About the SecureWorks Counter Threat Unit(SM)
Our expert team of threat researchers, also known as the SecureWorks Counter Threat Unit(SM), identifies and analyzes emerging threats and develops countermeasures, correlations and SOC processes to protect clients' critical information assets. The CTU frequently serves as an expert resource for the media, publishes technical analyses for the security community and speaks about emerging threats at security conferences. Leveraging our security technologies and a network of industry contacts, the CTU tracks leading hackers and analyzes anomalous activity, uncovering new attack techniques and threats. This process enables the CTU to identify threats as they emerge and develop countermeasures that protect our clients before damage occurs.
About SecureWorks
With over 2000 clients, SecureWorks has become one of the leading Security as a Service providers safeguarding more organizations 24x7 than any other vendor. SecureWorks focuses exclusively on information security services and was recently positioned in the Leader's Quadrant in Gartner's Magic Quadrant for Managed Security Services Providers (MSSPs). SecureWorks Security Information and Event Management (SIEM) platform augmented with applied security research and 100% GIAC-certified experts protects clients with our award-winning Managed Security Services and SIM On-Demand solution.
Disclaimer
Copyright © 2009 SecureWorks, Inc.
This advisory may not be edited or modified in any way without the express written consent of SecureWorks, Inc. If you wish to reprint this advisory or any portion or element thereof, please contact ctu@secureworks.com to seek permission. Permission is hereby granted to link to this advisory via the SecureWorks website at http://www.secureworks.com/ctu/advisories/SWRX-2009-002 or use in accordance with the fair use doctrine of U.S. copyright laws.
About the SecureWorks Counter Threat Unit(SM)
Our expert team of threat researchers, also known as the SecureWorks Counter Threat Unit(SM), identifies and analyzes emerging threats and develops countermeasures, correlations and SOC processes to protect clients' critical information assets. The CTU frequently serves as an expert resource for the media, publishes technical analyses for the security community and speaks about emerging threats at security conferences. Leveraging our security technologies and a network of industry contacts, the CTU tracks leading hackers and analyzes anomalous activity, uncovering new attack techniques and threats. This process enables the CTU to identify threats as they emerge and develop countermeasures that protect our clients before damage occurs.
About SecureWorks
With over 2000 clients, SecureWorks has become one of the leading Security as a Service providers safeguarding more organizations 24x7 than any other vendor. SecureWorks focuses exclusively on information security services and was recently positioned in the Leader's Quadrant in Gartner's Magic Quadrant for Managed Security Services Providers (MSSPs). SecureWorks Security Information and Event Management (SIEM) platform augmented with applied security research and 100% GIAC-certified experts protects clients with our award-winning Managed Security Services and SIM On-Demand solution.
Disclaimer
Copyright © 2009 SecureWorks, Inc.
This advisory may not be edited or modified in any way without the express written consent of SecureWorks, Inc. If you wish to reprint this advisory or any portion or element thereof, please contact ctu@secureworks.com to seek permission. Permission is hereby granted to link to this advisory via the SecureWorks website at http://www.secureworks.com/ctu/advisories/SWRX-2009-001 or use in accordance with the fair use doctrine of U.S. copyright laws.
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security, Inc.
Details:
Cross-site scripting vulnerabilities occur when an attacker tricks a legitimate web application into sending malicious code, generally in the form of a script, to an unsuspecting end user. The attack usually involves crafting a hyperlink with malicious script code embedded within it. A valid user is likely to click this link since it points to a resource on a trusted domain. The link can be posted on a web page, or sent in an instant message, or email. Clicking on the link executes the attacker-injected code in the context of the trusted web application. Typically, the code steals session cookies, which can then be used to impersonate a valid user.
There are instances of XSS vulnerabilities in the Event Management component of Oracle Enterprise Manager Grid Control. For example the 'value' parameter of /em/console/pref/notifRuleInfo$mode web page is vulnerable to this kind of attacks.
Impact:
Attackers might steal administrator's session cookies, thereby allowing the attacker to impersonate the valid user.
Vendor Status:
=======
Product
=======
A Security Event Management Solution.
===
Bug
===
Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that a SVG text manipulation routine contained a dangling
pointer vulnerability (CVE-2011-0084).
Mozilla security researcher moz_bug_r_a_4 reported a vulnerability in
event management code that would permit JavaScript to be run in the
wrong context, including that of a different website or potentially
in a chrome-privileged context (CVE-2011-2981).
Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that appendChild did not correctly account for DOM objects
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
Pipes are a form of inter-process communication (IPC) provided by the
FreeBSD kernel. kqueue is an event management API that applications can
use to monitor pipes and other kernel services.
II. Problem Description
A race condition exists in the pipe close() code relating to kqueues,
