XML Feeds
CERT Statistics Updated
The CERT statistics have been updated with numbers from the second quarter of 2008.
07.29.2008
07.29.2008
Reconfigure Apache
According to Oracle Security Advisory for CVE-2008-3257:
Install the mod_security module
Oracle suggests installing the mod_security module, which is available in open source from http://www.modsecurity.org/.
More information about these workarounds is provided in Oracle Security Advisory for CVE-2008-3257.
VU#716387: Oracle Weblogic Apache connector vulnerable to buffer overflow
Vulnerability Note VU#716387
Oracle Weblogic Apache connector vulnerable to buffer overflow
Overview
Oracle Weblogic (formerly BEA Weblogic) contains a vulnerability which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
I. Description
Oracle Weblogic Server and Weblogic Express applicaiton servers can be integrated with the Apache webserver using the Weblogic Apache connector plugin (mod_wl). A buffer overflow exists in Weblogic Server and Weblogic Express due to the way that the Apache connector plugin handles specially crafted POST requests. According to Oracle Security Advisory for CVE-2008-3257:
- WebLogic Server 10.0 released through Maintenance Pack 1, on all platforms
- WebLogic Server 9.2 released through Maintenance Pack 3, on all platforms
- WebLogic Server 9.1 on all platforms
- WebLogic Server 9.0 on all platforms
- WebLogic Server 8.1 released through Service Pack 6, on all platforms
- WebLogic Server 7.0 released through Service Pack 7 on all platforms
- WebLogic Server 6.1 released through Service Pack 7 on all platforms
The following versions of WebLogic Server and WebLogic Express are affected by this vulnerability
Apache Plug-ins dated prior to July 28 2008 which implies:
II. Impact
A remote, unauthenticated attacker may be able to execute arbitrary code.
III. Solution
Apply a patch
Patches have been released to address this issue. Refer to Oracle Security Advisory for CVE-2008-3257 for more information.
Reconfigure Apache
According to Oracle Security Advisory for CVE-2008-3257:
- It is possible to configure Apache and avert this vulnerability by rejecting certain invalid requests. To do so, add the following parameter to the httpd.conf file and restart Apache:
LimitRequestLine 4000
Install the mod_security module
Oracle suggests installing the mod_security module, which is available in open source from http://www.modsecurity.org/.
More information about these workarounds is provided in Oracle Security Advisory for CVE-2008-3257.
Systems Affected
| Vendor | Status | Date Updated |
|---|---|---|
| Oracle Corporation | Vulnerable | 29-Jul-2008 |
References
https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html
http://secunia.com/advisories/31146/
http://milw0rm.com/exploits/6089
http://www.modsecurity.org/
Credit
This vulnerabilty was reported by KingCope.
This document was written by Chris Taschner.
Other Information
| Date Public | 07/21/2008 |
| Date First Published | 07/29/2008 02:30:34 PM |
| Date Last Updated | 08/06/2008 |
| CERT Advisory | |
| CVE-ID(s) | CVE-2008-3257 |
| NVD-ID(s) | CVE-2008-3257 |
| US-CERT Technical Alerts | |
| Metric | 17.32 |
| Document Revision | 8 |
07.28.2008
Disable Active X control
Setting the kill bit for the {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} CLSID may prevent this vulnerability from being exploited by a remote attacker. See US-Cert Vulnerability Note VU#871673 for more information on how to disable this control.
VU#461187: RealPlayer file deletion overflow vulnerability
Vulnerability Note VU#461187
RealPlayer file deletion overflow vulnerability
Overview
RealPlayer contains a buffer overflow vulnerability that may allow an attacker to execute code on a vulnerable system.
I. Description
RealPlayer media player that is distributed by RealNetworks. RealPlayer supports streaming and local media.
Per the Zero Day Initiative advisory ZDI-08-046:
- The specific flaw exists in RealPlayer's rjbdll.dll module when handling the deletion of media library files. An attacker could exploit this vulnerability using an ActiveX control {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} to import a vulnerable file into the user's media library. Upon deletion of this file, an exploitable stack based buffer overflow can be triggered.
II. Impact
By convincing a user to visit a website, a remote attacker may be able to execute arbitrary code.
III. Solution
Upgrade
RealPlayer updates for multiple operating systems are available on the RealNetworks support site. Users are encouraged to apply updates as soon as possible.
Disable Active X control
Setting the kill bit for the {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} CLSID may prevent this vulnerability from being exploited by a remote attacker. See US-Cert Vulnerability Note VU#871673 for more information on how to disable this control.
Systems Affected
| Vendor | Status | Date Updated |
|---|---|---|
| RealNetworks, Inc. | Vulnerable | 28-Jul-2008 |
References
http://www.zerodayinitiative.com/advisories/ZDI-08-046/
http://service.real.com/realplayer/security/07252008_player/en/
http://www.kb.cert.org/vuls/id/871673
Credit
Thanks to ZDI for information that was used in this report.
This document was written by Ryan Giobbi.
Other Information
| Date Public | 07/25/2008 |
| Date First Published | 07/28/2008 03:50:09 PM |
| Date Last Updated | 07/28/2008 |
| CERT Advisory | |
| CVE-ID(s) | |
| NVD-ID(s) | |
| US-CERT Technical Alerts | |
| Metric | 25.31 |
| Document Revision | 3 |
07.28.2008
VU#298651: RealNetworks RealPlayer Shockwave Flash (SWF) file vulnerability
Vulnerability Note VU#298651
RealNetworks RealPlayer Shockwave Flash (SWF) file vulnerability
Overview
RealNetworks RealPlayer fails to properly handle frames within Shockwave Flash (SWF) files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
I. Description
The RealNetworks RealPlayer application provides support for the SWF file format. A buffer overflow exists in the way that the RealPlayer handles specially crafted SWF files. A remote, unauthenticated attacker with the ability to supply a specially crafted SWF file could exploit this vulnerability to execute arbitrary code on an affected system.
II. Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.
III. Solution
Apply an update
This issue is addressed in RealPlayer 11.0.3. Please see the RealPlayer security update for more details.
Systems Affected
| Vendor | Status | Date Updated |
|---|---|---|
| RealNetworks, Inc. | Vulnerable | 28-Jul-2008 |
References
http://secunia.com/advisories/27620/
http://secunia.com/secunia_research/2007-93/
http://service.real.com/realplayer/security/07252008_player/en/
Credit
This issue was reported in the RealPlayer security update for version 11.0.3. RealNetworks credits Dyon Balding of Secunia for reporting this issue.
This document was written by Chris Taschner.
Other Information
| Date Public | 07/25/2008 |
| Date First Published | 07/28/2008 04:06:02 PM |
| Date Last Updated | 07/28/2008 |
| CERT Advisory | |
| CVE-ID(s) | CVE-2007-5400 |
| NVD-ID(s) | CVE-2007-5400 |
| US-CERT Technical Alerts | |
| Metric | 11.48 |
| Document Revision | 6 |
07.25.2008
http://now.netapp.com/NOW/products/cpc/cpc0807-01.shtml
http://now.netapp.com/NOW/products/cpc/cpc0807-02.shtml
http://now.netapp.com/NOW/products/cpc/cpc0807-03.shtml
Operators are advised to upgrade to one of these releases as soon as possible. Administrators running systems with Data ONTAP that were purchased from an OEM other than NetApp should see their OEM for updates.
Restrict access
Some of these vulnerabilities can be mitigated by restricting access to a vulnerable system. Administrators should consider using httpd.admin.access or other access controls.
VU#329772: NetApp Data ONTAP contains multiple vulnerabilities
Vulnerability Note VU#329772
NetApp Data ONTAP contains multiple vulnerabilities
Overview
NetApp Data ONTAP contains multiple vulnerabilities. The most severe of these vulnerabilities may allow an attacker to execute commands, view sensitive data, or cause a system to crash.
I. Description
NetApp Data ONTAP contains multiple undisclosed vulnerabilities.
II. Impact
A remote, unauthenticated attacker may be able to execute arbitrary commands, view log files or other sensitive data, or cause a vulnerable system to crash.
III. Solution
Upgrade
These issues are fixed in new maintenance releases designated Data ONTAP 7.0.7, 7.1.3, and 7.2.5.1. Administrators with active support agreements are encouraged to log in to the NetApp portal to access more information about these issues:
http://now.netapp.com/NOW/products/cpc/cpc0807-01.shtml
http://now.netapp.com/NOW/products/cpc/cpc0807-02.shtml
http://now.netapp.com/NOW/products/cpc/cpc0807-03.shtml
Operators are advised to upgrade to one of these releases as soon as possible. Administrators running systems with Data ONTAP that were purchased from an OEM other than NetApp should see their OEM for updates.
Restrict access
Some of these vulnerabilities can be mitigated by restricting access to a vulnerable system. Administrators should consider using httpd.admin.access or other access controls.
Systems Affected
| Vendor | Status | Date Updated |
|---|---|---|
| IBM eServer | Unknown | 7-Jul-2008 |
| NetApp | Vulnerable | 28-Jul-2008 |
References
http://www.netapp.com/us/products/platform-os/data-ontap/
http://now.netapp.com/NOW/products/cpc/cpc0807-01.shtml
http://now.netapp.com/NOW/products/cpc/cpc0807-02.shtml
http://now.netapp.com/NOW/products/cpc/cpc0807-03.shtml
Credit
Thanks to NetApp for information that was used in this report.
This document was written by Ryan Giobbi.
Other Information
| Date Public | 06/25/2008 |
| Date First Published | 07/25/2008 11:02:25 AM |
| Date Last Updated | 07/28/2008 |
| CERT Advisory | |
| CVE-ID(s) | |
| NVD-ID(s) | |
| US-CERT Technical Alerts | |
| Metric | 18.04 |
| Document Revision | 15 |
:: Next >>
