd-load.c. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PSD file. The vulnerability is confirmed in version 2.6.7. Other versions may also be affected.
- Linux Kernel KVM MCE "KVM_X86_SETUP_MCE" Buffer Overflow – A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. The vulnerability is caused due to an error within the "kvm_vcpu_ioctl_x86_setup_mce()" function in arch/x86/kvm/x86.c. This can be exploited to corrupt kernel memory by e.g. sending a specially crafted "KVM_X86_SETUP_MCE" IOCTL. Fixed in version 2.6.32.-rc7.
- avast! Home/Professional aswRdr.sys Memory Corruption Vulnerability - A vulnerability has been discovered in avast! Home/Professional, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. The vulnerability is caused due to an error in aswRdr.sys when processing IOCTLs. This can be exploited to corrupt kernel memory via a specially crafted 0×80002024 IOCTL.
- Home FTP Server "SITE INDEX" Denial of Service – A vulnerability has been discovered in Home FTP Server, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the handling of multiple "SITE INDEX" commands and can be exploited to stop the server. The vulnerability is confirmed in version 1.10.1.139. Other versions may also be affected. The currently offered solution is to restrict access to trusted users only.
- HP OpenView Network Node Manager 'ovdbrun.exe' Denial of Service Vulnerability – HP OpenView Network Node Manager (NNM) is prone to a remote denial-of-service vulnerability. An attacker may leverage this issue to crash the affected application, denying service to affected users. The issue affects NNM 7.51 and 7.53. Exploit is available in the wild.
- HP Discovery & Dependency Mapping Inventory Arbitrary Code Execution – A vulnerability has been reported in HP Discovery & Dependency Mapping Inventory (DDMI), which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code. The vulnerability is reported in HP Discovery & Dependency Mapping Inventory (DDMI) versions 2.5x, 7.5x, and 7.60, running on Windows. Solution is to apply patches.
- Warcraft III JASS Interpreter Arbitrary Code Execution – Some vulnerabilities have been reported in Warcraft III: The Frozen Throne, which can be exploited by malicious people to potentially compromise a user's system. The vulnerabilities are caused due to errors within the JASS script handling, which can be exploited to e.g. execute arbitrary code by tricking a user into loading a specially crafted map. Partially fixed in version 1.24b.
News Items of Interest:
News item 1: (http://community.zdnet.co.uk/blog/0,1000000567,10014468o-2000331761b,00.htm?s_cid=292)
News item 2: (http://isc.sans.org/diary.html?storyid=7603&rss) OpenVPN recommend upgrading to version 2.1_rc21 which is available here. Additional information regarding OpenVPN session renegotiation is available here.
News item 3: (http://www.wtop.com/?nid=108&sid=1814785)
News item 4: (http://www.metasploit.com/framework/download) After 12 months of development, version 3.3 of the Metasploit Framework has been released. Version 3.3 includes 120 new exploit modules, over 100 new auxiliary modules, and 180 bug fixes.
News item 5: (http://www.businesswire.com/portal/site/topix/?dmViewId=news_view&newsId=20091117005045&newsLang=en) For more information and insight from DeepNines Security Lab: http://www.deepnines.com/security-lab/deepnines-security-labs.
News item 6: (http://www.infosecurity-magazine.com/view/5280/astaro-joins-free-it-security-software-industry-to-boost-profile/) The software is available in two flavours: software appliance and virtual appliance.
Tech Segment:
Rough Auditing Tool for Security. RATS (Rough Auditing Tool for Security), is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions. RATS scanning tool provides a security analyst with a list of potential trouble spots on which to focus, along with describing the problem, and potentially suggest remedies. It also provides a relative assessment of the potential severity of each problem, to better help an auditor prioritize. This tool also performs some basic analysis to try to rule out conditions that are obviously not problems. RATS is free software, under the terms of the GNU Public License. RATS requires expat to be installed in order to build and run. Expat is often installed in /usr/local/lib and /usr/local/include. On some systems, you will need to specify —with-expat-lib and —with-expat-include options to configure so that it can find your installation of the library and header. More Info: http://expat.sourceforge.net/
rats [-d ] [-h] [-r] [-w ] [-x] [file1 file2 ... filen]
Options explained:
- -d Specifies a vulnerability database to be loaded. You may have multiple -d options and each database specified will be loaded.
- -h Displays a brief usage summary
- -i Causes a list of function calls that were used which accept external input to be produced at the end of the vulnerability report.
- -l Force the specified language to be used regardless of filename extension. Currently valid language names are "c", "perl", "php" and "python".
- -r Causes references to vulnerable function calls that are not being used as calls themselves to be reported.
- -w Sets the warning level. Valid levels are 1, 2 or 3. Warning level 1 includes only default and high severity Level 2 includes medium severity. Level 2 is the default warning level 3 includes low severity vulnerabilities.
- -x Causes the default vulnerability databases (which are in the installation data directory, /usr/local/lib by default) to not be loaded.
When started, RATS will scan each file specified on the command line and produce a report when scanning is complete. What vulnerabilities are reported in the final report depend on the data contained in the vulnerability database or databases that are used and the warning level in use.
For each vulnerability, the list of files and line numbers where it occurred is given, followed by a brief description of the vulnerability and suggested action.