Month: November 2006

The following bulletins have undergone a minor revision increment. * MS06-059 – http://www.microsoft.com/technet/security/bulletin/ms06-059.mspx  – Reason for Revision:  Bulletin updated the Knowledge Base Article for “Microsoft Office Excel Viewer 2003” in the “Affected Products” section.    – Originally posted: October 10, 2006  – Updated: November 29, 2006  – Bulletin Severity Rating: Critical  – Version: 1.1    * MS06-056 – http://www.microsoft.com/technet/security/bulletin/ms06-056.mspx  – Reason for Revision: Bulletin updated “Caveats” Section and “What are the known issues that customers may experience when they install this security update?” under the “Frequently Asked Questions (FAQ) Related to This Security Update” section.    – Originally posted: October 10, … Continue reading 5 Microsoft Security Bulletin Minor Revisions

F-Secure Security Bulletin FSC-2006-6OpenSSL denial of service vulnerability in F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper Date issued 2006-11-29Last updated 2006-11-29Risk factor Medium (Low/Medium/High/Critical)Brief description OpenSSL has released a security advisory on several vulnerabilities on OpenSSL. These vulnerabilities in OpenSSL can cause Denial of Service Attacks, buffer overflows or client crashes. F-Secure products are only affected by the possible ASN.1-related DoS attacks. (CVE-2006-2937) Versions of F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper use OpenSSL in the administrator web interface. By default the access to the web interface is accepted only from the same host but it can be configured to … Continue reading F-Secure Security Bulletin FSC-2006-6: OpenSSL denial of service vulnerability in F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper

Apple Mac OS X AppleTalk “AIOCREGLOCALZN” Denial of Service Vulnerabilityhttp://www.frsirt.com/english/advisories/2006/4746 A vulnerability has been identified in Apple Mac OS X, which could be exploited by malicious users to cause a denial of service. This flaw is due to an error when calling “ioctl()” on certain AppleTalk sockets with an “AIOCREGLOCALZN” request, which could be exploited by local attackers to panic a vulnerable system, creating a denial of service condition. Affected ProductsApple Mac OS X version 10.4.8 and prior  SolutionThe FrSIRT is not aware of any official supplied patch for this issue.    Apple Mac OS X “shared_region_make_private_np()” Memory Corruption Vulnerabilityhttp://www.frsirt.com/english/advisories/2006/4762 … Continue reading Multiple Vulnerabilities in Apple Mac OS X

Summary Adobe is aware of a recently published report of potential vulnerabilities in Adobe Reader and Acrobat. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. Affected software versions Adobe Reader 7.0.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0.0 through 7.0.8 on the Windows platform when using Internet Explorer. Users of other browsers are not affected. Solution The Secure Software Engineering team is working with the Adobe Reader Engineering team on an update to Adobe Reader and Acrobat 7.0.8 that will resolve these issues, which is … Continue reading Adobe Security Advisory: Potential vulnerabilities in Adobe Reader and Acrobat

Apple Mac OS X Mach-O Universal Binary Local Privilege Escalation Vulnerabilities http://www.frsirt.com/english/advisories/2006/4714  Two vulnerabilities have been identified in Apple Mac OS X, which could be exploited by local attackers to execute arbitrary code or cause a denial of service. The first flaw is due to an integer overflow error in the “fatfile_getarch2()” function when processing a malformed Mach-O Universal binary, which could be exploited by malicious users to obtain elevated privileges via a specially crafted Mach-O Universal file. The second issue is due to a memory corruption error when handling Mach-O binaries with malformed “load_command” structures, which could be exploited … Continue reading 3 Vulnerabilities in Apple Mac OS X