The problem specifically affects:
- McAfee Internet Security Suite 6.x, 7.x, 8.x, 2007
- McAfee Total Protection 2007
- McAfee VirusScan Plus 2007
- McAfee PC Protection Plus 2007
- McAfee VirusScan 8.x, 9.x, 10.x
- McAfee Personal Firewall Plus 5.x, 6.x, 7.x
- McAfee Privacy Service 6.x, 7.x, 8.x
- McAfee SpamKiller 5.x, 6.x, 7.x
- McAfee QuickClean 4.x, 5.x, 6.x
- McAfee AntiSpyware 1.x, 2.x
- McAfee Wireless Home Network Security 1.x
McAfee said Security Center 7.2.147 and 6.0.25 address the risk associated with this security flaw and that these updates were made available for download on March 22, 2007. Most customers receive the updates automatically.
Apple fixes Darwin server flaws
Apple Inc. has fixed two Darwin Streaming Server flaws attackers could exploit to cause a denial of service or hijack a targeted system. Apple said in an advisory that the first issue is caused by a stack overflow error in the "is_command()" [proxy.c] function when specially crafted RTSP requests are processed. Attackers could exploit this to crash or compromise an affected server. The second vulnerability is a heap overflow error in the Proxy component that appears when a "SETUP" request containing specially crafted "trackID" values is processed. Attackers could exploit this to crash an affected server or run malicious code with elevated privileges.
The problems affect Apple Darwin Streaming Server version 5.5.4 and prior. Upgrading to version 5.5.5 fixes the flaws, Apple said.
Cisco fixes IOS flaws
Cisco Systems has fixed a pair of flaws in its Internetwork Operating System (IOS) attackers could exploit to cause a denial of service or tamper with data in a device's file system.
The IOS improperly verifies user credentials within the FTP server, Cisco said in an advisory. Remote attackers could exploit this to "bypass the authentication process and retrieve or write any file from the device file system (including the configuration file)," the networking giant added. Also, an error in the FTP server surfaces when certain files are transferred. Remote attackers could use the error to cause a vulnerable device to reload, creating a denial-of-service condition. The flaws affect Cisco IOS versions 11.3, 12.0, 12.1, 12.2, 12.3 and 12.4. However, the IOS FTP server is an optional service disabled by default, Cisco noted. Devices that are not specifically configured to enable the IOS FTP server service are unaffected by the flaws.
Symantec fixes Norton, pcAnywhere flaws
Symantec Corp. has fixed an ActiveX design flaw in its popular Norton AntiVirus software attackers could exploit to run malicious code on targeted machines. It also fixed a less serious flaw in a version of pcAnywhere that's no longer under active support.
The Cupertino, Calif.-based antivirus giant said a flaw in an ActiveX control used by Norton AntiVirus could potentially be exploited by a malicious Web site. An attacker could exploit the flaw to execute code remotely, the vendor said in an advisory. A design error in NAVOPTS.DLL, the ActiveX control used in Norton AntiVirus, could potentially allow an attacker to crash the control if the user visits a malicious Web site. It "could then allow the attacker to access other Symantec ActiveX controls, even if they are not marked safe for scripting, possibly leading to remote arbitrary code execution in the context of the user's browser," the company added. The flaw can only be exploited if an attacker tricks the user into visiting a malicious Web site. Symantec has released a fix through its LiveUpdate program.
And though it's no longer a supported version, Symantec said it is preparing a fix for pcAnywhere version 11.5.0. The fix would be made available with no support available, Symantec said, adding that users who want full product support should upgrade to the latest version. The problem with this version is that a remote user's connection credentials are stored in clear text within the Symantec pcAnywhere host server's process memory when a remote session is requested.
CA plugs flaws in its security products
Those who use CA's security products should be aware that the vendor has just fixed some critical flaws attackers could exploit to cause a denial of service or hijack a targeted machine. Here are the details as told by the French Security Incident Response Team (FrSIRT):
"Two vulnerabilities have been identified in CA Anti-Virus, CA Anti-Spyware and CA Threat Manager, which could be exploited by attackers or malware to cause a denial of service or take complete control of an affected system. The first issue is caused by a stack overflow error in the Console Server when processing malformed login credentials sent to port 12168/TCP, which could be exploited by remote unauthenticated attackers to execute arbitrary code with elevated privileges. The second vulnerability is caused by a stack overflow error in 'InoCore.dll' when handling file mapping contents, which could be exploited by local attackers to gain elevated privileges."
The problems affect CA Anti-Virus for the Enterprise (eTrust Antivirus) r8, CA Threat Manager (eTrust Integrated Threat Management) r8 and CA Anti-Spyware (eTrust PestPatrol) r8.
Microsoft plugs 19 flaws
Microsoft plugged 19 holes Tuesday, including seven critical updates, addressing a zero-day DNS server flaw, and flaws in Microsoft Exchange, Internet Explorer, Microsoft Excel, Word and Office. The patches were released on Tuesday as part of its monthly Patch Tuesday update cycle. If exploited, Microsoft said the critical flaws could allow an attacker to take complete control of a system. The DNS Server Service flaw, which has been attacked on a limited scale in recent weeks, has been troublesome to some IT pros because DNS servers resolve domain names to the actual IP addresses of the Web servers hosting the requested sites.