security service
Predictable Resource Location:
There are standard paths to resources in XAMPP, which can be used for
attack.
http://site/security/ - security service of XAMPP
http://site/xampp/ - admin panel of XAMPP
http://site/phpmyadmin/ - PhpMyAdmin
http://site/webalizer/ - Webalizer
Information Leakage:
Vulnerability : none in nss
Problem type : none in nss
Debian-specific: no
CVE ID : not available
This update for the Network Security Service libraries marks several
fraudulent HTTPS certificates as unstrusted.
For the oldstable distribution (lenny), this problem has been fixed in
version 3.12.3.1-0lenny4.
[HSC] McAfee SecurityCenter Privacy Service HTML Execution Vulnerability
McAfee provides a proactive PC and Internet security service that helps you avoid
online attacks and protects what you value from hackers, identity thieves and other
online criminals.
A HTML execution vulnerability may allow an attacker to execute HTML scripts on
the system under the context of the user. These scripts can perform any action that the
user would. The flaw lies in the processing of filtering that is saved after exiting.
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-2404 CVE-2009-2408 CVE-2009-2409
Several vulnerabilities have been discovered in the Network Security
Service libraries. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-2404
Moxie Marlinspike discovered that a buffer overflow in the regular
On 2010-03-08 Andrew Barkley wrote:
> The following illustrates how one can easily disable ZoneAlarm's
> security for whatever malevolent purposes. This "vector" so to speak,
> is merely "abusing" a particular branch of the Windows registry, by
> registering this security service as disabled. When "exploiting" this
> "vector" (administrative privileges are assumed
Anything starting with "a user with administrative privileges can ..."
is neither a vulnerability nor a design flaw. Administrators can by
design do anything they want on the system. Period.
Quote: "FRISK Software International, established in 1993, is one of the
world's leading companies in antivirus research and product development.
FRISK Software produces the hugely popular F-Prot Antivirus products range
offering unrivalled heuristic detection capabilities. In addition to this,
the F-Prot AVES managed online e-mail security service filters away the
nuisance of spam e-mail as well as viruses, worms and other malware that
increasingly clog up inboxes and threaten data security."
II. Description
FRISK Software International, established in 1993, is one of the world's
leading companies in antivirus research and product development.
FRISK Software produces the hugely popular F-Prot Antivirus product range
offering unrivalled heuristic detection capabilities. In addition to this,
the F-Prot AVES managed online e-mail security service filters away the
nuisance of spam e-mail as well as viruses, worms and other malware that
increasingly clog up inboxes and threaten data security.
By supporting a wide range of platforms FRISK Software protects computer
networks of all sizes, running on diverse platforms. As a result, FRISK
Software provides its customers with comprehensive computer security
CVE Id : CVE-2010-1321
Debian Bug : 582261
Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for
authenticating users and services on a network, a null pointer
dereference flaw in the Generic Security Service Application Program
Interface (GSS-API) library could allow an authenticated remote attacker
to crash any server application using the GSS-API authentication
mechanism, by sending a specially-crafted GSS-API token with a missing
checksum field.
CVE Id : CVE-2010-1321
Debian Bug : 582261
Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for
authenticating users and services on a network, a null pointer
dereference flaw in the Generic Security Service Application Program
Interface (GSS-API) library could allow an authenticated remote attacker
to crash any server application using the GSS-API authentication
mechanism, by sending a specially-crafted GSS-API token with a missing
checksum field.
Quote: "FRISK Software International, established in 1993, is one of the
world's leading companies in antivirus research and product development.
FRISK Software produces the hugely popular F-Prot Antivirus products range
offering unrivalled heuristic detection capabilities. In addition to this,
the F-Prot AVES managed online e-mail security service filters away the
nuisance of spam e-mail as well as viruses, worms and other malware that
increasingly clog up inboxes and threaten data security."
II. Description
About the SecureWorks Counter Threat Unit(SM)
Our expert team of threat researchers, also known as the SecureWorks Counter Threat Unit(SM), identifies and analyzes emerging threats and develops countermeasures, correlations and SOC processes to protect clients’ critical information assets. The CTU frequently serves as an expert resource for the media, publishes technical analyses for the security community and speaks about emerging threats at security conferences. Leveraging our security technologies and a network of industry contacts, the CTU tracks leading hackers and analyzes anomalous activity, uncovering new attack techniques and threats. This process enables the CTU to identify threats as they emerge and develop countermeasures that protect our clients before damage occurs.
About SecureWorks
SecureWorks is a leading provider of world-class information security services with over 2,800 clients worldwide. Organizations of all sizes, including more than ten percent of the Fortune 500, rely on SecureWorks to protect their assets, support compliance and reduce costs. The combination of deep security knowledge and expertise, purpose-built security technology and processes and excellent client service makes SecureWorks the premier provider of information security services. Positioned in the Leader's Quadrant of Gartner's Magic Quadrant for MSSPs, SecureWorks has been recognized by SC Magazine's readers with the “Best Managed Security Service” award for 2006, 2007, 2008 & 2009 and has been named to the Inc. 500, Inc. 5000 and Deloitte lists of fastest-growing companies.
Disclaimer
Copyright © 2010 SecureWorks, Inc.
This advisory may not be edited or modified in any way without the express written consent of SecureWorks, Inc. If you wish to reprint this advisory or any portion or element thereof, please contact ctu@secureworks.com to seek permission. Permission is hereby granted to link to this advisory via the SecureWorks website at http://www.secureworks.com/ctu/advisories/SWRX-2010-001 or use in accordance with the fair use doctrine of U.S. copyright laws.
Subject: Cryptome: NSA has access to Windows Mobile smartphones
A widely known Web site Cryptome has released information about backdooring
Microsoft Windows machines today.
According to the post National Security Agency has access both stand-alone
systems and networks running Microsoft products.
The post states the following:
"This includes wireless wiretapping of "smart phones" running Microsoft
Mobile.
A widely known Web site Cryptome has released information about backdooring Microsoft Windows machines today.
According to the post National Security Agency has access both stand-alone systems and networks running Microsoft products.
The post states the following:
"This includes wireless wiretapping of “smart phones” running Microsoft Mobile.
Microsoft remote administrative privileges allow “backdooring” into Microsoft operating systems via IP/TCP ports 1024 through 1030."
According to the Cryptome's source this is typically triggered when devices visit Microsoft Update servers.
Date : Sep.1st~ 2nd, 2008 09:00~18:00
Venue : Grand Ballroom, COEX, Seoul, KOREA
Organized by : BOANNEWS,
Information Security Korea
Sponsored by :
Ministry of Public Administration and Security / Ministry of Knowledge Economy / Korea Information Security Agency etc.
- SPOT Consulting
- Fraunhofer Institut fuer Arbeitswirtschaft und Organisation IAO
- Universitaet Stuttgart, RUS CERT
- Consecur GmbH
- ISC^2
- The European Network and Information Security Agency (ENISA)
Sponsored by:
-------------
Alste Technologies GmbH
====================
Institue of Electrical and Electronics Engeneers, Inc. (IEEE)
IEEE Computer Society
SPOT Consulting
Fraunhofer Institut fuer Arbeitswirtschaft und Organisation (IAO)
European Network and Information Security Agency (ENISA)
gutachten.info
Universitaet Stuttgart, RUS-CERT
PROCEEDINGS PUBLISHED THROUGH
traffic (including passwords) to effectively eliminate eavesdropping,
connection hijacking, and other attacks. Additionally, OpenSSH
provides secure tunneling capabilities and several authentication
methods, and supports all SSH protocol versions.
The Generic Security Services Application Program Interface (GSSAPI,
also GSS-API) is an application programming interface for programs
to access security services.
The GSSAPI, by itself, does not provide any security. Instead,
security service vendors provide GSSAPI implementations usually
in the form of libraries installed with their security software.
world's leading companies in antivirus research and product
development.
FRISK Software produces the hugely popular F-Prot Antivirus products
range offering unrivalled heuristic detection capabilities.
In addition to this, the F-Prot AVES managed online email security
service filters away the nuisance of spam email as well as viruses,
worms and other malware that increasingly clog up inboxes and
threaten data security.
II. Description
~~~~~~~~~~~~~~~
- McAfee Total Protection for Endpoint
- McAfee Active Virus Defense
- McAfee Active VirusScan
It is unkown whether SaaS were affected (tough likely) :
- McAfee Email Security Service
- McAfee Total Protection Service Advanced
I. Background
~~~~~~~~~~~~~
Quote: "FRISK Software International, established in 1993, is one of the
world's leading companies in antivirus research and product development.
FRISK Software produces the hugely popular F-Prot Antivirus products range
offering unrivalled heuristic detection capabilities. In addition to this,
the F-Prot AVES managed online e-mail security service filters away the
nuisance of spam e-mail as well as viruses, worms and other malware that
increasingly clog up inboxes and threaten data security."
II. Description
Quote: "FRISK Software International, established in 1993, is one of the
world's leading companies in antivirus research and product development.
FRISK Software produces the hugely popular F-Prot Antivirus products range
offering unrivalled heuristic detection capabilities. In addition to this,
the F-Prot AVES managed online e-mail security service filters away the
nuisance of spam e-mail as well as viruses, worms and other malware that
increasingly clog up inboxes and threaten data security."
II. Description
The specific flaw exists within the Icihttp.exe module (CA Gateway
Security for HTTP), which responds to incoming HTTP requests on port
8080. Due to a flawed copy-loop algorithm in the URL parsing routine, it
is possible for a remote unauthenticated user to cause an exploitable
heap corruption condition. This could result in the execution of
arbitrary code under the context of the Gateway Security service.
-- Vendor Response:
CA states:
CA20110720-01: Security Notice for CA Gateway Security and Total
Defense
|
