From alertmailinglist at skiifwrald.com Fri Nov 13 18:52:32 2009 From: alertmailinglist at skiifwrald.com (Security and IT News Alerts) Date: Fri, 13 Nov 2009 19:22:32 +1030 Subject: [Sunnet Alert] Advisory #272 - Microsoft (Multiple), OS X (Multiple), Multiple News Message-ID: <42FBA29A-4478-4A89-9DAF-BF11FB140422@beskerming.com> S?nnet Beskerming Alert List Advisory #271 You are receiving this message because you have subscribed to our Information Security Alert Mailing List, or have been selected for a specific one-off copy. If you believe that you are receiving this message in error,pleasecontactinfo at beskerming.com to resolve the error. Why not upgrade to get same day notification on security threats? Details and rates available online - (http://www.beskerming.com/premium/generic_advisory.html). Why not go the next step and get delivery tailored just for your company? (http://www.beskerming.com/premium/focussed_advisory.html) Once you've had a chance to read through this advisory, come back and answer the following question. Did you like the timeliness of the advisory? Our premium subscribers get this sort of service on every advisory - same day coverage of security discoveries and full details on all external tracking data that we have discovered, to help keep you informed and form a well-rounded opinion and assessment of the risk to you, your systems, and your data. Contents -------------------------------------------------------------------- 1. SECURITY -------------------------------------------------------------------- 1.1 Microsoft (Multiple) - Remote Hacker Automatic Control - Time Since Discovery - 3 Days 1.2 OS X (Multiple) - Remote Hacker Automatic Control - Time Since Discovery - 5 Days ======================================= /* - Remote or Local - Can it be achieved through a network or does it require physical access? - Hacker - The bad guy - Manual or Automatic - Does the vulnerability need to be manually performed, or can it be automated? - Control, Denial of Service or Data Theft - Will the hacker get control of your system / website, will they prevent you from using it, or will they steal data. */ -------------------------------------------------------------------- 2. NEWS -------------------------------------------------------------------- 2.1 Geocities Finally Deleted From Internet 2.2 Media Caught Out By Fake Press Release ===================================== 1. SECURITY 1.1 Microsoft (Multiple) - Remote Hacker Automatic Control -- Products Affected -- Windows Office -- Technical Description -- MS09-063 - Windows. Remote code execution. Critical MS09-064 - Windows. Remote code execution. Critical MS09-065 - Windows. Random code execution. Replaces MS09-025. Critical MS09-066 - Windows. Denial of service. Replaces MS09-021, MS09-035. Important MS09-067 - Excel. Random code execution. Replaces MS09-021. Important MS09-068 - Word. Random code execution. Replaces MS09-027. Important -- Description -- Following the thirteen patches released in October, Microsoft have released six patches for their November security patch release. Three have been identified as Critical, and three as Important. Four of the patches, including all of the Critical patches, are for Windows or Windows Server components, with the remaining Important patches for Office products (Excel and Word). From Microsoft's analysis of the risks, it appears that the vulnerabilities (one in particular) fixed by MS09-065 are the greatest overall threat addressed with this month's release. -- Recommended Action -- All users and administrators should apply the updates at the earliest opportunity. -- Source -- http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx http://www.beskerming.com/services/176/Patch_Briefing http://store.eSellerate.net/s.asp?s=STR3448907936&Cmd=CATALOG&CategoryID=9811 -- Updates Available -- http://www.microsoft.com/technet/security/bulletin/ms09-063.mspx http://www.microsoft.com/technet/security/bulletin/ms09-064.mspx http://www.microsoft.com/technet/security/bulletin/ms09-065.mspx http://www.microsoft.com/technet/security/bulletin/ms09-066.mspx http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx http://www.microsoft.com/technet/security/bulletin/ms09-068.mspx -- External Tracking Data -- Upgrade to get tracking details -- Threat Matrix -- U O Home User 10 10 (Highly Critical) Corporate 10 10 (Highly Critical) 1.2 OS X (Multiple) - Remote Hacker Automatic Control -- Products Affected -- OS X 10.6.2 OS X 10.5.8 -- Technical Description -- AFP Client - Accessing a malicious AFP server may lead to an unexpected system termination or arbitrary code execution with system privileges Adaptive Firewall - A brute force or dictionary attack to guess an SSH login password may not be detected by Adaptive Firewall Apache - Multiple vulnerabilities in Apache 2.2.11 Apache Portable Runtime - Applications using Apache Portable Runtime (apr) may be exploited for code execution ATS - Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Certificate Assistant - A user may be misled into accepting a certificate for a different domain CoreGraphics - Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution CoreMedia - Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution CUPS - Acessing a maliciously crafted website or URL may lead to a cross-site scripting or HTTP response splitting attack Dictionary - A user on the local network may be able to cause arbitrary code execution DirectoryService - A remote attacker may cause an unexpected application termination or arbitrary code execution Disk Images - Downloading a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution Dovecot - A local user may cause an unexpected application termination or arbitrary code execution with system privilege Event Monitor - A remote attacker may cause log injection fetchmail - fetchmail is updated to 6.3.11 file - Running the file command on a maliciously crafted Common Document Format (CDF) file may lead to an unexpected application termination or arbitrary code execution FTP Server - An attacker with access to FTP and the ability to create directories on a system may be able to cause unexpected application termination or arbitrary code execution Help Viewer - Using Help Viewer on an untrusted network may result in arbitrary code execution ImageIO - Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution International Components for Unicode - Applications that use the UCCompareTextDefault API may be vulnerable to an unexpected application termination or arbitrary code execution IOKit - A non-privileged user may be able to modify the keyboard firmware IPSec - Multiple vulnerabilities in the racoon daemon may lead to a denial of service Kernel - A local user may cause information disclosure, an unexpected system shutdown, or arbitrary code execution Launch Services - Attempting to open unsafe downloaded content may not lead to a warning libsecurity - Support for X.509 certificates with MD2 hashes may expose users to spoofing and information disclosure as attacks improve libxml - Parsing maliciously crafted XML content may lead to an unexpected application termination Login Window - A user may log in to any account without supplying a password OpenLDAP - Multiple vulnerabilities in OpenLDAP OpenSSH - Data in an OpenSSH session may be disclosed PHP - Multiple vulnerabilities in PHP 5.2.10 QuickDraw Manager - Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution QuickLook - Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution QuickTime - Multiple vulnerabilities may lead to an unexpected application termination or arbitrary code execution FreeRADIUS - A remote attacker may terminate the operation of the RADIUS service Screen Sharing - Accessing a malicious VNC server may lead to an unexpected application termination or arbitrary code execution Spotlight - A local user may manipulate files with the privileges of another user Subversion - Accessing a Subversion repository may lead to an unexpected application termination or arbitrary code execution -- Description -- Apple have released a major security Update, Security Update 2009-006 / OS X 10.6.2, which addresses a large range of issues affecting numerous components of OS X. For Snow Leopard users, the update is also the second update for their operating system taking their systems to 10.6.2. -- Recommended Action -- All users and administrators should apply the updates at the earliest opportunity. -- Source -- http://support.apple.com/kb/HT1222 -- Updates Available -- http://www.apple.com/support/downloads/ -- External Tracking Data -- Upgrade to get tracking details -- Threat Matrix -- U O Home User 10 10 (Highly Critical) Corporate 10 10 (Highly Critical) ======================================= /* Threat Matrix: U - User O - Operator Harmless - 0 ----- 10 - Highly Critical */ ======================================= 2. NEWS 2.1 Geocities Finally Deleted From Internet After fifteen years of service, the venerable Geocities has finally closed. Geocities' closure had been announced six months ago, so last week's closure was the culmination of that process. In the fifteen years since it first appeared, the Internet has progressed rapidly to bigger and better things, but there is still a special place for many people for the site that allowed them, a regular user, to be able to have a definable place on the Internet that was theirs. Blogs, MySpace pages, Facebook, LinkedIn, and a host of other social networking sites have effectively replaced Geocities and similar sites (Angelfire, Tripod, others) for allowing people to create their own definable space on the Internet. ISPs still provide personal webspace, much as they did around the time that Geocities became popular, but it never really entered the popular imagination in the way that Geocities did. While many of the pages that Geocities ended up with were an assault on the eyes, it did lead many to learn at least rudimentary HTML, JavaScript and CSS skills in order to make what they had created more appealing and more user friendly. As the Geocities data has now been deleted from Yahoo's servers, all that remains of Geocities is what various archiving sites were able to extract prior to the closure. Who knows what the next major community site to close completely will be. Many once popular and heavily-trafficed sites have faded to a mere shadow of what they once were, but it may be some time before another significant chunk of Internet history is deleted as Geocities has been. 2.2 Media Caught Out By Fake Press Release News organisations seem to like complaining about the apparent lack of respect that the wider community is paying them, mainly about people wanting to keep reading their news for free. When challenged about their slipping standards of reporting and failure to provide actual news, many of these news organisations point back to falling revenues, wringing their hands about how hard it is to be them in an electronic world where information is available almost instantly to anyone, anywhere in the world. They really haven't helped their case with a recent egregious failure to fact check, or even sanity check a fake press release and fake media conference that signalled a massive change in direction for a significant organisation representing US business interests. The US Chamber of Commerce is a body that claims to represent more than 300,000 US businesses, of all sizes and types, and provides a common voice for these businesses in environments where they normally wouldn't be heard. A number of public defections by large companies like Apple and Nike over the management and Climate Change stance of the Chamber set the environment for The Yes Men to fake a press release and media conference where the Chamber of Commerce would be announcing an about turn on its Climate Change stance. It didn't take much more for the media to bite. Not everyone was completely sucked in, but Reuters did take the bait, and as a result, so did a number of major media sites and newspapers, including the Washington Post and The New York Times. Retractions may have soon followed, but the fact was that they had already reported the fake press release and media conference as real news. When media conglomerate owners and boards are publicly calling for consumers to pay to access their content online, being publicly caught out blindly reporting on a hoax isn't going to help the argument that they are still relevant and an important source of accurate news. It isn't the first time that major media organisations have been caught out taking hoaxed material on blind faith as being accurate, but as alternative media sources proliferate, it is becoming harder for them to avoid scrutiny when this happens. The rush to avoid being seen as the purveyor of yesterday's news shouldn't mean that common sense and accuracy are disregarded in order to do so. ======================================= Sincerely, S?nnet Beskerming Team info at beskerming.com S?nnet Beskerming Pty. Ltd. Adelaide, Australia http://www.beskerming.com Tel: +61 (0) 410 707 444 ** S?nnet Beskerming Pty. Ltd. ** Established in mid 2004, S?nnet Beskerming Pty. Ltd. is the sister company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and commercialise the research coming out of Jongsma & Jongsma Pty. Ltd.. S?nnet Beskerming Pty. Ltd. is an Information Security specialist and, in conjunction with the tools developed by Jongsma & Jongsma Pty. Ltd., provides total security solutions and services, from the perimeter to internal data stores, including web application security and security testing and analysis.