Frederic Raynal
***********************************************************************
Release mode : Coordinated
Reference : [GSEC-05-2009] - MCafee generic PDF bypass
WWW : http://www.g-sec.lu/mcafee-pdf-bypass.html
Vendor : http://www.mcafee.com
Status : Patched
CVE : none attributed yet
Credit : https://kc.mcafee.com/corporate/index?page=content&id=SB10003
* Malicious PDF origamis strike back - Guillaume Delugr
Frederic Raynal
***********************************************************************
Release mode : Coordinated
Reference : [GSEC-48-2009] - F-Secure generic PDF bypass
WWW : http://www.g-sec.lu/fsecure-pdf-bypass.html
Vendor : http://www.f-secure.com
Status : Patched
CVE : none attributed yet
Credit : tba (probably FSC-2009-3)
* Malicious PDF origamis strike back - Guillaume Delugr
Frederic Raynal
***********************************************************************
Release mode: Coordinated
Reference : [GSEC-47-2009] - Symantec generic PDF bypass
WWW : http://www.g-sec.lu/symantec-pdf-bypass.html
Vendor : http://www.symantec.com
Status : Patched
CVE : none attributed yet
Credit : http://tinyurl.com/ygqnlhs
- HTTPS : Injecting arbritary _responses_ into the stream
- HTTPS : Downgrading HTTPS to HTTP and performing an active mitm
(Discovered by Frank Heidt but details witheld,
rediscovered by Thierry Zoller for this paper)
With this new information G-SEC encourages Vendors and customers
to reevaluate the impact of this vulnerability on their products.
Brief explanations :
^^^^^^^^^^^^^^^^^^^^
HTTPS : Injecting arbritary _responses_ into the stream
Phone &iPod Touch - Remote arbritary code execution
___________________________________________________________________
Reference : [GSEC-TZO-45-2009] - iPhone remote arbritary code execution
WWW : http://www.g-sec.lu/iphone-remote-code-exec.html
CVE : CVE-2009-1698
BID : 35318
Credit : http://support.apple.com/kb/HT3639
Discovered by : Thierry Zoller
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878
Acknowledgement
CVE-2009-3587 - Thierry Zoller - G-SEC - www.g-sec.lu
CVE-2009-3588 - Thierry Zoller - G-SEC - www.g-sec.lu
Change History
Computer Associates (CA) Anti-Virus
Multiple products - arbitrary code execution
________________________________________________________________________
Release mode : Coordinated
Reference : [GSEC-46-2009] - Computer Associates multiple products RCE
WWW : http://blog.g-sec.lu/2009/10/computer-associates-multiple-products.html
Vendor : http://www.ca.com
Status : Patched
CVE : CVE-2009-3587 & CVE-2009-3588
Credit : https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878
summarizes the information that is currently available. The document
is prone to updates and is believed to be accurate by the time of
writing.
Post:
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
Direct Download
http://clicky.me/tlsvuln
Disclaimer
Hi Kingcope,
Thanks to a hint by "Petar" on the G-SEC blog [1] it appears
that the very same bug was present in IIS3 and IIS4 and discovered
by eeye in 1999 :
http://research.eeye.com/html/advisories/published/AD19990124.html
"Microsoft IIS (Internet Information Server) FTP service contains a
buffer overflow in the NLST command. This could be used to DoS a remote
machine and in some cases execute code remotely."
