« Return to Thread: Advisory #226 - OS X, Multiple News
Advisory #226 - OS X, Multiple News
by Sunnet Beskerming Alert mailing list
::
Rate this Message:
Sûnnet Beskerming Alert List Advisory #226
You are receiving this message because you have subscribed to our
Information Security Alert Mailing List, or have been selected for a
specific one-off copy. If you believe that you are receiving this
message in error, please contact info@... to resolve the
error.
Why not upgrade to get same day notification on security threats?
Details and rates available online -
(http://www.beskerming.com/premium/generic_advisory.html).
Why not go the next step and get delivery tailored just for your
company?
(http://www.beskerming.com/premium/focussed_advisory.html)
Contents
--------------------------------------------------------------------
1. SECURITY
--------------------------------------------------------------------
1.1 OS X (Multiple)
- Remote Hacker Automatic Control
- Time Since Discovery - 1 Day
=======================================
/*
- Remote or Local - Can it be achieved through a network or does it
require physical access?
- Hacker - The bad guy
- Manual or Automatic - Does the vulnerability need to be manually
performed, or can it be automated?
- Control, Denial of Service or Data Theft - Will the hacker get
control of your system / website, will they prevent you from using
it, or will they steal data.
*/
--------------------------------------------------------------------
2. NEWS
--------------------------------------------------------------------
2.1 It's Just Business
2.2 Office Holes Compromise US Government
=====================================
1. SECURITY
1.1 OS X (Multiple) - Remote Hacker Automatic Control
-- Products Affected --
OS X 10.3.x (Panther)
OS X 10.4.x (Tiger)
OS X Server 10.3.x
OS X Server 10.4.x
-- Technical Description --
AFP Client - Privilege escalation due to poor parameter filtering.
AirPort - Arbitrary code execution for authenticated user due to
buffer overflow when malformed commands are issued.
CarbonCore - Arbitrary code execution for local users due to poor
interprocess command handling.
diskdev_cmds - Arbitrary code execution risk or Denial of Service
when opening malformed UFS disk images.
fetchmail - Information disclosure due to passwords being sent in
plaintext, even if TLS or equivalent is being used.
ftpd - Arbitrary code execution by authenticated users due to buffer
overflow when commands with globbing characters are issued.
GNU Tar - Arbitrary code execution or denial of service when
interacting with malicious tar archives.
Help Viewer - Arbitrary code execution of denial of service when
opening a maliciously-named help file due to format string
vulnerability.
HID Family - Information disclosure due to leaking of console
keyboard events to other local users.
Installer - Arbitrary code execution or denial of service when
opening a maliciously-named Installer package due to format string
vulnerability.
Kerberos - Arbitrary code execution due to previously disclosed
vulnerabilities.
Libinfo - Arbitrary code execution or denial of service when
visiting websites or if RPC service is enabled due to poor error
handling.
Login Window - Multiple privilege escalation and authentication
bypass issues due to poor parameter handling.
network_cmds - Arbitrary code execution or denial of service due to
poor handling of RTSP traffic (buffer overflow).
SMB - Privilege escalation due to poor parameter handling.
System Configuration - Arbitrary code execution for local users due
to poor parameter handling by utilities that have higher privilege
levels.
URLMount - Information disclosure due to user parameters being sent
in cleartext to SMB servers.
VideoConference - Arbitrary code execution due to heap buffer
overflow when handling crafted SIP packets.
WebDAV - Privilege escalation due to poor parameter handling when
mounting WebDAV filesystems.
WebFoundation - Information disclosure due to cross domain access
cookies.
-- Description --
Apple has released Security Update 2007-004 for OS X 10.3 (Panther)
and 10.4 (Tiger), incorporating fixes for a number of serious
vulnerabilities, including numerous that could allow a remote
attacker the ability to control a vulnerable system, as well as
others that could allow malicious users to increase their privilege
level or access information outside of their normal rights. Due to
the significant number of applications and vulnerabilities patched,
it is considered critical that all users apply the update as soon as
possible.
-- Recommended Action --
Apply Security Update 2007-004 as soon as possible, via the source
link below, or by using the Software Update option under the Apple Menu.
-- Source --
(Paid subscription required to access)
-- Updates Available --
(Paid subscription required to access)
-- External Tracking Data --
(Paid subscription required to access)
-- Threat Matrix --
U O
Home User 10 10 (Highly Critical)
Corporate 10 10 (Highly Critical)
=======================================
/*
Threat Matrix:
U - User
O - Operator
Harmless - 0 ----- 10 - Highly Critical
*/
=======================================
2. NEWS
2.1 It's Just Business
Information Technology and Information Security companies with stable
client bases tend to be quite happy to sit where they are and push
through business based on new competitive contracts (such as
Government contracts), and new business that emerges over time. With
a potential client base that has been in strong growth for an
extended period, most companies don't tend to tread on the toes of
each other in trying to drive new business.
One company has recently had some of their clients come under the
attention of competing Information Security companies and it is
something that they have taken personal offence to. It is claimed
that the competing company has been scraping lists of companies that
are clients of the first company from various Internet sources and
then contacting them to try and convince them to change to their
services.
Nothing out of the ordinary so far.
What really upset the first company was the claims that were being
used in an effort to entice their customers away. Claiming that the
report cited as an example was effectively false, they enlisted their
law firm to try and force their competitors away from contacting
their clients. Unfortunately, statistics can be made to support any
claim, and the sternly worded lawyer's letter doesn't actually
counter any of the claims (relying on the first company's own counter
to the report). In fact, the statements within the letter indicate
that the second company has been successful in winning away business
from the first company ("damage to the plaintiff resulting from
breach of that [contractual] relationship [with their client]").
While both companies may have products and services that are well
regarded by various metrics, the exchange makes the first company
appear to be acting in the manner of a spoiled child. While the
actions of the second company might be questionable by some, it is
just a part of business and is not an ethical nightmare - as some
have chosen to view it. All it takes is a look at people like Gates,
Ellison, McNealy, and Jobs to see how they built and enforced their
empires to see that treading on toes and dubious claims is part of
tech business. Unfortunately, such actions actually cause harm in
Information Security, especially when questionable statistics are
used to back claims (of both sides).
There are plenty of expensive reports that have been written purely
to support the claims of those who funded the research, but a
developing argument over what appears to be choice of methodology
doesn't help anyone. To the uninformed end user, it doesn't make a
lot of sense.
It also doesn't make sense when companies that claim to be selling
secure products are shown publicly to be selling nothing more than
snake oil. Consumers and businesses seeking to purchase security
products and services are left even more in doubt.
Even banks that should know better about securing their own systems
can sometimes be found to be unknowingly spewing spam from within
their networks. Just one of the latest reports of a major Fortune
1000 company with infected systems within their network has been of a
very large US bank that has been very vocal about their 'secure'
online services (rhymes with LiteC). Other banks aren't faring much
better, with ABN Amro having a range of customers falling victim to a
sophisticated phishing attack. Like a number of European banks, ABN
Amro is regarded as having quite a robust two-factor authentication
system in place, so the successful phishing attack is a clear
indicator of two things. Firstly, phishers have caught up to what is
supposed to be the 'best' in the market. Secondly, what is 'best' in
the market still isn't good enough to protect financial data behind.
2.2 Office Holes Compromise US Government
In a surprising move, the US State Department has released
information about a network compromise that resulted in serious
information theft and partial network shutdowns until it was
resolved. A historical attack, coming around the time that North
Korea was conducting missile tests, what is interesting about the
case is that it demonstrated a targeted attack against specific users
by using an unknown (at that time) Microsoft Word flaw.
The targeted email, it is claimed, used an attached document that
contained Congressional material related to the Asian region as
incentive for the victims to open the document. Apparently the
targeting worked, as at least one victim did open the document,
granting hackers access to the State Department's networks.
While it took Microsoft 8 weeks to provide a patch for the
vulnerability (from the time of infection), it was discovered that
the network penetrations had expanded, to include numerous Asian
sites, as well as a number of sites on the Continental US. There is
also the risk that a number of penetrations have never been identified.
As far as current flaws go, Microsoft is still working flat out on
developing a robust patch for the current flaw affecting the
Microsoft DNS Server. At least five worm variants are now known to
be attacking this vulnerability.
=======================================
Sincerely,
Sûnnet Beskerming Team
info@...
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: +61 (0) 410 707 444
** Sûnnet Beskerming Pty. Ltd. **
Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist
and, in conjunction with the tools developed by Jongsma & Jongsma
Pty. Ltd., provides total security solutions and services, from the
perimeter to internal data stores, including web application security
and security testing and analysis.
_______________________________________________
Alertmailinglist mailing list
Alertmailinglist@...
http://skiifwrald.com/mailman/listinfo/alertmailinglist_skiifwrald.com
You are receiving this message because you have subscribed to our
Information Security Alert Mailing List, or have been selected for a
specific one-off copy. If you believe that you are receiving this
message in error, please contact info@... to resolve the
error.
Why not upgrade to get same day notification on security threats?
Details and rates available online -
(http://www.beskerming.com/premium/generic_advisory.html).
Why not go the next step and get delivery tailored just for your
company?
(http://www.beskerming.com/premium/focussed_advisory.html)
Contents
--------------------------------------------------------------------
1. SECURITY
--------------------------------------------------------------------
1.1 OS X (Multiple)
- Remote Hacker Automatic Control
- Time Since Discovery - 1 Day
=======================================
/*
- Remote or Local - Can it be achieved through a network or does it
require physical access?
- Hacker - The bad guy
- Manual or Automatic - Does the vulnerability need to be manually
performed, or can it be automated?
- Control, Denial of Service or Data Theft - Will the hacker get
control of your system / website, will they prevent you from using
it, or will they steal data.
*/
--------------------------------------------------------------------
2. NEWS
--------------------------------------------------------------------
2.1 It's Just Business
2.2 Office Holes Compromise US Government
=====================================
1. SECURITY
1.1 OS X (Multiple) - Remote Hacker Automatic Control
-- Products Affected --
OS X 10.3.x (Panther)
OS X 10.4.x (Tiger)
OS X Server 10.3.x
OS X Server 10.4.x
-- Technical Description --
AFP Client - Privilege escalation due to poor parameter filtering.
AirPort - Arbitrary code execution for authenticated user due to
buffer overflow when malformed commands are issued.
CarbonCore - Arbitrary code execution for local users due to poor
interprocess command handling.
diskdev_cmds - Arbitrary code execution risk or Denial of Service
when opening malformed UFS disk images.
fetchmail - Information disclosure due to passwords being sent in
plaintext, even if TLS or equivalent is being used.
ftpd - Arbitrary code execution by authenticated users due to buffer
overflow when commands with globbing characters are issued.
GNU Tar - Arbitrary code execution or denial of service when
interacting with malicious tar archives.
Help Viewer - Arbitrary code execution of denial of service when
opening a maliciously-named help file due to format string
vulnerability.
HID Family - Information disclosure due to leaking of console
keyboard events to other local users.
Installer - Arbitrary code execution or denial of service when
opening a maliciously-named Installer package due to format string
vulnerability.
Kerberos - Arbitrary code execution due to previously disclosed
vulnerabilities.
Libinfo - Arbitrary code execution or denial of service when
visiting websites or if RPC service is enabled due to poor error
handling.
Login Window - Multiple privilege escalation and authentication
bypass issues due to poor parameter handling.
network_cmds - Arbitrary code execution or denial of service due to
poor handling of RTSP traffic (buffer overflow).
SMB - Privilege escalation due to poor parameter handling.
System Configuration - Arbitrary code execution for local users due
to poor parameter handling by utilities that have higher privilege
levels.
URLMount - Information disclosure due to user parameters being sent
in cleartext to SMB servers.
VideoConference - Arbitrary code execution due to heap buffer
overflow when handling crafted SIP packets.
WebDAV - Privilege escalation due to poor parameter handling when
mounting WebDAV filesystems.
WebFoundation - Information disclosure due to cross domain access
cookies.
-- Description --
Apple has released Security Update 2007-004 for OS X 10.3 (Panther)
and 10.4 (Tiger), incorporating fixes for a number of serious
vulnerabilities, including numerous that could allow a remote
attacker the ability to control a vulnerable system, as well as
others that could allow malicious users to increase their privilege
level or access information outside of their normal rights. Due to
the significant number of applications and vulnerabilities patched,
it is considered critical that all users apply the update as soon as
possible.
-- Recommended Action --
Apply Security Update 2007-004 as soon as possible, via the source
link below, or by using the Software Update option under the Apple Menu.
-- Source --
(Paid subscription required to access)
-- Updates Available --
(Paid subscription required to access)
-- External Tracking Data --
(Paid subscription required to access)
-- Threat Matrix --
U O
Home User 10 10 (Highly Critical)
Corporate 10 10 (Highly Critical)
=======================================
/*
Threat Matrix:
U - User
O - Operator
Harmless - 0 ----- 10 - Highly Critical
*/
=======================================
2. NEWS
2.1 It's Just Business
Information Technology and Information Security companies with stable
client bases tend to be quite happy to sit where they are and push
through business based on new competitive contracts (such as
Government contracts), and new business that emerges over time. With
a potential client base that has been in strong growth for an
extended period, most companies don't tend to tread on the toes of
each other in trying to drive new business.
One company has recently had some of their clients come under the
attention of competing Information Security companies and it is
something that they have taken personal offence to. It is claimed
that the competing company has been scraping lists of companies that
are clients of the first company from various Internet sources and
then contacting them to try and convince them to change to their
services.
Nothing out of the ordinary so far.
What really upset the first company was the claims that were being
used in an effort to entice their customers away. Claiming that the
report cited as an example was effectively false, they enlisted their
law firm to try and force their competitors away from contacting
their clients. Unfortunately, statistics can be made to support any
claim, and the sternly worded lawyer's letter doesn't actually
counter any of the claims (relying on the first company's own counter
to the report). In fact, the statements within the letter indicate
that the second company has been successful in winning away business
from the first company ("damage to the plaintiff resulting from
breach of that [contractual] relationship [with their client]").
While both companies may have products and services that are well
regarded by various metrics, the exchange makes the first company
appear to be acting in the manner of a spoiled child. While the
actions of the second company might be questionable by some, it is
just a part of business and is not an ethical nightmare - as some
have chosen to view it. All it takes is a look at people like Gates,
Ellison, McNealy, and Jobs to see how they built and enforced their
empires to see that treading on toes and dubious claims is part of
tech business. Unfortunately, such actions actually cause harm in
Information Security, especially when questionable statistics are
used to back claims (of both sides).
There are plenty of expensive reports that have been written purely
to support the claims of those who funded the research, but a
developing argument over what appears to be choice of methodology
doesn't help anyone. To the uninformed end user, it doesn't make a
lot of sense.
It also doesn't make sense when companies that claim to be selling
secure products are shown publicly to be selling nothing more than
snake oil. Consumers and businesses seeking to purchase security
products and services are left even more in doubt.
Even banks that should know better about securing their own systems
can sometimes be found to be unknowingly spewing spam from within
their networks. Just one of the latest reports of a major Fortune
1000 company with infected systems within their network has been of a
very large US bank that has been very vocal about their 'secure'
online services (rhymes with LiteC). Other banks aren't faring much
better, with ABN Amro having a range of customers falling victim to a
sophisticated phishing attack. Like a number of European banks, ABN
Amro is regarded as having quite a robust two-factor authentication
system in place, so the successful phishing attack is a clear
indicator of two things. Firstly, phishers have caught up to what is
supposed to be the 'best' in the market. Secondly, what is 'best' in
the market still isn't good enough to protect financial data behind.
2.2 Office Holes Compromise US Government
In a surprising move, the US State Department has released
information about a network compromise that resulted in serious
information theft and partial network shutdowns until it was
resolved. A historical attack, coming around the time that North
Korea was conducting missile tests, what is interesting about the
case is that it demonstrated a targeted attack against specific users
by using an unknown (at that time) Microsoft Word flaw.
The targeted email, it is claimed, used an attached document that
contained Congressional material related to the Asian region as
incentive for the victims to open the document. Apparently the
targeting worked, as at least one victim did open the document,
granting hackers access to the State Department's networks.
While it took Microsoft 8 weeks to provide a patch for the
vulnerability (from the time of infection), it was discovered that
the network penetrations had expanded, to include numerous Asian
sites, as well as a number of sites on the Continental US. There is
also the risk that a number of penetrations have never been identified.
As far as current flaws go, Microsoft is still working flat out on
developing a robust patch for the current flaw affecting the
Microsoft DNS Server. At least five worm variants are now known to
be attacking this vulnerability.
=======================================
Sincerely,
Sûnnet Beskerming Team
info@...
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: +61 (0) 410 707 444
** Sûnnet Beskerming Pty. Ltd. **
Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist
and, in conjunction with the tools developed by Jongsma & Jongsma
Pty. Ltd., provides total security solutions and services, from the
perimeter to internal data stores, including web application security
and security testing and analysis.
_______________________________________________
Alertmailinglist mailing list
Alertmailinglist@...
http://skiifwrald.com/mailman/listinfo/alertmailinglist_skiifwrald.com
« Return to Thread: Advisory #226 - OS X, Multiple News
| Free Forum Powered by Nabble | Forum Help |
