[Sunnet Alert] Advisory #272 - Microsoft (Multiple), OS X (Multiple), Multiple News
Security and IT News Alerts
alertmailinglist at skiifwrald.com
Fri Nov 13 18:52:32 EST 2009
Sûnnet Beskerming Alert List Advisory #271
You are receiving this message because you have subscribed to our
Information Security Alert Mailing List, or have been selected for a
specific one-off copy. If you believe that you are receiving this
message in error,pleasecontactinfo at beskerming.com to resolve the error.
Why not upgrade to get same day notification on security threats?
Details and rates available online -
(http://www.beskerming.com/premium/generic_advisory.html).
Why not go the next step and get delivery tailored just for your
company?
(http://www.beskerming.com/premium/focussed_advisory.html)
Once you've had a chance to read through this advisory, come back and
answer the following question.
Did you like the timeliness of the advisory?
Our premium subscribers get this sort of service on every advisory -
same day coverage of security discoveries and full details on all
external tracking data that we have discovered, to help keep you
informed and form a well-rounded opinion and assessment of the risk to
you, your systems, and your data.
Contents
--------------------------------------------------------------------
1. SECURITY
--------------------------------------------------------------------
1.1 Microsoft (Multiple)
- Remote Hacker Automatic Control
- Time Since Discovery - 3 Days
1.2 OS X (Multiple)
- Remote Hacker Automatic Control
- Time Since Discovery - 5 Days
=======================================
/*
- Remote or Local - Can it be achieved through a network or does it
require physical access?
- Hacker - The bad guy
- Manual or Automatic - Does the vulnerability need to be manually
performed, or can it be automated?
- Control, Denial of Service or Data Theft - Will the hacker get
control of your system / website, will they prevent you from using it,
or will they steal data.
*/
--------------------------------------------------------------------
2. NEWS
--------------------------------------------------------------------
2.1 Geocities Finally Deleted From Internet
2.2 Media Caught Out By Fake Press Release
=====================================
1. SECURITY
1.1 Microsoft (Multiple) - Remote Hacker Automatic Control
-- Products Affected --
Windows
Office
-- Technical Description --
MS09-063 - Windows. Remote code execution. Critical
MS09-064 - Windows. Remote code execution. Critical
MS09-065 - Windows. Random code execution. Replaces MS09-025. Critical
MS09-066 - Windows. Denial of service. Replaces MS09-021, MS09-035.
Important
MS09-067 - Excel. Random code execution. Replaces MS09-021. Important
MS09-068 - Word. Random code execution. Replaces MS09-027. Important
-- Description --
Following the thirteen patches released in October, Microsoft have
released six patches for their November security patch release. Three
have been identified as Critical, and three as Important. Four of the
patches, including all of the Critical patches, are for Windows or
Windows Server components, with the remaining Important patches for
Office products (Excel and Word). From Microsoft's analysis of the
risks, it appears that the vulnerabilities (one in particular) fixed
by MS09-065 are the greatest overall threat addressed with this
month's release.
-- Recommended Action --
All users and administrators should apply the updates at the earliest
opportunity.
-- Source --
http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx
http://www.beskerming.com/services/176/Patch_Briefing
http://store.eSellerate.net/s.asp?s=STR3448907936&Cmd=CATALOG&CategoryID=9811
-- Updates Available --
http://www.microsoft.com/technet/security/bulletin/ms09-063.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-064.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-065.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-066.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-068.mspx
-- External Tracking Data --
Upgrade to get tracking details
-- Threat Matrix --
U O
Home User 10 10 (Highly Critical)
Corporate 10 10 (Highly Critical)
1.2 OS X (Multiple) - Remote Hacker Automatic Control
-- Products Affected --
OS X 10.6.2
OS X 10.5.8
-- Technical Description --
AFP Client - Accessing a malicious AFP server may lead to an
unexpected system termination or arbitrary code execution with system
privileges
Adaptive Firewall - A brute force or dictionary attack to guess an
SSH login password may not be detected by Adaptive Firewall
Apache - Multiple vulnerabilities in Apache 2.2.11
Apache Portable Runtime - Applications using Apache Portable Runtime
(apr) may be exploited for code execution
ATS - Viewing or downloading a document containing a maliciously
crafted embedded font may lead to arbitrary code execution
Certificate Assistant - A user may be misled into accepting a
certificate for a different domain
CoreGraphics - Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
CoreMedia - Viewing a maliciously crafted H.264 movie may lead to an
unexpected application termination or arbitrary code execution
CUPS - Acessing a maliciously crafted website or URL may lead to a
cross-site scripting or HTTP response splitting attack
Dictionary - A user on the local network may be able to cause
arbitrary code execution
DirectoryService - A remote attacker may cause an unexpected
application termination or arbitrary code execution
Disk Images - Downloading a maliciously crafted disk image may lead
to an unexpected application termination or arbitrary code execution
Dovecot - A local user may cause an unexpected application
termination or arbitrary code execution with system privilege
Event Monitor - A remote attacker may cause log injection
fetchmail - fetchmail is updated to 6.3.11
file - Running the file command on a maliciously crafted Common
Document Format (CDF) file may lead to an unexpected application
termination or arbitrary code execution
FTP Server - An attacker with access to FTP and the ability to create
directories on a system may be able to cause unexpected application
termination or arbitrary code execution
Help Viewer - Using Help Viewer on an untrusted network may result in
arbitrary code execution
ImageIO - Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
International Components for Unicode - Applications that use the
UCCompareTextDefault API may be vulnerable to an unexpected
application termination or arbitrary code execution
IOKit - A non-privileged user may be able to modify the keyboard
firmware
IPSec - Multiple vulnerabilities in the racoon daemon may lead to a
denial of service
Kernel - A local user may cause information disclosure, an unexpected
system shutdown, or arbitrary code execution
Launch Services - Attempting to open unsafe downloaded content may
not lead to a warning
libsecurity - Support for X.509 certificates with MD2 hashes may
expose users to spoofing and information disclosure as attacks improve
libxml - Parsing maliciously crafted XML content may lead to an
unexpected application termination
Login Window - A user may log in to any account without supplying a
password
OpenLDAP - Multiple vulnerabilities in OpenLDAP
OpenSSH - Data in an OpenSSH session may be disclosed
PHP - Multiple vulnerabilities in PHP 5.2.10
QuickDraw Manager - Opening a maliciously crafted PICT image may lead
to an unexpected application termination or arbitrary code execution
QuickLook - Downloading a maliciously crafted Microsoft Office file
may lead to an unexpected application termination or arbitrary code
execution
QuickTime - Multiple vulnerabilities may lead to an unexpected
application termination or arbitrary code execution
FreeRADIUS - A remote attacker may terminate the operation of the
RADIUS service
Screen Sharing - Accessing a malicious VNC server may lead to an
unexpected application termination or arbitrary code execution
Spotlight - A local user may manipulate files with the privileges of
another user
Subversion - Accessing a Subversion repository may lead to an
unexpected application termination or arbitrary code execution
-- Description --
Apple have released a major security Update, Security Update
2009-006 / OS X 10.6.2, which addresses a large range of issues
affecting numerous components of OS X. For Snow Leopard users, the
update is also the second update for their operating system taking
their systems to 10.6.2.
-- Recommended Action --
All users and administrators should apply the updates at the earliest
opportunity.
-- Source --
http://support.apple.com/kb/HT1222
-- Updates Available --
http://www.apple.com/support/downloads/
-- External Tracking Data --
Upgrade to get tracking details
-- Threat Matrix --
U O
Home User 10 10 (Highly Critical)
Corporate 10 10 (Highly Critical)
=======================================
/*
Threat Matrix:
U - User
O - Operator
Harmless - 0 ----- 10 - Highly Critical
*/
=======================================
2. NEWS
2.1 Geocities Finally Deleted From Internet
After fifteen years of service, the venerable Geocities has finally
closed. Geocities' closure had been announced six months ago, so last
week's closure was the culmination of that process.
In the fifteen years since it first appeared, the Internet has
progressed rapidly to bigger and better things, but there is still a
special place for many people for the site that allowed them, a
regular user, to be able to have a definable place on the Internet
that was theirs. Blogs, MySpace pages, Facebook, LinkedIn, and a host
of other social networking sites have effectively replaced Geocities
and similar sites (Angelfire, Tripod, others) for allowing people to
create their own definable space on the Internet. ISPs still provide
personal webspace, much as they did around the time that Geocities
became popular, but it never really entered the popular imagination in
the way that Geocities did.
While many of the pages that Geocities ended up with were an assault
on the eyes, it did lead many to learn at least rudimentary HTML,
JavaScript and CSS skills in order to make what they had created more
appealing and more user friendly.
As the Geocities data has now been deleted from Yahoo's servers, all
that remains of Geocities is what various archiving sites were able to
extract prior to the closure.
Who knows what the next major community site to close completely will
be. Many once popular and heavily-trafficed sites have faded to a mere
shadow of what they once were, but it may be some time before another
significant chunk of Internet history is deleted as Geocities has been.
2.2 Media Caught Out By Fake Press Release
News organisations seem to like complaining about the apparent lack of
respect that the wider community is paying them, mainly about people
wanting to keep reading their news for free. When challenged about
their slipping standards of reporting and failure to provide actual
news, many of these news organisations point back to falling revenues,
wringing their hands about how hard it is to be them in an electronic
world where information is available almost instantly to anyone,
anywhere in the world.
They really haven't helped their case with a recent egregious failure
to fact check, or even sanity check a fake press release and fake
media conference that signalled a massive change in direction for a
significant organisation representing US business interests.
The US Chamber of Commerce is a body that claims to represent more
than 300,000 US businesses, of all sizes and types, and provides a
common voice for these businesses in environments where they normally
wouldn't be heard. A number of public defections by large companies
like Apple and Nike over the management and Climate Change stance of
the Chamber set the environment for The Yes Men to fake a press
release and media conference where the Chamber of Commerce would be
announcing an about turn on its Climate Change stance.
It didn't take much more for the media to bite. Not everyone was
completely sucked in, but Reuters did take the bait, and as a result,
so did a number of major media sites and newspapers, including the
Washington Post and The New York Times. Retractions may have soon
followed, but the fact was that they had already reported the fake
press release and media conference as real news.
When media conglomerate owners and boards are publicly calling for
consumers to pay to access their content online, being publicly caught
out blindly reporting on a hoax isn't going to help the argument that
they are still relevant and an important source of accurate news. It
isn't the first time that major media organisations have been caught
out taking hoaxed material on blind faith as being accurate, but as
alternative media sources proliferate, it is becoming harder for them
to avoid scrutiny when this happens.
The rush to avoid being seen as the purveyor of yesterday's news
shouldn't mean that common sense and accuracy are disregarded in order
to do so.
=======================================
Sincerely,
Sûnnet Beskerming Team
info at beskerming.com
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: +61 (0) 410 707 444
** Sûnnet Beskerming Pty. Ltd. **
Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist and,
in conjunction with the tools developed by Jongsma & Jongsma Pty.
Ltd., provides total security solutions and services, from the
perimeter to internal data stores, including web application security
and security testing and analysis.
More information about the Alertmailinglist
mailing list