netVigilance ScoutNews April 09 2010

2010 Issue #15

ScoutNews
The weekly Security update from
the makers of SecureScout
April 09, 2010

Table of Contents

Product Focus

This Week in Review

Top Security News Stories this Week

New Vulnerabilities Tested in SecureScout

New Vulnerabilities found this Week

Product Focus

Apache Chunked Vulnerability Scanner - The S4 Apache Chunked Vulnerability Scanner is a free utility made by SecureScout that will scan up to 256 IP addresses at once to assess if any are vulnerable to the Apache Chunked Encoding buffer overflow.

Download Here:
http://www.netvigilance.com/productdownloads?productname=apachechunkedvulnerabilityscanner

This Week in Review

Cloud safety still an issue. Another cyberspy network penetrated. ATM fraud on the rise. U.S. at risk for cyberattack.

Enjoy reading & Stay safe.

Call or email netVigilance to get an update on SecureScout.
(503) 524 5758 or sales@netVigilance.com

Top Security News Stories this Week

• Survey: Cloud computing risks outweigh reward

Though cloud computing is often touted as a cost-saver for companies, IT pros still have lingering doubts about the safety and security of working in the cloud.

Around 45 percent of IT professionals recently surveyed by the ISACA (formerly known as the Information Systems Audit and Control Association) said the risks involved in cloud computing outshine any benefits. A global organization focused on the auditing and security of information systems, the ISACA conducted its first annual IT Risk/Reward Barometer survey (PDF) in March.

Questioning more than 1,800 IT professionals in the U.S. who are members of the group, the ISACA found that only 10 percent of them plan to use cloud computing for mission-critical IT services, 15 percent will use it only for low-risk services, and 26 percent don't expect to tap into the cloud at all. Cnet Security

Full Story :
http://news.cnet.com/8301-1001_3-20001921-92.html?part=rss&subj=news&tag=2547-1_3-0-20

• U.S.-Canada research team penetrate cyberspy network

Security researchers have uncovered another sophisticated cyberespionage network that stole classified documents from a number of computer systems belonging to government agencies, businesses and other organizations.

The spying operation, dubbed Shadow Network, spread to computers in India, the United Nations and the Office of the Dalai Lama, according to a report published Monday by five researchers, four of whom are based out of the Munk School of Global Affairs at the University of Toronto. The fifth researcher, Steven Adair, is a member of the U.S.-based nonprofit Shadowserver Foundation.

Through their eight-month investigation, the researchers not only isolated infected systems - as they had done in a prior investigation known as GhostNet, which revealed some 1,300 computers that had been infected by servers that traced back to China. SC Magazine

Full Story :
http://www.scmagazineus.com/us-canada-research-team-penetrate-cyberspy-network/article/167493/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SCMagazineNews+%28SC+Magazine+News%29

• Report: ATM fraud on the rise

Nearly one in five debit or credit card fraud victims reported having their PIN information stolen in 2009 - which represents a "considerable increase" over 2008, according to a report released Tuesday by Javelin Strategy & Research. The report, which is based on a telephone and online survey of 8,168 consumers, found that 10 percent of all fraud victims had cash withdrawn from their accounts via fraudulent ATM transactions. Twenty-three percent of those who experienced fraudulent withdrawals left their primary financial institution.

Using an ATM machine can place consumers' data at risk in several ways, according to Adam Bosnian, VP of products, strategy and sales at privileged identity management solutions vendor Cyber-Ark Software. SC Magazine

Full Story :
http://www.scmagazineus.com/report-atm-fraud-on-the-rise/article/167613/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SCMagazineNews+%28SC+Magazine+News%29

• Federal IT pros say U.S. at high risk for cyberattack

Almost three-quarters of the government IT administrators polled in a new survey believe the U.S. is likely to face a cyberattack from a foreign country in the next year.

Key IT decision makers who work in national defense and security were questioned in a new Clarus Research Group survey commissioned by Lumension and released Tuesday. Among those polled for the "Federal Cyber Security Outlook for 2010 Survey," 74 percent expect a cyberattack from foreign shores in the next year.

(Credit: Lumension) Cnet Security

Full Story :
http://news.cnet.com/8301-1009_3-20002009-83.html?part=rss&subj=news&tag=2547-1_3-0-20

New Vulnerabilities Tested in SecureScout

• 18751 Mozilla Firefox - Re-use of freed object due to scope confusion Vulnerability (Remote File Checking)

A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.

The issue has been fixed in Firefox 3.6.3.

Only Firefox versions 3.6.x are affected.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: High

References:

* MISC:
http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010
* MISC:
http://news.cnet.com/8301-27080_3-20001126-245.html
* MISC:
http://twitter.com/thezdi/statuses/11005277222
* CONFIRM: mfsa2010-25
http://www.mozilla.org/security/announce/2010/mfsa2010-25.html

CVE Reference:

CVE-2010-1121 (cve.mitre.org, nvd.nist.gov)

• 18752 Mozilla Firefox - XMLDocument::load() doesn't check nsIContentPolicy Vulnerability (Remote File Checking)

Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons.

The issue has been fixed in Firefox 3.5.9, and 3.6.2.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

* CONFIRM:
http://www.mozilla.org/security/announce/2010/mfsa2010-24.html
* CONFIRM:
https://bugzilla.mozilla.org/show_bug.cgi?id=490790
* VUPEN: ADV-2010-0748
http://www.vupen.com/english/advisories/2010/0748
* XF: firefox-xmldocumentload-weak-security(57396)
http://xforce.iss.net/xforce/xfdb/57396

CVE Reference:

CVE-2010-0182 (cve.mitre.org, nvd.nist.gov)

• 18753 Mozilla Thunderbird - XMLDocument::load() doesn't check nsIContentPolicy Vulnerability (Remote File Checking)

Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons.

The issue has been fixed in Thunderbird 3.0.4.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

CVE Reference:

CVE-2010-0182 (cve.mitre.org, nvd.nist.gov)

• 18754 Mozilla Firefox - Image src redirect to mailto: URL opens email editor Vulnerability (Remote File Checking)

phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary images.

The issue has been fixed in Firefox 3.5.9, and 3.6.2.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

* CONFIRM:
http://www.mozilla.org/security/announce/2010/mfsa2010-23.html
* CONFIRM:
https://bugzilla.mozilla.org/show_bug.cgi?id=452093
* SECUNIA: 39136
http://secunia.com/advisories/39136
* VUPEN: ADV-2010-0748
http://www.vupen.com/english/advisories/2010/0748
* XF: firefox-mailto-weak-security(57395)
http://xforce.iss.net/xforce/xfdb/57395

CVE Reference:

CVE-2010-0181 (cve.mitre.org, nvd.nist.gov)

• 18755 Mozilla Firefox - Update NSS to support TLS renegotiation indication Vulnerability (Remote File Checking)

Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation.

The issue has been fixed in Firefox 3.5.9, and 3.6.2.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

CVE Reference:

CVE-2009-3555 (cve.mitre.org, nvd.nist.gov)

• 18756 Mozilla Thunderbird - Update NSS to support TLS renegotiation indication Vulnerability (Remote File Checking)

Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation.

The issue has been fixed in Thunderbird 3.0.4.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: Medium

References:

CVE Reference:

CVE-2009-3555 (cve.mitre.org, nvd.nist.gov)

• 18757 Mozilla Firefox - Arbitrary code execution with Firebug XMLHttpRequestSpy Vulnerability (Remote File Checking)

Mozilla security researcher moz_bug_r_a4 reported that the XMLHttpRequestSpy module in the Firebug add-on was exposing an underlying chrome privilege escalation vulnerability. When the XMLHttpRequestSpy object was created, it would attach various properties of itself to objects defined in web content, which were not being properly wrapped to prevent their exposure to chrome privileged objects. This could result in an attacker running arbitrary JavaScript on a victim's machine, though it required the victim to have Firebug installed, so the overall severity of the issue was determined to be High.

The issue has been fixed in Firefox 3.0.19, and 3.5.8.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: High

References:

* CONFIRM:
http://www.mozilla.org/security/announce/2010/mfsa2010-21.html
* CONFIRM:
https://bugzilla.mozilla.org/show_bug.cgi?id=504021
* REDHAT: RHSA-2010:0332
http://www.redhat.com/support/errata/RHSA-2010-0332.html
* SECTRACK: 1023783
http://securitytracker.com/id?1023783
* SECUNIA: 3924
http://secunia.com/advisories/3924
* SECUNIA: 39243
http://secunia.com/advisories/39243
* VUPEN: ADV-2010-0748
http://www.vupen.com/english/advisories/2010/0748
* VUPEN: ADV-2010-0764
http://www.vupen.com/english/advisories/2010/0764
* XF: firefox-firebug-code-execution(57394)
http://xforce.iss.net/xforce/xfdb/57394

CVE Reference:

CVE-2010-0179 (cve.mitre.org, nvd.nist.gov)

• 18758 Mozilla Firefox - Chrome privilege escalation via forced URL drag and drop Vulnerability (Remote File Checking)

Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges.

The issue has been fixed in Firefox 3.0.19, 3.5.9, and 3.6.2.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: High

References:

* CONFIRM:
http://www.mozilla.org/security/announce/2010/mfsa2010-20.html
* CONFIRM:
https://bugzilla.mozilla.org/show_bug.cgi?id=546909
* REDHAT: RHSA-2010:0332
http://www.redhat.com/support/errata/RHSA-2010-0332.html
* SECTRACK: 1023776
http://securitytracker.com/id?1023776
* SECUNIA: 39136
http://secunia.com/advisories/39136
* SECUNIA: 39240
http://secunia.com/advisories/39240
* SECUNIA: 39243
http://secunia.com/advisories/39243
* VUPEN: ADV-2010-0748
http://www.vupen.com/english/advisories/2010/0748
* VUPEN: ADV-2010-0764
http://www.vupen.com/english/advisories/2010/0764
* XF: firefox-draganddrop-code-execution(57391)
http://xforce.iss.net/xforce/xfdb/57391

CVE Reference:

CVE-2010-0178 (cve.mitre.org, nvd.nist.gov)

• 18759 Mozilla Firefox - Dangling pointer vulnerability in nsPluginArray Vulnerability (Remote File Checking)

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the implementation of the window.navigator.plugins object. When a page reloads, the plugins array would reallocate all of its members without checking for existing references to each member. This could result in the deletion of objects for which valid pointers still exist. An attacker could use this vulnerability to crash a victim's browser and run arbitrary code on the victim's machine.

The issue has been fixed in Firefox 3.0.19, 3.5.9, and 3.6.2.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: High

References:

* CONFIRM:
http://www.mozilla.org/security/announce/2010/mfsa2010-19.html
* CONFIRM:
https://bugzilla.mozilla.org/show_bug.cgi?id=538310
* REDHAT: RHSA-2010:0332
http://www.redhat.com/support/errata/RHSA-2010-0332.html
* REDHAT: RHSA-2010:0333
http://www.redhat.com/support/errata/RHSA-2010-0333.html
* SECTRACK: 1023776
http://securitytracker.com/id?1023776
* SECUNIA: 38566
http://secunia.com/advisories/38566
* SECUNIA: 39117
http://secunia.com/advisories/39117
* SECUNIA: 39136
http://secunia.com/advisories/39136
* SECUNIA: 39240
http://secunia.com/advisories/39240
* SECUNIA: 39243
http://secunia.com/advisories/39243
* VUPEN: ADV-2010-0748
http://www.vupen.com/english/advisories/2010/0748
* VUPEN: ADV-2010-0764
http://www.vupen.com/english/advisories/2010/0764
* VUPEN: ADV-2010-0765
http://www.vupen.com/english/advisories/2010/0765
* XF: firefox-nspluginarray-code-execution(57393)
http://xforce.iss.net/xforce/xfdb/57393

CVE Reference:

CVE-2010-0177 (cve.mitre.org, nvd.nist.gov)

• 18760 Mozilla Firefox - Dangling pointer vulnerability in nsTreeContentView Vulnerability (Remote File Checking)

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way <option> elements are inserted into a XUL tree <optgroup>. In certain cases, the number of references to an <option> element is under-counted so that when the element is deleted, a live pointer to its old location is kept around and may later be used. An attacker could potentially use these conditions to run arbitrary code on a victim's computer.

The issue has been fixed in Firefox 3.0.19, 3.5.9, and 3.6.2.

Test Case Impact: Gather Info Vulnerability Impact: Attack Risk: High

References:

* CONFIRM:
http://www.mozilla.org/security/announce/2010/mfsa2010-18.html
* CONFIRM:
https://bugzilla.mozilla.org/show_bug.cgi?id=538308
* FEDORA: FEDORA-2010-5526
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html
* FEDORA: FEDORA-2010-5539
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html
* REDHAT: RHSA-2010:0332
http://www.redhat.com/support/errata/RHSA-2010-0332.html
* REDHAT: RHSA-2010:0333
http://www.redhat.com/support/errata/RHSA-2010-0333.html
* SECTRACK: 1023776
http://securitytracker.com/id?1023776
* SECTRACK: 1023782
http://securitytracker.com/id?1023782
* SECUNIA: 38566
http://secunia.com/advisories/38566
* SECUNIA: 39117
http://secunia.com/advisories/39117
* SECUNIA: 39136
http://secunia.com/advisories/39136
* SECUNIA: 39204
http://secunia.com/advisories/39204
* SECUNIA: 39240
http://secunia.com/advisories/39240
* SECUNIA: 39242
http://secunia.com/advisories/39242
* SECUNIA: 39243
http://secunia.com/advisories/39243
* VUPEN: ADV-2010-0748
http://www.vupen.com/english/advisories/2010/0748
* VUPEN: ADV-2010-0764
http://www.vupen.com/english/advisories/2010/0764
* VUPEN: ADV-2010-0765
http://www.vupen.com/english/advisories/2010/0765
* XF: firefox-nstreecontentview-code-exec(57392)
http://xforce.iss.net/xforce/xfdb/57392

CVE Reference:

CVE-2010-0176 (cve.mitre.org, nvd.nist.gov)

New Vulnerabilities found this Week

• CVE-2010-0009 Apache CVSS 2.0 Score = 7.5

Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.

Test Case Impact: Vulnerability Impact: Risk: High

References:

CONFIRM: http://couchdb.apache.org/security.html

CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=578572

BID: http://www.securityfocus.com/bid/39116

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/510427/100/0/threaded

OSVDB: http://www.osvdb.org/63350

SECUNIA: http://secunia.com/advisories/39146

BUGTRAQ: http://archives.neohapsis.com/archives/bugtraq/2010-03/0267.html

CVE Reference: CVE-2010-0009

• CVE-2010-1244 Apache CVSS 2.0 Score = 6.8

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

Test Case Impact: Vulnerability Impact: Risk: Medium

References:

CONFIRM: http://activemq.apache.org/activemq-531-release.html

CONFIRM: https://issues.apache.org/activemq/browse/AMQ-2625

CONFIRM: https://issues.apache.org/activemq/browse/AMQ-2613

XF: http://xforce.iss.net/xforce/xfdb/57398

SECUNIA: http://secunia.com/advisories/39223

CVE Reference: CVE-2010-1244

• CVE-2010-0684 Apache CVSS 2.0 Score = 3.5

Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.

Test Case Impact: Vulnerability Impact: Risk: Low

References:

BID: http://www.securityfocus.com/bid/39119

CONFIRM: http://activemq.apache.org/activemq-531-release.html

CONFIRM: https://issues.apache.org/activemq/browse/AMQ-2625

CONFIRM: https://issues.apache.org/activemq/browse/AMQ-2613

XF: http://xforce.iss.net/xforce/xfdb/57397

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/510419/100/0/threaded

MISC: http://www.rajatswarup.com/CVE-2010-0684.txt

SECTRACK: http://securitytracker.com/id?1023778

SECUNIA: http://secunia.com/advisories/39223

CVE Reference: CVE-2010-0684

• CVE-2010-1243 IBM CVSS 2.0 Score = 7.5

The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors.

Test Case Impact: Vulnerability Impact: Risk: High

References:

CONFIRM: http://www-01.ibm.com/support/docview.wss?uid=swg24025662

VUPEN: http://www.vupen.com/english/advisories/2010/0733

SECUNIA: http://secunia.com/advisories/39186

CVE Reference: CVE-2010-1243

• CVE-2010-0174 Mozilla CVSS 2.0 Score = 10.0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Test Case Impact: Vulnerability Impact: Risk: High

References:

CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=546530

CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=499844

XF: http://xforce.iss.net/xforce/xfdb/57389

VUPEN: http://www.vupen.com/english/advisories/2010/0765

VUPEN: http://www.vupen.com/english/advisories/2010/0764

VUPEN: http://www.vupen.com/english/advisories/2010/0748

REDHAT: http://www.redhat.com/support/errata/RHSA-2010-0333.html

REDHAT: http://www.redhat.com/support/errata/RHSA-2010-0332.html

CONFIRM: http://www.mozilla.org/security/announce/2010/mfsa2010-16.html

SECTRACK: http://securitytracker.com/id?1023781

SECTRACK: http://securitytracker.com/id?1023775

SECUNIA: http://secunia.com/advisories/39243

SECUNIA: http://secunia.com/advisories/39242

SECUNIA: http://secunia.com/advisories/39240

SECUNIA: http://secunia.com/advisories/39204

SECUNIA: http://secunia.com/advisories/39136

SECUNIA: http://secunia.com/advisories/39117

SECUNIA: http://secunia.com/advisories/38566

FEDORA: http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html

FEDORA: http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html

CVE Reference: CVE-2010-0174

• CVE-2003-1595 Novell CVSS 2.0 Score = 10.0

NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors.

Test Case Impact: Vulnerability Impact: Risk: High

References:

CONFIRM: http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1

CVE Reference: CVE-2003-1595

• CVE-2010-0176 Mozilla CVSS 2.0 Score = 9.3

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability."

Test Case Impact: Vulnerability Impact: Risk: High

References:

CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=538308

XF: http://xforce.iss.net/xforce/xfdb/57392

VUPEN: http://www.vupen.com/english/advisories/2010/0765

VUPEN: http://www.vupen.com/english/advisories/2010/0764

VUPEN: http://www.vupen.com/english/advisories/2010/0748

REDHAT: http://www.redhat.com/support/errata/RHSA-2010-0333.html

REDHAT: http://www.redhat.com/support/errata/RHSA-2010-0332.html

CONFIRM: http://www.mozilla.org/security/announce/2010/mfsa2010-18.html

SECTRACK: http://securitytracker.com/id?1023782

SECTRACK: http://securitytracker.com/id?1023776

SECUNIA: http://secunia.com/advisories/39243

SECUNIA: http://secunia.com/advisories/39242

SECUNIA: http://secunia.com/advisories/39240

SECUNIA: http://secunia.com/advisories/39204

SECUNIA: http://secunia.com/advisories/39136

SECUNIA: http://secunia.com/advisories/39117

SECUNIA: http://secunia.com/advisories/38566

FEDORA: http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html

FEDORA: http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html

CVE Reference: CVE-2010-0176

• CVE-2010-0179 Mozilla CVSS 2.0 Score = 9.3

Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response.

Test Case Impact: Vulnerability Impact: Risk: High

References:

CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=504021

XF: http://xforce.iss.net/xforce/xfdb/57394

VUPEN: http://www.vupen.com/english/advisories/2010/0764

VUPEN: http://www.vupen.com/english/advisories/2010/0748

REDHAT: http://www.redhat.com/support/errata/RHSA-2010-0332.html

CONFIRM: http://www.mozilla.org/security/announce/2010/mfsa2010-21.html

SECTRACK: http://securitytracker.com/id?1023783

SECUNIA: http://secunia.com/advisories/39243

SECUNIA: http://secunia.com/advisories/3924

CVE Reference: CVE-2010-0179

Vulnerability Resource
Check out this compendium of links and up-to-the minute information about network security issues. Their claim to be the 'security portal for information system security professionals' is well founded. http://www.infosyssec.org/infosyssec/

Thank You
Thanks for sifting through another great edition of the ScoutNews. We hope we captured a flavor for the week and gave you just enough information on newly found vulnerabilities to keep you up-to-date. To subscribe or unsubscribe, contact us at ScoutNews@netVigilance.com

About SecureScout
SecureScout is a leading vulnerability scanner and management tool developed and marketed worldwide by NexantiS Corporation.
SecureScout is a trademark of NexantiS Corporation.
netVigilance, Inc. is a partner of NexantiS and an authorized distributor of SecureScout.

For any inquiry about SecureScout by:
Customers in America and Northern Europe contact us at info@netVigilance.com
Customers in France, Italy, Spain, Portugal, Greece, Turkey, Eastern Europe, Middle East, Africa and Asia/Pacific, contact NexantiS at info-scanner@securescout.net