Current Activity Calendar
| November 17, 2005 - Current ActivityThis is an archived copy of current activity, if you would like to see the most recent version, please click here.Vulnerability in Macromedia Flash Player added November 14, 2005 | updated November 17, 2005 US-CERT is aware of a buffer overflow vulnerability in Macromedia Flash Player versions 7.0.53.0 and earlier. If exploited, the vulnerability could allow a remote attacker to execute arbitrary code with privileges of the user on the affected system. We are not aware of any public exploits at this time. More information about this vulnerability can be found in the following US-CERT Vulnerability Note:
US-CERT encourages users to upgrade to the appropriate software version as described in the Macromedia Security Bulletin MPSB05-07. First 4 Internet XCP DRM Vulnerabilities added November 15, 2005 | updated November 17, 2005 US-CERT is aware of several vulnerabilities regarding the XCP Digital Rights Management (DRM) software by First 4 Internet, which is distributed by some Sony BMG audio CDs. The XCP copy protection software uses "rootkit" technology to hide certain files from the user. This technique can pose a security threat, as malware can take advantage of the ability to hide files. We are aware of malware that is currently using this technique to hide. One of the uninstallation options provided by Sony also introduces vulnerabilities to a system. Upon submitting a request to uninstall the DRM software, the user will receive via email a link to a Sony BMG web page. This page will attempt to install an ActiveX control when it is displayed in Internet Explorer. This ActiveX control is marked "Safe for scripting," which means that any web page can utilize the control and its methods. Some of the methods provided by this control are dangerous, as they may allow an attacker to download and execute arbitrary code. More information about this vulnerability can be found in the following US-CERT Vulnerability Note:
US-CERT recommends the following ways to help prevent the installation of this type of rootkit:
Oracle Worm Proof-of-Concept Code added November 1, 2005 | updated November 7, 2005 US-CERT is aware of publicly available proof-of-concept code for an Oracle worm. Currently, US-CERT cannot confirm if this code works. We are working with Oracle to determine the threat posed by this code. Although there is limited information concerning this potential threat, US-CERT strongly encourages Oracle system administrators to implement the following workarounds:
For additional information on Oracle Database Security, please refer to the following webpage: US-CERT will continue to investigate the issue and provide updates as they become available. Exploit for Snort Back Orifice Preprocessor Buffer Overflow Vulnerability added October 27, 2005 US-CERT is aware of publicly available exploit code for a buffer overflow vulnerability in the Snort Back Orifice preprocessor. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with root or SYSTEM privileges. More information about this vulnerability can be found in the following:
US-CERT encourages Snort users to upgrade to version 2.4.3 as soon as possible. Until a fixed version of Snort can be deployed, disabling the Back Orifice preprocessor will mitigate this vulnerability. Multiple Vulnerabilities in Skype added October 26, 2005 US-CERT is aware of several buffer overflow vulnerabilities in Skype that may allow a remote attacker to execute arbitrary code. The most critical of these issues can be exploited by sending a specially crafted packet to a vulnerable Skype installation. More information about this vulnerability can be found in the following US-CERT Vulnerability Note:
The other two vulnerabilities can be exploited by accessing a specially crafted VCARD or Skype URI. More information about these vulnerabilities can be found in the following US-CERT Vulnerability Notes:
Skype has released the following Security Bulletins to address these vulnerabilities:
US-CERT encourages Skype users to upgrade to the latest fixed version of Skype as soon as possible. Vulnerabilities in Oracle Products added October 19, 2005 US-CERT is aware of multiple vulnerabilities in Oracle products. The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include remote execution of arbitrary code or commands, access to sensitive information, and denial of service. Many of these vulnerabilities are corrected by the Oracle Critical Patch Update (CPU) for October 2005. According to public reports, the patches included in this update, as well as previous updates, may not adequately correct all security vulnerabilities. More information about this vulnerability can be found in the following:
US-CERT is continuing to investigate these reports and will provide further information as it becomes available. Vulnerability in Snort Back Orifice Preprocessor added October 18, 2005 US-CERT is aware of a buffer overflow vulnerability in the Snort Back Orifice preprocessor. If exploited, the vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code with possibly root or SYSTEM privileges on the affected system. We are not aware of any public exploits at this time. More information about this vulnerability can be found in the following:
US-CERT encourages Snort users to upgrade to version 2.4.3 as soon as possible. Hurricane Tragedies Spawn Phishing Sites added August 31, 2005 | updated September 23, 2005 US-CERT warns users to expect an increase in targeted phishing emails due to recent events such as Hurricane Katrina and Hurricane Rita. US-CERT has received reports of multiple phishing sites that attempt to trick users into donating funds to fraudulent foundations in the aftermath of Hurricane Katrina. US-CERT expects to see the same type of malicious activity during the aftermath of Hurricane Rita. Phishing emails may appear as requests from a charitable organization asking the users to click on a link that will then take them to a fraudulent site that appears to be a legitimate charity. The users are then asked to provide personal information that can further expose them to future compromises. Users are encouraged to take the following measures to protect themselves from this type of phishing attack:
US-CERT strongly recommends that all users reference the Federal Emergency Management Agency (FEMA)web site for a list of legitimate charities to donate to their charity of choice. Vulnerability in Cisco IOS Firewall Authentication Proxy added September 8, 2005 US-CERT is aware of a buffer overflow vulnerability in Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions. If exploited, the vulnerability could allow a remote unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition on the affected system. We are not aware of any public exploits at this time. More information about this vulnerability can be found in the following US-CERT Vulnerability Note:
US-CERT urges users to review the fixes, updates, and workarounds described in the Cisco Security Advisory. |
Information For
Sign Up
Reporting
DHS Threat Advisory
The threat level in the airline sector is High or Orange. Read more