copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Publications » AusCERT Web Log » Vulnerabilities... one of the universal constants
 

Vulnerabilities... one of the universal constants
Date: 06 August 2010

Click here for printable version

It's been another busy week for both vendors and vulnerabilities. Administrators everywhere have been busy applying updates for software and hardware from Microsoft, Cisco, Hewlett-Packard and many more.

Early in the week saw an announcement by Microsoft regarding an Out of Band update for Microsoft Windows to combat a vulnerability in the Windows Shell which could allow the execution of code. Microsoft rated this update as critical. This is an important update for your Windows systems as there is malware that is actively exploiting this vulnerability.

Cisco also released a bulletin regarding multiple vulnerabilities in their ASA 5500 Adaptive Security Appliances and Firewall Services Module. These vulnerabilities could cause a denial of service for these affected products. Cisco has provided updates for some of the affected products, but has provided a workaround for those affected products which have reached their end of life. Currently, there are no known attempts to exploit this vulnerability.

A number of vulnerabilities were also announced in Wind River Systems VxWorks. VXWorks is a real-time operating system which, among other things, is used in some modern day aircraft, BMW's iDrive, and some Linksys and SonicWALL devices. One of these vulnerabilities could allow an attacker to brute force passwords due to a weak default hashing algorithm in the VxWorks standard authentication API, and the other vulnerability could allow for a root compromise of the system.

Adobe made an announcement regarding the upcoming release of updates for Adobe Reader and Adobe Acrobat to resolve critical security issues which could allow the execution of code. One of these vulnerabilities in particular was discussed at the Black Hat USA 2010 security conference as it was being used to jailbreak iPhones and iPads. Adobe is planning to have these updates available during the week of the 16th of August.

Hewlett-Packard also released five security bulletins this week announcing vulnerabilities and updates for their ProCurve series of switches. These vulnerabilities have a number of impacts, but for those devices which enable DHCP, you can create a denial of service condition by sending a malformed packet.

Have a great weekend!
Jonathan


Comments? Click here http://www.auscert.org.au/render.html?cid=7066&it=13167