145 replies to this topic

[AplusWebMaster]

FYI...

AVG 8.5 vuln - updates available
- http://web.nvd.nist....d=CVE-2009-1784
Last revised: 05/26/2009
CVSS v2 Base Score: 10.0 (HIGH)

- http://xforce.iss.ne...orce/xfdb/50426
... Platforms Affected:
* AVG, AVG Anti-Virus 6.0.710
* AVG, AVG Anti-Virus 7.0
* AVG, AVG Anti-Virus 7.0.251
* AVG, AVG Anti-Virus 7.0.323
* AVG, AVG Anti-Virus 7.1.308
* AVG, AVG Anti-Virus 7.1.407
* AVG, AVG Anti-Virus 7.5.448
* AVG, AVG Anti-Virus 7.5.476
* AVG, AVG Anti-Virus 8.0
* AVG, AVG Anti-Virus 8.0.156
Remedy: Upgrade to the latest version of AVG (8.5 build 323 or later), available from the AVG Web site...

Program update AVG 8.5.323 SP1
- http://www.avg.com/223363
... Fixes
• Core: Fixed problem with crash while scanning PDF files.
• Core: Fixed occasional crash of scanning engine.
• Core: Fixed problem of crash while healing Mozilla Firefox 3 cookies.
• Core: Fixed problem with processing slowdown during Resident Shield scanning LNK files.
• Core: Fixed problem with ZoneAlarm incompatibility.
• Core: Fixed problem with missed detection in corrupted *.cab and *.zip archives (thanks to Thierry Zoller)...

Edited by AplusWebMaster, 27 May 2009 - 12:31 AM.
Added AVG link...

[AplusWebMaster]

FYI...

McAfee false positive...
- http://www.theregist...e_update_snafu/
9 June 2009 - "A recent McAfee service pack led to systems being rendered unbootable, according to posts on the security giant's support forums. The mandatory service pack for McAfee's corporate Virus scanning product, VSE 8.7, was designed to address minor security bugs but instead tagged windows system files as malware. The software update was issued on 27 May and pulled on 2 June, after problems occurred. Users were advised to keep the patch if they'd already installed it in a low-key announcement on McAfee's knowledge base*. Posts on McAfee's support forum** paint a different picture of PCs and server left unbootable after the update had automatically deleted Windows systems files wrongly identified as potentially malign..."
* https://kc.mcafee.co...=...&id=KB65943
June 08, 2009
** http://community.mca...ad.php?t=231060

[AplusWebMaster]

FYI...

F-secure - Mail relay vuln - update available
- http://www.f-secure....fsc-2009-2.html
2009-06-16 - "...Specially crafted messages may be used to bypass mail relay restrictions.
Mitigating factors:
* The issue only affects systems where the SMTP Turbo module is used for mail distribution.
* Incorrectly relayed messages still pass through spam filtering, which decreases the vulnerability’s usefulness for spam relaying.
Affected platforms: All supported platforms
Products: F-Secure Messaging Security Gateway 5.5.x...

- http://secunia.com/advisories/35475/2/
Release Date: 2009-06-16
Critical: Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
OS: F-Secure Messaging Security Gateway P-Series, F-Secure Messaging Security Gateway X-Series...
Solution: The vendor has fixed the vulnerability in patch 739, delivered automatically to affected systems. Approve the installation of patch 739 for systems not configured for automatic patch installation...

Edited by AplusWebMaster, 16 June 2009 - 06:25 AM.

[AplusWebMaster]

FYI...

ClamAV CAB/RAR/ZIP vuln - update available
- http://www.securityf.../bid/35426/info
Published: Jun 18 2009
Updated: Jun 19 2009
"... Versions prior to ClamAV 0.95.2 are vulnerable..."

- http://www.clamav.net/
"Latest ClamAV® stable release is: 0.95.2 ..."

- http://www.clamav.net/download/sources

[AplusWebMaster]

FYI...

McAfee false-positive glitch...
- http://www.theregist...ositive_glitch/
3 July 2009 22:48 GMT - "IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attack their core system files. In some cases, this caused the machines to display the dreaded BSOD. Details are still coming in, but forums here* and here** show that it's affecting McAfee customers in Germany, Italy, and elsewhere... Based on anecdotes, the glitch appears to be caused when older VirusScan engines install DAT 5664..."
* http://forums.mcafee...ad.php?p=569669
** http://forums.mcafee...ad.php?t=231904

- http://www.eweek.com...n...0&hide_js=1
2009-07-06 - "... On July 3, McAfee users running old versions of the VirusScan engine found themselves facing false positives after downloading a DAT file that labeled legitimate programs as malware. According to McAfee support forums, the glitch led to authorized programs being quarantined, and in some cases brought about the infamous "blue screen of death"... A McAfee spokesperson said the incorrect identification was resolved in the daily release, and stressed that customers running the most current software were not affected... According to McAfee, customers running Version 5200 or newer were not impacted by the problem. The most current versions are VirusScan Enterprise 8.7 and scanning engine 5301... "

Edited by AplusWebMaster, 07 July 2009 - 08:27 AM.
Added Eweek link...

[AplusWebMaster]

FYI...

CA - false positive
- http://www.theregist...ogue_av_update/
10 July 2009 - "... The update, issued on Wednesday, falsely labeled important Windows system files as potentially malign, dispatching them into quarantine. The action prevents Windows XP systems from booting properly... In a statement (below), CA said it issued a revised update on Thursday that resolved the problem.
'On July 8, 2009 at 11:00am EST, a CA DAT file release contained improperly formed malware detections that errantly detected clean files from Microsoft Windows Service Pack 3 and from the commercial Cygwin application. Affected files were detected as "Win32\Amalum" variants with extensions such as ZZNRA, ZZOFK, ZZNPB, and ZZNRA.
All files falsely detected as malware by these errant signatures were quarantined and renamed with the following text added to the file name "*.AVB". This prevented the affected files from running as the ".exe" file. It's important to note that the affected files remain fully intact, only the file extensions were modified.
On July 9, 2009 at 3:30am EST the file was corrected and released.' ..."

> http://preview.tinyurl.com/lyh5s9
Document ID: 3413 - Modify Date: Thursday, July 09, 2009 - "... false positive due to CA Anti-Virus Update # 6604 and has been corrected with CA Anti-Virus Update # 6606 or later..."

[AplusWebMaster]

FYI...

Kaspersky Anti-Virus / Kaspersky Internet Security 2010
Critical Fix 1 (version 9.0.0.463)
- http://www.kaspersky...ws?id=203038755
07.23.2009
"FIXES:
1. Problem with system instability after long period of program operation has been fixed.
2. Error causing BSOD while updating the emulator driver has been fixed.
3. Pop-up message in the URL checking module has been fixed (for the Spanish version).
4. Problem with pausing the scan task while third party programs are running in full-screen mode has been fixed.
5. Problem with the update task freezing at system startup has been fixed.
6. Vulnerability that allowed disabling of computer protection using an external script has been eliminated.
7. Driver crash in rare cases while processing a write operation has been fixed.
8. Crash while processing data incompliant with the protocol of Mail.Ru Agent has been fixed.
Download Here..."

[AplusWebMaster]

FYI...

Sophos SAVScan vuln - updates available
- http://web.nvd.nist....d=CVE-2008-6904
Last revised: 08/07/2009
CVSS v2 Base Score: 10.0 (HIGH)

> http://www.sophos.co...icle/50611.html
"... The vulnerability has been removed from all versions of Sophos Anti-Virus running the virus engine, version 2.82.1 and above...
1. Check that you have the latest version of Sophos Anti-Virus on your computers.
2. If necessary update to ensure you have virus engine version 2.82.1 or above..."

[AplusWebMaster]

FYI...

CA false positives...
- http://www.dynamoo.c...dwin32-and.html
12 August 2009 - "CA eTrust ITM has gone completely nuts today, with a load of seemingly random false positives mostly for StdWin32 in a large number of binaries, including some components of eTrust itself. The core problem seems to be a signature update from 31.6.6672 to 33.3.7051, there seems to be little consistency in what is being detected as a false positive although there are multiple occurrences of Nokia software, VNC and event DLLs and EXEs belonging to eTrust's core components...
Update 2: Signature pattern 34.0.6674 appears to fix this problem..."

CA / ITM False Positive Notice
> http://www.ca.com/us...aspx?cid=214397
Published: 12 Aug 2009

> https://support.ca.c...ontentID=214394
___

- http://www.theregist..._immune_update/
12 August 2009

- http://isc.sans.org/...ml?storyid=6955
Last Updated: 2009-08-13 01:35:11 UTC

Edited by AplusWebMaster, 13 August 2009 - 08:25 AM.

[AplusWebMaster]

FYI...

Symantec SYM09-010 - Symantec Products KeyView XLS Processing Buffer Overflow
- http://secunia.com/advisories/36421/2/
Release Date: 2009-08-26
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
OS: Symantec Brightmail Gateway 8.x, Symantec Mail Security Appliance 5.0.x ...
Solution: Please see the vendor advisory for a patch matrix.
Symantec (SYM09-010): http://preview.tinyurl.com/mp5rza ...

Norton 2009 product or Norton 360 Version 3.0 - Error: "Symantec Service Framework has encountered a problem and needs to close..." after you install the latest updates
- http://www.symantec....0090821103237EN
Last modified: 08/25/2009 - "Download and run the fix tool
1. Download the fix tool*.
Save the file to the Windows desktop.
DOWNLOAD
2. On the Windows desktop, double-click KB20090821103237EN.exe.
3. In the Open File - Security Warning window, click Run.
4. In the Norton Hotfix window, click Yes.
5. Accept the license agreement, and click OK.
6. Follow the on-screen instructions.
Restart your computer... In some cases you may need to restart the computer twice to apply the hotfix correctly. After you run the fix tool and restart the computer, if you still see this error message, restart the computer once again.
DOCID: 20090821103237EN
Operating System: Windows Vista, Windows XP
* ftp://ftp.symantec.com/public/english_us_...821103237EN.exe

[AplusWebMaster]

FYI...

avast! vuln - update available
- http://secunia.com/advisories/36858/2/
Last Update: 2009-09-25
Impact: Privilege escalation, DoS
Where: Local system
Solution Status: Vendor Patch
Solution: Update to version 4.8.1356...
Original Advisory: avast!:
http://www.avast.com...on-history.html

[AplusWebMaster]

FYI...

CA Anti-Virus Engine - CA20091008-01
- http://support.ca.co...ontentID=218878
"... CA has issued fixes to address the vulnerabilities.
The first vulnerability, CVE-2009-3587, is due to improper handling of a specially crafted RAR archive file by the CA Anti-Virus engine arclib component. An attacker can create a malformed RAR archive file that results in heap corruption and allows the attacker to cause a denial of service or possibly further compromise the system.
The second vulnerability, CVE-2009-3588, is due to improper handling of a specially crafted RAR archive file by the CA Anti-Virus engine arclib component. An attacker can create a malformed RAR archive file that results in stack corruption and allows the attacker to cause a denial of service.
... If the file version is earlier than indicated below, the installation is vulnerable.
File Name File Version
arclib.dll 8.1.4.0
> For eTrust Intrusion Detection 2.0, the file is located in "Program Files\eTrust\Intrusion Detection\Common", and for eTrust Intrusion Detection 3.0 and 3.0 sp1, the file is located in "Program Files\CA\Intrusion Detection\Common".
> For CA Anti-Virus r8.1 on non-Windows platforms:
Use the compver utility provided on the CD to determine the version of Arclib. If the version is less than 8.1.4.0, the installation is vulnerable..."

- http://web.nvd.nist....d=CVE-2009-3587

- http://web.nvd.nist....d=CVE-2009-3588

[AplusWebMaster]

FYI...

F-Secure PDF handling vuln - update available
- http://secunia.com/advisories/37192/2/
Release Date: 2009-10-29
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch...
Original Advisory: F-Secure:
http://www.f-secure....fsc-2009-3.html
Last updated: 2009-10-29
Risk level: High
"... A fix for the problem has been distributed through the malware definition database update channel. This advisory only affects systems that, for some reason, are not updated automatically..."

[AplusWebMaster]

FYI...

Panda vuln - update available
- http://secunia.com/advisories/37373/2/
Release Date: 2009-11-13 ...
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch
Software: Panda Antivirus Pro 2010 9.x, Panda Global Protection 2010 3.x, Panda Internet Security 2010 15.x ...
Original Advisory: Panda:
http://www.pandasecu...p...&idIdioma=2

[AplusWebMaster]

FYI...

Kaspersky AV vuln - update available
- http://secunia.com/advisories/37398/2/
Release Date: 2009-11-18
Impact: DoS
Where: Local system
Solution Status: Vendor Patch
Software: Kaspersky Anti-Virus 2010
Solution: Update to version 9.0.0.736.
Original Advisory:
http://sysdream.com/...p;section_id=78
"... Patch Updated: 2009/11/16..." (?)

- http://www.kaspersky...latest_versions

- http://usa.kaspersky...e vulnerability
October 21, 2009

Edited by AplusWebMaster, 18 November 2009 - 08:15 AM.