|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Virtualization Backdoors Emerge; Plus All This Week's Patches and Vulnerabilities
From: Security Threat Watch Newsletter (NetworkComputing
update.networkcomputing.com)
Date: Mon Jul 24 2006 - 13:04:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Security Threat Watch
Number 141
Monday, July 24, 2006
Created for you by Network Computing & Neohapsis
Virtual machines and virtualization are becoming more popular. For
enterprises, virtualization makes server management much easier. But
with great new advances in enterprise technology come new techniques to
exploit these new advances. In March of this year, the University of
Michigan and a Microsoft research team wrote a paper on how it is
possible to backdoor a virtual machine.
A prototype of this rootkit, named "subvirt," was created to test this
idea. It works by exploiting a vulnerability and then dropping a VMM
(virtual machine monitor) underneath a Windows or Linux host. Once the
target OS is loaded into a virtual machine, the rootkit becomes
impossible to detect because no security software running on the target
system can access its position. This really raises the bar for antivirus
and anti-spyware/malware applications to try to detect such a rootkit.
You can read more detail about this study at:
http://www.eecs.umich.edu/virtual/papers/king06.pdf
Also, many undocumented back-channels allow various functionalities to
communicate with the virtual machine. These back-channel functions allow
various actions, such as communicating between the host and a guest
operating system and connecting and disconnecting devices. An attacker
can use these back channels to further explore a network.
You can read more details about these various back-channels at:
http://chitchat.at.infoseek.co.jp/vmware/index.html
Until next issue,
- The Neohapsis Security Threat Watch Team
--- Advertisement
-----------------------------------------------------
ALERT: “How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!”
White Paper: The newest web app vulnerability… Blind SQL Injection! Even
if your web application does not return error messages, it may still be open
to a Blind SQL Injection Attack. Blind SQL Injection can deliver total control
of your server to a hacker giving them the ability to read, write and
manipulate all data stored in your backend systems! Download this *FREE*
white paper from SPI Dynamics for a complete guide to protection!
--- TechCareers: The Job Hunt And Age Discrimination
-----------------------------------------------
By Rusty DAversa, TechCareers.com
Fighting discrimination is all about proving your value to the hiring
manager, says a career expert.
http://www.techcareers.com/content/article.asp?articleid=185303267
--- Advertisement
-----------------------------------------------------
NWC Podcasts
Listen to Network Computing's editors talk about today's most pressing
enterprise challenges with some of the IT industry's leading experts.
Tune in as we cover topics including security, collaboration,
convergence and more.
http://www.networkcomputing.com/podcasts
--- New Vulnerabilities
-----------------------------------------------
Below is a list of new vulnerabilities announced this week.
Vulnerabilities considered to be 'critical' involve highly-deployed
software, or carry a high-risk of system compromise. Note that
vulnerabilities not highlighted may still be of critical severity
to your environment.
**** Highlighted critical vulnerabilities ****
IIS 6.0 ASP.DLL: ASP file local overflow
**** Newly announced vulnerabilities this week ****
____Windows____
BitZipper 4.1 unacev2.dll: ace archive remote overflow
http://archives.neohapsis.com/archives/bugtraq/2006-07/0269.html
IIS 6.0 ASP.DLL: ASP file local overflow
http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html
Microsoft IE 6: remote DoS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0379.html
Microsoft Power Point: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-07/0208.html
Norton Personal Firewall 2006 9.1.0.33: local DoS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0210.html
PcAnywhere 12: local privilege escalation
http://archives.neohapsis.com/archives/bugtraq/2006-07/0307.html
Sunbelt Kerio Personal Firewall 4.3.246: local DoS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0211.html
____Linux____
Rocks Clusters 4.1: privilege escalation
http://archives.neohapsis.com/archives/bugtraq/2006-07/0220.html
____Solaris____
Solaris 10 sysinfo: information disclosure
http://archives.neohapsis.com/archives/bugtraq/2006-07/0371.html
____Mac OS____
Mercury Messenger: information disclosure
http://archives.neohapsis.com/archives/bugtraq/2006-07/0255.html
____Network Devices____
Cisco CS-MARS 4.2.0: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-07/0334.html
http://archives.neohapsis.com/archives/bugtraq/2006-07/0344.html
D-Link multiple routers: UPNP remote overflow
http://archives.neohapsis.com/archives/vulnwatch/2006-q3/0012.html
____CGI____
AFCommerce Shopping Cart: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-07/0340.html
Adobe Shockwave: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0237.html
Advanced Guestbook 2.4: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-07/0381.html
Advanced Poll 2.02: remote file inclusion
http://archives.neohapsis.com/archives/bugtraq/2006-07/0365.html
BLOG CMS 4.0.0: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0401.html
Blackboard Academic Suite 6.2.23: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0403.html
Calendar Mambo Module 1.5.7: remote file include
http://archives.neohapsis.com/archives/bugtraq/2006-07/0289.html
Com Multibanners: remote file inclusion
http://archives.neohapsis.com/archives/bugtraq/2006-07/0402.html
DeluxeBB 1.07: multiple vulnerabilites
http://archives.neohapsis.com/archives/bugtraq/2006-07/0298.html
ExtCalendar Mambo Module 2: remote file include
http://archives.neohapsis.com/archives/bugtraq/2006-07/0310.html
Fantastic Guestbook 2.0.1: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-07/0243.html
Finjan Appliance 5100/8100 NG backup: information disclosure
http://archives.neohapsis.com/archives/bugtraq/2006-07/0222.html
Fire-Mouse TopList 1.1: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0383.html
IceWarp Web Mail 2.0.1: remote file inclusion
http://archives.neohapsis.com/archives/bugtraq/2006-07/0262.html
Invision Power Board 2.1.6: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2006-07/0311.html
http://archives.neohapsis.com/archives/bugtraq/2006-07/0249.html
Keyif Portal 2.0: information disclosure
http://archives.neohapsis.com/archives/bugtraq/2006-07/0295.html
ListMessenger 0.9.3: remote file inclusion
http://archives.neohapsis.com/archives/bugtraq/2006-07/0272.html
LoudBlog 0.5: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2006-07/0359.html
MicroGuestBook: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0380.html
MiniBB Forum 1.5: remote file include
http://archives.neohapsis.com/archives/bugtraq/2006-07/0369.html
http://archives.neohapsis.com/archives/bugtraq/2006-07/0400.html
http://archives.neohapsis.com/archives/bugtraq/2006-07/0226.html
MyGallery: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2006-07/0219.html
New Article Mambo Component 1.0: remote file include
http://archives.neohapsis.com/archives/bugtraq/2006-07/0286.html
Oracle Database 10: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2006-07/0301.html
http://archives.neohapsis.com/archives/bugtraq/2006-07/0312.html
http://archives.neohapsis.com/archives/bugtraq/2006-07/0314.html
PHP Event Calendar 1.4: remote file inclusion
http://archives.neohapsis.com/archives/bugtraq/2006-07/0258.html
PHP-Post 1.0: cookie tampering
http://archives.neohapsis.com/archives/bugtraq/2006-07/0299.html
Phorum 5.1.14: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-07/0224.html
Plesk Control Panel 8.0.0: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0260.html
Professional PHP Tools Guestbook: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-07/0292.html
Savant2: remote file include
http://archives.neohapsis.com/archives/bugtraq/2006-07/0370.html
SiteDepth CMS 3.01: remote file include
http://archives.neohapsis.com/archives/bugtraq/2006-07/0347.html
SubberZ Lite: remote file include
http://archives.neohapsis.com/archives/bugtraq/2006-07/0230.html
Top XL 1.1: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0349.html
Unidomedia Chameleon LE 1.203: directory traversal
http://archives.neohapsis.com/archives/bugtraq/2006-07/0361.html
VBZooM 1.11: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2006-07/0227.html
http://archives.neohapsis.com/archives/bugtraq/2006-07/0232.html
http://archives.neohapsis.com/archives/bugtraq/2006-07/0233.html
http://archives.neohapsis.com/archives/bugtraq/2006-07/0239.html
VisNetic Mail Server 8.3.5: remote file inclusion
http://archives.neohapsis.com/archives/bugtraq/2006-07/0267.html
WebScarab 20060621-0003: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0303.html
Webmin Usermin 1.280: arbitrary file disclosure
http://archives.neohapsis.com/archives/bugtraq/2006-07/0324.html
Zoho Virtual Office 3.02: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0291.html
boastMachine 3.1: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2006-07/0271.html
com_trade: remote file inclusion
http://archives.neohapsis.com/archives/bugtraq/2006-07/0395.html
hdweGUEST 2.1.1: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0315.html
iManage CMS 4.0.12: remote file inclusion
http://archives.neohapsis.com/archives/bugtraq/2006-07/0345.html
osDate 1.1.7: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-07/0323.html
phpBB 2.0.21: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0218.html
phpFaber TopSites 2.0.9: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2006-07/0348.html
planetGallery 22.05.2006: remote command execution
http://archives.neohapsis.com/archives/bugtraq/2006-07/0346.html
saphp: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2006-07/0216.html
____Cross Platform____
Firefox 1.5.0.4: remote DoS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0215.html
Samba 3.0.3: remote DoS
http://archives.neohapsis.com/archives/bugtraq/2006-07/0362.html
ToendaCMS 1.0.0: remote command execution
http://archives.neohapsis.com/archives/bugtraq/2006-07/0294.html
UFO2000 1057: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-07/0273.html
VMWare multiple products: SSL key information disclosure
http://archives.neohapsis.com/archives/bugtraq/2006-07/0335.html
____Other Platforms____
MyBulletinBoard 1.1.5: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2006-07/0254.html
--- Patches and Updates
-----------------------------------------------
The following contains a list of vendor patches and updates released
this week.
____Linux____
Debian > DSA 1109-1: rssh
http://archives.neohapsis.com/archives/vendor/2006-q3/0011.html
Debian > DSA 1110-1: samba
http://archives.neohapsis.com/archives/vendor/2006-q3/0012.html
Debian > DSA 1111-1: kernel
http://archives.neohapsis.com/archives/vendor/2006-q3/0013.html
Debian > DSA 1112-1: mysql-dfsg-4.1
http://archives.neohapsis.com/archives/vendor/2006-q3/0014.html
Debian > DSA 1113-1: zope2.7
http://archives.neohapsis.com/archives/vendor/2006-q3/0015.html
Debian > DSA 1114-1: hashcash
http://archives.neohapsis.com/archives/vendor/2006-q3/0016.html
Debian > DSA 1115-1: GnuPG2
http://archives.neohapsis.com/archives/vendor/2006-q3/0017.html
Debian > DSA 1116-1: gimp
http://archives.neohapsis.com/archives/vendor/2006-q3/0020.html
Debian > DSA 1117-1: libgd2
http://archives.neohapsis.com/archives/vendor/2006-q3/0021.html
Debian > DSA 1118-1: Mozilla
http://archives.neohapsis.com/archives/vendor/2006-q3/0022.html
Debian > DSA 1119-1: hiki
http://archives.neohapsis.com/archives/vendor/2006-q3/0023.html
Gentoo > GLSA200607-06: libpng
http://archives.neohapsis.com/archives/bugtraq/2006-07/0336.html
Gentoo > GLSA200607-07: xine-lib
http://archives.neohapsis.com/archives/bugtraq/2006-07/0357.html
Mandriva > MDKSA-2006:124: kernel
http://archives.neohapsis.com/archives/linux/mandrake/2006-q3/0021.html
Mandriva > MDKSA-2006:125: webmin
http://archives.neohapsis.com/archives/linux/mandrake/2006-q3/0022.html
Mandriva > MDKSA-2006:126: libtunepimp
http://archives.neohapsis.com/archives/linux/mandrake/2006-q3/0023.html
Mandriva > MDKSA-2006:127: gimp
http://archives.neohapsis.com/archives/linux/mandrake/2006-q3/0024.html
Mandriva > MDKSA-2006:128: wireshark
http://archives.neohapsis.com/archives/linux/mandrake/2006-q3/0025.html
Mandriva > MDKSA-2006:129: freetype2
http://archives.neohapsis.com/archives/linux/mandrake/2006-q3/0026.html
Mandriva > MDKSA-2006:130: kdelibs
http://archives.neohapsis.com/archives/linux/mandrake/2006-q3/0027.html
Trustix > TSLSA-2006-0042: gnupg kernel samba
http://archives.neohapsis.com/archives/bugtraq/2006-07/0360.html
Ubuntu > USN-313-2: OpenOffice.org
http://archives.neohapsis.com/archives/bugtraq/2006-07/0338.html
Ubuntu > USN-319-2: Linux kernel
http://archives.neohapsis.com/archives/bugtraq/2006-07/0337.html
Ubuntu > USN-320-1: PHP
http://archives.neohapsis.com/archives/bugtraq/2006-07/0327.html
Ubuntu > USN-321-1: mysql-dfsg-4.1
http://archives.neohapsis.com/archives/bugtraq/2006-07/0353.html
rPath > rPSA-2006-0130-1: kernel
http://archives.neohapsis.com/archives/bugtraq/2006-07/0265.html
rPath > rPSA-2006-0132-1: wireshark
http://archives.neohapsis.com/archives/bugtraq/2006-07/0333.html
rPath > rPSA-2006-0133-1: libpng
http://archives.neohapsis.com/archives/bugtraq/2006-07/0343.html
rPath > rPSA-2006-0134-1: sendmail
http://archives.neohapsis.com/archives/bugtraq/2006-07/0352.html
____HP UX____
SSRT06113: sendmail
http://archives.neohapsis.com/archives/bugtraq/2006-07/0351.html
SSRT061154: NIS ypserv
http://archives.neohapsis.com/archives/bugtraq/2006-07/0313.html
SSRT061201: openview
http://archives.neohapsis.com/archives/bugtraq/2006-07/0355.html
____Cross Platform____
OpenPKG-SA-2006.013: mutt
http://archives.neohapsis.com/archives/bugtraq/2006-07/0241.html
--- Advertisement
-----------------------------------------------------
Join InformationWeek and XOsoft for a FREE, on-demand
TechWebCast and learn about Microsoft Server Clusters and
how can they help improve IT uptime reliability? Also hear
how you can maintain business continuity with enterprise-
friendly features such as remote installation wizard.
Register and view today!
--- Sign Off
----------------------------------------------------------
If this e-mail was passed to you, and you would like to begin receiving
our free security e-mail newsletter on a weekly basis, we invite you to
subscribe today by forwarding this message to [subscribe_stwupdate.networkcomputing.com].
Or you can subscribe directly here:
http://www.networkcomputing.com/go/stw.jhtml
To manage all aspects of your subscription and newsletter account,
simply use the URL below. You'll need your e-mail address and
password to log in. If you don't have your password, you can generate
a new one using the same URL. Once logged in, you can change your
e-mail address and password as well as select specific platforms for
which you'd like to receive information on patches and vulnerabilities.
If you have any questions regarding this system, please don't hesitate
to e-mail us at stwnwc.com.
http://stwpref.update.networkcomputing.com/CMP/NWC/prefctr.asp
Put Us On Your White List
Don't let an over-eager e-mail filter bounce the Network Computing
Security Threat Watch newsletter! Our address:
NetworkComputingupdate.networkcomputing.com
needs to be in your address book or on your anti-spam white list. Ask your
admin or ISP how to do this, or check your anti-spam utility documentation.
Important subscription contacts:
CMP Media LLC
600 Community Drive
Manhasset, NY 11030
Unsubscribe to Network Computing's newsletters.
http://www.networkcomputing.com/newsletters/unsubscribe.html
Sign up for your own issue of this newsletter.
http://www.networkcomputing.com/newsletters/subscriptions.html
Subscribe to Network Computing's newsletters.
http://www.networkcomputing.com/newsletters/subscriptions.html
Still not receiving your own FREE subscription to Network Computing
magazine?
http://networkcomputingsubscriptions.com/customerservice/
ADDITIONAL SUBSCRIPTION CONTACT:
Please send an e-mail message to mailto:newsletterscmp.com if you need
assistance changing your e-mail address, unsubscribing from this
newsletter, or require additional assistance with your subscription.
Please be sure to include the name of this newsletter in your message.
Missed an issue? You can find all back issues of Security Threat Watch
(as well as Security Alert Consensus and Security Express) online.
http://archives.neohapsis.com/
Note: To better serve you we use dynamic URLs within our advertisments,
which allow us to see how many readers click on a given ad. We do not
share this information, or your personal information, with any outside
party. Concerned about the privacy of your information relative to these
tracking URLs? Please refer to our privacy policy.
http://www.doubleclick.net/us/corporate/privacy
We'd like to know what you think about the newsletter and what
information you'd like to see in future editions. E-mail your comments
to (stwnwc.com).
To unsubscribe from this newsletter, forward this message to
[unsubscribe_stwupdate.networkcomputing.com].
Copyright (c) 2006 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com). Powered by Neohapsis Inc., a
Chicago-based security assessment and integration services consulting
group (infoneohapsis.com | http://www.neohapsis.com/).
This message powered by DARTmail
http://www.doubleclick.net/us/corporate/privacy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]