Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-06-29 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

iTunes < 6.0.5 vulnerability & patch released

Published: 2006-06-29
Last Updated: 2006-06-29 21:49:43 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)
Apple has released an update for iTunes that fixes an integer overflow in the AAC file parsing that can lead to code execution. Y'all want to get this one patched and updated.

http://docs.info.apple.com/article.html?artnum=61798
APPLE-SA-2006-06-29 iTunes 6.0.5

iTunes 6.0.5 is now available and, in addition to its other content,
fixes the following security issue:

CVE-ID:  CVE-2006-1467
Available for:  Mac OS X v10.2.8 or later, Windows XP / 2000
Impact:  An integer overflow in iTunes could cause a denial of
service or lead to the execution of arbitrary code
Description:  The AAC file parsing code in iTunes versions prior
to 6.0.5 contains an integer overflow vulnerability. Parsing a
maliciously-crafted AAC file could cause iTunes to terminate or
potentially execute arbitrary code. iTunes 6.0.5 addresses this
issue by improving the validation checks used when loading AAC
files. Credit to ATmaCA working with TippingPoint and the Zero Day
Initiative for reporting this issue.


Keywords:
0 comment(s)

Deja Vu - Advances in Rootkit malware

Published: 2006-06-29
Last Updated: 2006-06-29 21:29:07 UTC
by Patrick Nolan (Version: 2)
0 comment(s)
There are two great analysis of the same piece of improved rootkit malware, Hiding the Unseen at F-Secure's Blog and Raising the Bar: Rustock.A and Advances in Rootkits at Symantec's Blog

Another interesting recent discussion on improved rootkits from Joanna Rutkowska. I can't wait for her to release this. The comparison to SubVirt is key. BluePill on InvisibleThings
-toby


Keywords:
0 comment(s)

Cisco Wireless Access Point Vulnerability Announced

Published: 2006-06-29
Last Updated: 2006-06-29 17:35:11 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)

Cisco has released a vulnerability disclosure for their Wireless Access Points:

http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml

The vuln is in the web interface for the APs and could allow wiping of the security config and access to the administrative interface without authentication.

To quote Cisco:

A vulnerability exists in the access point web-browser interface when Security > Admin Access is changed from Default Authentication (Global Password) to Local User List Only (Individual Passwords). This results in the access point being re-configured with no security, either Global Password or Individual Passwords, enabled. This allows for open access to the access point via the web-browser interface or via the console port with no validation of user credentials.

The following access points are affected if running Cisco IOSŪ Software Release 12.3(8)JA or 12.3(8)JA1 and are configured for web-interface management:

  • 350 Wireless Access Point and Wireless Bridge
  • 1100 Wireless Access Point
  • 1130 Wireless Access Point
  • 1200 Wireless Access Point
  • 1240 Wireless Access Point
  • 1310 Wireless Bridge
  • 1410 Wireless Access Point


Keywords:
0 comment(s)

Always get permission - VA stolen laptop recovered

Published: 2006-06-29
Last Updated: 2006-06-29 17:27:54 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
The recovery of the stolen VA laptop is good news for US Veterans, and the story indicates that the employee blamed for the problem apparently had permission - "Newly discovered documents show that the VA analyst blamed for losing the laptop had received permission in 2002 to work from home on data from included millions of Social Security numbers on a laptop from home." Inquiring minds want to know who are they going to blame now?
Keywords:
0 comment(s)
Diary Archives