Company| Course Calendar| Services| News| Security Alerts| Enrollment| Contact Us

Security Alert Archives



Latest Security Alerts

Last Update: 01 Jun 2012

OpenSSL Buffer Overflow Vulnerability
updated: 3-Jun-12
A buffer overflow vulnerability has been discovered within the OpenSSL 1.0.1 command line utility. The vulnerability is revealed within the signing of a certificate. When issuing a sample command openssl ca -config /path/to/cnf -in /path/to/csr -extensions v3_ca -out /path/to/crt?the user is prompted for the password of the signing certificate.

This input data is improperly handled which results in a buffer overflow when the user enters a large amount of data. The password prompt requests 4 - 8191 characters however with large data input, stack smashing is detected.



script-fu buffer overflow in GIMP 2.6
updated: 3-Jun-12
There is a buffer overflow in the script-fu server component of GIMP (the GNU Image Manipulation Program) in all 2.6 versions (Windows and Linux versions) affecting both the script-fu console and the script-fu network server.

A crafted msg to the script-fu server overflows a buffer and overwrites several function pointers allowing the attacker to gain control of EIP and potentially execute arbitrary code.

This issue is fixed in the latest, stable GIMP version (currently 2.8.0).

Cisco IOS XR Software Route Processor Denial of Service Vulnerability
updated: 3-Jun-12
Cisco IOS XR Software contains a vulnerability when handling crafted packets that may result in a denial of service condition.

The vulnerability only exists on Cisco 9000 Series Aggregation Services Routers (ASR) Route Switch Processor (RSP440) and Cisco Carrier Routing System (CRS) Performance Route Processor (PRP). The vulnerability is a result of improper handling of crafted packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric.

Cisco has released free software updates that address this vulnerability.

Reference
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr
2 Buffer Overflows in Wireless Manager Sony VAIO
updated: 3-Jun-12
2 buffer overflow vulnerabilities were reported in Wireless Manager Sony VAIO which can be exploited to execute arbitrary code on vulnerable system.


An attacker could craft a malicious HTML page to trigger the vulnerability and execute arbitrary code in the context of the affected user.

Sony has released a security update for the Affected Models that resolves this issue. Sony recommends that all customers who have Affected Models immediately install the latest version of the software by using VAIO Update.

Reference
http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946
Skinny Channel Driver Remote Crash Vulnerability
updated: 3-Jun-12
A Null-pointer dereference has been identified in the SCCP (Skinny) channel driver of Asterisk 1.8.x. When an SCCP client closes its connection to the server, a pointer in a structure is set to Null. If the client was not in the on-hook state at the time the connection was closed, this pointer is later dereferenced.

A remote attacker with a valid SCCP ID can can use this vulnerability by closing a connection to the Asterisk server in certain call states (e.g. "Off hook") to crash the server. Successful exploitation of this vulnerability would result in termination of the server, causing denial of service to legitimate users.

Upgrade to the latest version.

Remote crash vulnerability in IAX2 channel driver
updated: 3-Jun-12
A remotely exploitable crash vulnerability exists in the IAX2 channel driver of Asterisk 1.8.x, if an established call is placed on hold without a suggested music class.

Upgrade to the latest version.

Mapserver for Windows (MS4W) Remote Code Execution
updated: 3-Jun-12
A vulnerability has been discovered in the base MS4W package where by an attacker can perform an LFI based attack and run arbitrary PHP code with SYSTEM level privileges.

This vulnerability is present in MS4W installations with the default configuration.

Upgrade to version 3.0.6.

SCLIntra Enterprise SQL Injection and Authentication Bypass
updated: 3-Jun-12
Multiple SQL injection vectors and an authentication bypass were discovered in SCLogic SCLIntra Enterprise 5.5.2 on Windows 2003. An attacker can leverage this flaw to bypass authentication to the application or to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques.

Upgrade to the latest version.

WinRadius Server Denial Of Service Vulnerability
updated: 3-Jun-12
WinRadius server would bind udp port 1812 and 1813, but it does not validate the password option size leading to a Denial Of Service flaw while sending more than 240 characters to it.

Tftpd32 DNS Server Denial Of Service Vulnerability
updated: 3-Jun-12
Tftpd32 would bind udp port 53, but it does not validate the domain option size leading to a Denial Of Service flaw while sending more than 127 characters to it.