Next Page >>
problems
virtual. The chassis contains actual partitioning hardware which
routes the various cpus to only see specific hardware devices. The
physical segmentation of the hardware obviously must be completely
secure and reliable to meet Sun's promises of high availability.
Sun's system partitioning domains are supposed to be the best of the
isolation schemes in the market. But perhaps even they have problems.
During the porting of OpenBSD/sparc64 to this family of machines it
was discovered that the OS kernel can trigger a fault. This fault is
caught by the systems management controller (the XSCF, Fujitsu's
version of LOM/RSC console) which then powers the domain down, marks
>> virtual. The chassis contains actual partitioning hardware which
>> routes the various cpus to only see specific hardware devices. The
>> physical segmentation of the hardware obviously must be completely
>> secure and reliable to meet Sun's promises of high availability.
>> Sun's system partitioning domains are supposed to be the best of the
>> isolation schemes in the market. But perhaps even they have problems.
>>
>> During the porting of OpenBSD/sparc64 to this family of machines it
>> was discovered that the OS kernel can trigger a fault. This fault is
>> caught by the systems management controller (the XSCF, Fujitsu's
>> version of LOM/RSC console) which then powers the domain down, marks
(Microsoft Foundation Classes), provide practical ways of embedding such
controls through classes like CHtmlEditView or CHtmlEditDoc.
Some of the advantages of using MSHTML are that it provides a particular,
feature-rich and somewhat complete support for DHTML and also that it is
easier to host Microsoft ActiveX Controls. However, in the context of this
advisory, such advantages may end up becoming security problems due to
design flaws and implementation bugs.
There are two particular characteristics in the implementation of the
described functionality that turn AIM‟s highly flexible message-content
features into high-risk attack vectors for its users.
(Microsoft Foundation Classes), provide practical ways of embedding such
controls through classes like CHtmlEditView or CHtmlEditDoc.
Some of the advantages of using MSHTML are that it provides a particular,
feature-rich and somewhat complete support for DHTML and also that it is
easier to host Microsoft ActiveX Controls. However, in the context of this
advisory, such advantages may end up becoming security problems due to
design flaws and implementation bugs.
There are two particular characteristics in the implementation of the
described functionality that turn AIM‟s highly flexible message-content
features into high-risk attack vectors for its users.
== DoS attacks on MIME-capable software via complex MIME emails ==
== Preface ==
On the phneutral 0x7d8 and RSS 08, I gave short talks on a widely unregarded
problem with MIME software. Due to popular demand, I decided to publish a
short writeup of the talk.
== What is MIME? ==
MIME is the standard format for email-messages. One could say, MIME is for
email, what html is for the web. The first RFC for MIME was published in
brlc> == DoS attacks on MIME-capable software via complex MIME emails ==
brlc> == Preface ==
brlc> On the phneutral 0x7d8 and RSS 08, I gave short talks on a widely unregarded
brlc> problem with MIME software. Due to popular demand, I decided to publish a
brlc> short writeup of the talk.
brlc> == What is MIME? ==
brlc> MIME is the standard format for email-messages. One could say, MIME is for
brlc> email, what html is for the web. The first RFC for MIME was published in
Hi,
I've found a few problems with the way DSL modems by a vendor Bharti and provided by Airtel (an Indian ISP) are setup. I've been talking
with Airtel on this over the past couple of months to try to get them to close the vulnerability. They feel that they have addressed the issue appropriately. Please find the details of the vulnerability below in the forwarded emails. The vulnerability can be verified by trying a telnet on any random Airtel IP (say 122.167.xx.xx).
Cheers,
Shishir
---------- Forwarded message ----------
From: Shishir Birmiwal <shr@birmiwal.net>
. *Local Intranet Zone: * For content located on an organization's
intranet.
. *Trusted Sites Zone: * For content located on Web sites that are
considered more reputable or trustworthy than other sites on the Internet.
. *Restricted Sites Zone: * For Web sites that contain content that
can cause (or have previously caused) problems when downloaded.
. *Local Machine Zone: * This is an implicit zone for content that
exists on the local computer and it is not directly configurable through
Internet Explorer security options by the user.
Internet Explorer users or Administrators can assign specific websites
the user whenever potentially unsafe content is about to be downloaded.
Web sites that are not mapped into other zones automatically fall into
this zone.
* Restricted Sites Zone: used for Web sites that contain content that
can cause (or have previously caused) problems when downloaded. This
zone causes Internet Explorer to alert users when potentially-unsafe
content is about to be downloaded, or to prevent the content from
downloading. The user adds the URLs of these un-trusted Web sites to
this zone.
This is a writeup about a flaw that I found recently, and that
existed in multiple implementations of SMTP (Simple Mail Transfer
Protocol) over TLS (Transport Layer Security) including my Postfix
open source mailserver. I give an overview of the problem and its
impact, how to find out if a server is affected, fixes, and draw
lessons about where we can expect similar problems. A time line
is at the end.
For further reading:
http://www.kb.cert.org/vuls/id/555316
> it can potentially affect any web site including Google's various services
> (if Google would have used Debian systems to create their private keys).
>
>
> OpenID is "singled out" because I am not talking about a potential
> problem but an actual problem.
>
>
> Sorry Ben, but any web site or service (HTTP, SMPT, IMAP, SSH, VPN, etc)
> which makes use of a compromised key has an actual problem and not a
> potential problem. Open ID as a standard isn't more affected than, lets say
Are all Application developers now required to work around obvious bugs
in the way Windows handles the mailto: handler ?
What you call for is in essence - mitigation, yes it's fine to mitigate
a "vulnerability". But shouldn't we be concentrating on finding and
fixing the root cause instead of trying to mitigate the problem in
(hundrets) of third-party applications ?
RAG> How is that a Microsoft or Windows problem?
How is that _not_ a Windows Problem ?
Are all Application developers now required to work around obvious bugs
in the way Windows handles the mailto: handler ?
What you call for is in essence - mitigation, yes it's fine to mitigate
a "vulnerability". But shouldn't we be concentrating on finding and
fixing the root cause instead of trying to mitigate the problem in
(hundrets) of third-party applications ?
RAG> How is that a Microsoft or Windows problem?
How is that _not_ a Windows Problem ?
If I click on the test link in IE 7, by itself, it does not have the vulnerability.
The applications in question are accepting abitrary input and not validating correctly.
How is that a Microsoft or Windows problem?
Don't get me wrong, I want to protect end-users as much as the next person (as does MS), but if it is the application not validating correctly, could there not be hundreds of potential characters and strings that cause input validation problems in particular circumstances, which will vary according to the application?
If Microsoft scrubs out every potential malicious character, it's bound to break lots of legitimate applications. That would make plenty of users and developers mad.
6. *Vendor Information, Solutions and Workarounds*
This issue was reported to Microsoft in August 2009. The vendor has
acknowledged the report and after extensive analysis indicated that it
plans to solve the problem in future updates to the associated products.
We recommend affected users to run all mission critical Windows
applications on non-virtualized systems or to use virtualization
technologies that aren't affected by this bug. Windows operating systems
and applications that must run virtualized using Virtual PC technologies
May 04, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : php5
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-2107 CVE-2008-2108 CVE-2008-5557 CVE-2008-5624
CVE-2008-5658 CVE-2008-5814 CVE-2009-0754 CVE-2009-1271
Debian Bugs : 507101 507857 508021 511493 523028 523049
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: PHP 5 <= 5.2.5
PHP 4 <= 4.4.8
Severity: Weak random number seed might lead to security
problems in PHP applications using random numbers
Risk: Low
Vendor Status: Vendor has released PHP 5.2.6 which uses a different seed
Reference: http://www.sektioneins.de/advisories/SE-2008-02.txt
April 17th, 2008 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : openoffice.org
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE IDs : CVE-2007-5745 CVE-2007-5746 CVE-2007-5747 CVE-2008-0320
Several security related problems have been discovered in
OpenOffice.org, the free office suite. The Common Vulnerabilities and
- -----------/
2) COMODO FIREWALL PRO (BID 28742, CVE-2008-1736)
In Comodo there are problems in the arguments validation of
'NtDeleteFile', 'NtCreateFile' and 'NtSetThreadContext' functions.
'NtDeleteFile' receives just one parameter, a pointer to an
'OBJECT_ATTRIBUTES' structure. These attributes would include the
'ObjectName' and the 'SECURITY_DESCRIPTOR', for example. This is the
hook placed by Comodo at 'NtDeleteFile'.
January 13, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : postgresql-8.1
Vulnerability : several
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601
Several local vulnerabilities have been discovered in PostgreSQL, an
object-relational SQL database. The Common Vulnerabilities and Exposures
January 14, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : postgresql-7.4
Vulnerability : several
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601
Several local vulnerabilities have been discovered in PostgreSQL, an
object-relational SQL database. The Common Vulnerabilities and Exposures
of information about various security issues.
I think it is quite common that companies try to behave as if nothing
really happened, or as if the issue wasn't that important. From my
experience, huge a lot of companies fail to inform their clients of
problems when the issue is patched. If you want to make the information
public, make sure everything is _really_ patched, then ask the company
to inform their Clients (if they don't want to act so). If the company
says:
'Nothing baaad really happened. This and this could be done. Our clients
January 26th, 2011 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : openoffice.org
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453
CVE-2010-3454 CVE-2010-3689 CVE-2010-4253 CVE-2010-4643
Several security related problems have been discovered in the
June 25, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : tiff
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2011-0191 CVE-2011-0192 CVE-2011-1167
Debian Bug : 619614 630042
The recent tiff update DSA-2210-1 introduced a regression that could
January 31, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : git-core
Vulnerability : several
Problem type : remote
Debian-specific: no
Debian bug : 532935
CVE ID : CVE-2009-2108
A bug in git-core caused the security update in DSA 1841 to fail to
February 02, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : moodle
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2009-4297 CVE-2009-4298 CVE-2009-4299 CVE-2009-4301
CVE-2009-4302 CVE-2009-4303 CVE-2009-4305
Debian Bugs : 559531
December 16, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : cacti
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Ids : CVE-2007-3112 CVE-2007-3113 CVE-2009-4032
Debian Bugs : 429224
Several vulnerabilities have been found in cacti, a frontend to rrdtool
November 16, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : apache2
Vulnerability : multiple issues
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-3094 CVE-2009-3095 CVE-2009-3555
A design flaw has been found in the TLS and SSL protocol that allows
6. *Vendor Information, Solutions and Workarounds*
The vendor issued security bulletin HPSBMA02477 SSRT090177 to address
the problem and provide fixes. It is available at
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01926980
The database service of HP Openview Network Node Manager is remotely
accessible on port 2690/tcp. Restricting or blocking access to that port
will prevent exploitation but may prevent normal operation of Openview NNM.
October 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : strongswan
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-1957 CVE-2009-1958 CVE-2009-2185 CVE-2009-2661
Debian Bug : 531612 533837 540144
Several remote vulnerabilities have been discovered in strongswan, an
Next Page>>
|
