From security em unicamp.br Mon Apr 2 09:36:55 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 2 Apr 2007 09:36:55 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA07-089A -- Microsoft Windows ANI header stack buffer overflow Message-ID: <20070402123654.GA44351@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA07-089A -- Microsoft Windows ANI header stack buffer overflow To: technical-alerts em us-cert.gov Date: Fri, 30 Mar 2007 14:47:05 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-089A Microsoft Windows ANI header stack buffer overflow Original release date: March 30, 2007 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows 2000, XP, Server 2003, and Vista are affected. Applications that provide attack vectors include: * Microsoft Internet Explorer * Microsoft Outlook * Microsoft Outlook Express * Microsoft Windows Mail * Microsoft Windows Explorer Overview An unpatched buffer overflow vulnerability in the way Microsoft Windows handles animated cursor files is actively being exploited. I. Description A stack buffer overflow exists in the code that Microsoft Windows uses to processes animated cursor files. Specifically, Microsoft Windows fails to properly validate the size of an animated cursor file header supplied in animated cursor files. Animated cursor files can be included with HTML files. For instance, a web site can use an animated cursor file to specify the icon that the mouse pointer should use when hovering over a hyperlink. Because of this, malicious web pages and HTML email messages can be used to exploit this vulnerability. In addition, animated cursor files are automatically parsed by Windows Explorer when the containing folder is opened or the file is used as a cursor. Because of this, opening a folder that contains a specially crafted animated cursor file will also trigger this vulnerability. Note that Windows Explorer will process animated cursor files with several different file extensions, such as .ani, .cur, or .ico. Furthermore, Windows will automatically render animated cursor files referenced by HTML documents regardless of the animated cursor file extension. This vulnerability is actively being exploited. More information is available in Vulnerability Note VU#191609. II. Impact A remote, unauthenticated attacker may be able to execute arbitrary code. Exploitation may occur when a user clicks a malicious link, reads or forwards a specially crafted HTML email, or accesses a folder containing a malicious animated cursor file. III. Solution Until a fix is available, refer to the Solution section of Vulnerability Note VU#191609 for the latest workarounds. IV. References * Vulnerability Note VU#191609 - * Microsoft Security Advisory (935423) - * Unpatched Drive-By Exploit Found On The Web - * TROJ_ANICHMOO.AX - Description and Solution - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-089A Feedback VU#191609" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History March 30, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRg0/AOxOF3G+ig+rAQKCXwf/S64JCuEQb5bzW8QcbpxAZ0Zv+xtaoId4 AHRvyperlBad/XIRoYogiLgHWvroIpteaOG0ek4RbQEEdLU+u/LMNVDAE0OaezyR 9NEA8ox7kUDd8RQPIrTeQdgcOWDkWGHs0lnBIkxcmtCroBKXqTl8hDwkWSrIH8nn PbMJpbryAoB+P1bb+u7txtL46bAihnjGEPR5JU+lBqTmmrfUb3ePokK5HzsbWHXu UEBfoNxmhajsJejK1A5Oui+oK9VK/K1+XYLCEnvXTWTEiWn8F4Gft3j+fellTRdQ 7BZQ+Vo65HvrtiZHjZCZrkjYgngeWQRv4G9aMGhP/jnb2TlxOAIchw== =IhG4 -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Apr 4 08:59:36 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 4 Apr 2007 08:59:36 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA07-093A -- Microsoft Update for Windows Animated Cursor Vulnerability Message-ID: <20070404115935.GA68598@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA07-093A -- Microsoft Update for Windows Animated Cursor Vulnerability To: technical-alerts em us-cert.gov Date: Tue, 3 Apr 2007 15:48:47 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-093A Microsoft Update for Windows Animated Cursor Vulnerability Original release date: April 3, 2007 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows 2000, XP, Server 2003, and Vista are affected. Applications that provide attack vectors include * Microsoft Internet Explorer * Microsoft Outlook * Microsoft Outlook Express * Microsoft Windows Mail * Microsoft Windows Explorer Overview Microsoft has released updates to address vulnerabilities in the way that Microsoft Windows handles image files. A fix for the animated cursor buffer overflow vulnerability (VU#191609) is included in these updates. I. Description Microsoft has released Security Bulletin MS07-017 to correct vulnerabilities in the way that Microsoft Windows handles image files. This update includes a fix for the animated cursor ANI header stack buffer overflow vulnerability (VU#191609). More information about the animated cursor buffer overflow vulnerability is available in Vulnerability Note VU#191609 and in Technical Cyber Security Alert TA07-089A. Refer to Microsoft Security Bulletin MS07-017 for more information on the other vulnerabilities. II. Impact Applying these updates will mitigate the vulnerability described in Technical Cyber Security Alert TA07-089. The impact of exploiting that vulnerability is that a remote, unauthenticated attacker could execute arbitrary code or cause a denial-of-service condition. III. Solution Install updates from Microsoft Microsoft has released updates for this and other image processing vulnerabilities in Microsoft Security Bulletin MS07-017. Note that this is only part of the Microsoft security update release for April 2007. According to Microsoft: Microsoft will update this bulletin summary with any other security bulletins that release on April 10 or on any other day of the month, as deemed appropriate. Refer to Technical Cyber Security Alert TA07-089A and Vulnerability Note VU#191609 for information about workarounds that may reduce the chances of exploitation until updates can be applied. System administrators may wish to consider using an automated patch distribution system such as Windows Server Update Services (WSUS). IV. References * US-CERT Technical Cyber Security Alert TA07-089A - * Vulnerability Note VU#191609 - * Microsoft Security Bulletin MS07-017 - * Microsoft Security Advisory (935423) - * Microsoft Security Bulletin Summary for April 2007 - * Microsoft Security Response Center Blog - * Windows Server Updates Services - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-093A Feedback VU#191609" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History April 3, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRhKrm+xOF3G+ig+rAQLUEQf+PFYMNUUuZ/QaM2JDuCYjtYawjJbnBAqN YUsV+zHxtEs4mD+YPJhfBCeJgJm2FrXNmwKFJgZ8atRHWyNb/pW56Os3A24hlRxW cYE+6KQEfRSECamCdxIaNZyG3mizIEQlyz+IWOL10nerRUeZwAVj1Ohc1aujSsHB ZSGXFfpRkhH7qt4x6yYXkT4j6lIsWuB6VdemIzCNxbZ7FvEpNsqVIxXHV6KbEykv ZP8r0RwDVqOTz2pvVUAFamYc2udlxULeTGjh85AGzbnZtrobOMO+gkvh+7Dmzygr Eu5Obn2HyyJwGeZFY31bmFBe/0G9AtTGRqHLRR7UWMXQ3Gt9X2gL8w== =b2qi -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Apr 4 09:00:11 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 4 Apr 2007 09:00:11 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA07-093B -- MIT Kerberos Vulnerabilities Message-ID: <20070404120010.GB68598@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA07-093B -- MIT Kerberos Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 3 Apr 2007 19:57:38 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-093B MIT Kerberos Vulnerabilities Original release date: April 03, 2007 Last revised: -- Source: US-CERT Systems Affected * MIT Kerberos Other products based on the GSS-API or the RPC libraries provided with MIT Kerberos may also be affected. Overview The MIT Kerberos 5 implementation contains several vulnerabilities. One of these vulnerabilities (VU#220816) could allow a remote, unauthenticated attacker to log in via telnet (23/tcp) with elevated privileges. The other vulnerabilities (VU#704024, VU#419344) could allow a remote, authenticated attacker to execute arbitrary code on a Key Distribution Center (KDC). I. Description There are three vulnerabilities that affect MIT Kerberos 5: * VU#220816 - MIT Kerberos 5 telnet daemon allows login as arbitrary user The telnet daemon included with the MIT Kerberos administration daemon contains a vulnerability that may allow a remote, unauthorized user to log on to the system with elevated privileges. * VU#704024 - MIT Kerberos 5 administration daemon stack overflow in krb5_klog_syslog() The MIT Kerberos administration daemon contains a vulnerability in the way the krb5_klog_syslog() function handles specially crafted strings that may allow a remote, authenticated attacker to execute arbitrary code. Other server applications that call krb5_klog_syslog() may also be affected. This vulnerability can be triggered by sending a specially crafted Kerberos message to a vulnerable system. * VU#419344 - MIT Kerberos 5 GSS-API library double-free vulnerability A vulnerability exists in the way that the GSS-API library provided with MIT krb5 handles messages with an invalid direction encoding, resulting in a double free which may allow a remote, authenticated attacker to execute arbitrary code. Other server applications that utilize the RPC library or the GSS-API library provided with MIT Kerberos may also be affected. This vulnerability can be triggered by sending a specially crafted Kerberos message to a vulnerable system. II. Impact In the case of VU#220816 a remote attacker could log on to the system via telnet and gain elevated privileges. In the case of VU#704024 and VU#419344, a remote, authenticated attacker may be able to execute arbitrary code on KDCs, systems running kadmind, and application servers that use the RPC or GSS-API libraries. An attacker could also cause a denial of service on any of these systems. As a secondary impact, either one of these vulnerabilities could result in the compromise of both the KDC and an entire Kerberos realm. III. Solution Check with your vendors for patches or updates. For information about a vendor, please see the systems affected section in the individual vulnerability notes or contact your vendor directly. Alternatively, apply the appropriate source code patches referenced in MITKRB5-SA-2007-001, MITKRB5-SA-2007-002, and MITKRB5-SA-2007-003 and recompile. These vulnerabilities will also be addressed in krb5-1.6.1. IV. References * US-CERT Vulnerability Note VU#220816 - * US-CERT Vulnerability Note VU#704024 - * US-CERT Vulnerability Note VU#419344 - * MIT krb5 Security Advisory 2007-001 - * MIT krb5 Security Advisory 2007-002 - * MIT krb5 Security Advisory 2007-003 - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-093B Feedback VU#202816" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History April 03, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRhLoz+xOF3G+ig+rAQKUCwgArJjoYEKXFOd5SEpKJSaZGh+bRkOCe8PO y/wKWTdHFcRBnIAsw9g5d92czxhF37nNtX7Y2UsJ5k59OGNu+t9pTea7FeSegAUA zxmA9NcU/hnRubV1n6f7hDMefW1PT//olPOCLlqDxZuQrzza8jm1XPWtXqEFI0U6 xWODIcC2SJ3lref3rhuRyA1KHsT+WjgSwduMm7xg8cRRcoXGgMFUN1/nwBszJfvC U+joiJlB5dsyiXtL657N4YmsGxQfcpe5nxRsMSsxwOxJxEmFHdkN29b66BMFNrfa NDOINNgrkvaKyVKG4fCa3ie1BnNdXPpc8txzQ6b4rv+n9Ph91N+yOw== =CH5D -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Apr 11 11:28:33 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 11 Apr 2007 11:28:33 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA07-100A -- Microsoft Updates for Multiple Vulnerabilities Message-ID: <20070411142833.GA45091@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA07-100A -- Microsoft Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 10 Apr 2007 16:29:06 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-100A Microsoft Updates for Multiple Vulnerabilities Original release date: April 10, 2007 Last revised-- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Content Management Server * Microsoft Internet Explorer Overview Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Microsoft Content Management Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. I. Description Microsoft has released updates to address vulnerabilities that affect Microsoft Windows and Microsoft Content Management Server as part of the Microsoft Security Bulletin Summary for April 2007. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. These updates include a fix to address a previously disclosed vulnerability in the Windows Client/Server Run-time Subsystem. Further information about the vulnerabilities addressed by these updates is available in the Vulnerability Notes Database. II. Impact A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system. An attacker may also be able to cause a denial of service or launch cross-site scripting attacks. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities as part of the Microsoft Security Bulletin Summary for April 2007. The Security Bulletins describe any known issues related to the updates. Note any known issues described in the Bulletins and test for any potentially adverse effects in your operating system environment. System administrators may wish to consider using an automated patch distribution system such as Windows Server Update Services (WSUS). IV. References * US-CERT Vulnerability Notes for Microsoft April 2007 updates - * Microsoft Security Bulletin Summary for April 2007 - * Microsoft Update - * Windows Server Update Services - * Securing Your Web Browser - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-100A Feedback VU#219848" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ___________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History April 10, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRhvyw+xOF3G+ig+rAQKo9Af+OHf9/8orMmpmvOUeYjOPvJUVaczz/j2f jXCVzfoU8B0lFWmqsdWwKGa8e6+ERQHT8G/g0BDloqGDD8eYpdhv4B7AXnKjeMZi GCdETFcud/WU2tk2v8bF42Ku3Px5F+3pGzaXZlkQDo5p97y5sYl6FTfCDQZIw4xU mZSh47dwMTb2PZvCnG4HD1+XATpzaPbR72QcRT6/KA+MIkHoSxfr9heLs4jUy91z Gn+W7WEYEvxVTL8EledxZcJ9pVut2yTEhpB/VFYcdizAumcIYhb0U/tgGvMaJpm9 29YmTLfwpt2unLngiOByxQCtiJV9HbwzaJ0FC8CaNZzrmPmXJqVGzA== =jtxD -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Mon Apr 16 10:30:27 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 16 Apr 2007 10:30:27 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA07-103A -- Microsoft Windows DNS RPC Buffer Overflow Message-ID: <20070416133026.GA98200@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA07-103A -- Microsoft Windows DNS RPC Buffer Overflow To: technical-alerts em us-cert.gov Date: Fri, 13 Apr 2007 13:49:45 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-103A Microsoft Windows DNS RPC Buffer Overflow Original release date: April 13, 2007 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows 2003 Server * Microsoft Windows 2000 Server Overview A buffer overflow in the the Remote Procedure Call (RPC) management interface used by the Microsoft Windows Domain Name Service (DNS) service is actively being exploited. This vulnerability may allow a remote attacker to execute arbitrary code with SYSTEM privileges. I. Description The Microsoft Windows DNS service RPC management interface contains a stack-based buffer overflow. This vulnerability can be triggered by sending a specially crafted RPC packet to the RPC management interface. The management interface typically operates on a dynamically-assigned port between 1024/tcp and 5000/tcp. Note that this vulnerability cannot be exploited via the DNS name resolution service (53/udp). More information on this vulnerability is available in Vulnerability Note VU#555920 and Microsoft Security Advisory (935964). This vulnerability is actively being exploited. II. Impact A remote attacker may be able to execute arbitrary code with SYSTEM privileges or cause a denial-of-service condition. III. Solution We are unaware of a complete solution to this vulnerability. Until a fix is available, there are workarounds that may reduce the chances of exploitation. It is important to understand your network's configuration and service requirements before deciding what changes are appropriate. For instance, disabling the RPC interface of the DNS service may prevent administrators from being able to remotely manage a Microsoft Windows DNS server. Consider this when implementing the following workarounds: *Disable the RPC interface used by the Microsoft Windows DNS service* This workaround will configure the DNS management service to to function only via Local Procedure Call (LPC). This prevents exploitation of the vulnerability, however it also disables remote management via RPC, which is used by the Microsoft Management Console (MMC) DNS snap-in. According to Microsoft Security Advisory (935964), the RPC remote management can be disabled by taking the following steps: 1. On the start menu click 'Run' and then type 'Regedit' and then press enter. 2. Navigate to the following registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters. 3. On the 'Edit' menu select 'New' and then click 'DWORD Value'. 4. Where 'New Value #1' is highlighted type 'RpcProtocol' for the name of the value and then press enter. 5. Double click on the newly created value and change the value's data to 4. Alternatively, the following text can be saved as a .REG file and imported: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters] "RpcProtocol"=dword:00000004 Restart the DNS service for the change to take effect. More information on regedit.exe is available in Microsoft Knowledge Base Article 82821. *Block or Restrict access to RPC services* This workaround will restrict TCP/IP access to all RPC interfaces, including the vulnerable DNS management RPC interface. This workaround will not prevent exploitation of the vulnerability, but will limit the possible sources of attacks. This workaround will allow remote management using the RPC interface (MMC DNS Snap-in) from selected networks. Block access to the RPC Endpoint Mapper service (135/tcp) at your network perimeters. Note that blocking RPC at the network perimeter would still allow attackers within the perimeter to exploit this vulnerability. By default, the RPC Endpoint Mapper service assigns RPC ports between 1024/tcp and 5000/tcp. All unsolicited traffic on these ports should also be blocked. IV. References * Vulnerability Note VU#555920 - * Microsoft Security Advisory (935964) - * Registration Info Editor (REGEDIT) Command-Line Switches - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-103A Feedback VU#555920" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ___________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History April 13, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRh/CIexOF3G+ig+rAQL5IQf/dh4srynjfyIpdpsZiBGpObV7C3Dauou2 fMVL2zjUgnkKxndldAxhgLMSrgjtlRaxVg4rH4yOqZ34fVpXuJul0zPwiiaaiEi4 C/YyEIAllmm/tZ5jyHUHxQZtmHwpKcbTH4XCFE2FbjVXcvl882Jg+6MJ7IpZy2Zw qrWXwJOoZnjgEHmDhpToBv28MU3jDIKq6luMH9+LQMeU/N1Eb5UgRGddCtY51O/V ZW9XX47oS0NMQ8yz3CQdujWz1kkx/J4gwI2QNjH3oeDgy+Ai8YHZnrbFAQY5xqmx /gJ/+/fNKOwK2/2V4QIE7x1KVaGqfrHhGksXtbwehXbTJbO38PzeGw== =egXN -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Apr 19 11:54:20 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 19 Apr 2007 11:54:20 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA07-108A -- Oracle Releases Patches for Multiple Vulnerabilities Message-ID: <20070419145420.GA35596@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA07-108A -- Oracle Releases Patches for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Wed, 18 Apr 2007 18:09:16 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-108A Oracle Releases Patches for Multiple Vulnerabilities Original release date: April 18, 2007 Last revised: -- Source: US-CERT Systems Affected * Oracle Database * Oracle Application Server * Oracle Secure Enterprise Search * Oracle Enterprise Manager * Oracle Collaboration Suite * Ultra Search component * Oracle E-Business Suite * JD Edwards EnterpriseOne Tools For more detailed information regarding affected product versions, refer to the Oracle Critical Patch Update - April 2007. Overview Oracle has released patches to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service. I. Description Oracle has released the Critical Patch Update - April 2007. According to Oracle, this Critical Patch Update (CPU) includes: * 13 new security fixes for the Oracle Databases * 1 new security fix for Oracle Secure Enterprise Search * 1 new security fix for Oracle Enterprise Manager * 1 new security fix for Oracle Workflow Cartridge * 1 new security fix for the Ultra Search component Many Oracle products include or share code with other vulnerable Oracle products and components. Therefore, one vulnerability may affect multiple Oracle products and components. Refer to the April 2007 CPU for details regarding which vulnerabilities affect specific Oracle products and components. As of April 18, 2007, updates for Oracle Vuln#s DB01 and DB03 are not available. These vulnerabilities affect Oracle Database 9.2.0.8 on the Windows platform only. For a list of publicly known vulnerabilities addressed in the April 2007 CPU, refer to the Map of Public Vulnerability to Advisory/Alert. The April 2007 CPU does not associate Vuln# identifiers (e.g., DB01) with other available information, even in the Map of Public Vulnerability to Advisory/Alert document. As more details about vulnerabilities and remediation strategies become available, we will update the individual vulnerability notes. II. Impact The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include remote execution of arbitrary code or commands, sensitive information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to gain access to sensitive information or take complete control of the host system. III. Solution Apply patches from Oracle Apply the appropriate patches or upgrade as specified in the Critical Patch Update - April 2007. Note that this Critical Patch Update only lists newly corrected vulnerabilities. As noted in the update, some patches are cumulative, others are not: The Oracle Database, Oracle Application Server, Oracle Enterprise Manager Grid Control, Oracle Collaboration Suite, JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications and PeopleSoft Enterprise PeopleTools patches in the Updates are cumulative; each Critical Patch Update contains the fixes from the previous Critical Patch Updates. Oracle E-Business Suite and Applications patches are not cumulative, so E-Business Suite and Applications customers should refer to previous Critical Patch Updates to identify previous fixes they want to apply. Vulnerabilities described in the April 2007 CPU may affect Oracle Database 10g Express Edition (XE). According to Oracle, Oracle Database XE is based on the Oracle Database 10g Release 2 code. Known issues with Oracle patches are documented in the pre-installation notes and patch readme files. Please consult these documents and test before making changes to production systems. IV. References * US-CERT Vulnerability Notes Related to Critical Patch Update - April 2007 - * Critical Patch Update - April 2007 - * Critical Patch Updates and Security Alerts - * Map of Public Vulnerability to Advisory/Alert - * Oracle Database Security Checklist (PDF) - * Critical Patch Update Implementation Best Practices (PDF) - * Oracle Database 10g Express Edition - * Details Oracle Critical Patch Update April 2007 - _________________________________________________________________ The most recent version of this document can be found at: _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-108A Feedback VU#809457" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: _________________________________________________________________ Revision History April 18, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRiaVVOxOF3G+ig+rAQK52wf/V5cVPufYmpQNPxG2xpO7tRnAboUHgjSm iS+VSglvzvTHPJeMyeu7XB6R0Sx/MTRU18fR9JfdW7lPCTVPEbVnF+1w2AQXdppg ct3uyLNoiVcEo41ynkiNxzO/WzQvJXgzc6un3lP4TAJ85TlGsbARuhV9NncDrgGP tIXlfc7bfElYYJtXPjTk6ZDhCLG3GPkFt1Qmo5ps22FdVJFqzNNt8F/ae5/pbhv4 7faGiYx35CBbE8oquRv7LioZf/0SiKifvLhTlf+XxZ0Mg3m0lgvNpoyavRmD2vcd tC5VRcNNK7SJkt9pTHBgOfXMtdWZ+3GnYP2WA12bFST08FaDyIOQvA== =9AZ5 -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Mon Apr 23 10:50:02 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 23 Apr 2007 10:50:02 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA07-109A -- Apple Updates for Multiple Vulnerabilities Message-ID: <20070423134957.GC78895@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA07-109A -- Apple Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Thu, 19 Apr 2007 18:51:27 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-109A Apple Updates for Multiple Vulnerabilities Original release date: April 19, 2007 Last revised: -- Source: US-CERT Systems Affected * Apple Mac OS X version 10.3.x and 10.4.x * Apple Mac OS X Server version 10.3.x and 10.4.x These vulnerabilities affect both Intel-based and PowerPC-based Apple systems. Overview Apple has released Security Update 2007-004 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Attackers may take advantage of the less serious vulnerabilities to bypass security restrictions or cause a denial of service. I. Description Apple Security Update 2007-004 addresses a number of vulnerabilities affecting Apple Mac OS X and OS X Server. Further details are available in the related vulnerability notes. Several of the fixes included in this update address vulnerabilities in products from other vendors that ship with Apple OS X or OS X Server. These products include * GNU Tar * MIT Kerberos Apple Security Update 2007-004 addresses vulnerabilities for versions 10.3.9 and 10.4.9. II. Impact The impacts of these vulnerabilities vary. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service. III. Solution Install updates from Apple Install Apple Security Update 2007-004. This and other updates are available via Apple Update or via Apple Downloads. IV. References * Vulnerability notes for Apple Security Update 2007-004 - * About the Security Update 2007-004 - * Mac OS X: Updating your software - * Apple downloads - * Tar - GNU Project - Free Software Foundation (FSF) - * Kerberos: The Network Authentication Protocol - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-109A Feedback VU#312424" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History April 19, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRifxn+xOF3G+ig+rAQJYiAf+MIsVYzC8XoMrbvER3IgPGlt7ORXbuF5m fc0FpJkhE43MAz771Mhe84sac/FgNwQva3cfrMFOc/np2LdneHkKfbkE8hgtC8nC GpVcTxNQQoE8YuPzZTDVhGrpvZiIbKGGPFqB6KuGDGIk5fT6IL+E4BBCi3+2Tnie 2nxJnU7pwDPGKKFJ4SWgz8JcaBvOp9HG9KziHmsuA1mUV+j3Jnaso0GptfIg/sMa 2RH0wXkKcZQ9kPUxIIuSyBjO3GCmSmiXI/OTFx6gqwoVp8DZpcyb8SKc/n9iDcyV qZmZtaVC0ufivsLL6JERBGJNXzogyxCn97zYI3MI8NC+wufMbTxXxw== =DO8+ -----END PGP SIGNATURE----- ----- End forwarded message -----