[mchFree] [MCH] Digest Number 1377
- From: "Mike" <mikebike@xxxxxxxxx>
- To: mch@xxxxxxxxxxxxx
- Date: Thu, 12 May 2005 09:47:53 -0700
There are 15 messages in this issue.
Topics in this digest:
1. Re: Burning backup images to DVDs?
From: Seantific <spunkovision@xxxxxxxxx>
2. Re: New Memory Stumped
From: "Vince" <timechaser@xxxxxxxxxxxxx>
3. EXTREMELY CRITICAL FIREFOX BUGS!!!!
From: K-lang <cade00000@xxxxxxxxx>
4. Massachusetts gets serious on spammers
From: K-lang <cade00000@xxxxxxxxx>
5. Mac OS X 10.4 - Widget security: fact and fiction
From: K-lang <cade00000@xxxxxxxxx>
6. SpywareBlaster Database Update
From: Seantific <spunkovision@xxxxxxxxx>
7. New Opera version
From: K-lang <cade00000@xxxxxxxxx>
8. Here come troubles: Mydoom.BQ, Wurmark-J & MYTOB.ED
From: K-lang <cade00000@xxxxxxxxx>
9. Mac OS X Mail Account Wizard Exposure of User Credentials
From: K-lang <cade00000@xxxxxxxxx>
10. Netscape HTTP Authentication Prompt Spoofing Vulnerability
From: K-lang <cade00000@xxxxxxxxx>
11. iTunes MPEG-4 File Parsing Buffer Overflow Vulnerability
From: K-lang <cade00000@xxxxxxxxx>
12. Symantec offers Norton AntiVirus 10.0 for Mac
From: K-lang <cade00000@xxxxxxxxx>
13. Mac OS X pty Permission Security Issue
From: K-lang <cade00000@xxxxxxxxx>
14. Mac OS X Security Update Fixes Multiple Vulnerabilities
From: K-lang <cade00000@xxxxxxxxx>
15. Secunia - Medium Risk Virus Alert: Sober.p
From: K-lang <cade00000@xxxxxxxxx>
________________________________________________________________________
________________________________________________________________________
Message: 1
Date: Wed, 11 May 2005 19:27:35 -0700 (PDT)
From: Seantific <spunkovision@xxxxxxxxx>
Subject: Re: Burning backup images to DVDs?
What software did they come with?
BOBBY <bcrook@xxxxxxxxxxxxx> wrote:
I just purchased Acronis TI and have read that one of the backup options is
to burn the image to DVDs. This requires Packet-Writing software I'm told.
I read on an informational atricle that Win XP had it's own Packet-Writind
software and that some drives included that software also. My D drive is a
LITE-ON COMBO LTC-48161H DVD/CDR and my E drive is a LITE-ON DVD+RW
LDW-401S DVD/CDR. Would either of these contain the Packet-Writing
software or where can I find that within Win XPHome?
Bobby
Any intrusive unwanted visitors on your PC?
http://grc.com/optout.htm
http://www.cexx.org/
MCH - http://shorterlink.com/?PBFUJ5
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 2
Date: Wed, 11 May 2005 20:57:20 -0000
From: "Vince" <timechaser@xxxxxxxxxxxxx>
Subject: Re: New Memory Stumped
That has always been my policy with software, specifically when I reformat
and reinstall for someone. I make them purchase and keep up the antivirus I
recommend along with a couple of spyware programs.
Then if they tell me they have a problem the software better be up to date.
If not I will not re do the machine again.
Looks like I will need to use the same policy now when I replace hardware.
Get what I say or get someone else to do the job.
They can't be saving a penny for me to spend extra hours.
Vince
--- In mycomputerheadaches@xxxxxxxxxxxxxxx, "T. Hunt" <ilrover@xxxx>
wrote:
"I rarely charge to install memory but you will use the memory I recommend
or you'll take your system somewhere else. Life's too short.
Tom"
________________________________________________________________________
________________________________________________________________________
Message: 3
Date: Wed, 11 May 2005 20:04:07 -0700 (PDT)
From: K-lang <cade00000@xxxxxxxxx>
Subject: EXTREMELY CRITICAL FIREFOX BUGS!!!!
To prevent the script injection exploit from stealing cookies or other
sensitive data, disable Javascript before visiting UNTRUSTWORTHY sites. In
Firefox:
1. Select the "Options" dialog from the "Tools" menu
2. Select the "Web Features" icon
3. Uncheck the "Enable Javascript" checkbox
4. Click "OK"
In the Mozilla Suite:
1. Select the "Preferences" dialog from the "Edit" menu
2. Click the tiny icon next to the "Advanced" item in the left pane to
expand the list
3. Select "Scripts and Plug-ins"
4. Uncheck the "Navigator" checkbox under "Enable Javascript for"
5. Click "OK"
Re-enable Javascript for trustworthy sites that require it.
SOURCE: http://www.mozilla.org/security/announce/mfsa2005-42.html
K-lang wrote:
By the way, the way to verify which sites are on you whitelist, in Firefox,
click Tools>Options>Web Features>Allowed Sites button next to the 'Allow
web sites to install software' checkbox. The following are OK to have in
your whitelist:
update.mozilla.org
addons.mozilla.org
These two sites can no longer be used as part of the exploit described=
here.
If you have installed other Firefox extensions not found in the two sites
listed above (like stumbleupon.com) then you might have other sites listed
in your white list. It may be prudent at this point in time to delete those
other ones besides those two above. You can add them later when a patch is
created or a new version is made available to cover this vulnerability.
How many extensions do you have installed for Firefox? I have 22 and I've
only just begun :).
K-lang wrote:
A patch is expected shortly, but in the meantime users can protect
themselves by switching off JavaScript. In addition, the Mozilla Foundation
has now made the flaws effectively impossible to exploit by changes to the
server-side download mechanism on the update.mozilla.org and
addons.mozilla.org sites.
An attacker could create a malicious page using frames and a JavaScript
history flaw to make software installations appear to be coming from a
"trusted" site. By default, Firefox allows software installations from
update.mozilla.org and addons.mozilla.org, but users can add their own
sites to this whitelist.
The second part of the exploit triggers software installation using an
input verification bug in the "IconURL" parameter in the install mechanism.
The effect is that a user could click on an icon and trigger the execution
of malicious JavaScript code. Because the code is executed from the
browser's user interface, it has the same privileges as the user running
Firefox, according to researchers.
Mozilla Foundation said it has protected most users from the exploit by
altering the software installation mechanism on its two whitelisted sites.
However, users may be vulnerable if they have added other sites to the
whitelist.
Users who have not added any additional sites to their software
installation whitelist are no longer at risk.
wgnhim wrote:
I usually leave this stuff for some of our resident computer gurus to post,
but this story seems really important for anyone using Firefox.
http://www.techweb.com/wire/security/163100258
Steve
---------------------------------
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 4
Date: Wed, 11 May 2005 20:18:06 -0700 (PDT)
From: K-lang <cade00000@xxxxxxxxx>
Subject: Massachusetts gets serious on spammers
Computerworld reports that the Attorney General of Massachusetts has sued
seven individuals and two companies who allegedly formed a spam ring. The
group is allegedly responsible for sending hundreds of millions of
unwanted, deceptive e-mail messages each month in violation of both U.S.
federal and Massachusetts state law. The nine defendants are charged with
sending illegal spam, as well as advertising and promoting illegitimate
software, prescription drugs and mortgages. The primary target in the
lawsuit is Leo Kuvayev, the alleged organizer of the ring. He is a
Massachusetts resident and allegedly the leader of one of the largest
Internet spam rings in this country, if not the world. The ring allegedly
operated from suburbs in Boston and Russia and used domain names registered
in Monaco, Australia and France and servers in China, Korea, Brazil and
Taiwan. The Microsoft Corp. assisted in the investigation of the
alleged spam ring. A Microsoft team gathered and provided evidence of the
spam by capturing the e-mail messages in special Hotmail e-mail accounts.
---------------------------------
Discover Yahoo!
Stay in touch with email, IM, photo sharing & more. Check it out!
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 5
Date: Wed, 11 May 2005 20:28:29 -0700 (PDT)
From: K-lang <cade00000@xxxxxxxxx>
Subject: Mac OS X 10.4 - Widget security: fact and fiction
This was posted in another group I am a part of:
By Rob Griffiths
"The recent Dashboard: Widget (In)Security article raises some
interesting and valid concerns about Tiger's new Dashboard widgets. Of
particular concern is the fact that a widget can do anything in your user
space that you can do=97including erasing files, changing ownership and
permissions, running AppleScripts and command-line utilities, and so forth.
These are certainly scary things to consider, especially given Apple's
marketing focus on the "warm and fuzzy" nature of widgets. However, I worry
that the article may spread a bit more concern over the dangers of widgets
than there actually should be.
Why do I say that? Consider for a moment not a widget, but a regular
application. Applications have the ability to do everything widgets
can do=85 and much more. Recall the last time you installed an
application. You probably put it in the system-wide Applications
folder=97so now any user can run it. You may have also been asked to
provide your administrative password as part of the installation
process. But did you stop to consider that this application could do
anything at all it wants to when you double-click it? Perhaps you did, but
most of us have become so accustomed to just downloading,
installing, and using applications that we may not have given it a
second thought.
But what if the application's author had malicious intentions? In that
case, you're in big trouble. During installation, especially if you
provided your admin password, the program could have installed, for
instance, a background process that logs all your keystrokes and then sends
them out to a collection server. Or it could have a time bomb coded inside
the program, such that on your 35th launch of the
application, it deletes your entire user's directory. Many more such
things are possible, especially given that application authors have
access to the full power of OS X's development environment. (Fran=E7ois
Joseph de Kermadec has a good write-up on this comparison of applications
and widgets in his O'Reilly Developer Weblog if you'd like even more detail
on the subject.)
http://oreillynet.com/pub/wlg/7056
And yet, despite the scary capabilities of third-party applications to
completely destroy our machines, we continue to download and use them.
And we probably do so without digging into their package contents or
grepping files for commands that might erase files. Why? Because we
trust the source of the program, and the programs do useful things for us.
Widgets are exactly the same as applications in this sense: while they are
truly useful, they have the power to damage our machines.
How do we resolve then the conflict between usefulness and potential
destruction? First, I completely agree with Dori Smith's advice in the
"Widget (In)Security" article=97everyone should disable Safari's "Open=
`safe'
files after downloading". (I find it ironic that Apple chose to put "safe"
in quotes, implying that these items aren't really safe=85which is actually
the truth!) This is the simplest step you can take to insure that you don't
accidentally install a widget or an application that you didn't intend to
install. This will also take care of the truly malicious Web pages which
use _JavaScript to
automatically download a widget without your knowledge. (Still, such
widgets won't be active until you click one in the Dashboard panel.)
Second, trust your sources: don't be the first on the block to download a
new widget or application. Don't get programs from peer-to-peer networks.
Read the reviews on Macworld, check the comments on the various software
update sites, use Google to research the program in question. If a program
you're installing is asking you
for your administrative password, try to find out why=97is it because it
writes something to a protected directory? E-mailing the author is often
the best way to get the answer to this question.
And finally, back up your key files! This is probably the most prudent
advice of all=97if you have a good, current backup, then even the most
destructive of widgets or applications will only cause you a bit of lost
time to restore your backup. Without a good backup, you'll be in much worse
shape.
I do think Apple needs to update Safari so that safe downloads are not
enabled by default=97enabling this feature was a very unwise move on the
company's part. I also think the system should notify you via a pop-up
dialog box if a new widget or application is added to the Widgets or
Applications directories, and you haven't been involved in the process
(that is, you didn't initiate the process nor respond to a dialog box). And
there should be an easy way to remove a widget from the Dashboard bar, so
users don't have to dig into folders in the Finder to do so.
But I don't want Apple to start limiting the power of widgets, because if
they do, widgets will be less useful. What's more, overall system security
won't be much better=97applications will still have the ability to do
whatever they want, for example. Do we then start limiting applications'
capabilities, for fear of malicious programs?
But even if Apple doesn't change anything, am I going to lose any
sleep over the apparent malicious capabilities of an evil widget?
Certainly not any more than I lose worrying about malicious
applications =97 which is to say, none.
Update: After posting this entry, I saw a new page with some
additional Dashboard concerns. While this doesn't change my overall
conclusion that widgets are not inherently more dangerous than any
application, it does point out a couple of new things that Apple
really must address.
http://www1.cs.columbia.edu/~aaron/files/widgets/
First, a malicious widget can replace a system-provided widget simply by
using the same name=97the user's widgets take precedence over the stock
widgets. Second, and even worse, if a widget has been
auto-installed via Safari, there's no warning about the privileged
nature of the widget. Finally, the page discusses a method of
privilege escalation that could theoretically allow a widget to run
with root privileges without any user intervention. Taken together,
these bugs would allow a malicious developer to do some nasty stuff,
especially for those who haven't disabled Safari's auto-install feature.
If you do nothing else, please disable Safari's auto-install option.
Until Apple releases some updates, that (or using another browser that
won't auto-install) is your best protection, short of not adding any new
widgets to your system."
---------------------------------
Discover Yahoo!
Get on-the-go sports scores, stock quotes, news & more. Check it out!
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 6
Date: Wed, 11 May 2005 20:33:47 -0700 (PDT)
From: Seantific <spunkovision@xxxxxxxxx>
Subject: SpywareBlaster Database Update
When was the last time you updated SpywareBlaster? When you are done
updating, you should have these many items in your SB database:
3530
Any intrusive unwanted visitors on your PC?
http://grc.com/optout.htm
http://www.cexx.org/
MCH - http://shorterlink.com/?PBFUJ5
---------------------------------
Yahoo! Mail
Stay connected, organized, and protected. Take the tour
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 7
Date: Wed, 11 May 2005 21:04:01 -0700 (PDT)
From: K-lang <cade00000@xxxxxxxxx>
Subject: New Opera version
Opera 8.01 Technical Preview 1
Build: 7583
Released: May 6, 2005
Release Notes
Unfortunately, a number of users have been experiencing frequent crashes
when clicking links on certain pages since installing Opera 8.0 Final. This
build contains a fix for these crashes.
Changes since Opera 8.0 Final
Display (Presto)
Fixed a crash that could occur when clicking links
Improved handling of the HTTP 204 status code
Plugged a memory leak related to XMLHttpRequest (seen at Gmail, for
instance)
SVG
SVG animations are now disabled along with GIF animations (F12)
Fixed several crashes
Fixed various small problems
User Interface
Fixed a problem with UTF-8 BOM characters that could prevent setup
files from installing
Download link
http://snapshot.opera.com/windows/w801p1.html
This is a beta release. Use at your own risk.
---------------------------------
Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 8
Date: Wed, 11 May 2005 21:41:49 -0700 (PDT)
From: K-lang <cade00000@xxxxxxxxx>
Subject: Here come troubles: Mydoom.BQ, Wurmark-J & MYTOB.ED
Mydoom.BQ, Wurmark-J & MYTOB.ED
Secunia - Virus Alert
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Secunia Virus Alert: Wurmark-J
Risk Rating: MEDIUM RISK
Confirmed By: 3 Vendors
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Secunia Virus Information has issued a MEDIUM RISK alert for:
Wurmark-J
Learn More About Wurmark-J Online At Secunia:
http://secunia.com/virus_information/17852/
Virus Information Available At Secunia:
- Virus aliases
- Vendor severity ratings
- Vendor changelogs
- Short descriptions
- File sizes
- Grouped virus profiles with information from multiple antivirus vendors
- Links to removal tools/instructions
- Links to extensive vendor reports
- Searchable index of all virus information
Secunia Website:
http://secunia.com/
More Information About Secunia Virus Alerts:
http://secunia.com/secunia_virus_alerts/
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Secunia Virus Alert: MYTOB.ED
Risk Rating: MEDIUM RISK
Confirmed By: 3 Vendors
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Secunia Virus Information has issued a MEDIUM RISK alert for:
MYTOB.ED
Learn More About MYTOB.ED Online At Secunia:
http://secunia.com/virus_information/17851/
Virus Information Available At Secunia:
- Virus aliases
- Vendor severity ratings
- Vendor changelogs
- Short descriptions
- File sizes
- Grouped virus profiles with information from multiple antivirus vendors
- Links to removal tools/instructions
- Links to extensive vendor reports
- Searchable index of all virus information
Secunia Website:
http://secunia.com/
More Information About Secunia Virus Alerts:
http://secunia.com/secunia_virus_alerts/
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Secunia Virus Alert: Mydoom.BQ
Risk Rating: MEDIUM RISK
Confirmed By: 4 Vendors
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Secunia Virus Information has issued a MEDIUM RISK alert for:
Mydoom.BQ
Learn More About Mydoom.BQ Online At Secunia:
http://secunia.com/virus_information/17859/
Virus Information Available At Secunia:
- Virus aliases
- Vendor severity ratings
- Vendor changelogs
- Short descriptions
- File sizes
- Grouped virus profiles with information from multiple antivirus vendors
- Links to removal tools/instructions
- Links to extensive vendor reports
- Searchable index of all virus information
Secunia Website:
http://secunia.com/
More Information About Secunia Virus Alerts:
http://secunia.com/secunia_virus_alerts/
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
---------------------------------
Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 9
Date: Wed, 11 May 2005 21:46:43 -0700 (PDT)
From: K-lang <cade00000@xxxxxxxxx>
Subject: Mac OS X Mail Account Wizard Exposure of User Credentials
Secunia Security Advisories
----------------------------------------------------------------------
TITLE:
Mac OS X Mail Account Wizard Exposure of User Credentials
SECUNIA ADVISORY ID:
SA15301
VERIFY ADVISORY:
http://secunia.com/advisories/15301/
CRITICAL:
Not critical
IMPACT:
Exposure of sensitive information
WHERE:
From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Markus W=F6rle has reported a security issue in Mac OS X, which may expose
sensitive information to malicious people.
The problem is caused due to a design error in the Mail account creation
wizard, which transmits a user's credentials in plain text to test their
validity, before the user is asked to choose an optional encryption (e.g.
IMAP over SSL).
This may cause a user's plain text credentials to be disclosed to a third
party during the account creation process even though the user chooses to
use encryption.
The security issue has been reported in Mail 2.0 on Mac OS 10.4.
Other versions may also be affected.
SOLUTION:
Enter a invalid password before setting encryption options.
PROVIDED AND/OR DISCOVERED BY:
Markus W=F6rle
----------------------------------------------------------------------
---------------------------------
Discover Yahoo!
Get on-the-go sports scores, stock quotes, news & more. Check it out!
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 10
Date: Wed, 11 May 2005 21:49:24 -0700 (PDT)
From: K-lang <cade00000@xxxxxxxxx>
Subject: Netscape HTTP Authentication Prompt Spoofing Vulnerability
----------------------------------------------------------------------
TITLE:
Netscape HTTP Authentication Prompt Spoofing
Vulnerability
SECUNIA ADVISORY ID:
SA15267
VERIFY ADVISORY:
http://secunia.com/advisories/15267/
CRITICAL:
Less critical
IMPACT:
Spoofing
WHERE:
From remote
SOFTWARE:
Netscape 7.x
http://secunia.com/product/85/
DESCRIPTION:
A vulnerability has been reported in Netscape, which can be exploited by
malicious people to spoof HTTP authentication prompts.
For more information, see vulnerability #2 in:
SA14407
The vulnerability has been confirmed in version 7.2. Other versions may
also be affected.
SOLUTION:
Use another product.
PROVIDED AND/OR DISCOVERED BY:
Originally discovered in Mozilla by:
Christian Schmidt
Reported in Netscape by:
Juha-Matti Laurio
OTHER REFERENCES:
SA14407:
http://secunia.com/advisories/14407/
----------------------------------------------------------------------
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 11
Date: Wed, 11 May 2005 21:53:44 -0700 (PDT)
From: K-lang <cade00000@xxxxxxxxx>
Subject: iTunes MPEG-4 File Parsing Buffer Overflow Vulnerability
Secunia Security Advisories
----------------------------------------------------------------------
TITLE:
iTunes MPEG-4 File Parsing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA15310
VERIFY ADVISORY:
http://secunia.com/advisories/15310/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
iTunes 4.x
http://secunia.com/product/2916/
DESCRIPTION:
A vulnerability has been reported in iTunes, which potentially can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the MPEG-4 file
parsing and can be exploited to cause a buffer overflow via a specially
crafted MPEG-4 file.
Successful exploitation may allow execution of arbitrary code.
SOLUTION:
Update to version 4.8.
http://www.apple.com/support/downloads/itunes48.html
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Mark Litchfield of NGS Software.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=3D301596
----------------------------------------------------------------------
---------------------------------
Yahoo! Mail
Stay connected, organized, and protected. Take the tour
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 12
Date: Wed, 11 May 2005 22:03:50 -0700 (PDT)
From: K-lang <cade00000@xxxxxxxxx>
Subject: Symantec offers Norton AntiVirus 10.0 for Mac
Symantec Corp. on Tuesday announced its new Norton AntiVirus 10.0 for
Macintosh. The new release offers new features as well as compatibility
with Mac OS X v10.4 "Tiger." Symantec expects the software to be widely
available in May for US$69.95. A US$30 mail-in rebate is available for
users of competitive products and for current Norton users as well.
New features in this release include the Global Threat Assessment
Dashboard, a Dashboard widget for Tiger which provides information on local
virus protection and an overview of global threats. Users can connect to
Symantec's Security Response servers to download the most
recent virus threat info.
New contextual menu support lets users scan files and directories by
right-clicking or control-clicking particular files and directories.
And new custom SafeZones let users specify a particular area of their
drive, specific volumes or files, to be routinely scanned for threats.
http://enterprisesecurity.symantec.com/products/products.cfm?productid=3D645=
---------------------------------
Discover Yahoo!
Get on-the-go sports scores, stock quotes, news & more. Check it out!
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 13
Date: Wed, 11 May 2005 22:41:48 -0700 (PDT)
From: K-lang <cade00000@xxxxxxxxx>
Subject: Mac OS X pty Permission Security Issue
Secunia Security Advisories
----------------------------------------------------------------------
TITLE:
Mac OS X pty Permission Security Issue
SECUNIA ADVISORY ID:
SA15224
VERIFY ADVISORY:
http://secunia.com/advisories/15224/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
Local system
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Matt Johnston has discovered a security issue in Mac OS X, hich can be
exploited by malicious, local users to gain knowledge of potentially
sensitive information.
The problem is that non-setuid root applications can't change the
permissions of ptys. This can be exploited to sniff other users' ttys
opened via non-setuid root applications (e.g. screen).
The security problem has been confirmed in version 10.3.9. Prior versions
may also be affected.
SOLUTION:
The security problem has reportedly been fixed in version 10.4.
PROVIDED AND/OR DISCOVERED BY:
Matt Johnston
----------------------------------------------------------------------
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 14
Date: Wed, 11 May 2005 22:45:51 -0700 (PDT)
From: K-lang <cade00000@xxxxxxxxx>
Subject: Mac OS X Security Update Fixes Multiple Vulnerabilities
Secunia Security Advisories
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA15227
VERIFY ADVISORY:
http://secunia.com/advisories/15227/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information,
Privilege escalation, System access
WHERE:
From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes various
vulnerabilities.
1) A boundary error in htdigest can be exploited to cause a buffer overflow
by passing an overly long realm argument.
NOTE: htdigest is by default only locally accessible and not setuid /
setgid.
2) An integer overflow error in the AppKit component when processing TIFF
files can be exploited by malicious people to compromise a user's system.
For more information:
SA13607
3) An error in the AppKit component when parsing certain TIFF images can
result in an invalid call to the "NXSeek()" function, which will crash an
affected Cocoa application.
4) An error within the handling of AppleScript can be exploited to display
code to a user that is different than the code, which will actually run.
5) An error in the Bluetooth support may cause Bluetooth-enabled systems to
share files via the Bluetooth file exchange service without notifying the
user properly.
6) An input validation error can be exploited to access arbitrary files on
a Bluetooth-enabled system using directory traversal attacks via the
Bluetooth file and object exchange services.
7) The chfn, chpass, and chsh utilities invoke certain external helper
programs insecurely, which can be exploited by malicious, local users to
gain escalated privileges.
8) A vulnerability in Finder can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated privileges
due to insecure creation of ".DS_Store" files.
For more information:
SA14188
9) A boundary error within the Foundation framework when handling
environment variables can be exploited to cause a buffer overflow and may
allow execution of arbitrary code.
10) An error in Help Viewer can be exploited to run JavaScript without the
normally imposed security restrictions.
11) A security issue in the LDAP functionality may under certain
circumstances result in passwords initially being stored in plain text.
12) Errors within the parsing of XPM files can potentially be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA12549
13) An error in lukemftpd can be exploited by malicious users to bypass
chroot restrictions. In order to restrict users to their home directory,
both their full name and short name must be listed in the "/etc/ftpchroot"
file. However, the problem is that users can change their full name and
thereby bypass this restriction.
14) A boundary error in the Netinfo Setup Tool (NeST) when processing input
passed to the "-target" command line parameter can be exploited by
malicious, local users to cause a buffer overflow and execute arbitrary
code with escalated privileges on a vulnerable system.
15) When enabling the HTTP proxy service in Server Admin, it is by default
possible for everyone (including users on the Internet) touse the proxy
service.
16) A vulnerability in sudo within the environment clearing can be
exploited by malicious, local users to gain escalated privileges.
For more information:
SA13199
17) An error in the Terminal utility can be exploited to inject data via
malicious input containing escape sequences in window titles.
18) An error in the Terminal utility can be exploited to inject commands
into a user's Terminal session via malicious input containing escape
characters in x-man-path URIs.
19) A boundary error in vpnd can be exploited by malicious, local users to
cause a buffer overflow and execute arbitrary code with escalated
privileges on systems configured as a VPN server.
SOLUTION:
Apply Security Update 2005-005.
Security Update 2005-005 (Client):
http://www.apple.com/support/downloads/securityupdate2005005client.html
Security Update 2005-005 (Server):
http://www.apple.com/support/downloads/securityupdate2005005server.html
PROVIDED AND/OR DISCOVERED BY:
1) JxT
3) Henrik Dalgaard
4) David Remahl
5) Kevin Finisterre, digitalmunition.com.
6) Kevin Finisterre, digitalmunition.com.
10) David Remahl
13) Rob Griffiths
14) Nico
17) David Remahl
18) David Remahl
19) Pieter de Boer
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=3D301528
David Remahl:
http://remahl.se/david/vuln/004/
http://remahl.se/david/vuln/010/
http://remahl.se/david/vuln/011/
http://remahl.se/david/vuln/012/
digitalmunition.com:
http://www.digitalmunition.com/DMA[2005-0502a].txt
iDEFENSE:
http://www.idefense.com/application/poi/display?id=3D239&type=3Dvulnerabilit=
ies
OTHER REFERENCES:
SA12549:
http://secunia.com/advisories/12549/
SA13199:
http://secunia.com/advisories/13199/
SA13607:
http://secunia.com/advisories/13607/
SA14188:
http://secunia.com/advisories/14188/
----------------------------------------------------------------------
________________________________________________________________________
________________________________________________________________________
Message: 15
Date: Wed, 11 May 2005 23:26:57 -0700 (PDT)
From: K-lang <cade00000@xxxxxxxxx>
Subject: Secunia - Medium Risk Virus Alert: Sober.p
Secunia - Virus Alert
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Secunia Virus Alert: Sober.p
Risk Rating: MEDIUM RISK
Confirmed By: 6 Vendors
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Secunia Virus Information has issued a MEDIUM RISK alert for:
Sober.p
Learn More About Sober.p Online At Secunia:
http://secunia.com/virus_information/17692/
Virus Information Available At Secunia:
- Virus aliases
- Vendor severity ratings
- Vendor changelogs
- Short descriptions
- File sizes
- Grouped virus profiles with information from multiple antivirus vendors
- Links to removal tools/instructions
- Links to extensive vendor reports
- Searchable index of all virus information
Secunia Website:
http://secunia.com/
More Information About Secunia Virus Alerts:
http://secunia.com/secunia_virus_alerts/
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
---------------------------------
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search. Learn more.
[Non-text portions of this message have been removed]
see the Yahoo home page
http://groups.yahoo.com/group/mycomputerheadaches/
See the self help page here
//www.freelists.org/cgi-bin/webpage?webpage_id=mch
Other related posts:
- » [mchFree] [MCH] Digest Number 1377
