Advisory #242 - Trillian, VLC, Multiple News
|
View:
New views
1 Messages
—
Rating Filter:
Alert me
|
 |
Advisory #242 - Trillian, VLC, Multiple News
by Sunnet Beskerming Alert mailing list
::
Rate this Message:
Sûnnet Beskerming Alert List Advisory #242
You are receiving this message because you have subscribed to our Information Security Alert Mailing List, or have been selected for a specific one-off copy. If you believe that you are receiving this message in error, please contact info@... to resolve the error. Why not upgrade to get same day notification on security threats? Details and rates available online - (http://www.beskerming.com/premium/generic_advisory.html). Why not go the next step and get delivery tailored just for your company? (http://www.beskerming.com/premium/focussed_advisory.html) Contents -------------------------------------------------------------------- 1. SECURITY -------------------------------------------------------------------- 1.1 Trillian - Remote Hacker Automatic Control - Time Since Discovery - 4 Days 1.2 VLC - Remote Hacker Automatic Control - Time Since Discovery - 4 Days ======================================= /* - Remote or Local - Can it be achieved through a network or does it require physical access? - Hacker - The bad guy - Manual or Automatic - Does the vulnerability need to be manually performed, or can it be automated? - Control, Denial of Service or Data Theft - Will the hacker get control of your system / website, will they prevent you from using it, or will they steal data. */ -------------------------------------------------------------------- 2. NEWS -------------------------------------------------------------------- 2.1 The Art of Seeing What's Not There 2.2 Problems in Custom Search Engines 2.3 Yahoo! Founder Steps Back in as CEO 2.4 Hiding What is in use on Vista 2.5 Microsoft Movements With Widespread Effects ===================================== 1. SECURITY 1.1 Trillian - Remote Hacker Automatic Control -- Products Affected -- Trillian 3.1.5.1 and prior. -- Technical Description -- Heap overflow vulnerability that can be exploited by sending malicious UTF-8 encoded traffic. Window width may be improperly set when word-wrapping, leading to memory corruption and potential execution conditions. -- Description -- It has been discovered that the Trillian chat application is vulnerable to an attack that could allow a remote attacker to take complete control over a vulnerable user's system, at the level of the current user. This vulnerability can be exploited by sending malicious network traffic to a user who is using Trillian as their chat client. -- Recommended Action -- Update to 3.1.6.0 at the earliest opportunity. There is no other mitigation recommended. -- Source -- http://labs.idefense.com/intelligence/vulnerabilities/display.php? id=545 -- Updates Available -- (Paid subscription required to access) -- External Tracking Data -- (Paid subscription required to access) -- Threat Matrix -- U O Home User 8 8 (Very High) Corporate 8 8 (Very High) 1.2 VLC - Remote Hacker Automatic Control -- Products Affected -- VLC 0.8.6b and prior. -- Technical Description -- Multiple vulnerabilities affecting VLC which can lead to arbitrary code execution or a denial of service condition (application crash). Three separate vulnerabilities have been identified and patched with the most recent update. The first affects the way that VLC handles Ogg/Vorbis, Ogg/Theora content. The second affects the way that VLC handles malicious CDDA content, and the final vulnerability affects the way that VLC handles SAP traffic. All vulnerabilities are format string vulnerabilities. -- Description -- It has been discovered that the cross-platform media player VLC is vulnerable to multiple issues that could allow remote attackers to take control of vulnerable systems (if SAP service discovery is enabled), or allow an attacker to take control of a system if a victim can be convinced to interact with a malicious media file or Audio CD with a malicious CDDB entry. -- Recommended Action -- Update to version 0.8.6c at the earliest opportunity. -- Source -- (Paid subscription required to access) -- Updates Available -- (Paid subscription required to access) -- External Tracking Data -- (Paid subscription required to access) -- Threat Matrix -- U O Home User 8 8 (Very High) Corporate 8 8 (Very High) ======================================= /* Threat Matrix: U - User O - Operator Harmless - 0 ----- 10 - Highly Critical */ ======================================= 2. NEWS 2.1 The Art of Seeing What's Not There On days when it appears that there is very little new Information Security news and other data available our researchers are still busy watching and searching, using the opportunity to hone one of the stranger skills in Information Security (and Intelligence gathering) - the art of seeing what's not there. Once a sufficient body of knowledge has been built up about a particular topic, the sudden absence of a concept from general discussion about that topic should be enough to trigger a warning that something out of the ordinary is taking place. Some of the time, it is just people getting sick of a particular topic, but when discussion is rapidly halted in a topic, it may point to something taking place out of sight that people don't want to risk discovery of. When it happens in a very public manner, it will attract the attention of many people who otherwise would have had no interest in the subject. When Cisco moved to suppress the release of information into vulnerabilities in their IOS hardware operating system, it highlighted to many security researchers that the software was a lot weaker than people originally thought and that targeting those weaknesses could have significant benefits for an attacker. Other times the reverse can be true. When a topic or series of events significantly increases in frequency, it can point to a future series of events. The significant build up of troops in the Middle East prior to the invasion of Iraq was carried out under the auspices of several regional exercises in the preceding months. Regional exercises are not out of the ordinary, but when multiple nations are openly sending large bodies of troops and significant military hardware into a single region at the same time, where they don't tend to normally be, it is an escalation of force without actually harming anyone. Similar patterns of increased movement can be seen with other conflicts where one of the warring parties has needed to move hardware and personnel across great distances, whether by air, land, or sea. In terms of Information Security, a swell in network traffic, attacks, or other behaviour can help identify that a network is under attack. 2.2 Problems in Custom Search Engines Custom search engines are offered by the major online search providers to give site maintainers an easy-to-use search engine that site visitors can use to search their site and the Internet at large. The ongoing Month of Search Engine Bugs has uncovered vulnerabilities that are affecting the custom search engine solutions from both Google and Yahoo! For an otherwise secure site, the presence of these third party extensions could represent a significant security threat that will allow an attacker to capture sensitive user data (from cookies) or perform arbitrary XSS or HTML injection attacks. Site administrators should weigh up the risks and benefits of using third party code on their sites, irrespective of the source. 2.3 Yahoo! Founder Steps Back in as CEO After six years at the top of Yahoo!, CEO Terry Semel has resigned in the face of stiff criticism from shareholders and other concerned observers over a number of items, not least of which was his $71 million USD compensation for the last 12 months. Replacing Semel is Jerry Yang, one of the original co-founders of Yahoo!. Concerns have been voiced that although Yang helped to found the search and online portal giant, his lack of senior managerial experience and significant ties to the departing CEO will see the company continue on much the same course. While Yang was CEO for a period prior to the company going public, he hasn't held the position while the company has been a publicly traded entity. Compounding Yahoo!'s problems is the loss of market share that the company has experienced in the fields of online search and online advertising - the latter especially compounded by Google's purchase of DoubleClick. While this has a direct effect on the bottom line for Yahoo!, it is positioned slightly differently to the other main search providers - Yahoo! is more of an online portal than a pure search engine. Speculation has already begun to circulate that Yahoo! will be looking to divest some of its interests, perhaps in the online photo sharing solution, Flickr, Yahoo!'s Instant Messaging solution, or perhaps its popular online finance sites. Yahoo!'s share price initially responded positively, but it settled back in following trading sessions. A rumour that News Corporation is considering exchanging MySpace for a 25% stake in Yahoo! has raised some eyebrows, and could make for an interesting online environment (and an interesting News environment considering Yahoo! news sources, and News Corporation's push for the Dow Jones Group - which owns the Wall Street Journal). 2.4 Hiding What is in use on Vista In the ongoing battle between system developers and those who are out to break the system, advancements from one side are generally met by a corresponding change by the other. Microsoft's most recent operating system, Windows Vista, has gone a long way to fixing the major security problems that plagued earlier Windows releases. Recent research published by rootkit developers has demonstrated techniques that can be used to hide the existence of an active network port from the operating system. While this technique alone can't be used as a complete rootkit, it can be used to cover the tracks and hide the presence of a rootkit (or other malware) that has been placed on a system. Making the job a little easier for those trying to defend these systems (and for the attackers trying to break them), full source code for the developed techniques has been released to various sites. 2.5 Microsoft Movements With Widespread Effects A couple of recent actions from Microsoft are likely to have far- reaching effects that will affect almost everybody. The first, and probably most benign, action from Microsoft is their announcement that OEM system builders will no longer be able to bundle Office 2003 with their new systems, it will have to be Office 2007. On the surface, this doesn't appear too much of an issue, but there are concerns that it is too early in the life cycle of Office 2007 to be mandating that only that version will be available with new systems. In addition, the new User Interface features (the ribbon bar) introduced with Office 2007 are likely to cause some teething problems when users move to these new systems. Users who have had many years of experience with different Office versions will also be wary of the push to a new version, particularly the difficulty in ensuring documents will maintain consistency across different Office versions. The second change is one that industry and Microsoft observers didn't really think was going to take place. Earlier this year Google filed documents with antitrust regulators investigating Microsoft - claiming that the 'Instant Search' feature of Windows Vista was anticompetitive, considering the Google Desktop search application (and a number of other lesser-known desktop search applications) is also available for this capability. These documents contributed to issues raised by Google at the end of 2006. Observers were dubious about the apparent merits of Google's claims - after all most Operating Systems come with some form of inbuilt search and find capability (Spotlight, find, etc). The timing of the filing was also called into question when it appeared soon after Microsoft complained to antitrust regulators about Google's purchase of online advertising powerhouse DoubleClick. One of Google's biggest problems was that if a user had installed and was using a third party desktop search application (such as Google's), then Windows Vista would apparently slow down the performance of these competing applications. The level of system resources required to adequately perform desktop search, especially with multiple applications performing the same capability, would seem to nullify this claim - but it appears not. This apparent difference in performance between the inbuilt solution and a third party solution is, it is claimed, counter to the antitrust settlement from 2002. To address this problem, Microsoft is expected to release system optimisation to give the third party applications parity in performance in the upcoming Service Pack 1 (SP 1) for Vista. This last disclosure is sure to make Microsoft's efforts to get system builders to focus on building Vista-only systems just that much harder. According to documents that are supposedly under NDA protection, Microsoft is pushing hard for consumers and businesses to move to Vista - though the reason why documents highlighting the benefits of Vista would be under an NDA is an exercise best left for the reader. ======================================= Sincerely, Sûnnet Beskerming Team info@... Sûnnet Beskerming Pty. Ltd. Adelaide, Australia http://www.beskerming.com Tel: +61 (0) 410 707 444 ** Sûnnet Beskerming Pty. Ltd. ** Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and commercialise the research coming out of Jongsma & Jongsma Pty. Ltd.. Sûnnet Beskerming Pty. Ltd. is an Information Security specialist and, in conjunction with the tools developed by Jongsma & Jongsma Pty. Ltd., provides total security solutions and services, from the perimeter to internal data stores, including web application security and security testing and analysis. _______________________________________________ Alertmailinglist mailing list Alertmailinglist@... http://skiifwrald.com/mailman/listinfo/alertmailinglist_skiifwrald.com |
| Free Forum Powered by Nabble | Forum Help |