Rising
Affected products -
CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117,
Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125,
Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7,
Rising 22.83.00.03
CVE no -
CVE-2012-1420
3. Specially crafted infected POSIX TAR files with "MSCF" as first 4 bytes
ShineShadow Security Report 28102009-13
TITLE
Rising Multiple Products Local Privilege Escalation Vulnerability
BACKGROUND
RISING has introduced a variety of operating system based antivirus software, firewall software and enterprise antivirus wall, firewall, network security warning system and other hardware products. RISING is the third company in the world and the only one in China to provide a full range of information security products and professional services.
RISING is catering to over 60 million personal users and more than 70,000 corporate customers in Asia, Europe and Northern America. RISING technology for the search of unknown computer viruses is recognized and protected by patents in Europe, Japan and the United States of America.
multiple Antivirus and Firewalls
Advisory ID: CORE-2008-0320
Advisory URL: http://www.coresecurity.com/?action=item&id=2249
Date published: 2008-04-28
Date of last update: 2008-04-28
Vendors contacted: BitDefender, Comodo, Sophos and Rising
Release mode: Coordinated release (BitDefender, Comodo, Rising), User
release (Sophos)
*Vulnerability Information*
#####################################################################################
Application: Rising Antivirus 2009
Platforms: Windows XP Professional SP2
Exploitation: Privilege Escalation
Date: 2009-10-26
#####################################################################################
Application: Rising Firewall 2009
Platforms: Windows XP Professional SP2
Exploitation: Privilege Escalation
Date: 2009-10-26
Wireshark 1.6.1 Malformed IKE Packet Denial of Service
------------------------------------------------------------------
I. Summary
A flaw has been identified in Wireshark 1.6.1 concerning IKEv1 protocol dissector and the function proto_tree_add_item() ,when add more than 1000000 items to a proto_tree,that will cause a denial of service (denial of service and memory rising ).
------------------------------------------------------------------
II. Description
Wireshark use the function proto_tree_add_item() to add an item to a proto_tree.When we use filter expression 'isakmp' to look up a malformed IKE packet (Next Payload = DELETE (12), Exchange Type = Information (5) with no actual payload data) and click on the resultant list entry,wireshark will run in the function TRY_TO_FAKE_THIS_ITEM(tree, hfindex, hfinfo),there are more than 1000000 items in the tree, this will cause an infinite loop,then cause denial of service and memory rising.
Although security usually gets involved in the design process of IT
systems nowadays, the process of maintaining security in the operation
of IT infrastructures, in most cases, still lacks the appropriate
attention. The capability to manage and respond to IT security
incidents and their forensic analysis are not well established. The
quickly rising number of security incidents worldwide makes the
implementation of incident management capabilities essential.
In order to advance the fields of IT Security Incident Management and IT
Forensics the special interest-group "Security Intrusion Detection and
Response" (SIDAR) of the German Informatics Society (GI) organizes an
K7AntiVirus 7.10.541
NOD32 3662
Norman 5.80.02
Panda 9.0.0.4
Prevx1 V2
Rising 21.06.31.00
SecureWeb-Gateway
Sunbelt 3.1.1832.2
TheHacker 6.3.1.2.174
TrendMicro 8.700.0.1004
ViRobot 2008.12.4.1499
Although security usually gets involved in the design process of IT
systems nowadays, the process of maintaining security in the operation
of IT infrastructures, in most cases, still lacks the appropriate
attention. The capability to manage and respond to IT security
incidents and their forensic analysis are not well established. The
quickly rising number of security incidents worldwide makes the
implementation of incident management capabilities essential.
In order to advance the fields of IT Security Incident Management and IT
Forensics the special interest-group "Security Intrusion Detection and
Response" (SIDAR) of the German Informatics Society (GI) organizes an
NOD32v2 3440
Norman 5.80.02
Panda 9.0.0.4
PCTools 4.4.2.0
Prevx1 V2
Rising 20.61.42.00
Sophos 4.33.0
Sunbelt 3.1.1633.1
Symantec 10
TheHacker 6.3.0.9.081
TrendMicro 8.700.0.1004
Although security usually gets involved in the design process of IT
systems nowadays, the process of maintaining security in the operation
of IT infrastructures, in most cases, still lacks the appropriate
attention. The capability to manage and respond to IT security
incidents and their forensic analysis are not well established. The
quickly rising number of security incidents worldwide makes the
implementation of incident management capabilities essential.
In order to advance the fields of IT Security Incident Management and IT
Forensics the special interest-group "Security Intrusion Detection and
Response" (SIDAR) of the German Informatics Society (GI) organizes an
Although security usually gets integrated into the design process of IT
systems nowadays, the process of maintaining security in the operation
of IT infrastructures still lacks the appropriate attendance in most
cases. Especially the capability to manage and respond to IT security
incidents and their forensic analysis is established in the rarest
cases. The quickly rising number of security incidents worldwide makes
the implementation of incident management capabilities essential.
In order to advance the fields of IT-Incident Management and Forensics
the special interest-group Security - Intrusion Detection and Response
> * Outcome: Planting of Malware
> * Vertical: Government
>
> To iframe or not to iframe, this is the question. As malware becomes more
> popular, the number of incidents, mostly insignificant, in which malware was
> planted on a hacked site is rising and WHID is not the right place to list
> all of them. We currently report such incidents if the hacked site is of
> interest or if the attack method is known.
>
>
> WHID 2007-67: The Day My Web Site Was Hacked
* Outcome: Planting of Malware
* Vertical: Government
To iframe or not to iframe, this is the question. As malware becomes more
popular, the number of incidents, mostly insignificant, in which malware was
planted on a hacked site is rising and WHID is not the right place to list
all of them. We currently report such incidents if the hacked site is of
interest or if the attack method is known.
WHID 2007-67: The Day My Web Site Was Hacked
* Outcome: Planting of Malware
* Vertical: Government
To iframe or not to iframe, this is the question. As malware becomes more
popular, the number of incidents, mostly insignificant, in which malware was
planted on a hacked site is rising and WHID is not the right place to list
all of them. We currently report such incidents if the hacked site is of
interest or if the attack method is known.
WHID 2007-67: The Day My Web Site Was Hacked
* Outcome: Planting of Malware
* Vertical: Government
To iframe or not to iframe, this is the question. As malware becomes more
popular, the number of incidents, mostly insignificant, in which malware was
planted on a hacked site is rising and WHID is not the right place to list
all of them. We currently report such incidents if the hacked site is of
interest or if the attack method is known.
WHID 2007-67: The Day My Web Site Was Hacked
http://www.mongodb.org/
Today, the most common source of PHP security flaws is unvalidated
input. They give rise to SQL Injection, XSS, Remote Command Execution,
Local and Remote File Inclusion, etc (known as the PHP Top 5
https://www.owasp.org/index.php/PHP_Top_5). With the rising adoption of
server-side JavaScript, we can expect server-side JS injection
vulnerabilities caused by unvalidated user input to become prevalent,
and the techniques for exploiting them, commonplace. At Syhunt, we
already started our own collection of techniques for detecting
server-side JS injection vulnerabilities. We want to proactively detect
Although security usually gets involved in the design process of IT
systems nowadays, the process of maintaining security in the operation
of IT infrastructures, in most cases, still lacks the appropriate
attention. The capability to manage and respond to IT security
incidents and their forensic analysis are not well established. The
quickly rising number of security incidents worldwide makes the
implementation of incident management capabilities essential.
In order to advance the fields of IT Security Incident Management and IT
Forensics the special interest-group "Security Intrusion Detection and
Response" (SIDAR) of the German Informatics Society (GI) organizes an
Although security usually gets integrated into the design process of IT
systems nowadays, the process of maintaining security in the operation
of IT infrastructures still lacks the appropriate attendance in most
cases. Especially the capability to manage and respond to IT security
incidents and their forensic analysis is established in the rarest
cases. The quickly rising number of security incidents worldwide makes
the implementation of incident management capabilities essential.
In order to advance the fields of IT-Incident Management and Forensics
the special interest-group Security - Intrusion Detection and Response
|
