Security Poll: The "I need to" List

The Microsoft Solutions for Security and Compliance (MSSC) team have been running an informal poll since October 2005 targeted to IT pros and IT “generalists” asking them what their security “priorities” were. Result of the poll can be found in their weblog: http://blogs.technet.com/secguide/archive/2005/12/20/416324.aspx

Sygate Protection Agent 5.0 vulnerability

Sygate Protection Agent 5.0 vulnerability – A low privileged user can disable the security agent The Sygate Protection Agent is one of the components within the Sygate Enterprise Protection software suite. The agent acts as a personal firewall and detects known Trojans, port scans and common attacks. When an attack is detected, the product can selectivley block traffic, services or applications.  A vulnerability has been identified in the product that allows a low privileged user to disable the Security Protection Agent, which could place the system being protected at risk of attack. Tested version: Sygate Protection Agent 5.0 (build 6144) … Continue reading Sygate Protection Agent 5.0 vulnerability

Authenticated EIGRP DoS and Information Disclosure

“The Enhanced Interior Gateway Routing Protocol (EIGRP) represents an evolution from its predecessor IGRP (refer to Chapter 42, “Interior Gateway Routing Protocol”). This evolution resulted from changes in networking and the demands of diverse, large-scale internetworks. Enhanced IGRP integrates the capabilities of link-state protocols into distance vector protocols.” By sniffing information from EIGRP Authentication, attackers can gain information about the routers. By crafting special requests attackers can cause a DoS on EIGRP routers. Vulnerable Systems: EIGRP version 1.2Workarounds: Ensuring that the infrastructure devices are protected, by both local and remote access means will help mitigate these vulnerabilities. Blocking access to … Continue reading Authenticated EIGRP DoS and Information Disclosure

Merry Christmas and malware hunting

McAfee Inc. released its security outlook for 2006, and predicts “a dramatic increase in mobile security threats, more phishing scams and identity theft”.  Furthermore, McAfee “says it expects the number of attacks on Internet service providers to decline while those aimed at the financial sector will remain steady”. Globeandmail.com

Wikipedia Erects Accuracy Firewall

Wikipedia has implemented a new policy of using “semi-protection,” which prevents newly registered and unregistered users from making changes on articles that are targets of frequent vandalism.  Although it sounds like a big change, it is actually only a modification of Wikipedia’s protection policy, which allows administrators to protect images and pages from editing by anyone but other administrators.  The policy was instituted after a complaint lodged regarding an inaccuracy in an article about the assassination of John F. Kennedy was not resolved after several months.  The episode caused debate about Wikipedia’s precision, but a recent peer review by the … Continue reading Wikipedia Erects Accuracy Firewall

Symantec AntiVirus RAR Archive Handling Buffer Overflow Vulnerability

A critical vulnerability has been identified in various Symantec AntiVirus products, which may be exploited by remote attackers or malware to execute arbitrary code. This flaw is due to a heap overflow error in the “Dec2Rar.dll” library when pocessing certain length fields in the sub-block headers of RAR archives, which may be exploited by an unauthenticated remote attacker to execute arbitrary commands and take complete control of an affected system (e.g. by sending an email containing a specially crafted attachment). Affected Products: Symantec AntiVirus Corporate Edition 8.0 Symantec AntiVirus Corporate Edition 8.01 Symantec AntiVirus Corporate Edition 8.1.1 Symantec AntiVirus Corporate … Continue reading Symantec AntiVirus RAR Archive Handling Buffer Overflow Vulnerability

Eudora Qualcomm WorldMail Remote Buffer Overflow Vulnerability

A vulnerability has been identified in Eudora Qualcomm WorldMail, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer overflow error when processing overly long IMAP commands (e.g. AUTHENTICATE or LIST) ending with the “}” character, which could be exploited by remote unauthenticated attackers to compromise a vulnerable system and execute arbitrary commands with SYSTEM privileges. Affected Products:  Eudora Qualcomm WorldMail version 3.0 and prior http://www.frsirt.com/english/advisories/2005/3005

McAfee Security Center ActiveX Control File Overwrite Vulnerability

A vulnerability has been identified in McAfee Security Center, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to an access validation error within the “MCINSCTL.DLL” ActiveX control that does not use the “IObjectSafetySiteLock()” API to restrict domains that can call the “McLog” object and the “StartLog” and “AddLog” methods, which could be exploited via a specially crafted Web page to write arbitrary files (e.g. to the startup folder) that will be executed automatically during the next reboot or logon session. Affected Products:  McAfee VirusScan (mcinsctl.dll 4.0.0.83) and prior Solution:  Vulnerable products are updated … Continue reading McAfee Security Center ActiveX Control File Overwrite Vulnerability

Kerio product acquisition completed

In today’s press release of Sunbelt Software, they announced the completion of their acquisition of Kerio Personal & Server Firewalls. Key points: Both of Kerio’s firewall products will be re-branded on an interim basis as the “Sunbelt Kerio Personal Firewall” and “Sunbelt Kerio ServerFirewall“. Existing customers of both products will receive full technical support through Sunbelt, with the additional enhancement of access to the company’s industry-leading toll-free support. Sunbelt will also maintain Kerio’s product support forums for both products, with full transition of the forums to Sunbelt servers expected by January. Forum link here Continued availability of the free basic … Continue reading Kerio product acquisition completed