State Department probes computer break-ins
The U.S. State Department has apparently detected large-scale break-ins of computers in its headquarters and offices that deal with China and North Korea. According to Reuters and The Associated Press, a State Department spokeswoman would only confirm that the problem was not a computer virus and that an investigation was underway. "The department detected anomalies in network traffic and we felt it prudent to take measures to ensure our system's integrity," she said. "We take each and every potential threat very seriously. Cybersecurity contingency plans were in place and we activated them immediately."
Like the private sector and other government agencies, the State Department has been constantly battling attempts by multiple sources to penetrate its computer system. The AP quoted sources saying investigators believe hackers may have stolen sensitive information and passwords and installed backdoors that may allow them to return to unclassified government computers.
Adobe Acrobat, Reader flaws repaired
Adobe Systems Inc. has closed security holes in its Acrobat and Reader programs that attackers could exploit to cause a buffer overflow and tamper with files. The vendor said the first problem is a boundary error in Adobe Acrobat that appears when .pdf files are distilled. This can be exploited to cause a buffer overflow using a specially crafted file. The flaw affects versions 6.0 through 6.0.4 for Macintosh and Windows systems. Adobe recommended users upgrade to version 6.0.5.
The second problem affects Adobe Acrobat and Adobe Reader and is caused by insecure default file permissions being set on the installed files and folders. Attackers could exploit this to bypass security restrictions and remove or replace files. The problem affects Adobe Acrobat 6.0.4 and Adobe Reader 6.0.4 for Mac OS, and users are advised to upgrade to Adobe Acrobat 6.0.5 or Adobe Reader 6.0.5.
Flaws surface in Juniper programs
Users of Juniper Network's JUNOS software should upgrade to versions built on or after May 10, 2006, in order to close a security hole. Attackers could exploit the issue to consume all kernel packet memory and cause a vulnerable router to crash. The French Security Incident Response Team (FrSIRT) said in an advisory that the flaw is due to an error when handling malformed IPv6 packets. This affects JUNOS version 6.4 through 8.0 running on M-series, T-series, and J-series routers and built before May 10, 2006.
Separately, FrSIRT warned of a second vulnerability affecting Juniper Networks DX versions 5.1.x and prior.
"This flaw is due to an input validation error in the logging feature that does not validate user-supplied parameters [such as user names] before being stored in the log file and displayed via the administrative interface," FrSIRT said. Attackers could exploit this "to cause arbitrary scripting code to be executed by the administrator's browser in the security context of an affected Web site."
FrSIRT said it is not aware of any official supplied patch for this issue.