Friday, March 24, 2006

RealNetworks has published updates to fix several vulnerabilities found in its multimedia players.

Even though they claim not to have received any actual reports of incidents related to these security flaws yet, we recommend all affected users apply these patches.

The first one of the flaws solved could allow a local user to extend their privileges, whereas the three others are related to buffer overruns in players when processing different types of files.

We recommend users of RealPlayer, RealOnePlayer, Rhapsody and Helix Player to check availability of updates, with the exception of users of versions for Nokia Series60 and Palm, which are not vulnerable.

The whole list of vulnerable products and download and installation instructions (for Windows, Mac and Linux) are detailed in the RealNetworks official notification, at http://www.service.real.com/realplayer/security/03162006_player/en/

Thursday, March 23, 2006

Sendmail Critical Vulnerability

The new version of Sendmail, 8.13.6, corrects a critical vulnerability that could allow an attacker to gain control of affected systems and access the email messages in the mailboxes hostedon the server.

Sendmail is one of the most popular MTAs (Mail Transfer Agent) and usedwidely in Internet mail servers, especially in UNIX environments, but there is also a version for Windows.

The vulnerability has been detected in version 8; or more precisely, versions prior to 8.13.6.

This problem would allow an attacker to run arbitrary code and totally compromise affected servers.

Sendmail versions for Windows are not vulnerable.

The Sendmail Consortium urges all users to upgrade to Sendmail 8.13.6.

If this is not possible, specific patches to correct the vulnerability in versions 8.12 and 8.13 are also available.

More information about the vulnerability, upgrade and patches is available in the original advisory at:http://www.sendmail.org/8.13.6.html

Tuesday, March 21, 2006

BEA WebLogic Vulnerabilities Patched

BEA has has released six bulletins warning of vulnerabilities affecting WebLogic Server 6.1, 7.0, 8.1 and WebLogic Portal 8.1 which could allow access to sensitive information, enable security restrictions to be avoided or cause denial of services.

- Bulletin BEA06-105.1 reports that specially crafted HTTP requests may be used to launch HTTP Request Smuggling attacks on the server. This affects WebLogic Server 8.1, 7.0 and 6.1. The bulletin is available at: http://dev2dev.bea.com/pub/advisory/177

- Bulletin BEA06-107.01 refers to the fact that an attacker is allowed too many invalid login attempts. This affects WebLogic Server 8.1 and 7.0. The bulletin is available at: http://dev2dev.bea.com/pub/advisory/178

- Bulletin BEA06-111.01 warns that the server log could be viewed remotely. This affects WebLogic Server 8.1, 7.0 and 6.1. The bulletin is available at:
http://dev2dev.bea.com/pub/advisory/179

- Bulletin BEA06-120.00 describes an internal servlet that allows access to the Windows local file system. This affects WebLogic Server 6.1. http://dev2dev.bea.com/pub/advisory/180

- Bulletin BEA06-122.00 reports an unauthorized access vulnerability in WebLogic Portal 8.1 sites using Portlets JSR-168. http://dev2dev.bea.com/pub/advisory/182

-Bulletin BEA06-123.00 concerns a denial of service vulnerability due to consumption of all memory resources on parsing malicious XML documents. This affects WebLogic Server 8.1, 7.0 and 6.1. The bulletin is available at: http://dev2dev.bea.com/pub/advisory/183

Users affected by the problems in WebLogic Server and WebLogic Portal should refer to the BEA bulletins -available from http://dev2dev.bea.com/advisoriesnotifications/-, and take the security measures indicated.

Monday, March 20, 2006

Online Security: New Viruses & Trojans

MADRID, March 19, 2006 - Panda Software has published its report that itprepares every week on the most significant viruses and intrusions.

Based on the information compiled by PandaLabs, this week three Trojans with very different functions stand out: CXOver.A, Banker.CHG and Cryzip.A.

CXOver.A is a malicious code that spreads using ActiveSync connections between computers with the .NET platform installed and mobile devices, such as PDAs or cell phones.

When it is run, it checks if the computer is connected to a mobile device through ActiveSync and creates a copy ofitself on the device.

Then, if the affected mobile device is connected to another computer through Activesync, CXOver.A will sent a copy ofitself to that computer.

CXOver.A deletes the files from the My Documents folder on the mobile device.

The other malicious codes in today's report are other examples of the new dynamic used by malware writers.

The first, Banker.CHG, is anothermember of the Banker family, specialized in theft of passwords foraccessing online banking systems. This Trojan goes memory resident,checking the pages accessed by the user.

When the page viewed in the browser coincides with one of the URLs thatBanker.CHG has stored in its code, it redirects the user to another site with the same appearance, but controlled by a hacker.

Banker.CHG cannot spread automatically using its own means and therefore, needs an attacker to distribute it.

Finally, we have a clear example of hackers' interest in defrauding users. PandaLabs has reported the appearance of Cryzip.A., a Trojan that compresses files with a many different of extensions, including CGI,DBX, DOC, DSW, JPG, MDB, PDF, TXT, XLS, etc. in a ZIP file and password protects them.

Users cannot open the files until they get the passwordby following the instructions left by Cryzip.A in a text file. If this Trojan has infected your computer, the password for decompressing the files is C:\Program Files\Microsoft Visual Studio\VC98.

As well as these malicious codes, PandaLabs has warned users of two vulnerabilities that have been corrected by Microsoft.

The first, as reported in Microsoft Security Bulletin MS06-011, corrects an error that could allow an attacker to gain control of the affected system.

An attacker could therefore, install programs with serious consequences or carry out any task without the user realizing.

The systems affected are Microsoft Windows XP Service Pack 1 andMicrosoft Windows Server 2003 (also the version for Itanium systems). More information and the updates that fix the error are available at http://www.microsoft.com/technet/security/Bulletin/ms06-011.mspx.

The second update, reported in the bulletin MS06-012, corrects a similar error to the aforementioned error, as it could also allow an attacker to gain control of the system, if users log on as the system administrator.

According to the second bulletin, the systems affected are Office 2000SP 3, Office XP SP 3, Office 2003 SP 1 or 2 and Microsoft Works Suites, versions 2000 to 2006.

Office for Mac (versions X and 2004) is also affected.

PandaLabs has stressed the severity of these security problems. It also reminds users to install the updates as soon as possible. In this case, it is particularly important, because by allowing programs to be installed, these vulnerabilities are the perfect scenario for falling victim to new malware dedicated to cyber-crime.