Vulnerability Team

Nuevas vulnerabilidades que afectan a productos Cisco

Cisco SA 500 Series Appliances Web Management Interface (CVE-2011-2546) SQL Injection Vulnerability


Cisco ASR 9000 Series Routers IP Version 4 Denial of Service Vulnerability


Cisco SA 500 Series Appliances Web Management Interface Remote Command Injection Vulnerability


fuente: securityfocus.com 

Apache APR is prone to a denial-of-service vulnerability.

NOTE: This issue is introduced in the Apache APR 1.4.4 due to an improper fix for CVE-2011-0419.

Successful exploits may allow the attacker to cause excessive CPU usage, resulting in denial-of-service conditions.

Apache APR 1.4.4 is affected.

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com

Nuevas variantes de vulnerabilidades que afectan al kernel de Linux:

Linux Kernel FSGEOMETRY_V1 IOCTL Local Information Disclosure Vulnerability

Linux Kernel EFI Partition Denial of Service Vulnerability

Linux Kernel SCTP INIT/INIT-ACK Chunk Length Remote Denial of Service Vulnerability

Linux Kernel 'sound/oss/opl3.c' Local Privilege Escalation Vulnerability

Linux Kernel 'sound/oss/midi_synth.c' Memory Corruption Vulnerability

Linux Kernel Signal Code Spoofing Local Denial of Service Vulnerability

Linux Kernel 'iriap.c' Multiple Remote Buffer Overflow Vulnerabilities

Linux Kernel 'fs/partitions/osf.c' Information Disclosure Vulnerability

Linux Kernel ROSE Protocol Multiple Memory Corruption Vulnerabilities

Linux Kernel 'drivers/char/tpm/tpm.c' Information Disclosure Vulnerability

Linux Kernel Unix Socket Backlog Local Denial of Service Vulnerability

Linux Kernel 'fs/partitions/ldm.c' Buffer Overflow and Denial of Service Vulnerabilities

Linux Kernel ATI Radeon R300 Local Input Validation Vulnerability

Linux Kernel 'sctp_rcv_ootb()' Remote Denial of Service Vulnerability

Linux Kernel Validate 'map_count' Variable Local Security Bypass Vulnerability

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com

Nuevas vulnerabilidades que afectan a productos Cisco.

Cisco Unified Communications Manager SIP Message (CVE-2011-1606) Denial of Service Vulnerability

Cisco Unified Communications Manager SIP Message (CVE-2011-1605) Denial of Service Vulnerability

Cisco Unified Communications Manager SIP Message (CVE-2011-1604) Denial of Service Vulnerability

Cisco Unified Communications Manager (CVE-2011-1607) Directory Traversal Vulnerability

Cisco Unified Communications Manager (CVE-2011-1610) SQL Injection Vulnerability

Cisco Wireless LAN Controller ICMP Packet Handling Denial of Service Vulnerability

Cisco Unified Communications Manager (CVE-2011-1609) SQL Injection Vulnerability


fuente: fuente: securityfocus.com

1. Linux Kernel SCTP INIT/INIT-ACK Chunk Length Remote Denial of Service Vulnerability

The Linux kernel is prone to a remote denial-of-service vulnerability related to SCTP protocol implementation.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

REFERNECE: http://www.securityfocus.com/bid/47308/info


2. Linux Kernel 'inotify_init1()' Double Free Local Denial of Service Vulnerability

The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause an out-of-memory condition, denying service to legitimate users.

REFERNECE: http://www.securityfocus.com/bid/47296/info


The Vulnerability Team adviced to users and administrators to review and apply the updates notifications
necessary to help mitigate the risks.

source: securityfocus.com 

Nuevas variantes de vulnerabilidades que afectan a Apache Tomcat.

Apache Tomcat XML Parser Information Disclosure Vulnerability

Apache Tomcat WAR File Directory Traversal Vulnerability

Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability

Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability

Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities

Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness

Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability

Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability


fuente: securityfocus.com

Adobe has released a security advisory to alert users of a vulnerability affecting the following products:

• Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux, and Solaris
• Adobe Flash Player 10.2.154.18 and earlier versions for Google Chrome users
• Adobe Flash Player 10.1.106.16 and earlier versions for Android 
• The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh.

Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. At this time, the vendor has not released a fix for this vulnerability. The Adobe advisory indicates that this vulnerability is being actively exploited via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.

Adobe has indicated that it expects to release a fix for this vulnerability during the week of March 21, 2011. In the interim, users and administrators are encouraged to implement the following workarounds to help reduce the risks.

• Disable Flash in the web browser as described in the Securing Your Web Browser document.
• Disable Flash and 3D & Multimedia support in Adobe Reader 9 and later.
• Disable JavaScript in Adobe Reader and Acrobat.
• Prevent Internet Explorer from automatically opening PDF documents.
• Disable the displaying of PDF documents in the web browser.
• Enable DEP in Microsoft Windows.
• Utilize Microsoft EMET to enable runtime mitgations for Microsoft Internet Explorer and Excel.

ADOBE SECURITY ADVISORY

The Vulnerability Team adviced to users and administrators to review and apply the updates notifications
necessary to help mitigate the risks.

source: us-cert.org 

Oracle Java SE and Java for Business CVE-2010-4448 Remote Java Runtime Environment Vulnerability

Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability

Oracle Java SE and Java for Business CVE-2010-4469 Remote Java Runtime Environment Vulnerability

Oracle Java SE and Java for Business CVE-2010-4471 Remote Security Vulnerability

Oracle Java SE and Java for Business CVE-2010-4450 Remote Java Runtime Environment Vulnerability

Oracle Java Floating-Point Value Denial of Service Vulnerability

Oracle Java SE and Java for Business CVE-2010-4472 Remote Java Runtime Environment Vulnerability

Oracle Java SE and Java for Business CVE-2010-4470 Remote Java Runtime Environment Vulnerability

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com

Apple has released Java for Mac OS X 10.5 Update 9 and Java for Mac OS X 10.6 Update 4 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

The Vulnerability Team adviced to users and administrators to review and apply the updates notifications necessary to help mitigate the risks.

source: securityfocus.com 

Se ha descubierto una vulnerabilidad en Windows, por la que un atacante remoto no autenticado puede provocar una denegación de servicio u obtener el control completo de un sistema vulnerable. El problema lo causa un fallo de desbordamiento de pila en una función dentro del driver "mrxsmb.sys" cuando se procesan peticiones de selección de navegador malformadas. Esto puede provocar que los atacantes remotos no autenticados hagan fallar el sistema afectado o puedan potencialmente ejecutar código con privilegios elevados.

Esta vulnerabilidad se ha confirmado para Windows Server 2003 SP2 y Windows XP SP3 completamente parcheados (en concreto la versión 5.2.3790.4671 de la librería mrxsmb.sys), aunque otras versiones pueden estar igualmente afectadas.

Solución: Microsoft no ha publicado ninguna información al respecto, pero se recomiendan filtrar los puertos 138, 139 y 445, y restringir el acceso a los equipos potencialmente vulnerables a usuarios de confianza.

Más Información:
http://secunia.com/advisories/43299
http://www.vupen.com/english/advisories/2011/0394
http://seclists.org/fulldisclosure/2011/Feb/285
http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0284.html


fuente: csirtcv.es

Sun Java is prone to a remote denial-of-service vulnerability.

Successful attacks will cause applications written in Java to hang, creating a denial-of-service condition.

This issue affects both the Java compiler and Runtime Environment.

REFERENCIA.

EXPLOIT

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.


fuente: securityfocus.com 

Cisco Content Services Gateway Malformed TCP Packet (CVE-2011-0350) Denial of Service Vulnerability
Cisco Content Services Gateway is prone to a denial-of-service vulnerability. Successful exploits will cause the affected device to reload or hang, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCth41891.

Cisco Content Services Gateway Service Policy Security Bypass Vulnerability
Cisco Content Services Gateway is prone to a security-bypass vulnerability. Exploiting this issue may allow attackers to access sites that are non-accounted or billed. This may lead to other attacks. This issue is being tracked by Cisco Bug ID CSCtk35917.

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com

Múltiples vulnerabilidades han sido identificadas en Cisco IOS que podrían ser explotadas por atacantes para provocar una denegación de servicio o eludir restricciones de seguridad. Estos problemas están causados por errores relacionados con el tráfico IRC, la implementación H.323, CallManager Express (CME), los mensajes SIP, la depuración de TFTP, manejo de certificados, STCAPP (CCPC aplicación de control de telefonía) y el descubrimiento de vecinos (ND), que podrían ser explotados por atacantes remotos para crear una condición de denegación de servicio o la validación de certificados de derivación (bypass certificate validation).

Paralelamente, múltiples vulnerabilidades han sido identificadas en Cisco ASA 5500 Series Adaptive Security Appliances, que podrían ser explotadas por atacantes para eludir restricciones de seguridad, causar una denegación de servicio o el filtrado de información sensible. Estos problemas están causados por errores relacionados con la inspección SIP, ACL, Seguridad Móvil del usuario de servicios (MUS), el tráfico de multidifusión, sesiones de IPsec de LAN a LAN (L2L) , ASDM, Descubrimiento de vecinos (ND), el tráfico de EIGRP, TELNET, el tráfico IPsec , emWEB, puesta en marcha del dispositivo, conexiones Online Certificate Status Protocol (OCSP), CIFS, inspección SMTP y autenticación LDAP, que podrían permitir a un atacante eludir restricciones de seguridad, crear una condición de denegación de servicio o revelar información crítica.

Referencias:

http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.pdf
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf
http://www.vupen.com/english/advisories/2011/0129
http://www.vupen.com/english/advisories/2011/0130

fuente: csirtcv.es

Coincidiendo con el dia en que Oracle lanzara su boletin de seguridad con 66 parches para hacer frente a  multiples vulnerabilidades, se publican nuevas variantes de algunas de ellas.

Oracle MySQL 'HANDLER' interface Denial Of Service Vulnerability

Oracle MySQL Prior to 5.1.49 'WITH ROLLUP' Denial Of Service Vulnerability

Oracle MySQL 'EXPLAIN' Denial Of Service Vulnerability

Oracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability

Oracle MySQL Prior to 5.1.49 'JOIN' Statement Denial Of Service Vulnerability

Oracle MySQL Prior to 5.1.49 Malformed 'BINLOG' Arguments Denial Of Service Vulnerability

Oracle MySQL 'LOAD DATA INFILE' Denial Of Service Vulnerability

Oracle MySQL 'TEMPORARY InnoDB' Tables Denial Of Service Vulnerability


Oracle Java SE and Java for Business CVE-2010-3574 Remote Networking Vulnerability

fuente: securityfocus.com

1. SAP Kernel 'sapstartsrv' SOAP Server Information Disclosure Vulnerability
Remote attackers can exploit this issue to obtain sensitive information. Information obtained may aid in further attacks and facilitate access to other services.


2. SAP Kernel Command Handling Denial Of Service Vulnerability

Attackers can exploit this issue to cause the affected application to crash, denying service to legitimate users.

fuente: securityfocus.com

Google Chrome is prone to multiple vulnerabilities.

Attackers may exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks are also possible.

Chrome versions 8.x prior to 8.0.552.237 are vulnerable.

REFERENSE

fuente: securityfocus.com

Cisco IOS is prone to a remote denial-of-service vulnerability.

An attacker can exploit these issues to cause an affected device to crash, denying service to legitimate users.

This issue is being tracked by Cisco Bug ID CSCtg41733.

REFERENSE

fuente: securityfocus.com 

 

RIM a publicado un security advisory para hacer frente a la vulnerabilidad en el PDF distiller del servicio de ficheros adjuntos del BlackBerry para el Servidor Enterprise de BlackBerry. Esta vulnerabilidad podria permitir a un atacante ejecutar codigo arbitrario o causar un ataque de denegacion de servicio.

RIM Security Advisory

fuente: us-cert.org

Wireshark ZigBee ZCL Dissector Infinite Loop Denial of Service Vulnerability

Wireshark DOCSIS Dissector Denial of Service Vulnerability

Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities

Wireshark LDSS Dissector Buffer Overflow Vulnerability

Wireshark 0.10.8 to 1.0.14 and 1.2.0 to 1.2.9 Multiple Vulnerabilities

Wireshark Malformed SNMP V1 Packet Remote Denial of Service Vulnerability

fuente: securityfocus.com

1. Linux Kernel 'install_special_mapping()' Local Security Bypass Vulnerability

The Linux kernel is prone to a local security-bypass vulnerability because the 'install_special_mapping()' function fails to adequately perform certain security checks. Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions.

2. Linux Kernel 'AF_ECONET' Protocol NULL Pointer Dereference Denial of Service Vulnerability

The Linux kernel is prone to a denial-of-service vulnerability.Attackers can exploit this issue to cause the kernel to panic, denying service to legitimate users. Due to the nature of this issue, attackers may be able to execute arbitrary code; this has not been confirmed.

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com