Advisory #224 - ClamAV, Multiple News
|
View:
New views
1 Messages
—
Rating Filter:
Alert me
|
 |
Advisory #224 - ClamAV, Multiple News
by Sunnet Beskerming Alert mailing list
::
Rate this Message:
Sûnnet Beskerming Alert List Advisory #224
You are receiving this message because you have subscribed to our Information Security Alert Mailing List, or have been selected for a specific one-off copy. If you believe that you are receiving this message in error, please contact info@... to resolve the error. Why not upgrade to get same day notification on security threats? Details and rates available online - (http://www.beskerming.com/premium/generic_advisory.html). Why not go the next step and get delivery tailored just for your company? (http://www.beskerming.com/premium/focussed_advisory.html) Contents -------------------------------------------------------------------- 1. SECURITY -------------------------------------------------------------------- 1.1 ClamAV - Remote Hacker Automatic Control - Time Since Discovery - 2 Days ======================================= /* - Remote or Local - Can it be achieved through a network or does it require physical access? - Hacker - The bad guy - Manual or Automatic - Does the vulnerability need to be manually performed, or can it be automated? - Control, Denial of Service or Data Theft - Will the hacker get control of your system / website, will they prevent you from using it, or will they steal data. */ -------------------------------------------------------------------- 2. NEWS -------------------------------------------------------------------- 2.1 Microsoft DNS Problems Increasing 2.2 More Resources Not A Guarantee Against Infection ===================================== 1. SECURITY 1.1 ClamAV - Remote Hacker Automatic Control -- Products Affected -- ClamAV 0.90.1 and earlier -- Technical Description -- Scanning of malicious CAB (Microsoft's default Windows compressed archive format) packed files can lead to a buffer overflow condition which allows arbitrary code execution. -- Description -- Scanning of CAB files with the ClamAV antivirus product can lead to conditions where an attacker will be able to run software of their choice on a vulnerable system. -- Recommended Action -- Update to the latest version of ClamAV (0.90.2 or later), or avoid scanning CAB files with ClamAV until the latest version can be installed. -- Source -- (Paid subscription required to access) -- Updates Available -- (Paid subscription required to access) -- External Tracking Data -- (Paid subscription required to access) -- Threat Matrix -- U O Home User 9 9 (Critical) Corporate 9 9 (Critical) ======================================= /* Threat Matrix: U - User O - Operator Harmless - 0 ----- 10 - Highly Critical */ ======================================= 2. NEWS 2.1 Microsoft DNS Problems Increasing The recently disclosed vulnerability with the Microsoft DNS Server product line (Advisory #63) has become worse over time. Since the initial public disclosure, there has been at least one worm (Rinbot / Nirbot) that has incorporated attack attempts against the DNS Server weakness as part of its infection mechanism, and it has also been discovered that an authenticated user may use other network ports to attack the system (such as 445). It has also been disclosed that if the name of the system is longer than 15 characters, local configuration and administration of the server may not be successful. If that is the case, Microsoft recommends that administrators use the Fully Qualified Domain Name of the system (FQDN) to apply and manage configuration changes. Publicly available code to exploit the vulnerability has appeared across several websites, including exploit code that specifically targets alternate attack routes (port 445). 2.2 More Resources Not A Guarantee Against Infection Ongoing reporting this month from Support Intelligence is highlighting the problem of compromised systems in the networks of Fortune 500 companies and government agencies and departments (such as the Department of Defence). Their research has turned up spam spewing zombie systems within corporate and defence networks, including within major IT firms such as Oracle and HP. Firms which control sensitive personal and financial information, such as Insurance providers, also make up the list of companies with compromised systems that are spamming the rest of the Internet. The presence of these compromised systems within major corporate networks raises questions about the effectiveness of the perimeter network security at major companies and government agencies. If the defences and internal system configurations are not enough to keep their systems from joining botnets, then it would suggest that what is in place is not an effective set of controls. With active zombies on their networks, it also means that they are under the active control of remote attackers, which effectively means that their entire networks have been compromised (gaining complete control of an internal system is the essential step towards achieving this). ======================================= Sincerely, Sûnnet Beskerming Team info@... Sûnnet Beskerming Pty. Ltd. Adelaide, Australia http://www.beskerming.com Tel: +61 (0) 410 707 444 ** Sûnnet Beskerming Pty. Ltd. ** Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and commercialise the research coming out of Jongsma & Jongsma Pty. Ltd.. Sûnnet Beskerming Pty. Ltd. is an Information Security specialist and, in conjunction with the tools developed by Jongsma & Jongsma Pty. Ltd., provides total security solutions and services, from the perimeter to internal data stores, including web application security and security testing and analysis. _______________________________________________ Alertmailinglist mailing list Alertmailinglist@... http://skiifwrald.com/mailman/listinfo/alertmailinglist_skiifwrald.com |
| Free Forum Powered by Nabble | Forum Help |