netVigilance ScoutNews December 05 2008

2008 Issue #49

ScoutNews
The weekly Security update from
the makers of SecureScout
December 05, 2008

Table of Contents

Product Focus

This Week in Review

Top Security News Stories this Week

New Vulnerabilities Tested in SecureScout

New Vulnerabilities found this Week

Product Focus

Sapphire Worm Scanner - The S4 Sapphire Worm Scanner is a free utility made by SecureScout that will scan up to 256 IP addresses at once to assess if any are vulnerable to the Microsoft SQL buffer overflow vulnerability (MS02-039/MS02-061) that the recent Sapphire Worm uses to propagate.

Download Here:
http://www.netvigilance.com/productdownloads?productname=sapphirewormscanner

This Week in Review

A look at 2008 and cyber crime. SC World Congress to look at best practices. Experts urge Obama to look at cyber security. What does data protection protect?

Enjoy reading & Stay safe.

Call or email netVigilance to get an update on SecureScout.
(503) 524 5758 or sales@netVigilance.com

Top Security News Stories this Week

• 2008: A year of cybercriminal innovation

With the emergence of new attack techniques and the reinvention of old ones, 2008 has been a year of cybercriminal innovation.

That's the word according to the "MessageLabs Intelligence: 2008 Annual Security Report," released by Symantec on Thursday.

Among the findings: Malware distribution via social networking sites became more widespread and cybercriminals developed more sophisticated botnets, new ways to launch spam and launched more targeted enterprise attacks.

SC Magazine

Full Story :
http://www.scmagazineus.com/2008-A-year-of-cybercriminal-innovation/article/122014/

• Best practices for companies that have suffered a breach offered at SC World Congress

What happens after a company suffers a data breach? There are strategies to take to lessen the damage, and to soothe customers whose personal information may now be at risk. And to stay out of the newspapers.

At next week's SC World Congress, experts will be on hand to offer techniques, strategies and procedures companies that have suffered a breach can take to lessen or minimize the damage.

Sometimes, it's not even clear when a company has been put in jeopardy.

SC Magazine

Full Story :
http://www.scmagazineus.com/Best-practices-for-companies-that-have-suffered-a-breach-offered-at-SC-World-Congress/article/122010/

• 5 must-do cybersecurity steps for Obama

December 3, 2008 (CSO) As President-Elect Barack Obama looks for ways to deal with a shattered economy and an ongoing war on terrorism, security experts are urging him to pay attention to something that has a big impact on both: The nation's growing -- and fragile -- cyberinfrastructure.

Meanwhile, retailers increasingly dependent on the Web for commerce have launched online transaction portals that rely on Web applications that are easily targeted by digital miscreants. Many of those features are increasingly accessible via popular social networking sites like Facebook.

With that in mind, CSOonline has compiled a five-point list of areas Obama should focus on, based on feedback from security pros.

Computerworld

Full Story :
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9122481&source=rss_topic17

• Opinion: Is there a hidden cost to data protection?

December 2, 2008 (Network World) Companies today realize the threats and consequences of data loss and by now most have some sort of data protection in place. But, many companies that were rushed into data protection by the fear of losing precious data may have been too quick to throw together a patchwork quilt of security software, which is now proving costly.

Now that technologies are in place, companies are faced with ongoing auditing and the need to prove to auditors that 1) they did enough to protect themselves and 2) they chose the right paths of protection. In fact, despite implementing a slew of security solutions, companies are finding that they may have not done much to actually lower their risk because they didn't actually understand what data needed to be protected in the first place. Furthermore, the mishmash of security solutions is impossible to manage and have greatly increased costs.

Computerworld

Full Story :
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9122102&source=rss_topic17

New Vulnerabilities Tested in SecureScout

• 11029 Cisco IOS EIGRP Network Denial of Service Vulnerability

EIGRP is an extension protocol of IGRP, a routing protocol used to propagate routing information in internal network environments.

The EIGRP implementation in all versions of IOS is vulnerable to a denial of service if it receives a flood of neighbor announcements.

The issue affects Cisco devices running Cisco Internetwork Operating System Software (IOS) versions 11.3, 12.0(19), 12.1, and 12.2.

Test Case Impact: Gather Info Vulnerability Impact: DoS Risk: High

References:

* BUGTRAQ: 20021219 Cisco IOS EIGRP Network DoS
http://www.securityfocus.com/archive/1/304034
* BUGTRAQ: 20021219 Re: Cisco IOS EIGRP Network DoS
http://www.securityfocus.com/archive/1/304044
* CISCO: 20021220 Cisco's Response to the EIGRP Issue
http://www.cisco.com/en/US/tech/tk365/technologies_security_notice09186a008011c5e1.html
* FULLDISC: 20051219 Unauthenticated EIGRP DoS
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040330.html
* FULLDISC: 20051220 RE: Authenticated EIGRP DoS / Information leak
http://marc.theaimsgroup.com/?l=full-disclosure&m=113504451523186&w=2
* BUGTRAQ: 20051220 Re: Unauthenticated EIGRP DoS
http://www.securityfocus.com/archive/1/archive/1/419898/100/0/threaded
* CONFIRM:
http://www.cisco.com/warp/public/707/eigrp_issue.pdf
* BID: 6443
http://www.securityfocus.com/bid/6443
* OSVDB: 18055
http://www.osvdb.org/18055
* SECTRACK: 1005840
http://securitytracker.com/id?1005840
* SECUNIA: 7766
http://secunia.com/advisories/7766
* XF: cisco-ios-eigrp-dos(10903)
http://xforce.iss.net/xforce/xfdb/10903

CVE Reference:

CVE-2002-2208 (cve.mitre.org, nvd.nist.gov)

• 12131 Cisco Security Advisory: Vulnerability in Cisco IOS Embedded Call Processing Solutions (cisco-sa-20050119-itscme)

ITS, CME and SRST are features that allow a Cisco device running IOS to control IP Phones using the Skinny Call Control Protocol (SCCP). SCCP is the Cisco CallManager native signaling protocol.

Certain malformed packets sent to the SCCP port on an IOS device configured for ITS, CME or SRST may cause the target device to reload.

Successful exploitation of the vulnerability may result in a device reload. Repeated exploitation could result in a Denial of Service (DoS) attack.

Test Case Impact: Gather Info Vulnerability Impact: DoS / Attack Risk: Medium

References:

* BID: 12307
http://www.securityfocus.com/bid/12307
* CISCO: 20050119 Vulnerability in Cisco IOS Embedded Call Processing Solutions
http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml
* SECTRACK: 1012945
http://securitytracker.com/id?1012945
* SECUNIA: 13913
http://secunia.com/advisories/13913
* XF: cisco-ios-sccp-dos(18956)
http://xforce.iss.net/xforce/xfdb/18956

CVE Reference:

CVE-2005-0186 (cve.mitre.org, nvd.nist.gov)

• 12132 Cisco IOS Response to AAA Command Authorization by-pass (cisco-sr-20060125-aaatcl)

A vulnerability exists within Cisco Internetwork Operating System (IOS) Authentication, Authorization, and Accounting (AAA) command authorization feature, where command authorization checks are not performed on commands executed from the Tool Command Language (Tcl) exec shell. This may allow authenticated users to bypass command authorization checks in some configurations resulting in unauthorized privilege escalation.

Devices not running AAA command authorization feature, or do not support Tcl functionality are not affected by this vulnerability.

Devices impacted by this vulnerability, will allow users to execute any IOS EXEC command at the users authenticated privilege level from within the Tcl shell mode.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

* CISCO: 20060125 Response to AAA Command Authorization by-pass
http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml
* BID: 16383
http://www.securityfocus.com/bid/16383
* FRSIRT: ADV-2006-0337
http://www.frsirt.com/english/advisories/2006/0337
* OSVDB: 34892
http://www.osvdb.org/34892
* SECTRACK: 1015543
http://securitytracker.com/id?1015543
* SECUNIA: 18613
http://secunia.com/advisories/18613
* XF: cisco-aaa-tcl-auth-bypass(24308)
http://xforce.iss.net/xforce/xfdb/24308
* OSVDB: 22723
http://www.osvdb.org/22723

CVE Reference:

CVE-2006-0485 (cve.mitre.org, nvd.nist.gov)
CVE-2006-0486 (cve.mitre.org, nvd.nist.gov)

• 13668 Oracle Database Server - Oracle Data Mining component unspecified Vulnerability (oct-2008/CVE-2008-3989)

An unspecified vulnerability with unknown impact exists in Oracle Database Server "Oracle Data Mining" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

* CONFIRM:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html
* FRSIRT: ADV-2008-2825
http://www.frsirt.com/english/advisories/2008/2825
* SECTRACK: 1021050
http://www.securitytracker.com/id?1021050
* SECUNIA: 32291
http://secunia.com/advisories/32291

CVE Reference:

CVE-2008-3989 (cve.mitre.org, nvd.nist.gov)

• 13669 Oracle Database Server - Oracle OLAP component unspecified Vulnerability (oct-2008/CVE-2008-2624)

An unspecified vulnerability with unknown impact exists in Oracle Database Server "Oracle OLAP" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

CVE Reference:

CVE-2008-2624 (cve.mitre.org, nvd.nist.gov)

• 13670 Oracle Database Server - Change Data Capture component unspecified Vulnerability (oct-2008/CVE-2008-3995)

An unspecified vulnerability with unknown impact exists in Oracle Database Server "Change Data Capture" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

CVE Reference:

CVE-2008-3995 (cve.mitre.org, nvd.nist.gov)

• 13671 Oracle Database Server - Change Data Capture component unspecified Vulnerability (oct-2008/CVE-2008-3996)

An unspecified vulnerability with unknown impact exists in Oracle Database Server "Change Data Capture" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

CVE Reference:

CVE-2008-3996 (cve.mitre.org, nvd.nist.gov)

• 13672 Oracle Database Server - Oracle Data Mining component unspecified Vulnerability (oct-2008/CVE-2008-3992)

An unspecified vulnerability with unknown impact exists in Oracle Database Server "Oracle Data Mining" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

CVE Reference:

CVE-2008-3992 (cve.mitre.org, nvd.nist.gov)

• 13673 Oracle Database Server - Oracle Spatial component unspecified Vulnerability (oct-2008/CVE-2008-3976)

An unspecified vulnerability with unknown impact exists in Oracle Database Server "Oracle Spatial" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

CVE Reference:

CVE-2008-3976 (cve.mitre.org, nvd.nist.gov)

• 13674 Oracle Database Server - Workspace Manager component unspecified Vulnerability (oct-2008/CVE-2008-3982)

An unspecified vulnerability with unknown impact exists in Oracle Database Server "Workspace Manager" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

CVE Reference:

CVE-2008-3982 (cve.mitre.org, nvd.nist.gov)

New Vulnerabilities found this Week

• CVE-2008-4416 HP CVSS 2.0 Score = 4.6

Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.

Test Case Impact: Vulnerability Impact: Risk: Medium

References:

XF: http://xforce.iss.net/xforce/xfdb/47012

BID: http://www.securityfocus.com/bid/32601

VUPEN: http://www.frsirt.com/english/advisories/2008/3331

SECTRACK: http://securitytracker.com/id?1021297

SREASON: http://securityreason.com/securityalert/4686

SECUNIA: http://secunia.com/advisories/32969

OVAL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6077

OSVDB: http://osvdb.org/50409

HP: http://marc.info/?l=bugtraq&m=122832651727633&w=2

CVE Reference: CVE-2008-4416

• CVE-2008-5329 IBM CVSS 2.0 Score = 7.5

ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file.

Test Case Impact: Vulnerability Impact: Risk: High

References:

XF: http://xforce.iss.net/xforce/xfdb/46993

AIXAPAR: http://www-01.ibm.com/support/docview.wss?uid=swg1PK38745

SECUNIA: http://secunia.com/advisories/32847

CVE Reference: CVE-2008-5329

• CVE-2008-5327 IBM CVSS 2.0 Score = 6.5

The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree.

Test Case Impact: Vulnerability Impact: Risk: Medium

References:

XF: http://xforce.iss.net/xforce/xfdb/46995

AIXAPAR: http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908

SECUNIA: http://secunia.com/advisories/32847

CVE Reference: CVE-2008-5327

• CVE-2008-5328 IBM CVSS 2.0 Score = 4.6

The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process.

Test Case Impact: Vulnerability Impact: Risk: Medium

References:

XF: http://xforce.iss.net/xforce/xfdb/46995

AIXAPAR: http://www-01.ibm.com/support/docview.wss?uid=swg1PK65908

SECUNIA: http://secunia.com/advisories/32847

CVE Reference: CVE-2008-5328

• CVE-2008-5340 Sun CVSS 2.0 Score = 10.0

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081.

Test Case Impact: Vulnerability Impact: Risk: High

References:

CVE Reference: CVE-2008-5340

• CVE-2008-5353 Sun CVSS 2.0 Score = 10.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".

Test Case Impact: Vulnerability Impact: Risk: High

References:

CVE Reference: CVE-2008-5353

• CVE-2008-5355 Sun CVSS 2.0 Score = 10.0

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.

Test Case Impact: Vulnerability Impact: Risk: High

References:

CERT: http://www.us-cert.gov/cas/techalerts/TA08-340A.html

SUNALERT: http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1

CONFIRM: http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

VUPEN: http://www.frsirt.com/english/advisories/2008/3339

CONFIRM: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

CVE Reference: CVE-2008-5355

• CVE-2008-2086 Sun CVSS 2.0 Score = 9.3

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892.

Test Case Impact: Vulnerability Impact: Risk: High

References:

CVE Reference: CVE-2008-2086

Vulnerability Resource
Check out this compendium of links and up-to-the minute information about network security issues. Their claim to be the 'security portal for information system security professionals' is well founded. http://www.infosyssec.org/infosyssec/

Thank You
Thanks for sifting through another great edition of the ScoutNews. We hope we captured a flavor for the week and gave you just enough information on newly found vulnerabilities to keep you up-to-date. To subscribe or unsubscribe, contact us at ScoutNews@netVigilance.com

About SecureScout
SecureScout is a leading vulnerability scanner and management tool developed and marketed worldwide by NexantiS Corporation.
SecureScout is a trademark of NexantiS Corporation.
netVigilance, Inc. is a partner of NexantiS and an authorized distributor of SecureScout.

For any inquiry about SecureScout by:
Customers in America and Northern Europe contact us at info@netVigilance.com
Customers in France, Italy, Spain, Portugal, Greece, Turkey, Eastern Europe, Middle East, Africa and Asia/Pacific, contact NexantiS at info-scanner@securescout.net