Web search

Custom Search

Tuesday, 10 November 2009

VMware Security Advisory: VMSA-2009-0015

VMware released security advisory VMSA-2009-0015 today, announcing patches that resolve two security issues with some versions of VMware Workstation, Player, ACE, Server, Fusion, ESXi and ESX products. For details, see:

http://lists.vmware.com/pipermail/security-announce/2009/000069.html


More information:

http://www.hkcert.org/english/salert/2009/home.html?s091020_vmware_dhcpjre_codeexec_vulns.html
http://www.hkcert.org/english/salert/2009/home.html?s091020_vmware_esx_codeexec_vulns.html

http://secunia.com/advisories/37055
http://secunia.com/advisories/37081

Posted by Lofan at 17:43 0 comments
Labels: ,

Apple Security Update 2009-006 for Mac OS X v10.6.2

Apple has released Security Update 2009-006 / Mac OS X v10.6.2. Due to multiple errors, an attacker could execute arbitrary code, cause an unexpected system termination, bypass security restrictions, obtain elevated privileges, cause an unexpected application termination, cause a Denial of Service, disclose sensitive information and conduct cross-site scripting, man-in-the-middle or HTTP response splitting attacks upon successful exploitation.

The entire list of updates is available here. These updates may be obtained from Apple's Software Download web site here.
Posted by Lofan at 16:54 0 comments
Labels: ,

VLC media player 1.0.x

When parsing a MP4, ASF or AVI file with an overly deep box structure, a stack overflow might occur. It would overwrite the return address and thus redirect the execution flow.It was affected from version 1.0.1 to 0.5.

So, upgrade to VLC media player 1.0.3 (it also support for Windows 7)

more information:
http://www.videolan.org/security/sa0901.html
Posted by Lofan at 16:29 0 comments
Labels:

IBM AIX PowerHA Cluster Management unauthorized access

IBM AIX could allow a remote attacker to gain unauthorized access, caused by an unspecified error in the PowerHA Cluster Management component related to the godm service. By sending a specially-crafted request to TCP port 6177, a remote attacker could exploit this vulnerability to make arbitrary changes to the AIX configuration.

More information:
  • IBM SECURITY ADVISORY: PowerHA Cluster Management port vulnerability.
  • BID-36931: IBM PowerHA Cluster Management Unauthorized Access Vulnerability
  • CVE-2009-3900: Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.1 on AIX allows remote attackers to modify the operating-system configuration via packets to the godm port (6177/tcp).
  • SA37267: IBM AIX PowerHA Cluster Management Data Manipulation
  • VUPEN/ADV-2009-3153: IBM AIX PowerHA Cluster Management Config Manipulation Vulnerability
Posted by Lofan at 14:53 0 comments
Labels: , ,

Firefox 3.5.5

Everything changed so rapid.
Firefox cames to 3.5.5
Posted by Lofan at 14:47 0 comments
Labels: ,

iphone worm


First iPhone worm discovered - ikee changes wallpaper to Rick Astley photo

Posted by Lofan at 14:19 0 comments
Labels: ,

Friday, 6 November 2009

Vulnerabilities in Adobe Shockwave Player

Multiple vulnerabilities have been identified in Adobe Shockwave Player, which could be exploited by remote attackers to compromise a vulnerable system.

  1. An invalid index when handling certain Shockwave content, which could be exploited to execute arbitrary code via a specially crafted web page.
  2. An invalid pointer when processing certain Shockwave content, which could be exploited to execute arbitrary code by tricking a user into visiting a specially crafted web page.
  3. An invalid pointer when handling certain Shockwave content, which could be exploited to execute arbitrary code by tricking a user into visiting a specially crafted web page.
  4. A memory corruption related to string processing, which could be exploited to execute arbitrary code by tricking a user into visiting a specially crafted web page.


Impact

  • Remote Code Execution
  • Denial of Service

Vulnerable System

  • Shockwave Player 11.5.1.601 and earlier versions

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Related Link

Source

Vulnerability Identifier

Posted by Lofan at 17:01 0 comments
Labels: ,

Blackberry Desktop Manager 5.0.1

There is a vulnerability for Blackberry Desktop Manager version 5.0 and earlier (on all platforms) allowed remote exploits

Solution:
Update to version 5.0.1

More information:

CVE-2009-0306

KB19701

Posted by Lofan at 09:06 0 comments
Labels: ,
Subscribe to: Posts (Atom)

uchrin

technorati