News Stay informed about the latest enterprise technology news and product updates.

Security Bytes: Security acquisitions; flaws patched

McAfee and Computer Associates make acquisitions; flaws and fixes for Acrobat, IE, MAILSweeper, Debian Ruby, Mozilla and Gaim.

McAfee acquires Foundstone for $86 million in cash
Santa Clara, Calif.-based antivirus firm McAfee Inc. said it will acquire Foundstone Inc. of Mission Viejo, Calif., for $86 million in cash. McAfee said in a statement Monday that together the companies "will offer organizations and government agencies the market's first comprehensive solution to help protect IT infrastructure and optimize business availability in a dynamic risk environment." Foundstone is a privately held security firm founded in 1999. It offers a combination of enterprise software, appliances, consulting services and education. "Chief information security officers need a comprehensive view of where their risks are and business executives need to understand how those risks can translate into business impact. Foundstone enables both," George Samenuk, chairman and chief executive officer of McAfee, said in a statement. "By combining Foundstone with McAfee's leading intrusion prevention technology, we will offer proven solutions that deliver the best return on security investment available in managing business risk from attacks." McAfee expects the transaction to be complete in the next 60 days.

Vulnerability in Adobe Reader, Acrobat Reader
Reston, Va.-based security firm iDefense said a flaw in Adobe Reader 6.x and Acrobat Reader 5.x could be exploited via a malicious Web site to execute arbitrary code. According to iDefense's advisory, the vulnerability is caused by a boundary error in the "pdf.ocx" ActiveX component supplied with Adobe Acrobat Reader. "This can be exploited via a malicious Web site using a specially crafted URL to potentially execute arbitrary code," iDefense said. Other versions may also be affected. As a workaround, iDefense recommends users change Adobe Acrobat/Acrobat Reader settings to prevent .pdf files from automatically opening when accessed by a Web browser. "When prompted, first save the file to disk before opening, thereby closing the exploitation vector described," the advisory said.

Another flaw in Internet Explorer
A vulnerability in Internet Explorer could be exploited by an attacker to conduct phishing attacks against a user, Copenhagen, Denmark-based security firm Secunia said in an advisory. The popular Web browser fails to update the address bar after a sequence of actions has been performed on a named window. "This can be exploited to display content from a malicious Web site while displaying the URL of a trusted site in the address bar," Secunia said. "The vulnerability has been confirmed on a fully-patched system with Internet Explorer 6 running on Microsoft Windows 2000 SP4/XP SP1. Previous versions of Internet Explorer may also be affected."

Clearswift issues fix for MAILsweeper
London-based security firm Clearswift has issued a hotfix to patch vulnerabilities in its spam-blocking MAILsweeper product, Corsaire Ltd. said in an advisory. Corsaire, a security firm based in Britain, said MAILsweeper, which blocks suspicious e-mail attachments, among other functions, does not detect a number of common compression formats, and in certain cases also fails to identify the name of file attachments when they are encoded. The advisory said Clearswift released the 4.3.15 hotfix to correct these issues, and recommended users apply it to all existing installations where appropriate.

Flaw in Debian Ruby packages fixed
Debian Ruby packages have been upgraded to fix a security flaw an attacker with shell access to the Web server could exploit to take over a session. Researcher Andres Salomon noticed the problem in the CGI session management of Ruby, an object-oriented scripting language. "CGI::Session's FileStore (and presumably PStore, but not in Debian woody) implementations store session information insecurely. They simply create files, ignoring permission issues. This can lead an attacker who has shell access to the Web server to take over a session," the advisory said. For the stable distribution, known as woody, the problem has been fixed in version 1.6.7-3woody3. For the unstable and testing distributions, called sarge and sid, the problem has been fixed in version 1.8.1+1.8.2pre1-4.

Computer Associates acquires PestPatrol
Computer Associates International Inc. has acquired antispyware firm PestPatrol of Carlisle, Pa., in an all cash transaction. The New York-based security firm is not disclosing the financial details, however. In a statement, Computer Associates said it will market the PestPatrol technology as eTrust PestPatrol and will incorporate it into its eTrust Threat Management software portfolio. "PestPatrol has done a superlative job of addressing the entire spectrum of non-virus malware threats that have become so annoying and dangerous for PC users inside and outside the enterprise," said Russell Artzt, executive vice president of eTrust security management at Computer Associates. "This acquisition enhances CA's position as the world's leading provider of security management solutions for the safety of Internet connectivity and the integrity of computing environments in the office and home alike." The PestPatrol Center for Pest Research, which provides computer users with free advice on how to delete malicious code and prevent infection, will be incorporated into Computer Associate's Security Advisor service, which tracks global security threats through a global network of rapid response centers and relays relevant security information to customers.

Mandrake fixes Mozilla, Gaim
Mandrake has updated the Mozilla Web browser to fix multiple vulnerabilities an attacker could use to spark a denial of service, spoof Web site content or compromise vulnerable computers. Mandrake has also updated the Gaim instant messenger, fixing multiple vulnerabilities that could be exploited by an attacker to compromise a vulnerable system. Gentoo and SuSE have also issued fixes for Gaim.

Conectiva fixes SquirrelMail flaws
Conectiva has updated SquirrelMail, fixing multiple vulnerabilities an attacker could exploit to conduct cross-site scripting, script insertion and SQL injection attacks. SquirrelMail 1.4.2 is prone to multiple cross-site scripting attacks that could allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. Other flaws include a cross-site scripting vulnerability in mime.php for SquirrelMail before 1.4.3 that allows a remote attacker to insert arbitrary HTML and script code and a SQL injection vulnerability that allows a remote attacker to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. Another, affecting SquirrelMail 1.2.10 and earlier that allows remote attackers to inject arbitrary HTML or script via the $mailer variable in read_body.php, the $senderNames_part variable in mailbox_display.php, and possibly other vectors.

Dig Deeper on Emerging cyberattacks and threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.