Advisory #237 - Opera, Cisco, OS X, Multiple News
|
View:
New views
1 Messages
—
Rating Filter:
Alert me
|
 |
Advisory #237 - Opera, Cisco, OS X, Multiple News
by Sunnet Beskerming Alert mailing list
::
Rate this Message:
Sûnnet Beskerming Alert List Advisory #237
You are receiving this message because you have subscribed to our Information Security Alert Mailing List, or have been selected for a specific one-off copy. If you believe that you are receiving this message in error, please contact info@... to resolve the error. Why not upgrade to get same day notification on security threats? Details and rates available online - (http://www.beskerming.com/premium/generic_advisory.html). Why not go the next step and get delivery tailored just for your company? (http://www.beskerming.com/premium/focussed_advisory.html) Contents -------------------------------------------------------------------- 1. SECURITY -------------------------------------------------------------------- 1.1 Opera - Remote Hacker Manual Control - Time Since Discovery - 5 Days 1.2 Cisco - Remote Hacker Automatic Denial of Service - Time Since Discovery - 4 Days 1.3 OS X (Multiple) - Remote Hacker Automatic Control - Time Since Discovery - 2 Days ======================================= /* - Remote or Local - Can it be achieved through a network or does it require physical access? - Hacker - The bad guy - Manual or Automatic - Does the vulnerability need to be manually performed, or can it be automated? - Control, Denial of Service or Data Theft - Will the hacker get control of your system / website, will they prevent you from using it, or will they steal data. */ -------------------------------------------------------------------- 2. NEWS -------------------------------------------------------------------- 2.1 Gathering Information on Web Users 2.2 Free Flight Deal Exposes Customer Data 2.3 Your Mobile May Kill Your Car Key 2.4 Full-court Press on WordPress 2.5 When Hackers Attack WebHosts 2.6 Breaking Big Numbers 2.7 MOICE is Nice ===================================== 1. SECURITY 1.1 Opera - Remote Hacker Manual Control -- Products Affected -- Opera 9.20 and earlier -- Technical Description -- Various versions of the Opera web browser are vulnerable to an issue which can allow a remote attacker to gain control over a vulnerable system if a victim is convinced to right-click on a malicious torrent file in the transfer manager. The underlying cause is poor handling of boundary conditions. -- Description -- Various versions of the Opera web browser are vulnerable to an issue which can allow a remote attacker to gain control over a vulnerable system if a victim is convinced to right-click on a malicious torrent file in the transfer manager. -- Recommended Action -- Update to Opera 9.21 and avoid right clicking of torrent files in the transfer manager. -- Source -- (Paid subscription required to access) -- Updates Available -- (Paid subscription required to access) -- External Tracking Data -- (Paid subscription required to access) -- Threat Matrix -- U O Home User 8 8 (Very High) Corporate 8 8 (Very High) 1.2 Cisco - Remote Hacker Automatic Denial of Service -- Products Affected -- Cisco Crypt library as implemented in: Cisco IOS Cisco IOS XR Cisco PIX and ASA Security Appliances (only 7.x releases are affected) Cisco Firewall Service Module (FWSM), all releases prior 2.3(5) and 3.1(6) are affected Cisco Unified CallManager -- Technical Description -- Cisco's crypt library is vulnerable to a remote Denial of Service condition, which could result in the loss of use of those protocols on a vulnerable network device. This vulnerability can be triggered by malicious ASN network traffic. -- Description -- Numerous cryptographic protocols supported by the Cisco crypt library can be targeted to result in a loss of use of those protocols by legitimate users. These protocols include those used for secure online transactions (SSL), secure remote access (SSH), secure VoIP (SIP-TLS), and others. -- Recommended Action -- If patches can not be applied, the only recommended mitigation is to prevent unauthorised users from connecting to affected devices. -- Source -- (Paid subscription required to access) -- Updates Available -- (Paid subscription required to access) -- External Tracking Data -- (Paid subscription required to access) -- Threat Matrix -- U O Home User - 8 (Very High) Corporate - 8 (Very High) 1.3 OS X (Multiple) - Remote Hacker Automatic Control -- Products Affected -- OS X 10.3.9 (including Server version) OS X 10.4.9 (including Server version) -- Technical Description -- Alias Manager - User misdirection based on duplicated filenames on duplicated filesystem mounts. BIND - Update to BIND 9.3.4, addressing numerous vulnerabilities, the most critical of which is remote Denial of Service. CoreGraphics - Integer overflow vulnerability leading to arbitrary code execution and Denial of Service when malicious PDF files are opened. crontabs - Denial of Service when the /tmp cleanup script deletes any filesystems mounted in /tmp. fetchmail - Update to fetchmail 6.3.8 to address password disclosure due to cryptographic weakness. file - Heap buffer overflow leading to arbitrary code execution or denial of service as the result of errors in the file command line tool. iChat - Buffer overflow in the UPnP IGD code when used behind a NAT. This can allow another networked system behind the NAT to execute arbitrary code on the vulnerable system. mDNSResponder - Same issue as affecting iChat. PPP - Privilege escalation through loading of malicious plugins. ruby - Denial of Service in cgi.rb, which could be triggered by sending malicious network traffic to a web application that references it. screen - Multiple Denial of Service vulnerabilities. texinfo - Poor file integrity handling could allow two concurrent users of texinfo to overwrite arbitrary files. VPN - Privilege escalation through poor handling of arguments. -- Description -- Apple has released Security Update 2007-005, addressing numerous vulnerabilities in a range of software included with the OS X operating system. These vulnerabilities include some that allow a remote attacker to prevent use of the system by a legitimate local user, and others allow local users to run software of their choice on the system, irrespective of their privilege levels. The most serious vulnerabilities allow attackers on local network segments to run software of their choice on a vulnerable machine. -- Recommended Action -- Apply Security Update 2007-005 at the earliest opportunity. -- Source -- (Paid subscription required to access) -- Updates Available -- (Paid subscription required to access) -- External Tracking Data -- (Paid subscription required to access) -- Threat Matrix -- U O Home User 9 9 (Critical) Corporate 9 9 (Critical) ======================================= /* Threat Matrix: U - User O - Operator Harmless - 0 ----- 10 - Highly Critical */ ======================================= 2. NEWS 2.1 Gathering Information on Web Users Behavioural analysis helps various professionals in their daily jobs, be they criminal profilers, detectives, teachers, marketing gurus, conmen, or some other professional role. It has also been useful to online advertising providers, where they have used browsing history and other information to create profiles of likely site visitors / users, and so attempt to improve the relevance of the advertising provided to users. Even some banking authentication systems are based on behavioural patterns associated with password entry - specifically based on typing patterns. Now there are reports that Microsoft has developed technology designed to extend the existing tracking and generic identification methods used across the Internet in order to create more detailed profiles on Internet users (at least for those who use Microsoft products or visit appropriate sites). Through the use of increased probabilistic analysis, greater fidelity in terms of user types and identity is claimed. Microsoft's spiritual successor to PassPort, CardSpace, is also expected to contribute to any such end system. Despite this research coming from Microsoft's research lab in China, the timing is very interesting given Microsoft's recent purchase of a major online advertising provider. Aside from the expected critics that have slammed Microsoft's moves as pure evil, there have been many to point out that this is merely an extension of existing behaviour for many companies, so should not be totally unexpected. Where the key difference lies is in the level of access to end user's systems that Microsoft has - far more than any other comparable company. Potential abuse of this access should be considered a real threat, as well as being illegal in many countries. Fortunately this technology is only at the research stage, so there should be a few years before it makes it to market - enough time to refine exactly how and what information the systems collect. 2.2 Free Flight Deal Exposes Customer Data The Sydney Morning Herald has reported on the problems caused by a poorly secured free flight deal being offered by Australian budget airline Virgin Blue. The offer provided a free flight on Virgin Blue for anyone who bought a mobile phone on a connection plan from Virgin Mobile. Customers who decided to take advantage of this offer were provided SMS notification of a code that they could enter on the Virgin Mobile website and then redeem for a free flight. So far, so good. The problem is that the codes being issued to customers were sequential, which meant that by changing the last couple of digits of the received code any customer could view the details of other customers. Following the reporting of the vulnerability, the authentication was changed to code + surname, and the company believes that only about 50 customers were affected. 2.3 Your Mobile May Kill Your Car Key Nissan have released a warning for car owners that placing a mobile telephone in close proximity to the electronic key that allows car owners to enter and start their car with the press of a button. The device, known as an I-Key, can be left completely disabled, preventing owners from using them to access and operate their vehicles. At least two models from Nissan are affected, the 2007 Nissan Altima, and the Infinity G35. What is happening is that the mobile phones are erasing the codes on the I-Keys if they happen to be in contact when a call is being made or received on the mobile phone. As the keys are not reprogrammable, it leaves affected drivers without a lot of options. 2.4 Full-court Press on WordPress WordPress has come under some increased scrutiny in recent weeks after some elementary research by a concerned user discovered that the majority of Wordpress-driven sites assessed were running vulnerable versions of the blogging and publishing platform. Coming at the same time is a report from one of the leading web vulnerability researchers, who admits to taking a virtual axe to the WordPress codebase - trimming out the modules not required for his site, and (most critically) cutting out significant areas of vulnerable code. These sort of reports should not come as a surprise for most security- conscious Internet users. Most software has known bugs and vulnerabilities, and with no means to ensure all software users are running the absolute latest versions of each product they use, there are going to be numerous places where vulnerable code is exposed to rest of the world (even code that has long been patched). This is why many vulnerable versions of PHP, Apache, IIS, ASP, ASP.NET, and other products and technologies are scattered across the Internet, and why attackers continue to probe and search for these systems using attacks that are ancient (by online standards) - there are enough systems available to make it worthwhile. 2.5 When Hackers Attack WebHosts It is being reported on a number of sources that Brinkster.com is requiring account holders to change their passwords as a result of a recent compromise of the web hosting provider. While detailed information about the breach has not been made public, except to say that credit card details for the customers were not accessed, there are no such guarantees for the sensitive information stored on the sites and backend databases belonging to the affected customers. Anybody who tracks and observes web defacement trends will note that major mass breaches occur with disturbing regularity. Mass breaches tend to indicate that a hosting provider has been compromised in some way, and a server with numerous virtual hosts, or multiple servers with individual hosts, has been taken over. Even if website defacement is not part of a system breach, it can lead to widespread disruption to services, such as was encountered by PlusNet customers when the ISP had its webmail service thoroughly compromised. It can also lead to otherwise trustworthy sites attempting to infect legitimate users, such as was encountered by site visitors to the Miami Dolphins Stadium website earlier this year (prior to the SuperBowl). It doesn't take much for a little hole or a little breach to lead to major effects on end users / customers. 2.6 Breaking Big Numbers One of the mathematical pursuits that will have long-lasting effects on future computing and data management is the factoring of large numbers - discovering what the most basic components are that combine to produce the large number. This is important because each and every non-prime number can be broken down into prime factors. For relatively small numbers, this process is straight forward - for example, 27 can be expressed as 3 x 3 x 3, the product of three primes. For much larger numbers, the process is a lot more involved, especially when none of the factors are known ahead of time. A number of encryption methods rely upon this increasing difficulty to create the lengthy keys used to encrypt and protect data. When the prime numbers used to create the larger number are also large, it becomes an extremely difficult process to crack. That is changing. It was recently disclosed that a 307 digit 'special' number (number conforming to a specific rule) has been factored, and the researchers believe that it is now only a few years until they can factor any given 1024-bit number. This is a problem because the most popular strong encryption is usually handled by 1024-bit RSA keys - which will be available for defeating once a general factoring solution has been developed. Noted cryptographic experts are already suggesting that users consider moving to a stronger encryption setting, such as 2048-bit encryption, or change to symmetric encryption models, rather than asymmetric models (which are at greatest risk at the moment). Of course, it doesn't matter how long it takes to defeat an encryption method. So long as the information it is protecting becomes worthless before the encryption can be cracked, it has achieved its goal. 2.7 MOICE is Nice Microsoft have released MOICE, the Microsoft Office Isolated Conversion Environment, a tool designed to migrate existing Office 2003 documents to the OpenXML format supported by recent versions of Microsoft Office. As the name suggests, this process takes place in an isolated environment, effectively neutralising any malware within the documents being converted. This may not be as avhievable as the name of the tool suggests. If it is being used to convert a malicious document, then MOICE may: * Fail to convert the file * Create a safe version * Crash If the isolation environment properly robust, then a malicious data file should not cause MOICE to crash. Even more critical for end users, and what may prevent MOICE from reaching a critical mass, is that it strips macros and VBA scripts from Office files as they are converted. While this might make many people happy, a lot of companies rely upon their specially-scripted spreadsheets and documents to make them money. Killing this capability will not be supported by many people. Available for free from Microsoft, the tool should be an essential part of any administrator's toolbox. ======================================= Sincerely, Sûnnet Beskerming Team info@... Sûnnet Beskerming Pty. Ltd. Adelaide, Australia http://www.beskerming.com Tel: +61 (0) 410 707 444 ** Sûnnet Beskerming Pty. Ltd. ** Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and commercialise the research coming out of Jongsma & Jongsma Pty. Ltd.. Sûnnet Beskerming Pty. Ltd. is an Information Security specialist and, in conjunction with the tools developed by Jongsma & Jongsma Pty. Ltd., provides total security solutions and services, from the perimeter to internal data stores, including web application security and security testing and analysis. _______________________________________________ Alertmailinglist mailing list Alertmailinglist@... http://skiifwrald.com/mailman/listinfo/alertmailinglist_skiifwrald.com |
| Free embeddable forum powered by Nabble | Forum Help |
