Next Page >>
documents
Does this same issue appear in OpenOffice ODF format? Though it does not l=
ook like a huge issue, of itself, it is similar to the way Microsoft ignore=
s metadata in all files, which is a way to add executable code to applicati=
ons with the names of known MS utilities, like notepad.exe. If the metadat=
a file can be modified in the MS word properties dialog, it is also possibl=
e to modify the file in a text editor, and probably get a MS document to ru=
n arbitrary code when you open it. This is the impact that the original po=
st does not make clear.
Wolf Halton
Halton Security Institute
(Note: This advisory can also be found at http://pdfsig-collision.florz.de/)
= Summary =
The specification of the Portable Document Format (PDF) from version
1.3 onward, including ISO 19005-1:2005 (PDF/A-1) and ISO 32000-1:2008
(equivalent to PDF 1.7), ostensibly defines a mechanism for digitally
signing a document's contents so as to integrate cryptographic
authentication of a document's contents into the existing container
format. A common use of this mechanism is for the creation of supposedly
Dear Mr. Poehls,
yes, I can see your point and I agree that there's a risk for an unexperienced user to be spoofed by showing an Author, Time Stamps and State that could have been tampered with after the original owner has signed the document.
But in my opinion, this again emphasizes the need for sufficient knowledge of users about the way how applications may change the appearance of signed documents in a way not intended by the author at the time of signing and that's a question far beyond the considerations concerning the behavior of individual applications like MS Office.
In fact the visual clue you gave for a signed document in Word 2007 shows that in the context for those document properties there are also attributes like keywords, category and comments which are less misleading to the assumption those properties could be part of the signed document. So for example users of SharePoint Office Server are acquainted with the behavior of showing data that is managed and shown on server side in that area above the document. You should also mention that the label on the menu for showing this area reads "Prepare Document for Publishing" which also in my opinion gives a clue that this data is not part of the signed document.
Although I would appreciate if Word 2007 would give more visual clue for the fact that this data isn't part of the signed document, I still believe that this is not a major security issue.
Regards,
their digital signature's scope.
From: "Naujoks, Hans-Dietmar" <Hans-Dietmar.Naujoks@tuev-sued.de>
Date: 12/14/2007 2:56:15 PM +010
> [...]
> In fact the visual clue you gave for a signed document in Word 2007
> shows that in the context for those document properties there
> are also attributes like keywords, category and comments
> which are less misleading to the assumption those properties
> could be part of the signed document. So for example users
> of SharePoint Office Server are acquainted with the
Dear Mr. Naujoks,
thanks for the feedback.
From: "Naujoks, Hans-Dietmar" <Hans-Dietmar.Naujoks@tuev-sued.de>
> I think Microsoft does not consider metadata attached to a document as
> part of the document and so they decided not to include it in the
> content protected by the certificate.
Considering that the MetaData not protected by the signature contains
among others:
Dear Mr. Poehls,
I think Microsoft does not consider metadata attached to a document as part of the document and so they decided not to include it in the content protected by the certificate.
This fits the way we use attaching metadata during the process of categorization to enable retrieval of a document by means and taxonomies of the recipient, not of the author. If instead, as you seem to propose, metadata would be treated as part of the document, attaching the metadata needed for retrieval purposes would invalidate the signature of the document.
Therefore this time I would go with Microsoft for their solution fits our needs and doesn't compromise the integrity protection of the document itself in any serious way. Just think of it as a sticker placed on the outside of a sealed envelope: You mustn't trust anything on the outside, just look inside the envelope to find the information you can rely on.
Yours
H.-D. Naujoks
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01531379
Version: 1
HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01531379
Version: 1
HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
I. Background
Microsoft Office is a suite containing several programs to
handle Office documents like text documents or spreadsheets.
The latest version uses an XML based document format.
Microsoft Office allows documents to be digitally signed by
authors using certified keys, allowing viewers to verify the
integrity and the origin based on the author's public key.
The author's public key certificate, which can come from a
Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
----------------------------------------------------------------------------
Help and Support Centre is the default application provided to access online
documentation for Microsoft Windows. Microsoft supports accessing help documents
directly via URLs by installing a protocol handler for the scheme "hcp",
a typical example is provided in the Windows XP Command Line Reference,
available at http://technet.microsoft.com/en-us/library/bb490918.aspx.
Using hcp:// URLs is intended to be safe, as when invoked via the registered
Tavis Ormandy wrote:
> Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
> ----------------------------------------------------------------------------
>
> Help and Support Centre is the default application provided to access online
> documentation for Microsoft Windows. Microsoft supports accessing help documents
> directly via URLs by installing a protocol handler for the scheme "hcp",
> a typical example is provided in the Windows XP Command Line Reference,
> available at http://technet.microsoft.com/en-us/library/bb490918.aspx.
>
> Using hcp:// URLs is intended to be safe, as when invoked via the registered
Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
----------------------------------------------------------------------------
Help and Support Centre is the default application provided to access online
documentation for Microsoft Windows. Microsoft supports accessing help documents
directly via URLs by installing a protocol handler for the scheme "hcp",
a typical example is provided in the Windows XP Command Line Reference,
available at http://technet.microsoft.com/en-us/library/bb490918.aspx.
Using hcp:// URLs is intended to be safe, as when invoked via the registered
I. Background
Microsoft Office is a suite containing several programs to
handle Office documents like text documents or spreadsheets.
The latest version uses an XML based document format.
Microsoft Office allows documents to be digitally signed by
authors using certified keys, allowing viewers to verify the
integrity and the origin based on the author's public key.
The author's public key certificate, which can come from a
Hash: SHA256
Hello, folks,
The United Kingdom's Centre for the Protection of National
Infrastructure has just released the document "Security Assessment of
the Transmission Control Protocol (TCP)", on which I have had the
pleasure to work during the last few years.
The motivation to produce this document is explained in the Preface of
the document as follows:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello, folks,
In February this year the UK CPNI published the document "Security
Assessment of the Transmission Control Protocol (TCP)" (available at:
http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf)
Earlier this year we published an IETF Internet-Draft version of this
document (available at:
Hash: SHA256
Hello, folks,
The United Kingdom's Centre for the Protection of National Infrastructure
has just released the document "Security Assessment of the Internet
Protocol", on which I have had the pleasure to work during the last year or
so.
The motivation to produce this document is explained in the Preface of the
document as follows:
Hash: SHA1
Cisco Security Advisory: SNMP Version 3 Authentication
Vulnerabilities
Document ID: 107408
Advisory ID: cisco-sa-20080610-snmpv3
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
I. Background
OpenOffice is a opensource suite containing several programs to
handle Office documents like text documents or spreadsheets.
The latest version uses an XML based document format (ODF).
OpenOffice allows documents to be digitally signed by authors
using certified keys, allowing viewers to verify the integrity
and the origin based on the author's public key.
The author's public-key certificate, which can come from
FWSM# show running-config | include http
http server enable
http 10.10.10.0 255.255.255.0 inside
FWSM#
This vulnerability is documented in Cisco Bug ID CSCsi77844 and does not
affect the PIX or ASA security appliances.
2. Crafted MGCP Packet
An FWSM that has the MGCP application layer protocol inspection feature
device by using permitted remote access protocols.
This vulnerability only affects Linux-based operating system Cisco
UVC products.
This vulnerability is documented in Cisco bug ID CSCti54008 and has been
assigned CVE ID CVE-2010-3038.
Remote Command Injection on the Web Interface in Cisco UVC Products
+------------------------------------------------------------------
http://www.akitasecurity.nl/advisory/AK20100601/002-outlook_open_mail_attachment.png
Figure 2: Opening Mail Attachment dialog.
For certain files, Outlook does not show the open dialog, but instead
proceeds with opening the attachment. Amongst these files are Microsoft
Office files (except for .mdb files, which are blocked), PDF documents
and image files. In addition, this is also true for files with the
extension .xaml, .xbap or .application. These extensions are normally
used by the .NET technologies XAML Browser Application (.xaml &
.xbap) and ClickOnce (.application). If the correct version of the .NET
Framework is installed, opening these type of attachments will start the
I. BACKGROUND
Word 2000 is a word processing application included with the Microsoft
Office 2000 software. The WordPerfect Converter is a tool used by Word
2000 to import documents from WordPerfect files and convert them for
editing in Word 2000 format.
II. DESCRIPTION
Exploitation of a stack corruption vulnerability in Microsoft Corp.'s
Different versions of Cisco IOS have different ways of verifying
whether the Cisco IOS device is listening for SIP messages. The show
ip sockets, show udp, show tcp brief all, and show control-plane host
open-ports commands can be used to determine this, although not all
of these commands work on all IOS releases. Since it is not practical
in this document to provide a list of commands corresponding to the
various releases, users should try the aforementioned commands to
determine which ones work for their device. The following is one
example of one command that shows a router listening on port 5060
(the SIP port):
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Web-based
Management Vulnerability
Document ID: 97836
Advisory ID: cisco-sa-20071017-IPCC
http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml
=================
Vulnerable Products
+------------------
The vulnerabilities described in this document apply to the Cisco VPN
Client on the Microsoft Windows platform. The affected versions are
included in the following table:
+----------------------------------------------------------------+
| Vulnerability Name | Versions | Cisco Bug ID |
Folks,
Our document "Recommendations for Transport-Protocol Port
Randomization" has finally been published as RFC 6056.
Its abstract is:
---- cut here ----
During the last few years, awareness has been raised about a number
of "blind" attacks that can be performed against the Transmission
Control Protocol (TCP) and similar protocols. The consequences of
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified
Communications Manager
Document ID: 112878
Advisory ID: cisco-sa-20110427-cucm
Revision 1.0
password. An unauthorized user could use this account to modify the
software configuration and operating system settings or gain complete
administrative control of the device. A software upgrade is not
required to resolve this vulnerability. Customers can change the root
account password by issuing a configuration command on affected
engines. The workarounds detailed in this document provide
instructions for changing the root account password.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20110601-mxe.shtml
IP SLA is an embedded agent in Cisco IOS Software designed to measure
and monitor common network performance metrics like jitter, latency
(delay), and packet loss.
The vulnerability that is described in this document is triggered by
malformed UDP packets triggered by malformed IP SLA packets sent to
the vulnerable device and port. A vulnerable device can be an IP SLA
responder or the source device of a vulnerable IP SLA operation.
This vulnerability is documented in Cisco bug ID CSCtk67073 and has been
deployments of up to 300 agents.
Vulnerable Products
+------------------
The vulnerabilities described in this document affect the following products:
* Cisco UCCX versions 5.x, 6.x, and 7.x
* Cisco Customer Response Solution (CRS) versions 5.x, 6.x, and 7.x
* Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) versions
5.x, 6.x, and 7.x
Next Page>>
|
