2008 Issue #43
ScoutNews
The weekly Security update from
the makers of SecureScout
October 24, 2008
2008 Issue #43 | ScoutNews |
Table of Contents
Product Focus |
ASN.1 Vulnerability Scanner - The S4 ASN.1 Vulnerability Scanner is a free utility made by SecureScout that will scan up to 256 IP addresses at once to assess if any are vulnerable to the MS04-007 that could allow remote code execution.
Download Here:
http://www.netvigilance.com/productdownloads?productname=asn.1vulnerabilityscanner
This Week in Review
Mobile malware is coming. Beware when surfing for costumes.ID theft prevention plan to be required. Microsoft releases emergency patch.
SecureScout emergency packages will be released over the weekend.
Enjoy reading & Stay safe.
Call or email netVigilance to get an update on SecureScout.
(503) 524 5758 or sales@netVigilance.com
New Vulnerabilities found this Week
• CVE-2008-4250 Microsoft CVSS 2.0 Score = 10.0
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
Test Case Impact: Vulnerability Impact: Risk: High
References:
CERT: http://www.us-cert.gov/cas/techalerts/TA09-088A.html
CERT: http://www.us-cert.gov/cas/techalerts/TA08-297A.html
CERT-VN: http://www.kb.cert.org/vuls/id/827267
MS: http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
SECUNIA: http://secunia.com/advisories/32326
XF: http://xforce.iss.net/xforce/xfdb/46040
SECTRACK: http://www.securitytracker.com/id?1021091
BID: http://www.securityfocus.com/bid/31874
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/497816/100/0/threaded
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/497808/100/0/threaded
MILW0RM: http://www.milw0rm.com/exploits/7132
MILW0RM: http://www.milw0rm.com/exploits/7104
MILW0RM: http://www.milw0rm.com/exploits/6841
MILW0RM: http://www.milw0rm.com/exploits/6824
VUPEN: http://www.frsirt.com/english/advisories/2008/2902
OVAL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6093
MISC: http://blogs.securiteam.com/index.php/archives/1150
CVE Reference: CVE-2008-4250
• CVE-2008-4699 Microsoft CVSS 2.0 Score = 9.3
Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method.
Test Case Impact: Vulnerability Impact: Risk: High
References:
XF: http://xforce.iss.net/xforce/xfdb/45009
SECTRACK: http://www.securitytracker.com/id?1020842
BID: http://www.securityfocus.com/bid/31096
MILW0RM: http://www.milw0rm.com/exploits/6414
SREASON: http://securityreason.com/securityalert/4471
MISC: http://jbrownsec.blogspot.com/2008/09/peachtree-accounting-is-not-safe.html
CVE Reference: CVE-2008-4699
• CVE-2008-4609 Microsoft CVSS 2.0 Score = 7.1
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.Please see also:
http://blog.robertlee.name/2008/10/more-detailed-response-to-gordons-post.html
and
http://www.curbrisk.com/security-blog/robert-e-lee-discusses-tcp-denial-service-vulnerability-sc-magazine.html
Test Case Impact: Vulnerability Impact: Risk: High
References:
MISC: https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html
MISC: http://www.outpost24.com/news/news-2008-10-02.html
CISCO: http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html
MISC: http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked
MLIST: http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html
MISC: http://blog.robertlee.name/2008/10/conjecture-speculation.html
CVE Reference: CVE-2008-4609
• CVE-2008-1547 Microsoft CVSS 2.0 Score = 4.3
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
Test Case Impact: Vulnerability Impact: Risk: Medium
References:
XF: http://xforce.iss.net/xforce/xfdb/46061
BID: http://www.securityfocus.com/bid/31765
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/497534/100/0/threaded
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/497500/100/0/threaded
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/497433/100/0/threaded
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/497390/100/0/threaded
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/497374/100/0/threaded
SREASON: http://securityreason.com/securityalert/4441
CVE Reference: CVE-2008-1547
• CVE-2007-4350 HP CVSS 2.0 Score = 4.3
Cross-site scripting (XSS) vulnerability in the management interface in HP SiteScope 9.0 build 911 allows remote attackers to inject arbitrary web script or HTML via an SNMP trap message.
Test Case Impact: Vulnerability Impact: Risk: Medium
References:
XF: http://xforce.iss.net/xforce/xfdb/45958
BID: http://www.securityfocus.com/bid/31816
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/497548/100/0/threaded
FRSIRT: http://www.frsirt.com/english/advisories/2008/2854
SECTRACK: http://securitytracker.com/id?1021068
SREASON: http://securityreason.com/securityalert/4447
MISC: http://secunia.com/secunia_research/2007-84/
SECUNIA: http://secunia.com/advisories/27126
CVE Reference: CVE-2007-4350
• CVE-2007-4349 HP CVSS 2.0 Score = 4.3
The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference.
Test Case Impact: Vulnerability Impact: Risk: Medium
References:
XF: http://xforce.iss.net/xforce/xfdb/46028
SECTRACK: http://www.securitytracker.com/id?1021092
BID: http://www.securityfocus.com/bid/31860
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/497648/100/0/threaded
VUPEN: http://www.frsirt.com/english/advisories/2008/2888
SREASON: http://securityreason.com/securityalert/4501
MISC: http://secunia.com/secunia_research/2007-83/
SECUNIA: http://secunia.com/advisories/27054
HP: http://marc.info/?l=bugtraq&m=122876827120961&w=2
HP: http://marc.info/?l=bugtraq&m=122876827120961&w=2
HP: http://marc.info/?l=bugtraq&m=122876677518654&w=2
CVE Reference: CVE-2007-4349
• CVE-2008-4692 IBM CVSS 2.0 Score = 10.0
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors.
Test Case Impact: Vulnerability Impact: Risk: High
References:
XF: http://xforce.iss.net/xforce/xfdb/46021
VUPEN: http://www.frsirt.com/english/advisories/2008/2893
CONFIRM: http://www-01.ibm.com/support/docview.wss?uid=swg27013892
SECUNIA: http://secunia.com/advisories/32368
SECUNIA: http://secunia.com/advisories/31787
CONFIRM: ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
CVE Reference: CVE-2008-4692
• CVE-2008-4678 IBM CVSS 2.0 Score = 7.8
The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to "storage overlay" on the stack and a "parse failure."
Test Case Impact: Vulnerability Impact: Risk: High
References:
XF: http://xforce.iss.net/xforce/xfdb/45993
BID: http://www.securityfocus.com/bid/31839
FRSIRT: http://www.frsirt.com/english/advisories/2008/2871
AIXAPAR: http://www-1.ibm.com/support/docview.wss?uid=swg1PK69371
CONFIRM: http://www-01.ibm.com/support/docview.wss?uid=swg27006876
SECUNIA: http://secunia.com/advisories/32296
CVE Reference: CVE-2008-4678
Vulnerability Resource
Check out this compendium of links and up-to-the minute information about network security issues.
Their claim to be the 'security portal for information system security professionals' is well founded.
http://www.infosyssec.org/infosyssec/
Thank You
Thanks for sifting through another great edition of the ScoutNews. We hope we captured a flavor for the week and gave you
just enough information on newly found vulnerabilities to keep you up-to-date. To subscribe or unsubscribe, contact us at
ScoutNews@netVigilance.com
About SecureScout
SecureScout is a leading vulnerability scanner and management tool developed and marketed worldwide by NexantiS Corporation.
SecureScout is a trademark of NexantiS Corporation.
netVigilance, Inc. is a partner of NexantiS and an authorized distributor of SecureScout.
For any inquiry about SecureScout by:
Customers in America and Northern Europe contact us at info@netVigilance.com
Customers in France, Italy, Spain, Portugal, Greece, Turkey, Eastern Europe, Middle East, Africa and Asia/Pacific, contact NexantiS at
info-scanner@securescout.net