CA fixes multiple BrightStor ARCserve Backup flaws
CA has released security updates to fix several security flaws in BrightStor ARCserve Backup products. Attackers could exploit them to run malicious code on targeted machines and do other damage. According to an advisory from Danish vulnerability clearinghouse Secunia:
- An error in the handling of opnum 0xBF RPC requests within the Tape Engine service can be exploited to execute arbitrary code via a specially crafted RPC request sent to the service.
- A boundary error in the handling of opnum 0x2F and opnum 0x75 RPC requests within the Message Engine RPC service can be exploited to cause a buffer overflow via a specially crafted RPC request sent to the service.
- A boundary error in the handling of opnum 0xCF RPC requests to the Tape Engine RPC service can be exploited to cause a buffer overflow via a specially crafted RPC request sent to the service.
- Two boundary errors in the handling of RPC requests within the Mediasrv.exe service can be exploited to cause a stack-based buffer overflow via a specially crafted RPC request sent to the service.
- A boundary error within ASCORE.dll when handling opnum 0x2F RPC requests within the Message Engine RPC service can be exploited to cause a stack-based buffer overflow via a specially crafted RPC request sent to the service.
Attackers who successfully exploit these flaws could run malicious code on targeted machines, Secunia said.
BrightStor ARCserve Backup products provide backup and restore protection for Windows, NetWare, Linux, and UNIX servers as well as Windows, Mac OS X, Linux, UNIX, AS/400, and VMS clients.
Cisco patches IOS flaw
Cisco Systems has patched a flaw in its Internetwork Operating System (IOS) local attackers could exploit to cause a denial of service. The networking giant said in an advisory that the flaw is in the Data-link Switching (DLSw) feature in IOS. "An invalid value in a DLSw message could result in a reload of the DLSw device," Cisco said. The problem affects all Cisco products that run IOS software versions 11.0 through 12.4 configured for DLSw. A system that contains the DLSw feature but doesn't have it enabled is not affected, Cisco said.
HP fixes OpenView flaws
Attackers could exploit two flaws in the HP OpenView Network Node Manager (OV NNM) to take control of targeted systems, the French Security Incident Response Team (FrSIRT) said in an advisory.
FrSIRT said the first problem is an input validation error in how user-supplied requests are processed. Attackers could exploit this to run malicious commands with the privileges of the NNM server. The second problem is an unspecified access validation error attackers could exploit to gain unauthorized read access to arbitrary files with the permissions of the NNM server.
The problems affect HP OpenView Network Node Manager versions 6.20, 6.40, 7.01 and 7.50. HP has released patches to address the flaws.
Adobe fixes critical flaws
Adobe Systems Inc. has released an update that fixes critical flaws in its popular .pdf viewer that came to light recently, as well as additional flaws reported in recent days.
Security vendors like Symantec Corp. issued urgent alerts regarding this flaw, calling it significant and easily exploitable, since Adobe Reader is used by a large segment of the computing population to view .pdf files.
The update also fixes additional flaws reported by researcher Piotr Bania.
"Additional vulnerabilities have been identified in versions 7.0.8 and earlier of Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system," Adobe said of Bania's discoveries. "A malicious file must be loaded in Adobe Reader by the end user for an attacker to exploit these vulnerabilities."
More Mac OS X flaws disclosed
The Month of Apple Bugs project continues to disclose flaws in Apple's Mac OS X operating system, including a critical vulnerability attackers could exploit to compromise vulnerable systems.
Danish vulnerability clearinghouse Secunia rated the flaw highly critical because it can be remotely exploited by an attacker in the Safari Web browser when the "opening safe files after downloading" option is enabled, Secunia said in its advisory.
The flaw, discovered by security researcher who goes by the name "LMH," is an integer overflow error in the ffs_mountfs() function. When the ffs mountfs() function handles UFS filesystem disc images the operating system can be exploited to cause a buffer overflow by using a UFS DMG image, LMH said in his Month of Apple Bugs Web site. The flaw can lead to an exploitable denial of service condition and potential arbitrary code execution, LMH said.
Mac OS X 10.4.8 is affected as well as FreeBSD 6.1. Earlier versions may also be affected, LMH said. The recommended workaround until Apple releases a fix is to not attempt to mount untrusted DMG files, and disable Safari 'Open safe files' in it's preferences dialog.