Vulnerabilities of Interest:

1. Kolab Server ClamAV Archive Handling Security Bypass – Some security issues have been reported in Kolab Server, which can potentially be exploited by malware to bypass certain security restrictions. The security issues are caused due to errors in the handling of certain file types in combination with ClamAV. This can be exploited to bypass security restrictions specified for certain files. Solution is to upgrade the ClamAV package to version 0.95.3.
2. Kaspersky Anti-Virus 2010 kl1.sys Denial of Service Vulnerability -A vulnerability has been discovered in Kaspersky Anti-Virus 2010, which can be exploited by malicious, local users to cause a DoS (Denial of Service).  The vulnerability is caused due to an error in the kl1.sys driver when handling IOCTLs. This can be exploited to dereference invalid memory and cause a kernel crash via a specially crafted 0x0022C008 IOCTL. The vulnerability is confirmed in version 9.0.0.463. Other versions may also be affected.  Solution is to update to version 9.0.0.736.
3. Sun Java SE Multiple Security Vulnerabilities – Sun has released updates to address multiple vulnerabilities in Java SE. Very little technical information is currently available on these issues. These issues are addressed in the following releases: JDK and JRE 6 Update 15, JDK and JRE 5.0 Update 20, SDK and JRE 1.4.2_22 and SDK and JRE 1.3.1_26
4. Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability – Serv-U Web Client is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Serv-U Web Client 9.0.0.5 is vulnerable; other versions may also be affected. Exploits are available in the wild.
5. RhinoSoft Serv-U FTP Server TEA Decoder Remote Stack Buffer Overflow Vulnerability – RhinoSoft Serv-U FTP Server is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Serv-U 9.0.0.5 is vulnerable; other versions may also be affected.
6. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability – Sun Java Web Start and Java Plug-in are prone to a privilege-escalation vulnerability. This issue occurs when the affected applications parse a JAR file that is also a legitimate GIF image file. An attacker may exploit this issue to obtain sensitive information (such as HTTP session cookies) or to perform actions as legitimate users of a web application. This may aid in further attacks. NOTE: This issue was previously covered in BID 32620 (Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities), but has been given its own record to better document the issue. The following versions are affected: JDK and JRE 6 Update 10 and earlier, JDK and JRE 5.0 Update 16 and earlier, SDK and JRE 1.4.2_18 and earlier, and SDK and JRE 1.3.1_23 and earlier
7. IBM SolidDB ‘solid.exe’ Denial of Service Vulnerability – IBM SolidDB is prone to a remote denial-of-service vulnerability. An attacker may leverage this issue to crash the affected application, denying service to affected users. This issue affects SolidDB 6.30.0.29 and 6.30.0.33; other versions may also be affected.  Exploits are available in the wild.
8. Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability – Same deal just more vendors being added.  Again check with your vendor on this for updates.

News Items of Interest:

News item 1: (http://www.domainb.com/infotech/itnews/20091117_indo-pak_cyber_war.html)

News item 2: (http://www.networkworld.com/news/2009/111709-endpoint-security.html)

News item 3: (http://www.jdjournal.com/2009/11/17/hackers-targeting-large-law-firms-in-increasing-numbers/)

News item 4:(http://www.out-law.com//default.aspx?page=10530)

News item 5: (http://www.pcadvisor.co.uk/news/index.cfm?…id=3206496&)

News item 6: (http://www.infoworld.com/d/security-central/64-bit-windows-safer-claims-microsoft-787?source=rss_infoworld_news)

Tech Segment:

OpenVAS

OpenVAS is a new security assessment tool designed as an alternative to Nessus.  According to the OpenVAS website:

Once you get BackTrack up and running, you can login with root (password: toor) by default.  Launch Firefox to so that we can grab the latest version of the OpenVAS packages from the following website: apt.intevation.de/dists/lenny/openvas/binary-i386/?1246159210

libopenvas2_2.0.4-1intevation1_i386.deb
libopenvasnasl2_2.0.2-1intevation1_i386.deb
openvas-client_2.0.5-1intevation1_i386.deb
openvas-plugins_1.0.6-1intevation2_i386.deb
openvas-server_2.0.3-1intevation1_i386.deb

Grab the Pth, GD and GNOME wrapper libraries:
packages.debian.org/lenny/i386/libpth20/download
packages.debian.org/lenny/i386/libgpgme11/download
packages.debian.org/lenny/i386/libgdchart-gd2-noxpm/download

Finally, you will need to grab HTMLDOC: htmldoc.org/software.php?VERSION=1.9.x-r1586&FILE=htmldoc/snapshots/htmldoc-1.9.x-r1586.tar.gz

wget http://apt.intevation.de/dists/lenny/openvas/binary-i386/libopenvas2_2.0.4-1intevation1_i386.deb
wget http://apt.intevation.de/dists/lenny/openvas/binary-i386/libopenvasnasl2_2.0.2-1intevation1_i386.deb
wget http://apt.intevation.de/dists/lenny/openvas/binary-i386/openvas-client_2.0.5-1intevation1_i386.deb
wget http://apt.intevation.de/dists/lenny/openvas/binary-i386/openvas-plugins_1.0.6-1intevation2_i386.deb
wget http://apt.intevation.de/dists/lenny/openvas/binary-i386/openvas-server_2.0.3-1intevation1_i386.deb
wget http://http.us.debian.org/debian/pool/main/p/pth/libpth20_2.0.7-12_i386.deb
wget http://http.us.debian.org/debian/pool/main/g/gpgme1.0/libgpgme11_1.1.6-2_i386.deb
wget http://http.us.debian.org/debian/pool/main/libg/libgdchart-gd2/libgdchart-gd2-noxpm_0.11.5-6_i386.deb
wget ftp://nic.funet.fi/.m/mirrors2/ftp.easysw.com/pub/htmldoc/snapshots/htmldoc-1.9.x-r1586.tar.gz

Open the terminal and run the following commands in order:

dpkg -i libopenvas2_2.0.4-1intevation1_i386.deb
ldconfig
dpkg -i libpth20_2.0.7-12_i386.deb
dpkg -i libgpgme11_1.1.6-2_i386.deb
dpkg -i libopenvasnasl2_2.0.2-1intevation1_i386.deb
dpkg -i openvas-plugins_1.0.6-1intevation2_i386.deb
dpkg -i openvas-server_2.0.3-1intevation1_i386.deb
dpkg -i libgdchart-gd2-noxpm_0.11.5-6_i386.deb
dpkg -i openvas-client_2.0.5-1intevation1_i386.deb
tar -zxvf htmldoc-1.9.x-r1586.tar.gz
cd htmldoc-1.9.x-r1586
./configure
make
make install
openvas-adduser

oot@bt:~/htmldoc-1.9.x-r1586# openvas-adduser
/usr/sbin/openvas-adduser: 75: 0: not found
Using /var/tmp as a temporary file holder.

Add a new openvasd user
———————————


Login : admin
Authentication (pass/cert) [pass] : pass
Login password :
Login password (again) :

User rules
—————
openvasd has a rules system which allows you to restrict the hosts that admin has the right to test.
For instance, you may want him to be able to scan his own host only.

Please see the openvas-adduser(8) man page for the rules syntax.

Enter the rules for this user, and hit ctrl-D once you are done:
(the user can have an empty rules set)



Login             : admin
Password          : ***********

Rules             :



Is that ok? (y/n) [y] y
user added.

openvas-mkcert

root@bt:~/htmldoc-1.9.x-r1586# openvas-mkcert
/usr/sbin/openvas-mkcert: 85: 0: not found
——————————————————————————-
Creation of the OpenVAS SSL Certificate
——————————————————————————-

This script will now ask you the relevant information to create the SSL certificate of OpenVAS.
Note that this information will *NOT* be sent to anybody (everything stays local), but anyone with the ability to connect to your OpenVAS daemon will be able to retrieve this information.


CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [FR]: US
Your state or province name [none]:
Your location (e.g. town) [Paris]: Atlanta
Your organization [OpenVAS Users United]:






——————————————————————————-
Creation of the OpenVAS SSL Certificate
——————————————————————————-

Congratulations. Your server certificate was properly created.

/etc/openvas/openvasd.conf updated
The following files were created:

. Certification authority:
Certificate = /var/lib/openvas/CA/cacert.pem
Private key = /var/lib/openvas/private/CA/cakey.pem

. OpenVAS Server :
Certificate = /var/lib/openvas/CA/servercert.pem
Private key = /var/lib/openvas/private/CA/serverkey.pem

Press [ENTER] to exit

openvas-nvt-sync

Start the OpenVAS server by typing the command “openvasd” in the terminal.  Open the OpenVAS Client by clicking on the Start button, going to Internet, and then clicking on OpenVAS-Client. Choose File > Connect and Enter the username and password which you created earlier. Wait for the client to connect to the server and then click File and then Scan Assistant.

Enter “localhost” to target your own computer for a scan.  Click the Execute button and once the scan is completed you will see “Report” followed by the date in the left pane of the OpenVAS client. Click on the report, and you can explore the report results in the middle and right panes of the client. You can also click on Report on the top command line of the OpenVAS client and click Print to make a pdf copy of the report.