netVigilance ScoutNews January 30 2009

2009 Issue #5

ScoutNews
The weekly Security update from
the makers of SecureScout
January 30, 2009

Table of Contents

Product Focus

This Week in Review

Top Security News Stories this Week

New Vulnerabilities Tested in SecureScout

New Vulnerabilities found this Week

Product Focus

WinHoneyd v1.5c - Download WinHoneyd executable package by filling our download form. Size: 2407KB

Download Here:
http://www.netvigilance.com/productdownloads?productname=winhoneyd-1.5c.zip

This Week in Review

ICANN calling for brainstorm on how to stop scams. P2P full of sensitive personal data. Think about what you really want everybody to know.Companies fear of laid-off workers.

Enjoy reading & Stay safe.

Call or email netVigilance to get an update on SecureScout.
(503) 524 5758 or sales@netVigilance.com

Top Security News Stories this Week

• ICANN ponders ways to stop scammy Web sites

January 27, 2009 (IDG News Service) The overseer of the Internet's addressing system is soliciting ideas for how to fix a problem that is enabling spammers and fraudulent Web sites to flourish.

Fast flux allows an administrator to quickly point a domain name to a new IP address, for example, if the server at the first address fails or comes under a denial-of-service attack. It is legitimately used by content-distribution networks such as Akamai Technologies Inc. to balance loads, improve performance and lower data-transmission costs.

"Those engaged in these activities can frustrate the efforts of investigators to locate and shut down their operations by using fast-flux service networks to rapidly and continuously change the topology of the network on which their content is hosted," according to the report.

Computerworld

Full Story :
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126846&source=rss_topic17

• 12 tips for managing your information footprint

January 27, 2009 (Computerworld) When it comes to managing personal information online, most people are their own worst enemies. Many of us fail to adequately protect our personal data before it gets online, but once information makes its way to the Internet, it can be quickly replicated and is often difficult, if not impossible, to remove.

You can take an active role in managing data about you, whether it resides in marketing lists, government databases, telephone directories or credit reports. Here are some tips.

How much do you want to disclose about your employment history, likes and dislikes, and where you are at any given time? Do you really want everyone to know when you're not at home, how long you'll be out and when you'll be back?

Computerworld

Full Story :
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9125098&source=rss_topic17

• With economic slump, concerns rise over data theft

January 29, 2009 (IDG News Service) Is the worsening economic situation going to turn some employees into data thieves?

Crime rates spike during hard times, and with thousands of workers being laid off each week lately, there may be an added incentive for laid-off employees to take intellectual property with them to bolster their chances of getting hired with a competitor, to use with a start-up company of their own, or maybe even to sell.

According to Bromberger, companies that have their employee exit processes in order have less to fear from laid-off workers. It's just that with the current economic squeeze, people's motivation may be changing.

Computerworld

Full Story :
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126991&source=rss_topic17

• P2P networks rife with sensitive health care data, researcher warns

January 30, 2009 (Computerworld) Eric Johnson didn't have to break into a computer to gain access to a 1,718-page document containing Social Security numbers, dates of birth, insurance information, treatment codes and other health care data belonging to about 9,000 patients at a medical testing laboratory.

In all instances, Johnson was able to find and freely download the sensitive data from a peer-to-peer file-sharing network using some basic search terms.

The results of that study, which are scheduled to be published in the next few days, show that data leaks over P2P networks involving the health care sector pose a significant threat to patients, providers and payers, Johnson said.

Computerworld

Full Story :
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9127066&source=rss_topic17

New Vulnerabilities Tested in SecureScout

• 13675 Oracle Database Server - Workspace Manager component unspecified Vulnerability (oct-2008/CVE-2008-3983)

An unspecified vulnerability with unknown impact exists in Oracle Database Server "Workspace Manager" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

* CONFIRM:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html
* FRSIRT: ADV-2008-2825
http://www.frsirt.com/english/advisories/2008/2825
* SECTRACK: 1021050
http://www.securitytracker.com/id?1021050
* SECUNIA: 32291
http://secunia.com/advisories/32291

CVE Reference:

CVE-2008-3983 (cve.mitre.org, nvd.nist.gov)

• 13676 Oracle Database Server - Workspace Manager component unspecified Vulnerability (oct-2008/CVE-2008-3984)

An unspecified vulnerability with unknown impact exists in Oracle Database Server "Workspace Manager" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

CVE Reference:

CVE-2008-3984 (cve.mitre.org, nvd.nist.gov)

• 13677 Oracle Database Server - Workspace Manager component unspecified Vulnerability (oct-2008/CVE-2008-3994)

An unspecified vulnerability with unknown impact exists in Oracle Database Server "Workspace Manager" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

CVE Reference:

CVE-2008-3994 (cve.mitre.org, nvd.nist.gov)

• 13678 Oracle Database Server - Upgrade component unspecified Vulnerability (oct-2008/CVE-2008-3980)

An unspecified vulnerability with unknown impact exists in Oracle Database Server "Upgrade" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

CVE Reference:

CVE-2008-3980 (cve.mitre.org, nvd.nist.gov)

• 18256 Oracle Application Server - OC4J component unspecified Vulnerability (jan-2009/CVE-2008-4017)

An unspecified vulnerability with unknown impact exists in Oracle Application Server "OC4J" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

* SECUNIA: 33525
http://secunia.com/advisories/33525/
* SECTRACK: 1021572:Oracle Application Server Bugs Let Remote Users Access and Modify Data
http://securitytracker.com/alerts/2009/Jan/1021572.html
* CONFIRM:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
* FRSIRT: ADV-2009-0115
http://www.frsirt.com/english/advisories/2009/0115
* SECTRACK: 1021572
http://www.securitytracker.com/id?1021572

CVE Reference:

CVE-2008-4017 (cve.mitre.org, nvd.nist.gov)

• 18257 Oracle Application Server - Oracle BPEL Process Manager component unspecified Vulnerability (jan-2009/CVE-2008-4014)

An unspecified vulnerability with unknown impact exists in Oracle Application Server "Oracle BPEL Process Manager" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

CVE Reference:

CVE-2008-4014 (cve.mitre.org, nvd.nist.gov)

• 18258 Oracle Application Server - Oracle Portal component unspecified Vulnerability (jan-2009/CVE-2008-5438)

An unspecified vulnerability with unknown impact exists in Oracle Application Server "Oracle Portal" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

CVE Reference:

CVE-2008-5438 (cve.mitre.org, nvd.nist.gov)

• 18259 Oracle Application Server - Oracle JDeveloper component unspecified Vulnerability (jan-2009/CVE-2008-2623)

An unspecified vulnerability with unknown impact exists in Oracle Application Server "Oracle JDeveloper" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Low

References:

CVE Reference:

CVE-2008-2623 (cve.mitre.org, nvd.nist.gov)

• 18260 Oracle Enterprise Manager - Oracle Enterprise Manager component unspecified Vulnerability (jan-2009/CVE-2008-5447)

An unspecified vulnerability with unknown impact exists in Oracle Enterprise Manager "Oracle Enterprise Manager" component.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

* SECUNIA: 33525
http://secunia.com/advisories/33525/
* SECTRACK: 1021569: Oracle Enterprise Manager Flaw Lets Remote Authenticated Users Access and Modify Data
http://securitytracker.com/alerts/2009/Jan/1021569.html
* CONFIRM:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
* FRSIRT: ADV-2009-0115
http://www.frsirt.com/english/advisories/2009/0115
* SECTRACK: 1021569
http://www.securitytracker.com/id?1021569

CVE Reference:

CVE-2008-5447 (cve.mitre.org, nvd.nist.gov)

• 18261 SMTP server detected

A remote SMTP server has been detected. Some information disclosed by this server could be used to plan further attacks.

Test Case Impact: Gather Info Vulnerability Impact: Gather Info Risk: Low

References:

CVE Reference:

New Vulnerabilities found this Week

• CVE-2009-0341 Microsoft CVSS 2.0 Score = 9.3

The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.

Test Case Impact: Vulnerability Impact: Risk: High

References:

BID: http://www.securityfocus.com/bid/33494

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/500472/100/0/threaded

CVE Reference: CVE-2009-0341

• CVE-2009-0369 Microsoft CVSS 2.0 Score = 4.3

Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability.

Test Case Impact: Vulnerability Impact: Risk: Medium

References:

XF: http://xforce.iss.net/xforce/xfdb/48542

MILW0RM: http://www.milw0rm.com/exploits/7912

CVE Reference: CVE-2009-0369

• CVE-2009-0320 Microsoft CVSS 2.0 Score = 4.0

Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."

Test Case Impact: Vulnerability Impact: Risk: Medium

References:

BID: http://www.securityfocus.com/bid/33440

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/500393/100/0/threaded

CVE Reference: CVE-2009-0320

• CVE-2009-0204 HP CVSS 2.0 Score = 4.3

Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Test Case Impact: Vulnerability Impact: Risk: Medium

References:

HP: http://marc.info/?l=bugtraq&m=123324765514459&w=2

XF: http://xforce.iss.net/xforce/xfdb/48334

BID: http://www.securityfocus.com/bid/33505

VUPEN: http://www.frsirt.com/english/advisories/2009/0296

SECTRACK: http://securitytracker.com/id?1021641

SECUNIA: http://secunia.com/advisories/33713

HP: http://marc.info/?l=bugtraq&m=123324765514459&w=2

CVE Reference: CVE-2009-0204

• CVE-2009-0370 IBM CVSS 2.0 Score = 7.2

Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."

Test Case Impact: Vulnerability Impact: Risk: High

References:

CVE Reference: CVE-2009-0370

• CVE-2009-0344 Sun CVSS 2.0 Score = 10.0

Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6633175, a different vulnerability than CVE-2007-5717.

Test Case Impact: Vulnerability Impact: Risk: High

References:

SUNALERT: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239886-1

XF: http://xforce.iss.net/xforce/xfdb/48329

SECTRACK: http://www.securitytracker.com/id?1021646

BID: http://www.securityfocus.com/bid/33506

VUPEN: http://www.frsirt.com/english/advisories/2009/0281

SECUNIA: http://secunia.com/advisories/33726

CVE Reference: CVE-2009-0344

• CVE-2009-0345 Sun CVSS 2.0 Score = 10.0

Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717.

Test Case Impact: Vulnerability Impact: Risk: High

References:

CVE Reference: CVE-2009-0345

• CVE-2009-0277 Sun CVSS 2.0 Score = 7.8

Unspecified vulnerability in the kernel in OpenSolaris snv_100 through snv_102 on the Sun UltraSPARC T2 and T2+ sun4v platforms allows local users to cause a denial of service (panic) via unknown vectors.

Test Case Impact: Vulnerability Impact: Risk: High

References:

SUNALERT: http://sunsolve.sun.com/search/document.do?assetkey=1-66-250066-1

XF: http://xforce.iss.net/xforce/xfdb/48164

BID: http://www.securityfocus.com/bid/33398

VUPEN: http://www.frsirt.com/english/advisories/2009/0209

CVE Reference: CVE-2009-0277

Vulnerability Resource
Check out this compendium of links and up-to-the minute information about network security issues. Their claim to be the 'security portal for information system security professionals' is well founded. http://www.infosyssec.org/infosyssec/

Thank You
Thanks for sifting through another great edition of the ScoutNews. We hope we captured a flavor for the week and gave you just enough information on newly found vulnerabilities to keep you up-to-date. To subscribe or unsubscribe, contact us at ScoutNews@netVigilance.com

About SecureScout
SecureScout is a leading vulnerability scanner and management tool developed and marketed worldwide by NexantiS Corporation.
SecureScout is a trademark of NexantiS Corporation.
netVigilance, Inc. is a partner of NexantiS and an authorized distributor of SecureScout.

For any inquiry about SecureScout by:
Customers in America and Northern Europe contact us at info@netVigilance.com
Customers in France, Italy, Spain, Portugal, Greece, Turkey, Eastern Europe, Middle East, Africa and Asia/Pacific, contact NexantiS at info-scanner@securescout.net