Taiwan demands more attention from FBI

Taiwan’s hi-tech police have voiced serious concerns about the lack of cooperation from US authorities on important cybercrime issues. Lee Hsiang-chen, head of the Hi-tech Criminal Centre at the National Police Agency of Taiwan, has gone on record as saying that requests for assistance from his unit routinely go unanswered. And all this is happening while serious cybercrimes are being committed, including fraud, piracy and the spread of child pornography.


http://www.viruslist.com/en/news?id=208274008

5 Microsoft Security Bulletin Minor Revisions

The following bulletins have undergone a minor revision increment.


* MS06-059


- http://www.microsoft.com/technet/security/bulletin/ms06-059.mspx
  – Reason for Revision:  Bulletin updated the Knowledge Base Article for “Microsoft Office Excel Viewer 2003″ in the “Affected Products” section. 
  – Originally posted: October 10, 2006
  – Updated: November 29, 2006
  – Bulletin Severity Rating: Critical
  – Version: 1.1
   
* MS06-056


- http://www.microsoft.com/technet/security/bulletin/ms06-056.mspx
  – Reason for Revision: Bulletin updated “Caveats” Section and “What are the known issues that customers may experience when they install this security update?” under the “Frequently Asked Questions (FAQ) Related to This Security Update” section. 
  – Originally posted: October 10, 2006
  – Updated: November 29, 2006
  – Bulletin Severity Rating: Moderate
  – Version: 1.3
   
* MS06-039


- http://www.microsoft.com/technet/security/bulletin/ms06-039.mspx
  – Reason for Revision: Bulletin updated to provide clarity “Affected Software” in the “Tested Software and Security Update Download Location” section. 
  – Originally posted: July 11, 2006
  – Updated: November 29, 2006
  – Bulletin Severity Rating: Critical
  – Version: 1.2
   
* MS06-033


- http://www.microsoft.com/technet/security/bulletin/ms06-033.mspx
  – Reason for Revision: Bulletin updated ” Caveats” Section and “What are the known issues that customers may experience when they install this security update?” under the ” Frequently Asked Questions (FAQ) Related to This Security Update” section. 
  – Originally posted: July 11, 2006
  – Updated: November 29, 2006
  – Bulletin Severity Rating: Important
  – Version: 1.3
   
* MS06-012


- http://www.microsoft.com/technet/security/bulletin/ms06-012.mspx
  – Reason for Revision: Bulletin Updated: “What updates does this release replace?” for Microsoft Outlook in the “Frequently asked questions (FAQ) related to this security update”section.  
  – Originally posted: March 14, 2006
  – Updated: November 29, 2006
  – Bulletin Severity Rating: Critical
  – Version: 1.3

F-Secure Security Bulletin FSC-2006-6: OpenSSL denial of service vulnerability in F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper

F-Secure Security Bulletin FSC-2006-6
OpenSSL denial of service vulnerability in F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper


Date issued 2006-11-29
Last updated 2006-11-29
Risk factor Medium (Low/Medium/High/Critical)
Brief description OpenSSL has released a security advisory on several vulnerabilities on OpenSSL. These vulnerabilities in OpenSSL can cause Denial of Service Attacks, buffer overflows or client crashes. F-Secure products are only affected by the possible ASN.1-related DoS attacks. (CVE-2006-2937)


Versions of F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper use OpenSSL in the administrator web interface. By default the access to the web interface is accepted only from the same host but it can be configured to be also accessible from the network.
Software F-Secure Anti-Virus for Microsoft Exchange
F-Secure Internet Gatekeeper
Affected versions F-Secure Anti-Virus for Microsoft Exchange 6.40 and 6.60
F-Secure Internet Gatekeeper 6.40, 6.41, 6.42, 6.50 and 6.60
Affected platforms All platforms supported by the affected products
Bulletin location http://www.f-secure.com/security/fsc-2006-6.shtml


Patches is available.  See download link and notes at http://www.f-secure.com/security/fsc-2006-6.shtml

Multiple Vulnerabilities in Apple Mac OS X

Apple Mac OS X AppleTalk “AIOCREGLOCALZN” Denial of Service Vulnerability
http://www.frsirt.com/english/advisories/2006/4746


A vulnerability has been identified in Apple Mac OS X, which could be exploited by malicious users to cause a denial of service. This flaw is due to an error when calling “ioctl()” on certain AppleTalk sockets with an “AIOCREGLOCALZN” request, which could be exploited by local attackers to panic a vulnerable system, creating a denial of service condition.


Affected Products
Apple Mac OS X version 10.4.8 and prior 


Solution
The FrSIRT is not aware of any official supplied patch for this issue. 


 


Apple Mac OS X “shared_region_make_private_np()” Memory Corruption Vulnerability
http://www.frsirt.com/english/advisories/2006/4762


A vulnerability has been identified in Apple Mac OS X, which could be exploited by local attackers to execute arbitrary commands. This flaw is due to a memory corruption error within the “shared_region_make_private_np()” call when handling malformed arguments, which could be exploited by malicious users to cause a denial of service or obtain elevated privileges.


Affected Products
Apple Mac OS X version 10.3.9 and prior


Solution
The FrSIRT is not aware of any official supplied patch for this issue.


Apple Mac OS X Multiple Command Execution and Denial of Service Vulnerabilities
http://www.frsirt.com/english/advisories/2006/4750
http://docs.info.apple.com/article.html?artnum=304829


Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to execute arbitrary commands, cause a denial of service, disclose sensitive information, or bypass security restrictions.


The first issue is due to a buffer overflow error in the AirPort wireless driver’s handling of probe response frames, which could be exploited by remote attackers to compromise a vulnerable system. For additional information, see : FrSIRT/ADV-2006-4313


The second flaw is due to an error in the Apple Type Services server that creates error log files insecurely, which could allow malicious local users to overwrite or create arbitrary files with system privileges.


The third vulnerability is due to buffer overflow errors in the Apple Type Services server when processing malformed requests, which could allow malicious local users to cause a denial of service or execute arbitrary commands with system privileges.


The fourth issue is due to a stack overflow error in the Apple Type Services server when processing malformed fonts, which could allow malicious local users to cause a denial of service or execute arbitrary commands with system privileges when a malicious font is opened or previewed in Finder.


The fifth flaw is due to an error in CFNetwork when processing certain URIs, which could be exploited by attackers to entice users to access a specially crafted FTP URI and issue arbitrary FTP commands using their credentials.


The sixth flaw is due to a heap overflow error in Finder when browsing a directory containing a malformed “.DS_Store” file, which could be exploited by attackers to execute arbitrary commands with the privileges of the user running Finder.


The seventh vulnerability is due to an error in the ftpd server when authenticating a valid user, which could be exploited by remote attackers to determine the existence of a particular account.


The eighth flaw is due to an error in the Installer that allows system privileges to be used when installing certain packages as an Admin user without requiring authentication, which could be exploited by attackers to bypass security restrictions or potentially gain elevated privileges.


The ninth issue is due to a buffer overflow error in PPP when handling malformed PPPoE traffic, which could be exploited by an attacker on the local network to execute arbitrary commands with system privileges.


The tenth vulnerability is due to an error in the Security Framework when negotiating the best mutually-supported cipher, which could cause the Secure Transport to use a cipher that provides no encryption or authentication.


The eleventh flaw is due to an error in the Security Framework when processing X.509 certificates containing a malformed public key, which could be exploited by attackers to cause a denial of service.


The twelfth issue is due to an error in the Online Certificate Status Protocol (OCSP) service that does not properly retrieve certificate revocation lists on systems configured to use an HTTP proxy, which could be exploited by attackers to bypass security restrictions.


The thirteenth issue is due to an error when handling the certificate revocation list, which could cause revoked certificates to be erroneously honored.


The fourteenth vulnerability is due to an error in the VPN server that does not properly clean the environment, which could be exploited by malicious users to create malicious files or execute arbitrary commands with system privileges.


The fifteenth flaw is due to a memory corruption error in WebKit when processing malformed HTML documents, which could be exploited by attackers to execute arbitrary commands.


Affected Products
Apple Mac OS X version 10.3.9 and prior
Apple Mac OS X Server version 10.3.9 and prior
Apple Mac OS X version 10.4.8 and prior
Apple Mac OS X Server version 10.4.8 and prior


Solution


Security Update 2006-007 (10.3.9 Client) :
http://www.apple.com/support/downloads/securityupdate20060071039client.html
Security Update 2006-007 (10.3.9 Server) :
http://www.apple.com/support/downloads/securityupdate20060071039server.html
Security Update 2006-007 (10.4.8 Client Intel) :
http://www.apple.com/support/downloads/securityupdate20060071048clientintel.html
Security Update 2006-007 (10.4.8 Client PPC) :
http://www.apple.com/support/downloads/securityupdate20060071048clientppc.html
Security Update 2006-007 (10.4.8 Server PPC) :
http://www.apple.com/support/downloads/securityupdate20060071048serverppc.html
Security Update 2006-007 (10.4.8 Server Universal) :
http://www.apple.com/support/downloads/securityupdate20060071048serveruniversal.html

Adobe Security Advisory: Potential vulnerabilities in Adobe Reader and Acrobat

Summary


Adobe is aware of a recently published report of potential vulnerabilities in Adobe Reader and Acrobat. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.


Affected software versions


Adobe Reader 7.0.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0.0 through 7.0.8 on the Windows platform when using Internet Explorer. Users of other browsers are not affected.
Solution


The Secure Software Engineering team is working with the Adobe Reader Engineering team on an update to Adobe Reader and Acrobat 7.0.8 that will resolve these issues, which is expected to be available in the near future. A security bulletin will be published on http://www.adobe.com/support/security as soon as that update is available.


The upcoming version of Adobe Reader, which will not be vulnerable to this issue, is also expected to be available in the near future. Acrobat 8 is not affected by this issue. The vulnerability is in an ActiveX control used by Internet Explorer; users of other browsers are not affected. The following workaround will prevent these vulnerabilities from occurring in Adobe Reader 7.0.X on Windows using Internet Explorer:


  1. Exit Internet Explorer and Adobe Reader.
  2. Browse to <volume>:Program FilesAdobeAcrobat 7.0ActiveX. Note: If you did not install Acrobat to the default location, browse to the location of your Acrobat 7.0 folder.
  3. Select AcroPDF.dll and delete it.

NOTE: This workaround will prevent PDF documents from opening within an Internet Explorer window. After applying this workaround, clicking on PDF files within Internet Explorer will either open in a separate instance of Adobe Reader or the user will be prompted to download the file, which can then be opened in Adobe Reader. This workaround may disrupt some enterprise workflows and use of PDF forms.


http://www.adobe.com/support/security/advisories/apsa06-02.html

Dell gave late security warning but … that’s better than never

I blogged last October 10th about the Dell fake email that contain an infected file.  Dell finally warned their customers via their blog on 26th of November.  That’s a bit late Dell but it’s better than never [Y]


Laura Bosworth of Dell recommends Dell customers to visit www.dell.com/spoof for more information and how to protect yourself against them.  The said www.dell.com/spoof page was published by their Customer Care team or department on 10/20/2006 as Document Number: 310541.


 

3 Vulnerabilities in Apple Mac OS X


Two vulnerabilities have been identified in Apple Mac OS X, which could be exploited by local attackers to execute arbitrary code or cause a denial of service.

The first flaw is due to an integer overflow error in the “fatfile_getarch2()” function when processing a malformed Mach-O Universal binary, which could be exploited by malicious users to obtain elevated privileges via a specially crafted Mach-O Universal file.

The second issue is due to a memory corruption error when handling Mach-O binaries with malformed “load_command” structures, which could be exploited by local attackers to cause a denial of service or potentially gain elevated privileges.

Affected Products
Apple Mac OS X version 10.4.8 and prior

Solution:
The FrSIRT is not aware of any official supplied patch for this issue



A vulnerability has been identified in Apple Mac OS X, which could be exploited by local attackers to cause a denial of service. This flaw is due to an error in the “kevent()” [kern/kern_event.c] function when registering certain kernel events, which could be exploited by malicious local unprivileged users to panic a vulnerable system, creating a denial of service condition.

Affected Products
Apple Mac OS X version 10.4.8 and prior

Solution
The FrSIRT is not aware of any official supplied patch for this issue.

Windows Vista Experience Index Score survey

I created a survey about the above title.  It’s in http://www.dozleng.com/updates/index.php?showtopic=12088


OK.. Vista isn’t out-there for home users yet but it is out since Nov. 17 to MSDN, Technet Plus subscribers and others (business – small or big) and most Microsoft MVPs has it now through those subscription/s.  So there must be some of you who are reading here or beta-tests Vista before and you might want to participate.  Require membership though.  It’s free to join! so share us what is your Windows Vista Experience Index Score.

Vista got me!

I have something to reveal… I can’t blog much or visit forums (I vist my baby CoU though but I’m not also posting much) because something … got me busy online (not offline).  It’s Vista Ultimate.


Blame Vista because I’m spending so much time using it! There are many things about Vista that really makes me busy.  It has the application that I need and want.  To be honest, I haven’t install much stuff in Vista like I used in Windows XP.  Reason is not because of compatibility issue but because most of the stuff I need in my daily computing is in Vista already.  I’m not exaggerating folks! I’m exploring Vista a lot especially by using it as Standard User which is really cool because I dont have to log-off to sign-in much as admin just to make a small change in Windows.


Gadgets, Windows Switcher, Sidebar, Slideshow, Backup (whole drive or system backup BTW! not just a personal data backup), encryption, performance tools and many more. 


I promised though to actively posting/blogging here and there again this week.  I’ll be blogging 2 or 3 entries today though [;)]