|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Latest Microsoft Patches; BrightStor ARCserve Backup Vulnerability
From: Security Threat Watch Newsletter (NetworkComputing
update.networkcomputing.com)
Date: Tue Jan 16 2007 - 13:04:52 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Security Threat Watch
Number 165
Tuesday, January 16, 2007
Created for you by Network Computing & Neohapsis
Last week, Microsoft came out with its usual set of Tuesday patches.
These patches cover security issues in Microsoft Windows, Microsoft
Outlook and Microsoft Excel for vulnerabilities ranging from arbitrary
code execution to denial of service attacks. Microsoft at the last
minute pulled out security updates for Microsoft Word because of
problems with the quality of the updates. More about these patches can
be found in the Highlighted Vulnerabilities section.
In other news, a vulnerability in BrightStor ARCserve Backup can allow
an attacker to execute arbitrary code on vulnerable installations. The
bug exists in the handling of RPC requests in the Tape Engine Service
that listens on port 6502. More about this vulnerability can be found in
the Highlighted Vulnerabilities section and patch details are located at:
http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secnotice.asp
Until next issue,
- The Neohapsis Security Threat Watch Team
--- Advertisement
-----------------------------------------------------
Join Intelligent Enterprise and KnowNow for a FREE, live
TechWebCast and learn how KnowNow’s RSS Enablement solution
can “RSS-ify” non-RSS-enabled systems through a centralized
approach that provides your key stakeholders with persistent,
always-on, connection to critical, and relevant, information.
Tuesday,January 30,2007- 9:00-10:00 AM PT/12:00-1:00 PM ET
--- TechCareers: The Job Hunt And Age Discrimination
-----------------------------------------------
By Rusty DAversa, TechCareers.com
Fighting discrimination is all about proving your value to the hiring
manager, says a career expert.
http://www.techcareers.com/content/article.asp?articleid=185303267
-----------------------------------------------
--- New Vulnerabilities
-----------------------------------------------
Below is a list of new vulnerabilities announced this week.
Vulnerabilities considered to be 'critical' involve highly-deployed
software, or carry a high-risk of system compromise. Note that
vulnerabilities not highlighted may still be of critical severity
to your environment.
**** Highlighted critical vulnerabilities ****
CA BrightStor ARCserve Backup 11.5: remote overflow
Microsoft: multiple vulnerabilities
**** Newly announced vulnerabilities this week ****
____Windows____
Adobe Macromedia ColdFusion MX 7.0.2: information disclosure
http://archives.neohapsis.com/archives/bugtraq/2007-01/0270.html
CA BrightStor ARCserve Backup 11.5: remote overflow
http://archives.neohapsis.com/archives/bugtraq/2007-01/0340.html
http://archives.neohapsis.com/archives/bugtraq/2007-01/0325.html
http://archives.neohapsis.com/archives/bugtraq/2007-01/0318.html
http://archives.neohapsis.com/archives/bugtraq/2007-01/0315.html
http://archives.neohapsis.com/archives/bugtraq/2007-01/0314.html
http://archives.neohapsis.com/archives/bugtraq/2007-01/0261.html
Cisco Secure Access Control Server: multiple vulnerabilities
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0009.html
Cisco Unified Contact Center Enterprise: remote DoS
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0017.html
Eudora WorldMail Mail Management Server 3.1.x: remote overflow
http://archives.neohapsis.com/archives/bugtraq/2007-01/0162.html
HP multiple products PML Driver: local privilege escalation
http://archives.neohapsis.com/archives/bugtraq/2007-01/0198.html
Microsoft: multiple vulnerabilities
http://archives.neohapsis.com/archives/cc/2007-q1/0002.html
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0010.html
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0011.html
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0012.html
http://archives.neohapsis.com/archives/microsoft/2007-q1/0001.html
http://archives.neohapsis.com/archives/bugtraq/2007-01/0253.html
http://archives.neohapsis.com/archives/bugtraq/2007-01/0254.html
http://archives.neohapsis.com/archives/bugtraq/2007-01/0255.html
http://archives.neohapsis.com/archives/bugtraq/2007-01/0302.html
Sina UC 2006: remote overflow
http://archives.neohapsis.com/archives/bugtraq/2007-01/0241.html
____Network Devices____
Cisco IOS 12.4: remote DoS
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0018.html
PacketWise 8.x: remote DoS
http://archives.neohapsis.com/archives/bugtraq/2007-01/0201.html
____CGI____
lex Guestbook 4.0.2: remote command execution
http://archives.neohapsis.com/archives/bugtraq/2007-01/0179.html
AJLogin 3.5: information disclosure
http://archives.neohapsis.com/archives/bugtraq/2007-01/0180.html
All In One Control Panel 1.3.009: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2007-01/0350.html
CS-Cart 1.3.3: remote file include
http://archives.neohapsis.com/archives/bugtraq/2007-01/0284.html
Dayfox Blog: remote file include
http://archives.neohapsis.com/archives/bugtraq/2007-01/0190.html
EMembersPro 1.0: information disclosure
http://archives.neohapsis.com/archives/bugtraq/2007-01/0181.html
Easy Banner Pro 2.8: remote file inclusion
http://archives.neohapsis.com/archives/bugtraq/2007-01/0260.html
Ezboxx 0.7.6: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2007-01/0328.html
Fix & Chips CMS 1.0: XSS
http://archives.neohapsis.com/archives/bugtraq/2007-01/0172.html
GForge 4.5.11: XSS
http://archives.neohapsis.com/archives/bugtraq/2007-01/0214.html
Georgian Bulletin Board: remote file include
http://archives.neohapsis.com/archives/bugtraq/2007-01/0192.html
HarikaOnline 2.0: information disclosure
http://archives.neohapsis.com/archives/bugtraq/2007-01/0184.html
LunarPoll: remote file include
http://archives.neohapsis.com/archives/bugtraq/2007-01/0327.html
M-Core: information disclosure
http://archives.neohapsis.com/archives/bugtraq/2007-01/0183.html
MKPortal 1.1: path disclosure
http://archives.neohapsis.com/archives/bugtraq/2007-01/0196.html
Micro CMS 3.5: remote file include
http://archives.neohapsis.com/archives/bugtraq/2007-01/0338.html
MitiSoft: information disclosure
http://archives.neohapsis.com/archives/bugtraq/2007-01/0182.html
NUNE News Script: remote file include
http://archives.neohapsis.com/archives/bugtraq/2007-01/0187.html
Naig 0.5.2: remote file include
http://archives.neohapsis.com/archives/bugtraq/2007-01/0351.html
Nwom topsites 3.0: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2007-01/0326.html
Uguestbook: information disclosure
http://archives.neohapsis.com/archives/bugtraq/2007-01/0186.html
Webulas: information disclosure
http://archives.neohapsis.com/archives/bugtraq/2007-01/0185.html
Wordpress 2.0.6: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2007-01/0344.html
Yet Another Link Directory 1.0: XSS
http://archives.neohapsis.com/archives/bugtraq/2007-01/0169.html
createauction: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2007-01/0213.html
edit-x e-commerce: remote file include
http://archives.neohapsis.com/archives/bugtraq/2007-01/0269.html
magic photo storage: remote file inclusion
http://archives.neohapsis.com/archives/bugtraq/2007-01/0199.html
phpBB 2.0.21: XSS
http://archives.neohapsis.com/archives/bugtraq/2007-01/0308.html
phpmyadmin 2.8.1: XSS
http://archives.neohapsis.com/archives/bugtraq/2007-01/0329.html
ppc engine: remote file inclusion
http://archives.neohapsis.com/archives/bugtraq/2007-01/0237.html
sazcart 1.5: remote file include
http://archives.neohapsis.com/archives/bugtraq/2007-01/0291.html
shopstorenow: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2007-01/0173.html
____Cross Platform____
Adobe Reader 7.0.8: remote overflow
http://archives.neohapsis.com/archives/bugtraq/2007-01/0272.html
CenterICQ 4.21.0: remote DoS
http://archives.neohapsis.com/archives/bugtraq/2007-01/0194.html
Grsecurity: local overflow
http://archives.neohapsis.com/archives/bugtraq/2007-01/0321.html
Kaspersky Antivirus Scan Engine 6.0: remote DoS
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0006.html
MIT Kerberos 5-1.4.4: remote overflow
http://archives.neohapsis.com/archives/cc/2007-q1/0003.html
http://archives.neohapsis.com/archives/bugtraq/2007-01/0250.html
http://archives.neohapsis.com/archives/bugtraq/2007-01/0252.html
Opera Software Opera Web Browser 9.02: remote overflow
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0004.html
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0005.html
Snort 2.6.1.2: remote overflow
http://archives.neohapsis.com/archives/bugtraq/2007-01/0310.html
X.Org server 7.1-1.1.0: local overflow
http://archives.neohapsis.com/archives/bugtraq/2007-01/0264.html
http://archives.neohapsis.com/archives/bugtraq/2007-01/0267.html
Xine-ui: local overflow
http://archives.neohapsis.com/archives/bugtraq/2007-01/0304.html
--- Patches and Updates
-----------------------------------------------
The following contains a list of vendor patches and updates released
this week.
____Linux____
Debian > DSA 1245-1: proftpd
http://archives.neohapsis.com/archives/bugtraq/2007-01/0188.html
Debian > DSA 1246-1: OpenOffice
http://archives.neohapsis.com/archives/bugtraq/2007-01/0203.html
Debian > DSA 1247-1: libapache-mod-auth-kerb
http://archives.neohapsis.com/archives/bugtraq/2007-01/0207.html
Debian > DSA 1248-1: libsoup
http://archives.neohapsis.com/archives/bugtraq/2007-01/0357.html
Gentoo > GLSA200701-04: SeaMonkey
http://archives.neohapsis.com/archives/bugtraq/2007-01/0283.html
Gentoo > GLSA200701-05: KDE kfile JPEG info
http://archives.neohapsis.com/archives/bugtraq/2007-01/0352.html
Gentoo > GLSA200701-06: w3m
http://archives.neohapsis.com/archives/bugtraq/2007-01/0353.html
Gentoo > GLSA200701-07: OpenOffice.org
http://archives.neohapsis.com/archives/bugtraq/2007-01/0354.html
Gentoo > GLSA200701-08: Opera
http://archives.neohapsis.com/archives/bugtraq/2007-01/0355.html
Mandriva > MDKSA-2007:003: avahi
http://archives.neohapsis.com/archives/linux/mandrake/2007-q1/0013.html
Mandriva > MDKSA-2007:004: geoip
http://archives.neohapsis.com/archives/linux/mandrake/2007-q1/0014.html
Mandriva > MDKSA-2007:006: OpenOffice
http://archives.neohapsis.com/archives/linux/mandrake/2007-q1/0017.html
Mandriva > MDKSA-2007:007: nvidia driver
http://archives.neohapsis.com/archives/linux/mandrake/2007-q1/0018.html
Mandriva > MDKSA-2007:008: kerberos
http://archives.neohapsis.com/archives/linux/mandrake/2007-q1/0019.html
Mandriva > MDKSA-2007:009: kdenetwork
http://archives.neohapsis.com/archives/linux/mandrake/2007-q1/0020.html
Mandriva > MDKSA-2007:010: Firefox
http://archives.neohapsis.com/archives/linux/mandrake/2007-q1/0023.html
Mandriva > MDKSA-2007:011: Thunderbird
http://archives.neohapsis.com/archives/linux/mandrake/2007-q1/0025.html
Mandriva > MDKSA-2007:012: kernel
http://archives.neohapsis.com/archives/linux/mandrake/2007-q1/0026.html
Mandriva > MDKSA-2007:013: libneon0.26
http://archives.neohapsis.com/archives/linux/mandrake/2007-q1/0027.html
SuSE > SUSE-SA:2007:005: w3m
http://archives.neohapsis.com/archives/linux/suse/2007-q1/0005.html
SuSE > SUSE-SA:2007:006: Mozilla
http://archives.neohapsis.com/archives/linux/suse/2007-q1/0006.html
SuSE > SUSE-SA:2007:008: XFree86/Xorg
http://archives.neohapsis.com/archives/linux/suse/2007-q1/0008.html
Ubuntu > USN-403-1: X.org
http://archives.neohapsis.com/archives/bugtraq/2007-01/0248.html
Ubuntu > USN-404-1: MadWifi
http://archives.neohapsis.com/archives/bugtraq/2007-01/0256.html
Ubuntu > USN-405-1: fetchmail
http://archives.neohapsis.com/archives/bugtraq/2007-01/0320.html
Ubuntu > USN-406-1: OpenOffice.org
http://archives.neohapsis.com/archives/bugtraq/2007-01/0331.html
rPath > rPSA-2007-0001-1: OpenOffice
http://archives.neohapsis.com/archives/bugtraq/2007-01/0205.html
rPath > rPSA-2007-0003-1: fetchmail
http://archives.neohapsis.com/archives/bugtraq/2007-01/0245.html
rPath > rPSA-2007-0004-1: bzip2
http://archives.neohapsis.com/archives/bugtraq/2007-01/0263.html
rPath > rPSA-2007-0005-1: xorg-x11, xorg-x11-fonts, xorg-x11-tools
http://archives.neohapsis.com/archives/bugtraq/2007-01/0265.html
rPath > rPSA-2007-0006-1: krb5, krb5-server, krb5-services, krb5-test
http://archives.neohapsis.com/archives/bugtraq/2007-01/0313.html
____Cross Platform____
OpenPKG > OpenPKG-SA-2007.002: bzip2
http://archives.neohapsis.com/archives/bugtraq/2007-01/0161.html
OpenPKG > OpenPKG-SA-2007.003: drupal
http://archives.neohapsis.com/archives/bugtraq/2007-01/0170.html
OpenPKG > OpenPKG-SA-2007.004: fetchmail
http://archives.neohapsis.com/archives/bugtraq/2007-01/0171.html
OpenPKG > OpenPKG-SA-2007.005: wordpress
http://archives.neohapsis.com/archives/bugtraq/2007-01/0175.html
OpenPKG > OpenPKG-SA-2007.006: kerberos
http://archives.neohapsis.com/archives/bugtraq/2007-01/0273.html
--- Advertisement
-----------------------------------------------------
Join Intelligent Enterprise and KnowNow for a FREE, live
TechWebCast and learn how KnowNow’s RSS Enablement solution
can “RSS-ify” non-RSS-enabled systems through a centralized
approach that provides your key stakeholders with persistent,
always-on, connection to critical, and relevant, information.
Tuesday,January 30,2007- 9:00-10:00 AM PT/12:00-1:00 PM ET
--- Sign Off
----------------------------------------------------------
If this e-mail was passed to you, and you would like to begin receiving
our free security e-mail newsletter on a weekly basis, we invite you to
subscribe today by forwarding this message to [subscribe_stwupdate.networkcomputing.com].
Or you can subscribe directly here:
http://www.networkcomputing.com/go/stw.jhtml
To manage all aspects of your subscription and newsletter account,
simply use the URL below. You'll need your e-mail address and
password to log in. If you don't have your password, you can generate
a new one using the same URL. Once logged in, you can change your
e-mail address and password as well as select specific platforms for
which you'd like to receive information on patches and vulnerabilities.
If you have any questions regarding this system, please don't hesitate
to e-mail us at stwnwc.com.
http://stwpref.update.networkcomputing.com/CMP/NWC/prefctr.asp
Put Us On Your White List
Don't let an over-eager e-mail filter bounce the Network Computing
Security Threat Watch newsletter! Our address:
NetworkComputingupdate.networkcomputing.com
needs to be in your address book or on your anti-spam white list. Ask your
admin or ISP how to do this, or check your anti-spam utility documentation.
Important subscription contacts:
CMP Media LLC
600 Community Drive
Manhasset, NY 11030
Unsubscribe to Network Computing's newsletters.
http://www.networkcomputing.com/newsletters/unsubscribe.html
Sign up for your own issue of this newsletter.
http://www.networkcomputing.com/newsletters/subscriptions.html
Subscribe to Network Computing's newsletters.
http://www.networkcomputing.com/newsletters/subscriptions.html
Still not receiving your own FREE subscription to Network Computing
magazine?
http://networkcomputingsubscriptions.com/customerservice/
ADDITIONAL SUBSCRIPTION CONTACT:
Please send an e-mail message to mailto:newsletterscmp.com if you need
assistance changing your e-mail address, unsubscribing from this
newsletter, or require additional assistance with your subscription.
Please be sure to include the name of this newsletter in your message.
Missed an issue? You can find all back issues of Security Threat Watch
(as well as Security Alert Consensus and Security Express) online.
http://archives.neohapsis.com/
Note: To better serve you we use dynamic URLs within our advertisments,
which allow us to see how many readers click on a given ad. We do not
share this information, or your personal information, with any outside
party. Concerned about the privacy of your information relative to these
tracking URLs? Please refer to our privacy policy.
http://www.doubleclick.net/us/corporate/privacy
We'd like to know what you think about the newsletter and what
information you'd like to see in future editions. E-mail your comments
to (stwnwc.com).
To unsubscribe from this newsletter, forward this message to
[unsubscribe_stwupdate.networkcomputing.com].
Copyright (c) 2007 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com). Powered by Neohapsis Inc., a
Chicago-based security assessment and integration services consulting
group (infoneohapsis.com | http://www.neohapsis.com/).
This message powered by DARTmail
http://www.doubleclick.net/us/corporate/privacy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]