Blogs

Adobe Flash Media Server Directory Traversal Vulnerability

http://www.securityfocus.com/bid/37420

"Adobe Flash Media Server is prone to a directory-traversal
vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an attacker to load arbitrary Dynamic
Linked Libraries (DLLs) present on the server. This could help the
attacker launch further attacks. "

This affects Adobe Flash Media Server 3.5.2 and prior.
This affects Adobe Flash Media Server 3.0.4 and prior.

GnuTLS X.509 Certificate Serial Number Decoding Remote Security Vulnerability

http://www.securityfocus.com/bid/38959/info

"An attacker can exploit this issue to potentially execute arbitrary
code, trigger denial-of-service conditions, or bypass certificate
revocation list (CRL) checks, causing clients to accept expired or
invalid certificates from servers."

This affects GNU GnuTLS 1.2, specifically with RHEL4.

GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/38628/info

"GNU Tar and GNU Cpio are prone to a remote buffer-overflow
vulnerability because the applications fail to perform adequate boundary
checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the
privileges of the user running the affected application. Failed exploit
attempts will result in a denial-of-service condition.

This issue affects the following:

Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

http://www.securityfocus.com/bid/37543

"Sendmail is prone to a security-bypass vulnerability because the
application fails to properly validate the domain name in a signed CA
certificate, allowing attackers to substitute malicious SSL certificates
for trusted ones.

Successfully exploiting this issue allows attackers to perform
man-in-the-middle attacks or impersonate trusted servers, which will aid
in further attacks.

Versions prior to Sendmail 8.14.4 are vulnerable."

APPLE-SA-2010-03-30-2 iTunes 9.1 fixes 7 vulnerabilities

http://support.apple.com/kb/HT1222

iTunes 9.1 has been released which fixes 7 vulnerabilities. It affects
the following OS's:

Windows 7
Vista
XP
Mac OS X v10.4.11 or later

These vulnerabilities could lead to: arbitrary code execution, DoS
(including prolonged DoS after reboot), memory data disclosure,
privilege escalation.

It is recommended that iTunes be udpated to the latest version for all
users.

Thanks,
Brian

APPLE-SA-2010-03-30-1 QuickTime 7.6.6 fixes 16 security vulnerabilities

http://support.apple.com/kb/HT1222

Apple has released QuickTime 7.6.6 which fixes 16 security
vulnerabilities. This affects QuickTime installed on the following OS's.

Windows 7
Vista
XP SP2
XP SP3
Mac OS X v10.5.8

Vulnerabilities include: arbitrary code execution and/os local DoS.

Mac OS X v10.6 incorporates QuickTime within. Mac OS X v10.6.3 includes
the update to QuickTime 7.6.6.

APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3 fixes 69 vulnerabilities

http://support.apple.com/kb/HT1222

Apple has released Mac OS X v10.6.3 which addresses several security
vulnerabilities. This includes arbitrary code execution with spell
check, firewall rule inactivation, non-authorized AFP mounting,
directory traversal, and more.

In all, 69 vulnerabilities were patched.

It is recommended that Mac OS X v10.6.x users update to v10.6.3 to
mitigate these risks.

Thanks,
Brian

HP Small Form Factor or Microtower PC with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code

http://permalink.gmane.org/gmane.comp.security.bugtraq/42791

"A potential vulnerability (CVE-2010-0104) has been identified with
certain HP Small Form Factor and Microtower PCs with Broadcom
Integrated NIC Firmware [in versions earlier than v1.40.0.0 and
earlier than v8.08]. The vulnerability could be remotely exploited to
execute arbitrary code."

Pages