145 replies to this topic

[AplusWebMaster]

FYI...

F-Secure vuln - hotfix available
- http://www.f-secure....sc-2008-1.shtml
Last updated: 2008-02-19 ...
Risk Factor: High
The gateway passes archives unscanned
Mitigating Factors:
* Exploitation of these vulnerabilities requires specially crafted archives
* The CAB issue has been fixed automatically in F-Secure database updates, while fixing the RAR archive scanning requires installing the hotfix..."

(More detail at the URL above.)

[AplusWebMaster]

FYI...

Symantec RAR File vulns - updates available
- http://secunia.com/advisories/29140/
Release Date: 2008-02-27
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Symantec AntiVirus for Network Attached Storage 4.x
Symantec AntiVirus Scan Engine 4.x
Symantec AntiVirus/Filtering for Domino 3.x
Symantec Mail Security for Exchange 4.x
Symantec Mail Security for Microsoft Exchange 5.x
Symantec Scan Engine 5.x...
Original Advisory: SYM08-006:
http://www.symantec....2008.02.27.html ...
"...to ensure all available updates have been applied, users can manually launch and run LiveUpdate..."

[AplusWebMaster]

FYI...

Panda vuln - updates available
- http://secunia.com/advisories/29311/
Release Date: 2008-03-10
Critical: Less critical
Impact: Privilege escalation, DoS
Where: Local system
Solution Status: Vendor Patch
Software: Panda Antivirus + Firewall 2008, Panda Internet Security 2008 ...
Solution: Apply hotfix.
Panda Internet Security 2008 (hfp120801s1.exe):
http://www.pandasecu...hfp120801s1.exe
Panda Antivirus + Firewall 2008 (hft70801s1.exe):
http://www.pandasecu.../hft70801s1.exe ...
Original Advisory: Panda:
http://www.pandasecu...amp;ref=ProdExp
http://www.pandasecu...amp;ref=ProdExp ...

[AplusWebMaster]

FYI...

F-Secure Security Advisory FSC-2008-2
- http://www.f-secure....s/00001404.html
March 17, 2008 - "...The Secure Programming Group at Oulu University has created a collection of malformed archive files. These archive files break and crash products from at least 40 vendors - including several antivirus vendors...including us. We've fixed a long list of our products to resolve these issues. Home users will get these fixes via the normal update system and they don't have to do anything... Our guidance here is the same as for patches from any other vendor: Patch now before someone figures out how to exploit the vulnerability. At the moment we are not aware of any public exploit methods for these vulnerabilities. For more information, please consult F-Secure Security Advisory FSC-2008-2* and CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats**."
* http://www.f-secure....sc-2008-2.shtml
(Hotfixes/patches available)

** https://www.cert.fi/...ve-formats.html
17 March 2008 - "...The vulnerabilities described in this advisory can potentially affect programs that handle the archive formats ACE, ARJ, BZ2, CAB, GZ, LHA, RAR, TAR, ZIP and ZOO. The Test Suite contains a set of fuzzed archive files in different formats, some of which may cause and some that are known to cause problems in common tools processing archived content..."

[AplusWebMaster]

FYI...

CA Alert Notification Server service
- https://support.ca.c...ontentID=173103
Issued: April 3rd, 2008 - "CA's customer support is alerting customers to security risks in products that use the Alert Notification Server service. Multiple vulnerabilities exist that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities.
The vulnerabilities, CVE-2007-4620, are due to insufficient bounds checking in multiple procedures. A remote authenticated attacker or local user can exploit a buffer overflow to execute arbitrary code or cause a denial of service.
Risk Rating: High
Affected Products:
CA Anti-Virus for the Enterprise 7.1
CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8
CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8.1
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
Solution: CA has provided updates to address the vulnerabilities... (links at URL above)
Workaround: None..."

[AplusWebMaster]

FYI...

ClamAV vuln
- http://secunia.com/advisories/29000/
Release Date: 2008-04-14
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Software: Clam AntiVirus (clamav) 0.x
...The vulnerability is confirmed in versions 0.92 and 0.92.1. Prior versions may also be affected.
Solution: An updated version should be available shortly. The PE scanning module has been remotely switched off after 10/03/2008.

Do not scan untrusted PE files...

[AplusWebMaster]

FYI...

ClamAV multiple vulns - update available
- http://secunia.com/advisories/29000/
Last Update: 2008-04-15
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x
...The vulnerabilities are reported in version 0.92.1. Prior versions may also be affected.
Solution: Update to version 0.93.
Download:
- http://www.clamav.net/download/sources
Changelog:
- http://svn.clamav.ne...trunk/ChangeLog

http://nvd.nist.gov/...e=CVE-2008-1100

http://nvd.nist.gov/...e=CVE-2008-1387

Edited by AplusWebMaster, 17 April 2008 - 12:49 PM.

[AplusWebMaster]

FYI...

ClamAV vuln - update available
- http://secunia.com/advisories/30657/
Release Date: 2008-06-17
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x...
The vulnerability is reported in versions prior to 0.93.1.
Solution: Update to version 0.93.1.
Original Advisory:
https://wwws.clamav....bug.cgi?id=1000 ...

Download:
http://sourceforge.n...?group_id=86638

[AplusWebMaster]

Backtrack...

- http://atlas.arbor.n...index#-51119944
Severity: High Severity
Published: Friday, June 20, 2008 20:31

ClamAV vuln... now marked as "Unpatched"
- http://secunia.com/advisories/30657/
Last Update: 2008-06-20
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Unpatched ...
The vulnerability is confirmed in versions 0.93 and 0.93.1. Other versions may also be affected.
Solution: Disable the scanning of PE files.
NOTE: Version 0.93.1 only fixes a particular exploitation vector...
Changelog:
2008-06-20: Updated "Solution" section and marked the advisory as unpatched...

[AplusWebMaster]

FYI...

Panda ActiveScan vulns - update available
- http://secunia.com/advisories/30841/
Release Date: 2008-07-07
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Panda ActiveScan 2.0 1.x
...Successful exploitation allows execution of arbitrary code. According to the vendor, the vulnerabilities affect versions prior to version 1.02.00.
Solution: Update to version 1.02.00 or later.
http://www.pandasecu....com/activescan

- http://nvd.nist.gov/...e=CVE-2008-3155
- http://nvd.nist.gov/...e=CVE-2008-3156

Edited by AplusWebMaster, 21 July 2008 - 03:02 PM.
Added CVE refs...

[AplusWebMaster]

FYI...

Sophos DoS vuln - update available
- http://secunia.com/advisories/31037
Last Update: 2008-07-17
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
...The vulnerability affects the following products that incorporate the July update (4.31 virus data and 2.75 engine):
* Sophos Email Appliance
* Pure Message for Unix
* Sophos Anti-Virus Interface (SAVI)
Solution: Update to the latest virus identity file.
Original Advisory:
http://www.sophos.co...icle/42245.html

- http://nvd.nist.gov/...e=CVE-2008-3177

[AplusWebMaster]

FYI...

ClamAV vuln - update available
- http://secunia.com/advisories/30657/
Last Update: 2008-07-28
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 0.93.3...
- http://sourceforge.n...;group_id=86638

- http://nvd.nist.gov/...e=CVE-2008-2713
- http://nvd.nist.gov/...e=CVE-2008-3215

[AplusWebMaster]

FYI...

AVG DoS vuln - update available
- http://secunia.com/advisories/31290/
Release Date: 2008-07-29
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: AVG Anti-Virus 8.x ...
...The vulnerability affects versions prior to 8.0.156.
Solution: Update to version 8.0.156 or later.
Original Advisory:
AVG: http://www.grisoft.com/ww.94247

n.runs AG: http://preview.tinyurl.com/6fcaye ...

- http://www.us-cert.g...releases_update

Program update AVG Free 8.0 169: http://free.avg.com/ww.94096
August 25, 2008

Edited by AplusWebMaster, 08 September 2008 - 08:57 AM.
Updated US-CERT and AVG update links...

[AplusWebMaster]

FYI...

Trend Micro multiple vulns - updates available
- http://secunia.com/advisories/31373
Last Update: 2008-08-29
Critical: Moderately critical
Impact: Security Bypass, Brute force
Where: From local network
Solution Status: Partial Fix
Software: Trend Micro Client Server Messaging Security for SMB 3.x
Trend Micro OfficeScan Corporate Edition 7.x
Trend Micro OfficeScan Corporate Edition 8.x
Trend Micro Worry-Free Business Security 5.x
...This vulnerability can further be exploited to execute arbitrary code.
Solution: Apply patches... (Multiple links at the URL above.)

- http://web.nvd.nist....d=CVE-2008-2433
Last revised: 09/05/2008

[AplusWebMaster]

FYI...

Trend Micro OfficeScan Server - updates available
- http://secunia.com/advisories/31342/
Release Date: 2008-09-12
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Partial Fix
...Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 7.3 with Patch 4 build 1362 applied and also affects OfficeScan version 7.0 and 8.0, and Client Server Messaging Security version 3.6, 3.5, 3.0, and 2.0.
Solution: Apply patches...

(Links to patches/updates available at the URL above.)