Citrix users should upgrade to Citrix Presentation Server Client for Windows version 10.0 or later to mitigate a flaw in older versions that attackers could exploit to run malicious code on targeted machines.
The vendor said in an advisory that the problem is an implementation flaw connected to the program's ability to make ICA connections through proxy servers. Attackers could exploit the flaw using a malicious Web site.
Citrix rated the flaw "high-severity" and said it strongly recommends that customers upgrade their Citrix Presentation Server Client for Windows to version 10.0 or later.
Symantec fixes Mail Security flaw
Symantec Corp. has patched a flaw attackers could exploit in Symantec Mail Security for SMTP to hijack targeted machines. The problem is a buffer overflow error that surfaces when malformed email headers are handled. Remote attackers could exploit this to execute arbitrary commands with system privileges by sending a specially crafted email message through a flawed application. Symantec recommends users apply patch 175 to correct the problem.
Cisco fixes Catalyst-IOS glitch
Cisco Systems has fixed a flaw attackers could exploit in its Catalyst 6000, 6500 and Cisco 7600 products to take control of targeted systems. Those products are vulnerable to attack when a network analysis module (NAM) is installed. "This vulnerability affects systems that run the Internetwork Operating System (IOS) or Catalyst Operating System (CatOS)," Cisco said in an advisory.
Attackers who successfully exploit the flaw could gain complete control of an affected device by spoofing Simple Network Management Protocol (SNMP) packets from the IP address of the NAM.
Cisco has released patches to address the problem.
Flaw haunts McAfee antivirus for Macs
McAfee Inc. has repaired a flaw in its antivirus program for Mac OS X machines that attackers could exploit to bypass the malware scanner and gain elevated system privileges.
An issue exists with the default permissions and validation of specific files belonging to McAfee Virex 7.7 that may allow for local authenticated command execution, the Santa Clara, Calif.-based antivirus vendor said in an advisory.
"The vulnerability is caused due to /Library/Application Support/Virex/VShieldExclude.txt having insecure permissions and being created insecurely," Danish vulnerability clearinghouse Secunia said in an advisory. "This can be exploited to create arbitrary files with escalated privileges via symlink attacks."
McAfee recommends that users apply the patch, which has been pushed to all its live update servers.
Mozilla plugs a range of Firefox holes
Mozilla has released a security update that fixes a variety of Firefox flaws digital miscreants could exploit to circumvent security restrictions, conduct cross-site scripting attacks and access sensitive information.
The company released eight advisories over the weekend, all of which were rated highly critical by Danish vulnerability clearinghouse Secunia. The French Security Incident Response Team (FrSIRT) rated the flaws critical.
The problems, as described by Secunia, are:
- An error in how the browser handles the "locations.hostname" DOM property, which attackers could exploit to bypass certain security restrictions.
- An integer underflow error in the Network Security Services (NSS) code attackers could exploit to cause a heap-based buffer overflow using a certificate with a public key too small to encrypt the "Master Secret."
- A flaw that makes it possible to launch cross-site scripting attacks against sites containing a frame with a "data:" URI as source. Successful exploitation requires that a user is tricked into visiting a malicious Web site and opening a blocked popup.
- A flaw that makes it possible to open windows containing local files, thereby stealing the contents when the full path of a locally saved file containing malicious script code is known. This can be exploited in combination with a flaw in the seeding of the pseudo-random number generator causing downloaded files to be saved to temporary files with a somewhat predictable name.
- Browser UI elements like the host name and security indicators can be spoofed using a specially crafted custom cursor and manipulating the CSS3 hotspot property.
- It may be possible to access sensitive information from a Web site by exploiting an error that causes two Web pages to collide in the disk cache, thereby potentially appending part of one document to the other.
- Various errors in the Mozilla parser when handling invalid trailing characters in HTML tag attribute names and during processing of UTF-7 content when child frames inherit the character set of its parent window can be exploited to conduct cross-site scripting attacks.
- A vulnerability in the Password Manager that could be exploited to conduct phishing attacks.
- An error within the handling of the onUnload event handler and self-modifying document.write() calls can be exploited to corrupt memory and potentially execute arbitrary code.
To correct the flaws, Mozilla will prompt Firefox users to click a box that upgrades the browser to versions 188.8.131.52 or 184.108.40.206.