McAfee addresses flaws in multiple products

By SearchSecurity.com Staff 14 May 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The problem specifically affects:

• McAfee Internet Security Suite 6.x, 7.x, 8.x, 2007
• McAfee Total Protection 2007
• McAfee VirusScan Plus 2007
• McAfee PC Protection Plus 2007
• McAfee VirusScan 8.x, 9.x, 10.x
• McAfee Personal Firewall Plus 5.x, 6.x, 7.x
• McAfee Privacy Service 6.x, 7.x, 8.x
• McAfee SpamKiller 5.x, 6.x, 7.x
• McAfee QuickClean 4.x, 5.x, 6.x
• McAfee AntiSpyware 1.x, 2.x
• McAfee Wireless Home Network Security 1.x

McAfee said Security Center 7.2.147 and 6.0.25 address the risk associated with this security flaw and that these updates were made available for download on March 22, 2007. Most customers receive the updates automatically.

Apple fixes Darwin server flaws
Apple Inc. has fixed two Darwin Streaming Server flaws attackers could exploit to cause a denial of service or hijack a targeted system. Apple said in an advisory that the first issue is caused by a stack overflow error in the "is_command()" [proxy.c] function when specially crafted RTSP requests are processed. Attackers could exploit this to crash or compromise an affected server. The second vulnerability is a heap overflow error in the Proxy component that appears when a "SETUP" request containing specially crafted "trackID" values is processed. Attackers could exploit this to crash an affected server or run malicious code with elevated privileges.

The problems affect Apple Darwin Streaming Server version 5.5.4 and prior. Upgrading to version 5.5.5 fixes the flaws, Apple said.

Cisco fixes IOS flaws
Cisco Systems has fixed a pair of flaws in its Internetwork Operating System (IOS) attackers could exploit to cause a denial of service or tamper with data in a device's file system.

The IOS improperly verifies user credentials within the FTP server, Cisco said in an advisory. Remote attackers could exploit this to "bypass the authentication process and retrieve or write any file from the device file system (including the configuration file)," the networking giant added. Also, an error in the FTP server surfaces when certain files are transferred. Remote attackers could use the error to cause a vulnerable device to reload, creating a denial-of-service condition. The flaws affect Cisco IOS versions 11.3, 12.0, 12.1, 12.2, 12.3 and 12.4. However, the IOS FTP server is an optional service disabled by default, Cisco noted. Devices that are not specifically configured to enable the IOS FTP server service are unaffected by the flaws.

Symantec fixes Norton, pcAnywhere flaws
Symantec Corp. has fixed an ActiveX design flaw in its popular Norton AntiVirus software attackers could exploit to run malicious code on targeted machines. It also fixed a less serious flaw in a version of pcAnywhere that's no longer under active support.

The Cupertino, Calif.-based antivirus giant said a flaw in an ActiveX control used by Norton AntiVirus could potentially be exploited by a malicious Web site. An attacker could exploit the flaw to execute code remotely, the vendor said in an advisory. A design error in NAVOPTS.DLL, the ActiveX control used in Norton AntiVirus, could potentially allow an attacker to crash the control if the user visits a malicious Web site. It "could then allow the attacker to access other Symantec ActiveX controls, even if they are not marked safe for scripting, possibly leading to remote arbitrary code execution in the context of the user's browser," the company added. The flaw can only be exploited if an attacker tricks the user into visiting a malicious Web site. Symantec has released a fix through its LiveUpdate program.

And though it's no longer a supported version, Symantec said it is preparing a fix for pcAnywhere version 11.5.0. The fix would be made available with no support available, Symantec said, adding that users who want full product support should upgrade to the latest version. The problem with this version is that a remote user's connection credentials are stored in clear text within the Symantec pcAnywhere host server's process memory when a remote session is requested.

CA plugs flaws in its security products
Those who use CA's security products should be aware that the vendor has just fixed some critical flaws attackers could exploit to cause a denial of service or hijack a targeted machine. Here are the details as told by the French Security Incident Response Team (FrSIRT):

"Two vulnerabilities have been identified in CA Anti-Virus, CA Anti-Spyware and CA Threat Manager, which could be exploited by attackers or malware to cause a denial of service or take complete control of an affected system. The first issue is caused by a stack overflow error in the Console Server when processing malformed login credentials sent to port 12168/TCP, which could be exploited by remote unauthenticated attackers to execute arbitrary code with elevated privileges. The second vulnerability is caused by a stack overflow error in 'InoCore.dll' when handling file mapping contents, which could be exploited by local attackers to gain elevated privileges."

The problems affect CA Anti-Virus for the Enterprise (eTrust Antivirus) r8, CA Threat Manager (eTrust Integrated Threat Management) r8 and CA Anti-Spyware (eTrust PestPatrol) r8.

Microsoft plugs 19 flaws
Microsoft plugged 19 holes Tuesday, including seven critical updates, addressing a zero-day DNS server flaw, and flaws in Microsoft Exchange, Internet Explorer, Microsoft Excel, Word and Office. The patches were released on Tuesday as part of its monthly Patch Tuesday update cycle. If exploited, Microsoft said the critical flaws could allow an attacker to take complete control of a system. The DNS Server Service flaw, which has been attacked on a limited scale in recent weeks, has been troublesome to some IT pros because DNS servers resolve domain names to the actual IP addresses of the Web servers hosting the requested sites.

Tags: Emerging Information Security Threats,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Emerging Information Security Threats RSA security conference 2010: news, interviews and updates Hackers to sharpen malware, malicious software in 2010 Modern malware, stealthy botnets, adapt quickly, expert says New ransomware Trojan pushes victims to buy software Bruce Schneier on outsourcing, awareness training US-CERT warns of BlackBerry snooping software Marcus Ranum on cyberwarfare, infosec careers Researchers find thousands of flawed embedded devices Enterprise botnets contain thousands of malware variants Nuke and pave to eradicate botnets Security Patch Management Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe When is it suitable to remove Java updates?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary DNS rebinding attack  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) man in the browser  (SearchSecurity.com) phlashing  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) pulsing zombie  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary