Information Security all in one place!

Posts tagged “arbitrary code execution

Cisco Security Advisory: Cisco WebEx Player – Buffer Overflow Vulnerabilities


The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.
The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The players can also be manually
installed for offline playback after downloading the application from
www.webex.com.

If the WRF player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the WRF player was manually installed, users will need to manually install anew version of the player after downloading the latest version from
www.webex.com.

Cisco has updated affected versions of the WebEx meeting sites and WRF player to address these vulnerabilities.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex

 

 


Mozilla: Multiple Updates


English: Mozilla Firefox word mark. Guestimate...

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities.

  • Firefox 11,
  • Firefox 3.6.28,
  • Firefox ESR 10.0.3,
  • Thunderbird 11,
  • Thunderbird 3.1.20,
  • Thunderbird ESR 10.0.3, and
  • SeaMonkey 2.8.

These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, bypass security restrictions, operate with escalated privileges, or perform a cross-site scripting attack.

English: A candidate icon for Portal:Computer ...

Firefox users can find more information here: http://www.mozilla.org/security/known-vulnerabilities/firefox.html

Thunderbird users can find more information here: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

Seamonkey users can find more information here: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html 


Safari: Closes Security Holes with version 5.1.4


Safari: Closes 80 Security Holes with version 5.1.4

Apple has released version 5.1.4 of its Safari web browser for Windows and Mac OS X. According to the company, the maintenance and security update addresses more than 80 vulnerabilities. The update also includes includes various stability and performance improvements as well as fixes for other non-security related bugs.

A majority of the security holes closed in 5.1.4 were found in the WebKit browser engine used by Safari. These include several cross-site scripting (XSS), cross-origin and HTTP authentication problems, as well as numerous memory corruption bugs that could be exploited by an attacker, for example, to cause unexpected application termination or arbitrary code execution.

The recent issue, where Google were accused of bypassing Safari’s privacy controls on cookies, also appears to have been addressed. Details of how Apple have fixed this though are not given. A bug in Safari’s Private Browsing mode that allowed page visits to be recorded in the browser history when the mode was active has been fixed.

On Windows systems, the browser update improves domain name validity checking in order to prevent attackers from using look-alike characters in a URL to visually spoof a legitimate domain and direct users to a malicious site – Mac OS X systems were not affected by this issue.

More can be found here: http://www.h-online.com/security/news/item/Safari-update-closes-security-holes-1470595.html


Apple: New iOS Release Addresses Multiple Vulnerabilities


Apple closes security holes with iOS 5.1 and iTunes update

Alongside the launch of the “new iPad“, Apple released iOS 5.1 for the iPhone 3GS, 4 and 4S, the 3rd generation iPod touch, and iPad and iPad 2. The update includes fixes for 91 issues with CVE identifiers. The majority, 66 of the issues, are described as “unexpected application termination or arbitrary code execution” in WebKit due to memory corruption. These flaws were mostly found by Apple or members of the Google Chrome Security Team, while a number were found by Chrome special rewardwinner miaubiz.

Two screen lock bypass issues are fixed, including one, a race condition with slide to dial gestures that could bypass the passcode lock, discovered by Roland Kohler of the German Federal Ministry of Economics and Technology, and an uncredited discovery that Siri’s lock screen could be used to forward messages to an arbitrary user.

iPhone, iPhone 3G and 3GS

Another error, which allowed a malicious program to bypass the sandbox by exploiting an error in the handling of debug calls, has been fixed, with the error’s discovery credited to the “2012 iOS Jailbreak Dream Team”. A flaw in Private Browsing in Safari that recorded JavaScript pushState and replaceState methods in browser history has also been fixed. Other flaws fixed include information disclosure in CFNetwork with maliciously crafted URLs, an integer underflow when mounting disk images, an integer underflow when processing DNS records, and cross-origin issues with cookies and content which could enable cross-site scripting attacks.

iOS 5 devices have automatic update support, and the update should be available “over-the-air” or via iTunes. Users who wish to force the update can use the Settings app, select General and then Software Update, ensuring the device is fully charged or on charge. Full details of all the issues fixed are given in About the security content of iOS 5.1 Software Update.

Many of the same WebKit issues are fixed in the iTunes 10.6 update to mitigate the possibility that a man-in-the middle attack could be used while browsing Apple’s iTunes Store to compromise a system. The iTunes 10.6 update is for Mac OS X and Windows systems and details of the fixes are available in About the security content of iTunes 10.6.

More available here: http://www.h-online.com/security/news/item/Apple-closes-security-holes-with-iOS-5-1-and-iTunes-update-1466786.html


Total Defense Suite UNC Management Console SQL Injection Vulnerability


Total Defense Suite UNC Management Console SQL Injection Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the ExportReport stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the ExportReport stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request–which could ultimately lead to arbitrary code executionunder the context of the SYSTEM user by invoking an exec function.

English: A candidate icon for Portal:Computer ...

Vendor Says: “We are pleased to confirm that all three vulns that were reported by Tipping Point were proactively closed as part of the Total Defense R12 SE3 (Build 831) release cycle.  This SE3 release is publicly shipping from our download links since December 5th, 2011.  Physical media (DVD) is currently in production for those clients seeking that option as opposed to a download and we will be shipping those DVDs in early January 2012 based on the production schedule. ”

This vulnerability should be patched as soon as possible!


Microsoft Showing it’s Love – in Advance


Microsoft Security Bulletin Advance Notification for February 2012:

Microsoft has blessed us again with another Patch Tuesday. Here is advanced notification of 9 Bulletins for Valentine’s Day.

IE update likely the one users will want to apply ASAP, say researchers


9 Security related bulletins have been issued to close 21 Vulnerabilities

  • 4 Critical – Microsoft Windows (2) – Remote Code Execution,  Microsoft Windows – Internet Explorer (1) – Remote Code Execution, Microsoft .NET Framework (1) – Remote Code Execution, Microsoft Silverlight (1) – Remote Code Execution
    English: M in blue square (similar to seen on )
  • 5 Important –  Microsoft Windows (2) – Remote Code Execution,  Microsoft Windows (1) – Elevation of Privilege, Microsoft Office – Windows Server Software (1) – Elevation of Privilege,  Microsoft Office  (1) – Elevation of Privilege

The full version of the Microsoft Security Bulletin Advance
Notification for February 2012 can be found at: http://technet.microsoft.com/security/bulletin/ms12-feb.

This bulletin advance notification will be replaced with the February bulletin summary on February 14, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification


php5 Security Update: Recent PHP security update is flawed


Debian Security Advisory DSA-2403-1

php5 remote code execution, after problems were patched.

The PHP logo displaying the Handel Gothic font.

Image via Wikipedia

Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.

  • For the oldstable distribution (lenny), no fix is available at this time.
  • For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze7.
  • The testing distribution (wheezy) and unstable distribution (sid) will be fixed soon.

Recommended that you upgrade your php5 packages.

Further information about Debian Security Advisories,
found at: http://www.debian.org/security/