[Sunnet Alert] Advisory #242 - Trillian, VLC, Multiple News
Security and IT News Alerts
alertmailinglist at skiifwrald.com
Thu Jun 21 07:12:10 EST 2007
Sûnnet Beskerming Alert List Advisory #242
You are receiving this message because you have subscribed to our
Information Security Alert Mailing List, or have been selected for a
specific one-off copy. If you believe that you are receiving this
message in error, please contact info at beskerming.com to resolve the
error.
Why not upgrade to get same day notification on security threats?
Details and rates available online -
(http://www.beskerming.com/premium/generic_advisory.html).
Why not go the next step and get delivery tailored just for your
company?
(http://www.beskerming.com/premium/focussed_advisory.html)
Contents
--------------------------------------------------------------------
1. SECURITY
--------------------------------------------------------------------
1.1 Trillian
- Remote Hacker Automatic Control
- Time Since Discovery - 4 Days
1.2 VLC
- Remote Hacker Automatic Control
- Time Since Discovery - 4 Days
=======================================
/*
- Remote or Local - Can it be achieved through a network or does it
require physical access?
- Hacker - The bad guy
- Manual or Automatic - Does the vulnerability need to be manually
performed, or can it be automated?
- Control, Denial of Service or Data Theft - Will the hacker get
control of your system / website, will they prevent you from using
it, or will they steal data.
*/
--------------------------------------------------------------------
2. NEWS
--------------------------------------------------------------------
2.1 The Art of Seeing What's Not There
2.2 Problems in Custom Search Engines
2.3 Yahoo! Founder Steps Back in as CEO
2.4 Hiding What is in use on Vista
2.5 Microsoft Movements With Widespread Effects
=====================================
1. SECURITY
1.1 Trillian - Remote Hacker Automatic Control
-- Products Affected --
Trillian 3.1.5.1 and prior.
-- Technical Description --
Heap overflow vulnerability that can be exploited by sending
malicious UTF-8 encoded traffic. Window width may be improperly set
when word-wrapping, leading to memory corruption and potential
execution conditions.
-- Description --
It has been discovered that the Trillian chat application is
vulnerable to an attack that could allow a remote attacker to take
complete control over a vulnerable user's system, at the level of the
current user. This vulnerability can be exploited by sending
malicious network traffic to a user who is using Trillian as their
chat client.
-- Recommended Action --
Update to 3.1.6.0 at the earliest opportunity. There is no other
mitigation recommended.
-- Source --
http://labs.idefense.com/intelligence/vulnerabilities/display.php?
id=545
-- Updates Available --
(Paid subscription required to access)
-- External Tracking Data --
(Paid subscription required to access)
-- Threat Matrix --
U O
Home User 8 8 (Very High)
Corporate 8 8 (Very High)
1.2 VLC - Remote Hacker Automatic Control
-- Products Affected --
VLC 0.8.6b and prior.
-- Technical Description --
Multiple vulnerabilities affecting VLC which can lead to arbitrary
code execution or a denial of service condition (application crash).
Three separate vulnerabilities have been identified and patched with
the most recent update. The first affects the way that VLC handles
Ogg/Vorbis, Ogg/Theora content. The second affects the way that VLC
handles malicious CDDA content, and the final vulnerability affects
the way that VLC handles SAP traffic. All vulnerabilities are format
string vulnerabilities.
-- Description --
It has been discovered that the cross-platform media player VLC is
vulnerable to multiple issues that could allow remote attackers to
take control of vulnerable systems (if SAP service discovery is
enabled), or allow an attacker to take control of a system if a
victim can be convinced to interact with a malicious media file or
Audio CD with a malicious CDDB entry.
-- Recommended Action --
Update to version 0.8.6c at the earliest opportunity.
-- Source --
(Paid subscription required to access)
-- Updates Available --
(Paid subscription required to access)
-- External Tracking Data --
(Paid subscription required to access)
-- Threat Matrix --
U O
Home User 8 8 (Very High)
Corporate 8 8 (Very High)
=======================================
/*
Threat Matrix:
U - User
O - Operator
Harmless - 0 ----- 10 - Highly Critical
*/
=======================================
2. NEWS
2.1 The Art of Seeing What's Not There
On days when it appears that there is very little new Information
Security news and other data available our researchers are still busy
watching and searching, using the opportunity to hone one of the
stranger skills in Information Security (and Intelligence gathering)
- the art of seeing what's not there.
Once a sufficient body of knowledge has been built up about a
particular topic, the sudden absence of a concept from general
discussion about that topic should be enough to trigger a warning
that something out of the ordinary is taking place.
Some of the time, it is just people getting sick of a particular
topic, but when discussion is rapidly halted in a topic, it may point
to something taking place out of sight that people don't want to risk
discovery of. When it happens in a very public manner, it will
attract the attention of many people who otherwise would have had no
interest in the subject. When Cisco moved to suppress the release of
information into vulnerabilities in their IOS hardware operating
system, it highlighted to many security researchers that the software
was a lot weaker than people originally thought and that targeting
those weaknesses could have significant benefits for an attacker.
Other times the reverse can be true. When a topic or series of events
significantly increases in frequency, it can point to a future series
of events. The significant build up of troops in the Middle East
prior to the invasion of Iraq was carried out under the auspices of
several regional exercises in the preceding months.
Regional exercises are not out of the ordinary, but when multiple
nations are openly sending large bodies of troops and significant
military hardware into a single region at the same time, where they
don't tend to normally be, it is an escalation of force without
actually harming anyone.
Similar patterns of increased movement can be seen with other
conflicts where one of the warring parties has needed to move
hardware and personnel across great distances, whether by air, land,
or sea. In terms of Information Security, a swell in network traffic,
attacks, or other behaviour can help identify that a network is under
attack.
2.2 Problems in Custom Search Engines
Custom search engines are offered by the major online search
providers to give site maintainers an easy-to-use search engine that
site visitors can use to search their site and the Internet at large.
The ongoing Month of Search Engine Bugs has uncovered vulnerabilities
that are affecting the custom search engine solutions from both
Google and Yahoo! For an otherwise secure site, the presence of these
third party extensions could represent a significant security threat
that will allow an attacker to capture sensitive user data (from
cookies) or perform arbitrary XSS or HTML injection attacks.
Site administrators should weigh up the risks and benefits of using
third party code on their sites, irrespective of the source.
2.3 Yahoo! Founder Steps Back in as CEO
After six years at the top of Yahoo!, CEO Terry Semel has resigned in
the face of stiff criticism from shareholders and other concerned
observers over a number of items, not least of which was his $71
million USD compensation for the last 12 months. Replacing Semel is
Jerry Yang, one of the original co-founders of Yahoo!.
Concerns have been voiced that although Yang helped to found the
search and online portal giant, his lack of senior managerial
experience and significant ties to the departing CEO will see the
company continue on much the same course. While Yang was CEO for a
period prior to the company going public, he hasn't held the position
while the company has been a publicly traded entity.
Compounding Yahoo!'s problems is the loss of market share that the
company has experienced in the fields of online search and online
advertising - the latter especially compounded by Google's purchase
of DoubleClick.
While this has a direct effect on the bottom line for Yahoo!, it is
positioned slightly differently to the other main search providers -
Yahoo! is more of an online portal than a pure search engine.
Speculation has already begun to circulate that Yahoo! will be
looking to divest some of its interests, perhaps in the online photo
sharing solution, Flickr, Yahoo!'s Instant Messaging solution, or
perhaps its popular online finance sites.
Yahoo!'s share price initially responded positively, but it settled
back in following trading sessions.
A rumour that News Corporation is considering exchanging MySpace for
a 25% stake in Yahoo! has raised some eyebrows, and could make for an
interesting online environment (and an interesting News environment
considering Yahoo! news sources, and News Corporation's push for the
Dow Jones Group - which owns the Wall Street Journal).
2.4 Hiding What is in use on Vista
In the ongoing battle between system developers and those who are out
to break the system, advancements from one side are generally met by
a corresponding change by the other.
Microsoft's most recent operating system, Windows Vista, has gone a
long way to fixing the major security problems that plagued earlier
Windows releases. Recent research published by rootkit developers has
demonstrated techniques that can be used to hide the existence of an
active network port from the operating system.
While this technique alone can't be used as a complete rootkit, it
can be used to cover the tracks and hide the presence of a rootkit
(or other malware) that has been placed on a system.
Making the job a little easier for those trying to defend these
systems (and for the attackers trying to break them), full source
code for the developed techniques has been released to various sites.
2.5 Microsoft Movements With Widespread Effects
A couple of recent actions from Microsoft are likely to have far-
reaching effects that will affect almost everybody. The first, and
probably most benign, action from Microsoft is their announcement
that OEM system builders will no longer be able to bundle Office 2003
with their new systems, it will have to be Office 2007.
On the surface, this doesn't appear too much of an issue, but there
are concerns that it is too early in the life cycle of Office 2007 to
be mandating that only that version will be available with new
systems. In addition, the new User Interface features (the ribbon
bar) introduced with Office 2007 are likely to cause some teething
problems when users move to these new systems. Users who have had
many years of experience with different Office versions will also be
wary of the push to a new version, particularly the difficulty in
ensuring documents will maintain consistency across different Office
versions.
The second change is one that industry and Microsoft observers didn't
really think was going to take place.
Earlier this year Google filed documents with antitrust regulators
investigating Microsoft - claiming that the 'Instant Search' feature
of Windows Vista was anticompetitive, considering the Google Desktop
search application (and a number of other lesser-known desktop search
applications) is also available for this capability. These documents
contributed to issues raised by Google at the end of 2006.
Observers were dubious about the apparent merits of Google's claims -
after all most Operating Systems come with some form of inbuilt
search and find capability (Spotlight, find, etc). The timing of the
filing was also called into question when it appeared soon after
Microsoft complained to antitrust regulators about Google's purchase
of online advertising powerhouse DoubleClick.
One of Google's biggest problems was that if a user had installed and
was using a third party desktop search application (such as
Google's), then Windows Vista would apparently slow down the
performance of these competing applications. The level of system
resources required to adequately perform desktop search, especially
with multiple applications performing the same capability, would seem
to nullify this claim - but it appears not.
This apparent difference in performance between the inbuilt solution
and a third party solution is, it is claimed, counter to the
antitrust settlement from 2002. To address this problem, Microsoft is
expected to release system optimisation to give the third party
applications parity in performance in the upcoming Service Pack 1 (SP
1) for Vista.
This last disclosure is sure to make Microsoft's efforts to get
system builders to focus on building Vista-only systems just that
much harder. According to documents that are supposedly under NDA
protection, Microsoft is pushing hard for consumers and businesses to
move to Vista - though the reason why documents highlighting the
benefits of Vista would be under an NDA is an exercise best left for
the reader.
=======================================
Sincerely,
Sûnnet Beskerming Team
info at beskerming.com
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: +61 (0) 410 707 444
** Sûnnet Beskerming Pty. Ltd. **
Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist
and, in conjunction with the tools developed by Jongsma & Jongsma
Pty. Ltd., provides total security solutions and services, from the
perimeter to internal data stores, including web application security
and security testing and analysis.
More information about the Alertmailinglist
mailing list