Understanding Digital Signatures
by IDF Agent on Jan.05, 2010, under Uncategorized
Digital signatures are a way to verify that an email message is really from
the person who supposedly sent it and that it hasn’t been changed.
What is a digital signature?
There are different types of digital signatures; this tip focuses on digital
signatures for email messages. You may have received emails that have a
block of letters and numbers at the bottom of the message. Although it may
look like useless text or some kind of error, this information is actually a
digital signature. To generate a signature, a mathematical algorithm is used
to combine the information in a key with the information in the message. The
result is a random-looking string of letters and numbers.
Why would you use one?
Because it is so easy for attackers and viruses to “spoof” email addresses
(see Using Caution with Email Attachments for more information), it is
sometimes difficult to identify legitimate messages. Authenticity may be
especially important for business correspondence—if you are relying on
someone to provide or verify information, you want to be sure that the
information is coming from the correct source. A signed message also
indicates that changes have not been made to the content since it was sent;
any changes would cause the signature to break.
How does it work?
Before you can understand how a digital signature works, there are some
terms you should know:
* Keys – Keys are used to create digital signatures. For every signature,
there is a public key and a private key.
+ Private key – The private key is the portion of the key you use to
actually sign an email message. The private key is protected by a
password, and you should never give your private key to anyone.
+ Public key – The public key is the portion of the key that is
available to other people. Whether you upload it to a public key
ring or send it to someone, this is the key other people can use to
check your signature. A list of other people who have signed your
key is also included with your public key. You will only be able to
see their identities if you already have their public keys on your
key ring.
* Key ring – A key ring contains public keys. You have a key ring that
contains the keys of people who have sent you their keys or whose keys
you have gotten from a public key server. A public key server contains
keys of people who have chosen to upload their keys.
* Fingerprint – When confirming a key, you will actually be confirming the
unique series of letters and numbers that comprise the fingerprint of
the key. The fingerprint is a different series of letters and numbers
than the chunk of information that appears at the bottom of a signed
email message.
* Key certificates – When you select a key on a key ring, you will usually
see the key certificate, which contains information about the key, such
as the key owner, the date the key was created, and the date the key
will expire.
* “Web of trust” – When someone signs your key, they are confirming that
the key actually belongs to you. The more signatures you collect, the
stronger your key becomes. If someone sees that your key has been signed
by other people that he or she trusts, he or she is more inclined to
trust your key. Note: Just because someone else has trusted a key or you
find it on a public key ring does not mean you should automatically
trust it. You should always verify the fingerprint yourself.
The process for creating, obtaining, and using keys is fairly
straightforward:
1. Generate a key using software such as PGP, which stands for Pretty Good
Privacy, or GnuPG, which stands for GNU Privacy Guard.
2. Increase the authenticity of your key by having your key signed by
co-workers or other associates who also have keys. In the process of
signing your key, they will confirm that the fingerprint on the key you
sent them belongs to you. By doing this, they verify your identity and
indicate trust in your key.
3. Upload your signed key to a public key ring so that if someone gets a
message with your signature, they can verify the digital signature.
4. Digitally sign your outgoing email messages. Most email clients have a
feature to easily add your digital signature to your message.
There are a variety of mechanisms for creating digital signatures, and these
mechanisms may operate differently. For example, S/MIME does not add a
visible block of letters and numbers within the message, and its digital
signatures are verified indirectly using a certificate authority instead of
directly with other users in a web of trust. You may just see an icon or
note on the message that the signature has been verified. If you get an
error about a digital signature, try to contact the sender through a phone
call or a separate email address that you know is valid to verify the
authenticity of the message.
_________________________________________________________________
Authors: Mindi McDowell, Allen Householder
Malicious Code Circulating via Social Security Administration Phishing Messages
by IDF Agent on Dec.03, 2009, under Uncategorized
There are public reports of malicious code circulating via
phishing email messages that appear to come from the Social Security
Administration. The messages indicate that the users’ annual Social
Security statements may contain errors and instruct users to follow a
link to review their Social Security statement. If users click this
link, they will be redirected to a seemingly legitimate website that
prompts them for their Social Security number. If users enter their
Social Security number and continue to the next page, they will be
given an option to generate a statement. If users attempt to generate
a statement, malicious code may be installed on their systems. This
malicious code attempts to collect online banking traffic to gain
access to the users’ bank accounts.
US-CERT encourages users and administrators to take the following
preventative measures to help mitigate the security risks:
* Install antivirus software, and keep the virus signatures up to
date.
* Do not follow unsolicited links and do not open unsolicited email
messages.
* Use caution when visiting untrusted websites.
* Use caution when entering personal information online.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.
Users are encouraged to contact the Social Security Administration to
verify the authenticity of any messages. Additional information will
be provided as it becomes available.
Latest high risk vulnerabilities for the last week of November, 2009
by IDF Agent on Dec.03, 2009, under Uncategorized
| Primary Vendor — Product |
Description | Published | CVSS Score | |
|---|---|---|---|---|
| 2wire — 1700hg 2wire — 1701hg 2wire — 1800hw 2wire — 2071 2wire — 2700hg 2wire — 2701hg-t |
The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, 2071, 2700HG, and 2701HG-T with software before 5.29.52 allows remote attackers to cause a denial of service (reboot) via a %0d%0a sequence in the page parameter to the xslt program on TCP port 50001, a related issue to CVE-2006-4523. | 2009-11-17 | 7.8 | |
| arcadetradescript — arcade_trade_script | Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true. | 2009-11-18 | 7.5 | |
| ed_charkow — supercharged_linking | SQL injection vulnerability in browse.php in Ed Charkow SuperCharged Linking allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2009-11-18 | 7.5 | |
| faslo — faslo_player | Stack-based buffer overflow in Faslo Player 7.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file. | 2009-11-18 | 9.3 | |
| gimp — gimp | Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. | 2009-11-18 | 9.3 | |
| hp — discovery&dependency_mapping_
inventory |
Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. | 2009-11-17 | 9.0 | |
| invisionpower — invision_power_board | Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number. | 2009-11-18 | 7.5 | |
| itechscripts — itechbids | Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238. | 2009-11-18 | 7.5 | |
| jos_de_ruijter — superseriousstats | SQL injection vulnerability in user.php in Super Serious Stats (aka superseriousstats) before 1.1.2p1 allows remote attackers to execute arbitrary SQL commands via the uid parameter, related to an “incorrect regexp.” NOTE: some of these details are obtained from third party information. | 2009-11-17 | 7.5 | |
| jtips — jtips | SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php. | 2009-11-18 | 7.5 | |
| linux — kernel linux — kernel |
Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc7 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a KVM_X86_SETUP_MCE IOCTL request that specifies a large number of Machine Check Exception (MCE) banks. | 2009-11-19 | 7.2 | |
| linux — kernel linux — kernel |
The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. | 2009-11-19 | 7.2 | |
| linux — kernel | Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. | 2009-11-20 | 7.2 | |
| maniacomputer — new5starrating | SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter. | 2009-11-18 | 7.5 | |
| microsoft — windows_7 microsoft — windows_server_2008 |
The kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains a NetBIOS header with an incorrect length value, which triggers an assertion failure in the KeAccumulateTicks function. | 2009-11-13 | 7.1 | |
| ninjaforge — ninjamonials | SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php. | 2009-11-18 | 7.5 | |
| qproje — siirler_bileseni | SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php. | 2009-11-18 | 7.5 | |
| rhinosoft — serv-u | Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexidecimal string. | 2009-11-20 | 9.0 | |
| tandberg — tandberg_mxp_endpoints | Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows remote attackers to cause a denial of service (process crash or device reboot) or possibly execute arbitrary code via a long USER command, as demonstrated by a command ending with many space characters. | 2009-11-16 | 9.3 | |
| turnkeyarcade — turnkey_arcade_script | SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629. | 2009-11-18 | 7.5 | |
| vivaprograms — infinity_script | cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters. | 2009-11-16 | 7.5 | |
| xoops — xoops | Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors. | 2009-11-17 | 7.5 |
Recognizing and Avoiding Spyware
by IDF Agent on Dec.03, 2009, under Uncategorized
Because of its popularity, the internet has become an ideal target for
advertising. As a result, spyware, or adware, has become increasingly
prevalent. When troubleshooting problems with your computer, you may
discover that the source of the problem is spyware software that has been
installed on your machine without your knowledge.
What is spyware?
Despite its name, the term “spyware” doesn’t refer to something used by
undercover operatives, but rather by the advertising industry. In fact,
spyware is also known as “adware.” It refers to a category of software that,
when installed on your computer, may send you pop-up ads, redirect your
browser to certain web sites, or monitor the web sites that you visit. Some
extreme, invasive versions of spyware may track exactly what keys you type.
Attackers may also use spyware for malicious purposes.
Because of the extra processing, spyware may cause your computer to become
slow or sluggish. There are also privacy implications:
* What information is being gathered?
* Who is receiving it?
* How is it being used?
How do you know if there is spyware on your computer?
The following symptoms may indicate that spyware is installed on your
computer:
* you are subjected to endless pop-up windows
* you are redirected to web sites other than the one you typed into your
browser
* new, unexpected toolbars appear in your web browser
* new, unexpected icons appear in the task tray at the bottom of your
screen
* your browser’s home page suddenly changed
* the search engine your browser opens when you click “search” has been
changed
* certain keys fail to work in your browser (e.g., the tab key doesn’t
work when you are moving to the next field within a form)
* random Windows error messages begin to appear
* your computer suddenly seems very slow when opening programs or
processing tasks (saving files, etc.)
How can you prevent spyware from installing on your computer?
To avoid unintentionally installing it yourself, follow these good security
practices:
* Don’t click on links within pop-up windows – Because pop-up windows are
often a product of spyware, clicking on the window may install spyware
software on your computer. To close the pop-up window, click on the “X”
icon in the titlebar instead of a “close” link within the window.
* Choose “no” when asked unexpected questions – Be wary of unexpected
dialog boxes asking whether you want to run a particular program or
perform another type of task. Always select “no” or “cancel,” or close
the dialog box by clicking the “X” icon in the titlebar.
* Be wary of free downloadable software – There are many sites that offer
customized toolbars or other features that appeal to users. Don’t
download programs from sites you don’t trust, and realize that you may
be exposing your computer to spyware by downloading some of these
programs.
* Don’t follow email links claiming to offer anti-spyware software – Like
email viruses, the links may serve the opposite purpose and actually
install the spyware it claims to be eliminating.
As an additional good security practice, especially if you are concerned
that you might have spyware on your machine and want to minimize the impact,
consider taking the following action:
* Adjust your browser preferences to limit pop-up windows and cookies -
Pop-up windows are often generated by some kind of scripting or active
content. Adjusting the settings within your browser to reduce or prevent
scripting or active content may reduce the number of pop-up windows that
appear. Some browsers offer a specific option to block or limit pop-up
windows. Certain types of cookies are sometimes considered spyware
because they reveal what web pages you have visited. You can adjust your
privacy settings to only allow cookies for the web site you are visiting
(see Browsing Safely: Understanding Active Content and Cookies and
Evaluating Your Web Browser’s Security Settings for more information).
How do you remove spyware?
* Run a full scan on your computer with your anti-virus software – Some
anti-virus software will find and remove spyware, but it may not find
the spyware when it is monitoring your computer in real time. Set your
anti-virus software to prompt you to run a full scan periodically (see
Understanding Anti-Virus Software for more information).
* Run a legitimate product specifically designed to remove spyware – Many
vendors offer products that will scan your computer for spyware and
remove any spyware software. Popular products include Lavasoft’s
Ad-Aware, Microsoft’s Window Defender, Webroot’s SpySweeper, and Spybot
Search and Destroy.
* Make sure that your anti-virus and anti-spyware software are compatible
- Take a phased approach to installing the software to ensure that you
don’t unintentionally introduce problems (see Coordinating Virus and
Spyware Defense for more information).
_________________________________________________________________
Authors: Mindi McDowell, Matt Lytle
Please, visit computer repair site for more information on how to remove the spyware
Microsoft Releases Security Advisory 977544
by IDF Agent on Nov.16, 2009, under Uncategorized
Microsoft has released security advisory 977544 to address a
vulnerability in the Server Message Block (SMB) protocol. This
vulnerability may allow an attacker to cause a denial-of-service
condition. This vulnerability only affects Windows 7 and Server 2008
software.
We encourage users and administrators to review Microsoft
security advisory 977544 and apply the workarounds.
Relevant Url(s):
<http://www.microsoft.com/technet/security/advisory/977544.mspx>
Apple Releases Safari 4.0.4
by IDF Agent on Nov.16, 2009, under Uncategorized
Apple has released Safari 4.0.4 to address multiple vulnerabilities in
a number of components. Exploitation of these vulnerabilities may
allow an attacker to execute arbitrary code, cause a denial-of-service
condition, conduct cross-site request forgery, or obtain sensitive
information. These vulnerabilities affect Safari running on both the
Mac OS X and Windows platforms.
We encourage users and administrators to review Apple article
HT3949 and upgrade to Safari 4.0.4 to help mitigate the risks.
Relevant Url(s):
<http://support.apple.com/kb/HT3949>
Latest Vulnerabilities for 1st week of November
by IDF Agent on Nov.10, 2009, under Uncategorized
| Primary Vendor — Product |
Description | Published | CVSS Score | |
|---|---|---|---|---|
| adobe — shockwave_player | Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information. | 2009-11-04 | 9.3 | |
| dobe — shockwave_player | Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an “invalid pointer vulnerability,” a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information. | 2009-11-04 | 10.0 | |
| adobe — shockwave_player | Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an “invalid pointer vulnerability,” a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information. | 2009-11-04 | 10.0 | |
| adobe — shockwave_player | Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an “invalid string length vulnerability.” NOTE: some of these details are obtained from third party information. | 2009-11-04 | 9.3 | |
| blender — blender | Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA. | 2009-11-06 | 9.3 | |
| eeye — retina_network_security_scanner | Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.10.14, allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .rws file with a long RWS010 entry. | 2009-11-04 | 9.3 | |
| ibm — ibm_runtimes_for_java_technology | Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the “updated version of XML4J 4.4.17.” | 2009-11-03 | 7.5 | |
| ibm — lotus_notes_intellisync | Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information. | 2009-11-04 | 9.3 | |
| ibm — tivoli_storage_manager_client | Buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via unspecified vectors. | 2009-11-04 | 9.3 | |
| ibm — tivoli_storage_manager_client | Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors. | 2009-11-04 | 10.0 | |
| ibm — tivoli_storage_manager_client | Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors. | 2009-11-04 | 9.3 | |
| poppler — poppler | Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791. | 2009-11-02 | 10.0 | |
| safenet-inc — softremote | Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd). | 2009-11-04 | 7.2 | |
| sun — opensolaris sun — solaris |
Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server. | 2009-11-02 | 7.5 | |
| sun — solaris | Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended screen locking did not occur, related to the “restart daemon.” | 2009-11-03 | 7.2 | |
| sun — jdk sun — jre |
The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694. | 2009-11-05 | 7.5 | |
| sun — jdk sun — jre |
The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. | 2009-11-05 | 9.3 | |
| sun — jdk sun — jre |
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824. | 2009-11-05 | 9.3 | |
| sun — jdk sun — jre sun — sdk |
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. | 2009-11-05 | 9.3 | |
| sun — jdk sun — jre sun — sdk |
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. | 2009-11-05 | 9.3 | |
| sun — jdk sun — jre sun — sdk |
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. | 2009-11-05 | 9.3 | |
| sun — jdk sun — jre sun — sdk |
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. | 2009-11-05 | 9.3 | |
| sun — jdk sun — jre sun — sdk |
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. | 2009-11-05 | 10.0 | |
| sun — jdk sun — jre sun — sdk |
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. | 2009-11-05 | 9.3 | |
| sun — java_system_web_server | Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | 2009-11-05 | 9.3 | |
| symantec — altiris_deployment_solution symantec — altiris_management_platform symantec — altiris_notification_server |
Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument. | 2009-11-03 | 9.3 | |
| typo3 — typo3 | The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. | 2009-11-02 | 8.5 | |
| typo3 — typo3 | The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password’s md5 hash as a credential. |
Apple Releases Mac OS X v10.6.2 and Security Update 2009-006
by IDF Agent on Nov.10, 2009, under Uncategorized
Apple has released Mac OS X v10.6.2 and Security Update 2009-006 to
address multiple vulnerabilities in a number of applications. These
vulnerabilities may allow an attacker to execute arbitrary code, cause
a denial-of-service condition, conduct a man-in-the-middle attack,
operate with escalated privileges, or obtain sensitive information.
US-CERT encourages users and administrators to review Apple article
HT3937 and apply any necessary updates to help mitigate the risks.
Relevant Url(s):
<http://support.apple.com/kb/HT3937>
Understanding Denial-of-Service Attacks
by IDF Agent on Nov.05, 2009, under Uncategorized
You may have heard of denial-of-service attacks launched against websites,
but you can also be a victim of these attacks. Denial-of-service attacks can
be difficult to distinguish from common network activity, but there are some
indications that an attack is in progress.
What is a denial-of-service (DoS) attack?
In a denial-of-service (DoS) attack, an attacker attempts to prevent
legitimate users from accessing information or services. By targeting your
computer and its network connection, or the computers and network of the
sites you are trying to use, an attacker may be able to prevent you from
accessing email, websites, online accounts (banking, etc.), or other
services that rely on the affected computer.
The most common and obvious type of DoS attack occurs when an attacker
“floods” a network with information. When you type a URL for a particular
website into your browser, you are sending a request to that site’s computer
server to view the page. The server can only process a certain number of
requests at once, so if an attacker overloads the server with requests, it
can’t process your request. This is a “denial of service” because you can’t
access that site.
An attacker can use spam email messages to launch a similar attack on your
email account. Whether you have an email account supplied by your employer
or one available through a free service such as Yahoo or Hotmail, you are
assigned a specific quota, which limits the amount of data you can have in
your account at any given time. By sending many, or large, email messages to
the account, an attacker can consume your quota, preventing you from
receiving legitimate messages.
What is a distributed denial-of-service (DDoS) attack?
In a distributed denial-of-service (DDoS) attack, an attacker may use your
computer to attack another computer. By taking advantage of security
vulnerabilities or weaknesses, an attacker could take control of your
computer. He or she could then force your computer to send huge amounts of
data to a website or send spam to particular email addresses. The attack is
“distributed” because the attacker is using multiple computers, including
yours, to launch the denial-of-service attack.
How do you avoid being part of the problem?
Unfortunately, there are no effective ways to prevent being the victim of a
DoS or DDoS attack, but there are steps you can take to reduce the
likelihood that an attacker will use your computer to attack other
computers:
* Install and maintain anti-virus software (see Understanding Anti-Virus
Software for more information).
* Install a firewall, and configure it to restrict traffic coming into and
leaving your computer (see Understanding Firewalls for more
information).
* Follow good security practices for distributing your email address (see
Reducing Spam for more information). Applying email filters may help you
manage unwanted traffic.
How do you know if an attack is happening?
Not all disruptions to service are the result of a denial-of-service attack.
There may be technical problems with a particular network, or system
administrators may be performing maintenance. However, the following
symptoms could indicate a DoS or DDoS attack:
* unusually slow network performance (opening files or accessing websites)
* unavailability of a particular website
* inability to access any website
* dramatic increase in the amount of spam you receive in your account
What do you do if you think you are experiencing an attack?
Even if you do correctly identify a DoS or DDoS attack, it is unlikely that
you will be able to determine the actual target or source of the attack.
Contact the appropriate technical professionals for assistance.
* If you notice that you cannot access your own files or reach any
external websites from your work computer, contact your network
administrators. This may indicate that your computer or your
organization’s network is being attacked.
* If you are having a similar experience on your home computer, consider
contacting your internet service provider (ISP). If there is a problem,
the ISP might be able to advise you of an appropriate course of action.
_________________________________________________________________
Author: Mindi McDowell
Adobe Releases Update for Shockwave Player
by IDF Agent on Nov.04, 2009, under Uncategorized
Adobe has released Shockwave Player 11.5.2.602 to address multiple
vulnerabilities. Exploitation of these vulnerabilities may allow an
attacker to run malicious code on the user’s machine.
We encourage users and administrators to review Adobe security
bulletin APSB09-16 and update to Shockwave Player 11.5.2.602 to help
mitigate the risks.
Relevant Url(s):
<http://www.adobe.com/support/security/bulletins/apsb09-16.html>