netVigilance ScoutNews December 26 2008

2008 Issue #52

ScoutNews
The weekly Security update from
the makers of SecureScout
December 26, 2008

Table of Contents

Product Focus

This Week in Review

Top Security News Stories this Week

New Vulnerabilities Tested in SecureScout

New Vulnerabilities found this Week

Product Focus

Task Scheduler Vulnerability Scanner - The S4 Task Scheduler Vulnerability Scanner is a free utility made by SecureScout that will scan up to 256 IP addresses at once to assess if any are vulnerable to the Task Scheduler flaw (MS04-022).

Download Here:
http://www.netvigilance.com/productdownloads?productname=taskschedulervulnerabilityscanner

This Week in Review

Beware when you decide on layoffs. Argument: High usability equals low security. Nokia sells profitable security business. A look at security when funds are tight.

Enjoy reading & Stay safe.

Call or email netVigilance to get an update on SecureScout.
(503) 524 5758 or sales@netVigilance.com

Top Security News Stories this Week

• Security Manager\'s Journal: Massive layoff is a security issue

December 22, 2008 (Computerworld) It's been a rough week. Today, my company announced a 15% cut in its workforce, or about 1,000 employees.

My first task was to identify any layoff candidates who represented single points of failure, meaning they were the only employees who could perform a particular critical job function. Single points of failure, human or otherwise, are a bad idea. But it happens, and it's better to recognize them in advance than to realize your mistake after they've left the company.

Trouble Ticket Issue: A 15% reduction in the company's workforce means access to systems must be secured appropriately.

Computerworld

Full Story :
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=331151&source=rss_topic17

• Small laptops pose a big security threat

December 22, 2008 (Computerworld) They're highly portable, inexpensive, very popular -- and a potential security nightmare. Running against the trend of mobile computers featuring progressively larger processors, memory, storage, screens and price tags, ultraportable laptops promise to streamline and simplify their users' lives. Easy to carry, capable of running only a handful of modest applications and affordably priced, ultraportables have emerged over the past year or so to become one of the hottest mobile computing trends.

"It's a technology with great appeal to many people," observes Gabriel Vitus, IT director at the Certified General Accountants' Association of Canada, a trade organization in Vancouver, British Columbia.

"This is a threat that IT managers are just beginning to recognize," says Brian Wolfe, a security analyst at Lazarus Technologies Inc., an IT consulting service in Itasca, Ill.

Computerworld

Full Story :
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=330656&source=rss_topic17

• Nokia offloads security business to Check Point

December 23, 2008 (Techworld.com) Nokia has finally found a buyer for its profitable security appliance business. From the first quarter of 2009, the division will belong to partner Check Point, the companies have announced.

The sell-off is not a surprise, even if Check Point's interest hardened late in the day. Nokia's line of remote access and firewall security hardware was built around the Israeli company's software at its core and is considered to have a good reputation. The deal gives Check Point much needed market share.

"This business fits naturally with Check Point, and the combination will provide a great path forward for the thousands of customers who depend on Nokia security solutions today."

Computerworld

Full Story :
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9124280&source=rss_topic17

• What can you afford NOT to do on IT security?

December 22, 2008 (Computerworld) With the ailing economy putting a crimp in IT budgets, information security managers -- like just about everyone else in the tech world -- are feeling pressure to keep their costs in line.

"It's imperative to squeeze every penny of value out of everything you do," said Jim Kirby, senior network engineer at DataWare Services, an IT services firm in Sioux Falls, S.D. This is a good time to stop working on "marginal" projects and redirect resources to security capabilities that are absolutely necessary, Kirby said.

And Fenwick & West is taking some steps to cut costs. The firm is deferring an earlier plan to hire a full-time networking and security expert because of the recession, Kesner said. It is also looking for opportunities to use open-source alternatives to some of its security tools.

Computerworld

Full Story :
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=331453&source=rss_topic17

New Vulnerabilities Tested in SecureScout

• 18217 Oracle Application Server - Oracle Reports Developer component unspecified Vulnerability (oct-2008/CVE-2008-2619)

An unspecified vulnerability with unknown impact exists in Oracle Application Server "Oracle Reports Developer" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Low

References:

* CONFIRM:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html
* FRSIRT: ADV-2008-2825
http://www.frsirt.com/english/advisories/2008/2825
* SECTRACK: 1021054
http://www.securitytracker.com/id?1021054
* SECTRACK: 1021057
http://www.securitytracker.com/id?1021057
* SECUNIA: 32291
http://secunia.com/advisories/32291

CVE Reference:

CVE-2008-2619 (cve.mitre.org, nvd.nist.gov)

• 18218 Oracle Application Server - Oracle JDeveloper component unspecified Vulnerability (oct-2008/CVE-2008-2588)

An unspecified vulnerability with unknown impact exists in Oracle Application Server "Oracle JDeveloper" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Low

References:

* CONFIRM:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html
* FRSIRT: ADV-2008-2825
http://www.frsirt.com/english/advisories/2008/2825
* SECTRACK: 1021054
http://www.securitytracker.com/id?1021054
* SECUNIA: 32291
http://secunia.com/advisories/32291
* XF: oracle-jdeveloper-info-disclosure(45877)
http://xforce.iss.net/xforce/xfdb/45877

CVE Reference:

CVE-2008-2588 (cve.mitre.org, nvd.nist.gov)

• 18219 Oracle Application Server - Oracle Discoverer Administrator component unspecified Vulnerability (oct-2008/CVE-2008-3986)

An unspecified vulnerability with unknown impact exists in Oracle Application Server "Oracle Discoverer Administrator" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Low

References:

* CONFIRM:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html
* FRSIRT: ADV-2008-2825
http://www.frsirt.com/english/advisories/2008/2825
* SECTRACK: 1021054
http://www.securitytracker.com/id?1021054
* SECUNIA: 32291
http://secunia.com/advisories/32291
* XF: oracle-appserver-discadmin-info-disclosure(45889)
http://xforce.iss.net/xforce/xfdb/45889

CVE Reference:

CVE-2008-3986 (cve.mitre.org, nvd.nist.gov)

• 18220 Oracle Application Server - Oracle Discoverer Desktop component unspecified Vulnerability (oct-2008/CVE-2008-3987)

An unspecified vulnerability with unknown impact exists in Oracle Application Server "Oracle Discoverer Desktop" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Low

References:

* CONFIRM:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html
* FRSIRT: ADV-2008-2825
http://www.frsirt.com/english/advisories/2008/2825
* SECTRACK: 1021054
http://www.securitytracker.com/id?1021054
* SECUNIA: 32291
http://secunia.com/advisories/32291
* XF: oracle-appserver-discdesk-info-disclosure(45890)
http://xforce.iss.net/xforce/xfdb/45890

CVE Reference:

CVE-2008-3987 (cve.mitre.org, nvd.nist.gov)

• 18221 Malformed SNMP Message-Handling Vulnerabilities (cisco-sa-20020212-snmp-msgs)

Cisco products contain multiple vulnerabilities in handling of SNMP requests and traps. A general report for multiple vendors was initially published on February 12 (Bugtraq IDs 4088 and 4089), however more information is now available and a separate Bugtraq ID has been allocated for the Cisco IOS vulnerabilities.
It is reportedly possible for a remote attacker to create a denial of service by transmitting malformed SNMP packet to a device running a vulnerable version of IOS. The affected device may reset, or (under rare circumstances) require a manual reset to regain functionality.
The nature of these denial of service conditions is not known. They may be due to exploitable buffer overflow conditions.

Test Case Impact: Gather Info Vulnerability Impact: DoS Risk: High

References:

CVE Reference:

CVE-2002-0013 (cve.mitre.org, nvd.nist.gov)
CVE-2002-0012 (cve.mitre.org, nvd.nist.gov)

• 18222 Cisco IOS Software SNMP Read-Write ILMI Community String Vulnerability (cisco-sa-20010227-ios-snmp-ilmi)

Cisco IOS Software releases based on versions 11.x and 12.0 contain a defect that allows a limited number of SNMP objects to be viewed and modified without authorization using a undocumented ILMI community string. Some of the modifiable objects are confined to the MIB-II system group, such as "sysContact", "sysLocation", and "sysName", that do not affect the device's normal operation but that may cause confusion if modified unexpectedly. The remaining objects are contained in the LAN-EMULATION-CLIENT and PNNI MIBs, and modification of those objects may affect ATM configuration. An affected device might be vulnerable to a denial-of-service attack if it is not protected against unauthorized use of the ILMI community string.

Test Case Impact: Gather Info Vulnerability Impact: DoS / Attack Risk: High

References:

* CISCO: 20010207 Cisco IOS Software SNMP Read-Write ILMI Community String Vulnerability
http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml
* XF: cisco-ios-modify-snmp(6169)
http://xforce.iss.net/xforce/xfdb/6169
* BUGTRAQ:
http://archives.neohapsis.com/archives/bugtraq/2001-03/0364.html
* CIAC:
http://www.ciac.org/ciac/bulletins/l-052.shtml
* BID:
http://www.securityfocus.com/bid/2427
* CERT:
http://www.kb.cert.org/vuls/id/976280

CVE Reference:

CVE-2001-0711 (cve.mitre.org, nvd.nist.gov)

• 18223 Apache mod_negotiation CRLF injection Vulnerability

CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a "406 Not Acceptable" or "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.

The issue is fixed in versions 1.3.40, 2.0.62, and 2.2.7.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

* BUGTRAQ: 20080122 Apache mod_negotiation Xss and Http Response Splitting
http://www.securityfocus.com/archive/1/archive/1/486847/100/0/threaded
* MISC:
http://www.mindedsecurity.com/MSA01150108.html
* GENTOO: GLSA-200803-19
http://security.gentoo.org/glsa/glsa-200803-19.xml
* BID: 27409
http://www.securityfocus.com/bid/27409
* SECTRACK: 1019256
http://securitytracker.com/id?1019256
* SECUNIA: 29348
http://secunia.com/advisories/29348
* SREASON: 3575
http://securityreason.com/securityalert/3575
* XF: apache-modnegotiation-response-splitting(39893)
http://xforce.iss.net/xforce/xfdb/39893

CVE Reference:

CVE-2008-0456 (cve.mitre.org, nvd.nist.gov)

• 18224 Apache mod_negotiation Cross-site scripting (XSS) Vulnerability

Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a "406 Not Acceptable" or "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.

The issue is fixed in versions 1.3.40, 2.0.62, and 2.2.7.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

CVE Reference:

CVE-2008-0455 (cve.mitre.org, nvd.nist.gov)

• 18225 Apache mod_ssl access control Vulnerability

mod_ssl in Apache 2.0 up to 2.0.55, and 2.2 up to 2.2.1 when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

The issue is fixed in versions 2.0.58, and 2.2.2.

Test Case Impact: Gather Info Vulnerability Impact: DoS / Crash Risk: Medium

References:

CVE Reference:

CVE-2005-3357 (cve.mitre.org, nvd.nist.gov)

• 18237 Excel File Format Parsing Vulnerability (CVE-2008-4265) (MS08-074/959070) (Remote File Checking)

A remote code execution vulnerability exists in Microsoft Office Excel as a result of memory corruption when loading Excel records. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: High

References:

* MS: MS08-074
http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx
* FRSIRT: Microsoft Office Excel Multiple Code Execution Vulnerabilities (MS08-074)
http://www.vupen.com/english/Reference-CVE-2008-4266.php
* SECUNIA: 31593
http://secunia.com/advisories/31593/
* SECTRACK: 1021368
http://securitytracker.com/alerts/2008/Dec/1021368.html
* BID: 32618
http://www.securityfocus.com/bid/32618

CVE Reference:

CVE-2008-4265 (cve.mitre.org, nvd.nist.gov)

New Vulnerabilities found this Week

• CVE-2008-5557 PHP CVSS 2.0 Score = 10.0

Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.

Test Case Impact: Vulnerability Impact: Risk: High

References:

CERT: http://www.us-cert.gov/cas/techalerts/TA09-133A.html

FEDORA: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

FEDORA: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

XF: http://xforce.iss.net/xforce/xfdb/47525

VUPEN: http://www.vupen.com/english/advisories/2009/1297

BID: http://www.securityfocus.com/bid/32948

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/501376/100/0/threaded

REDHAT: http://www.redhat.com/support/errata/RHSA-2009-0350.html

CONFIRM: http://www.php.net/ChangeLog-5.php#5.2.7

MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2009:045

DEBIAN: http://www.debian.org/security/2009/dsa-1789

CONFIRM: http://wiki.rpath.com/Advisories:rPSA-2009-0035

CONFIRM: http://support.apple.com/kb/HT3549

SECTRACK: http://securitytracker.com/id?1021482

SECUNIA: http://secunia.com/advisories/35650

SECUNIA: http://secunia.com/advisories/35306

SECUNIA: http://secunia.com/advisories/35074

SECUNIA: http://secunia.com/advisories/35003

SECUNIA: http://secunia.com/advisories/34642

HP: http://marc.info/?l=bugtraq&m=124654546101607&w=2

HP: http://marc.info/?l=bugtraq&m=124654546101607&w=2

SUSE: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

SUSE: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

APPLE: http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

CONFIRM: http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c?r1=1.7&r2=1.8

CONFIRM: http://bugs.php.net/bug.php?id=45722

FULLDISC: http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html

CVE Reference: CVE-2008-5557

• CVE-2008-5498 PHP CVSS 2.0 Score = 5.0

Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.

Test Case Impact: Vulnerability Impact: Risk: Medium

References:

FEDORA: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

FEDORA: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

XF: http://xforce.iss.net/xforce/xfdb/47635

BID: http://www.securityfocus.com/bid/33002

REDHAT: http://www.redhat.com/support/errata/RHSA-2009-0350.html

CONFIRM: http://www.php.net/releases/5_2_9.php

MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2009:023

MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2009:022

MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2009:021

SECTRACK: http://securitytracker.com/id?1021494

SECUNIA: http://secunia.com/advisories/35650

SECUNIA: http://secunia.com/advisories/35306

SECUNIA: http://secunia.com/advisories/34642

OSVDB: http://osvdb.org/51031

HP: http://marc.info/?l=bugtraq&m=124654546101607&w=2

HP: http://marc.info/?l=bugtraq&m=124654546101607&w=2

SUSE: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

MISC: http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php

MISC: http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php

CONFIRM: http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361&diff_format=u

CVE Reference: CVE-2008-5498

• CVE-2008-5702 Linux CVSS 2.0 Score = 7.2

Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.

Test Case Impact: Vulnerability Impact: Risk: High

References:

XF: http://xforce.iss.net/xforce/xfdb/47667

UBUNTU: http://www.ubuntulinux.org/support/documentation/usn/usn-714-1

UBUNTU: http://www.ubuntu.com/usn/usn-715-1

REDHAT: http://www.redhat.com/support/errata/RHSA-2009-0014.html

CONFIRM: http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1

DEBIAN: http://www.debian.org/security/2009/dsa-1794

DEBIAN: http://www.debian.org/security/2009/dsa-1787

SECUNIA: http://secunia.com/advisories/35390

SECUNIA: http://secunia.com/advisories/35011

SECUNIA: http://secunia.com/advisories/34981

SECUNIA: http://secunia.com/advisories/33756

SECUNIA: http://secunia.com/advisories/33706

SECUNIA: http://secunia.com/advisories/33556

MLIST: http://openwall.com/lists/oss-security/2008/12/17/9

MLIST: http://openwall.com/lists/oss-security/2008/12/17/6

MLIST: http://openwall.com/lists/oss-security/2008/12/17/20

MLIST: http://openwall.com/lists/oss-security/2008/12/10/2

MLIST: http://lkml.org/lkml/2008/10/5/173

SUSE: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html

SUSE: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html

CONFIRM: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=7c2500f17d65092d93345f3996cf82ebca17e9ff

CONFIRM: http://bugzilla.kernel.org/show_bug.cgi?id=11399

CVE Reference: CVE-2008-5702

• CVE-2008-5715 Mozilla CVSS 2.0 Score = 5.0

Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash).

Test Case Impact: Vulnerability Impact: Risk: Medium

References:

XF: http://xforce.iss.net/xforce/xfdb/47572

BID: http://www.securityfocus.com/bid/32988

MILW0RM: http://www.milw0rm.com/exploits/7554

SREASON: http://securityreason.com/securityalert/4807

OSVDB: http://osvdb.org/51032

CVE Reference: CVE-2008-5715

• CVE-2008-5713 Linux CVSS 2.0 Score = 4.9

The __qdisc_run function in net/sched/sch_generic.c in the Linux kernel before 2.6.25 on SMP machines allows local users to cause a denial of service (soft lockup) by sending a large amount of network traffic, as demonstrated by multiple simultaneous invocations of the Netperf benchmark application in UDP_STREAM mode.

Test Case Impact: Vulnerability Impact: Risk: Medium

References:

CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=477744

UBUNTU: http://www.ubuntulinux.org/support/documentation/usn/usn-714-1

BID: http://www.securityfocus.com/bid/32985

DEBIAN: http://www.debian.org/security/2009/dsa-1794

SECUNIA: http://secunia.com/advisories/35011

SECUNIA: http://secunia.com/advisories/33858

SECUNIA: http://secunia.com/advisories/33706

REDHAT: http://rhn.redhat.com/errata/RHSA-2009-0264.html

MLIST: http://openwall.com/lists/oss-security/2008/12/23/1

CONFIRM: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25

CONFIRM: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=2ba2506ca7ca62c56edaa334b0fe61eb5eab6ab0

CVE Reference: CVE-2008-5713

• CVE-2008-5701 Linux CVSS 2.0 Score = 4.7

Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service (system crash) via an o32 syscall with a small syscall number, which leads to an attempted read operation outside the bounds of the syscall table.

Test Case Impact: Vulnerability Impact: Risk: Medium

References:

XF: http://xforce.iss.net/xforce/xfdb/47190

BID: http://www.securityfocus.com/bid/32716

CONFIRM: http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc8

DEBIAN: http://www.debian.org/security/2009/dsa-1794

DEBIAN: http://www.debian.org/security/2009/dsa-1787

SECUNIA: http://secunia.com/advisories/35011

SECUNIA: http://secunia.com/advisories/34981

SECUNIA: http://secunia.com/advisories/33078

MLIST: http://openwall.com/lists/oss-security/2008/12/09/1

CONFIRM: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=e807f9574e37a3f202e677feaaad1b7c5d2c0db8

CVE Reference: CVE-2008-5701

• CVE-2008-5699 Sun CVSS 2.0 Score = 4.6

The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors.

Test Case Impact: Vulnerability Impact: Risk: Medium

References:

BID: http://www.securityfocus.com/bid/32921

SUNALERT: http://sunsolve.sun.com/search/document.do?assetkey=1-26-242006-1

SECTRACK: http://securitytracker.com/id?1021477

SECUNIA: http://secunia.com/advisories/33218

OSVDB: http://osvdb.org/50934

CVE Reference: CVE-2008-5699

• CVE-2008-5731 PGP CVSS 2.0 Score = 4.9

The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request that overwrites portions of memory, related to a "Driver Collapse." NOTE: some of these details are obtained from third party information.

Test Case Impact: Vulnerability Impact: Risk: Medium

References:

SECTRACK: http://www.securitytracker.com/id?1021493

BID: http://www.securityfocus.com/bid/32991

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/499572/100/0/threaded

MILW0RM: http://www.milw0rm.com/exploits/7556

MISC: http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php

MISC: http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service.php

SREASON: http://securityreason.com/securityalert/4811

SECUNIA: http://secunia.com/advisories/33310

OSVDB: http://osvdb.org/50914

CVE Reference: CVE-2008-5731

Vulnerability Resource
Check out this compendium of links and up-to-the minute information about network security issues. Their claim to be the 'security portal for information system security professionals' is well founded. http://www.infosyssec.org/infosyssec/

Thank You
Thanks for sifting through another great edition of the ScoutNews. We hope we captured a flavor for the week and gave you just enough information on newly found vulnerabilities to keep you up-to-date. To subscribe or unsubscribe, contact us at ScoutNews@netVigilance.com

About SecureScout
SecureScout is a leading vulnerability scanner and management tool developed and marketed worldwide by NexantiS Corporation.
SecureScout is a trademark of NexantiS Corporation.
netVigilance, Inc. is a partner of NexantiS and an authorized distributor of SecureScout.

For any inquiry about SecureScout by:
Customers in America and Northern Europe contact us at info@netVigilance.com
Customers in France, Italy, Spain, Portugal, Greece, Turkey, Eastern Europe, Middle East, Africa and Asia/Pacific, contact NexantiS at info-scanner@securescout.net