n.runs-SA-2007.012 - Avira Antivir Antivirus TAR Denial of Service
n.runs AG http://www.nruns.com/ security(at)nruns.com n.runs-SA-2007.012 30-May-2007 Vendor:Avira GmbH, http://www.avira.com Affected Product: Avira Antivir Antivirus Vulnerability: Infinity Loop DoS (remote) Risk: HIGH Vendor communication: 2007/05/07initial notification to Avira GmbH 2007/05/07Avira GmbH Response 2007/05/08PGP public keys exchange 2007/05/09PoC files sent to Avira GmbH 2007/05/10Avira GmbH acknowledged and validated the PoC files 2007/05/16Avira GmbH sent fix release schedule and fixed engine 2007/05/17Sergio Alvarez tested fixed engine 2007/05/23Avira GmbH released Update with fixes Overview: Avira, a company with over 15 millions customers and more than 250 employees is a worldwideleading supplierof self-developed security solutions for professional and private use. With more than 20 years of experience, the company is one of the pioneers in this field. In addition to programs specifically for use on single workstations, Avira primarilyoffers professional solutions for cross-system protection of networks on various levels. These include products for workstations, file, mail and web servers. Gateway computers can be managed as workstation computers via a central management console for all operating systems. In addition to the management products of the individual solutions, security programs for PDAs, smartphones and embedded devices are also offered. Avira AntiVir Personal, used by millions of private users, represents a significant contribution to security. Description: A remotely exploitable vulnerability has been found in the file parsing engine. In detail, the following flaw was determined: - Infinite Loop in .TAR files parsing Impact: This problem can lead to remote denial of service provoked by high CPU consume and exhaustion of storage resource if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in Avira Antivir Antivirus software versions prior to the update Version 7.03.00.09. Solution: The vulnerability was reported on 07.May.2007 and an update has been issued on 23.May.2007 to solve this vulnerability through the regular update mechanism. Credit: Bugs found by Sergio Alvarez of n.runs AG. References: http://forum.antivir-pe.de/thread.php?threadid=22528 This Advisory and Upcoming Advisories: http://www.nruns.com/security_advisory.php Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or publication, in printing or otherwise, contact [EMAIL PROTECTED] for permission. Use of the advisory constitutes acceptance for use in an "as is" condition. All warranties are excluded. In no event shall n.runs be liable for any damageswhatsoeverincludingdirect,indirect,incidental, consequential, loss of business profits or special damages, even if n.runs has been advised of the possibility of such damages. Copyright 2007 n.runs AG. All rights reserved. Terms of apply.
[ GLSA 200705-22 ] FreeType: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FreeType: Buffer overflow Date: May 30, 2007 Bugs: #179161 ID: 200705-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in FreeType allowing for the execution of arbitrary code. Background == FreeType is a True Type Font rendering library. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/freetype < 2.3.4-r2>= 2.3.4-r2 < 2.0 Description === Victor Stinner discovered a heap-based buffer overflow in the function Get_VMetrics() in src/truetype/ttgload.c when processing TTF files with a negative n_points attribute. Impact == A remote attacker could entice a user to open a specially crafted TTF file, possibly resulting in the execution of arbitrary code with the privileges of the user running FreeType. Workaround == There is no known workaround at this time. Resolution == All FreeType users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.3.4-r2" References == [ 1 ] CVE-2007-2754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-22.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpxUKHmBixee.pgp Description: PGP signature
Re: RFI In Script FlashChat_v479
I hope this event puts greater emphasis on *testing* bugs, instead of concentrating on speed of release. -John Martinelli RedLevel.org Security
[tool] Etherbat - Ethernet topology discovery
Hello, I would like to annouce Etherbat, a tool for Ethernet topology discovery which I presented on Confidence 2007 conference in Krakow, Poland. Etherbat performs topology discovery between 3 hosts: the local machine and two other devices. It could be usefull for an administrator tracking an intruder, an auditor performing a security audit or an attacker trying to find out more about the network structure. Etherbat could be described as layer 2 equivalent of traceroute. No manageable switches nor extra software on remote hosts is required. Etherbat is released under GPLv2 license. Etherbat homepage: http://etherbat.cryptonix.org -- Pawel Pokrywka https://secure.cryptonix.org
[ GLSA 200705-21 ] MPlayer: Two buffer overflows
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MPlayer: Two buffer overflows Date: May 30, 2007 Bugs: #168917 ID: 200705-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two vulnerabilities have been discovered in MPlayer, each one could lead to the execution of arbitrary code. Background == MPlayer is a media player incuding support for a wide range of audio and video formats. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 media-video/mplayer < 1.0.20070321>= 1.0.20070321 Description === A buffer overflow has been reported in the DMO_VideoDecoder_Open() function in file loader/dmo/DMO_VideoDecoder.c. Another buffer overflow has been reported in the DS_VideoDecoder_Open() function in file loader/dshow/DS_VideoDecoder.c. Impact == A remote attacker could entice a user to open a specially crafted video file, potentially resulting in the execution of arbitrary code with the privileges of the user running MPlayer. Workaround == There is no known workaround at this time. Resolution == All MPlayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20070321" References == [ 1 ] CVE-2007-1246 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246 [ 2 ] CVE-2007-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1387 [ 3 ] GLSA 200704-09 http://www.gentoo.org/security/en/glsa/glsa-200704-09.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-21.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpOKvEyJ16FS.pgp Description: PGP signature
Practicle Gallery 1.0.1 XSS
Application: Particle Gallery Web Site: http://www.particlesoft.net/particlegallery/ Versions: 1.0.1 and below Platform: linux, windows, freebsd, sun Bug: Cross site Scripting (XSS) Fix Available: No --- 1) Introduction 2) Bug 3) The Code 4) Fix 5) About Vigilon 6) Disclaimer === 1) Introduction === "Whether you want to showcase world class photography or share holiday pictures with your friends, Particle Gallery provides you with an easy way to get your own online photo album up and running. More importantly when you need to grow, the script is packing some of the most powerful features around. == 2) Bug == Cross Site Scripting. === 3) Proof of concept. === example: http://site/apppath/search.php?user=admin&order=>">alert(110)%3B = 4) Fix = the authors email or contact details were not availble. Currently the Web is was not availble. 5) About Serapis.net www.Serapis.net - is a portal dedicated to monitoring web defacements, tracking defacements around the world 24/7. == 6) Disclaimer == The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. http://www.serapis.net- Web Site. http://calima.serapis.net/blogs/ - Web defacements blog.
Particle Blogger 1.2.1 SQL Injection
Application: Particle Blogger Web Site: http://www.particlesoft.net/particleblogger/ Versions: 1.2.1 and below Platform: linux, windows, freebsd, sun Bug: SQL Injection Severity: High (since there is no need to authenticate.) Fix Available: No --- 1) Introduction 2) Bug 3) The Code 4) Fix 5) About Vigilon 6) Disclaimer === 1) Introduction === "Enter the world of blogging and setup a blog on your own website, installed within minutes using Particle Blogger's easy installer." == 2) Bug == SQL Injection === 3) Proof of concept. === The File archives.php is subject to several SQL Injections. example: http://site/apppath/archives.php?year=2007&month=' = 4) Fix = the authors email or contact details were not availble. Currently the Web is was not availble. 5) About Serapis.net www.Serapis.net - is a portal dedicated to web defacements, tracking defacements around the world. == 6) Disclaimer == The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. http://www.serapis.net http://calima.serapis.net/blogs/