|
|
Vulnerabilities Here There and Everywhere |
|
Date: 14 February 2008 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=8824 Greetings, This week contained Microsoft Patch Tuesday, and so you may have noticed an unusually high number of bulletins on Wednesday. By my count there were 22 in total (11 from Microsoft and 11 from other vendors). Of the Microsoft bulletins six (6) were rated as critical, however with MS08-006 you could execute code remotely in IIS. If that code was (or could be) an exploit for MS08-005 (elevation of privilege in IIS) then the combination would become a remote Administrator compromise that required no input from a user (such as visiting a web site or opening an Office document). Apart from Microsoft, Apple released Mac OS X 10.5.2 (and Security Update 2008-001). These addressed vulnerabilities in 10 different services most of which allowed remote code execution. Apple QuickTime (which was patched last Thursday to version 7.4.1 correcting a buffer overflow) is still vulnerable to a buffer overflow. So until Apple releases a fix, you may wish to check out AL-2008.0023. Not to be outdone by Microsoft and Apple, the Linux kernel had a Root Compromise vulnerability (ESB-2008.0146). Unfortunately (or fortunately) it was only locally exploitable. It probably should have been an Alert, but with the excitement of both the Apple and Microsoft bulletins (AL-2008.0015 and AL-2008.0016 respectively) I had pushed it before realising. If it was an Alert it would have made three alerts in a row on Tuesday morning, and that would have left me open for all sorts of jokes about being alert that morning. As it was I was questioned about whether I knew how to send non Alert bulletins. ClamAV (often used on email gateways to scan incoming email) corrected a remotely exploitable integer overflow vulnerability that allowed code execution. Version 0.92.1 corrects this problem, however if you haven't updated just yet, the virus-db update on Jan 11th disabled the vulnerable module. Lastly, there were two different IP phones reported vulnerable to remote code execution or administrator account compromise - Cisco IP Phone and Philips VOIP841. Given the increasing number of people moving to VOIP (both at home and at the work place) we will probably see an increase in the number of IP phones being targeted. While on the note of non-PC devices being attacked, eWeek has an interesting article on the security of Multifunction Printers. Starts to make me wonder about those Internet Fridges... Have a great weekend everyone! Regards, Richard |