Posted on 08/18/2005 1:51:17 AM PDT by HAL9000
FrSIRT Advisory : FrSIRT/ADV-2005-1450
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-08-17
* Technical Description *
A critical vulnerability was identified in Microsoft Internet Explorer, which could be exploited by remote attackers to execute arbitrary commands. This issue is due to a memory corruption error when instantiating the "Msdds.dll" (Microsoft Design Tools Diagram Surface) object as an ActiveX control, which could be exploited by an attacker to take complete control of an affected system via a specially crafted Web page.
This vulnerability has been confirmed with Microsoft Internet Explorer 6 SP2 on Windows XP SP2 (fully patched).
Note : It is currently unclear whether the "Msdds.dll" library is installed with Microsoft Office, Microsoft Visual Studio, or with other applications. More information will be provided when further details are available.
* Exploits *
http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php
* Affected Products *
Microsoft Internet Explorer 6 for Microsoft Windows XP SP2
Microsoft Internet Explorer 6 for Microsoft Windows XP SP1
Microsoft Visual Studio .NET 2003
Microsoft Visual Studio .NET 2002
* Solution *
The FrSIRT is not aware of any official supplied patch for this issue.
* References *
http://www.frsirt.com/english/advisories/2005/1450
http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php
* Credits *
Vulnerability reported by an anonymous person
* ChangeLog *
2005-08-17 : Original Advisory
2005-08-17 : Updated vulnerable products
The FrSIRT is not aware of any official supplied patch for this issue.
Uhhh thanks i guess....
Mozilla.
Nuff Said.
The first thing on the Microsoft End User Agreement ought to be this phrase: "Use at your own risk".
At the very least, the disclaimer must read like the one for "Happy Fun Ball".
YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT USE OF THE APPLE SOFTWARE IS AT YOUR SOLE RISK AND THAT THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY AND EFFORT IS WITH YOU. EXCEPT FOR THE LIMITED WARRANTY ON MEDIA SET FORTH ABOVE AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW...SHOULD THE APPLE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
?
Took forever to get rid of it as it would not let me delete anything or do any kind of restores. Would format my hard drives and the damn hacker would come back within hours, I thought there was a siren going off every time I fixed my machine.
Turned out that I did not have the latest patch on my link-sys router and the hacker was able to exploit it. Found out when I went to change password on it for the umteenth time, and saw it was sending the new password to a website.
Have added a hardware (Soho) Firewall to the existing software firewall, anti-virus and spyware programs, disabled any sort of remote procedure and still do not feel safe.
If it helps, the hacker loved the XP Pro more than the regular XP Home, and was able to do the most damage with it.
More:
FrSIRT Advisory : FrSIRT/ADV-2005-1419
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-08-16
* Technical Description *
Apple has released security patches to correct multiple vulnerabilities affecting Mac OS X. These flaws could be exploited by remote or local attackers to execute arbitrary commands, cause a denial of service, obtain elevated privileges, or disclose sensitive information.
- A buffer overflow error in the apache htdigest program could be exploited by a remote attacker to execute arbitrary commands.
- Apache restricts access to files in a case sensitive manner, but the HFS+ filesystem accesses files in a case insensitive manner, which could be exploited by remote attackers to read ".ht*" and ".DS_Store" files.
- An error in apache makes it possible to bypass the normal file handlers, which could be exploited by attackers to retrieve file data and resource fork content via HTTP requests.
- A buffer overflow error in AppKit when processing specially crafted rich text files could be exploited by attackers to execute arbitrary commands.
- A buffer overflow error in AppKit when processing specially crafted Word (.doc) files could be exploited to execute arbitrary commands.
- An unspecified error in AppKit could be exploited by malicious users (with physical access) to create additional accounts.
- An error when selecting the "Require pairing for security" option in Bluetooth preferences could cause the System Profiler to be labeled with "Requires Authentication: No.".
- A buffer overflow error in the CoreFoundation framework when handling specially crafted command line arguments could be exploited to execute arbitrary commands.
- An error in CUPS when handling multiple simultaneous print jobs or when receiving a partial IPP request and a client terminates could be exploited by attackers to cause a denial of service.
- A buffer overflow error in Directory Services when handling authentication could be exploited by remote attackers to execute arbitrary commands.
- Multiple errors in the privileged tool "dsidentity" could be exploited by malicious users to add or remove identity user accounts in Directory Services.
- An error in "slpd" could lead to an insecure temporary file creation in the world-writable "/tmp" directory, which could be exploited by local attackers to obtain elevated privileges.
- An error in HItoolbox could cause, under certain circumstances, secure input fields to be disclosed to VoiceOver services.
- A heap overflow error in Kerberos when handling password history could be exploited by local attackers to execute arbitrary code on a Key Distribution Center (KDC).
- Multiple buffer overflow vulnerabilities in Kerberos could b exploited by remote attackers to compromise a KDC or cause a denial of service. For additional information, see : FrSIRT/ADV-2005-1066
- An error in Kerberos authentication when enabled in addition to LDAP could be exploited by attackers to gain "root" privileges.
- An error in the handling of Fast User Switching can allow a local user who knows the password for two accounts to log into a third account without knowing the password.
- An error in Mail.app when used to print or forward HTML messages, could cause the application to load remote images even if a user's preferences disallow it, which may be considered as a privacy leak.
- Multiple errors in MySQL could be exploited by remote authenticated users to execute arbitrary commands.
- Multiple errors in OpenSSL could be exploited by remote attackers to cause a denial of service.
- A buffer overflow error in the "ping" utility could be exploited by local users to obtain elevated privileges.
- An error in QuartzComposerScreenSaver could be exploited by local users to open webpages while the RSS Visualizer screen saver is locked.
- An error in Safari when clicking on a link in a specially crafted rich text file could be exploited by attackers to execute arbitrary commands.
- An error in Safari when handling submitted forms in an XSL formatted page could cause sensitive information to be inadvertently submitted to the wrong site.
- An error in the password assistant when adding multiple accounts could cause the previously suggested passwords to be disclosed.
- A buffer overflow error in the authentication procedure of "servermgrd" could be exploited by remote attackers to execute arbitrary commands.
- An error in the Server Admin tool could cause certain firewall policies to not be written to the Active Rules.
- Multiple input validation errors in SquirrelMail could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser. For additional information, see : FrSIRT/ADV-2005-0800
- A buffer overflow error in the "traceroute" utility could be exploited by local users to obtain elevated privileges.
- An error in Safari when clicking on a link in a specially crafted PDF file could be exploited by attackers to execute arbitrary commands.
- Multiple input validation errors in Weblog Server could be exploited to conduct cross site scripting attacks.
- An integer overflow error in libXPM when handling a specially crafted "bitmap_unit" value could be exploited by attackers to execute arbitrary commands or cause a denial of service. For additional information, see : FrSIRT/ADV-2005-0471
- A buffer overflow error in Zlib when processing malformed data streams could be exploited by attackers to execute arbitrary code. For additional information, see : FrSIRT/ADV-2005-0978
* Affected Products *
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.4.2
Apple Mac OS X 10.3.9
* Solution *
Apple Mac OS X 10.3.9 :
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=07801&platform=osx&method=sa/SecUpd2005-007Pan.dmg
Apple Mac OS X 10.4.2 :
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=07794&platform=osx&method=sa/SecUpd2005-007Ti.dmg
Apple Mac OS X Server 10.3.9 :
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=07796&platform=osx&method=sa/SecUpdSrvr2005-007Pan.dmg
Apple Mac OS X Server 10.4.2 :
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=07795&platform=osx&method=sa/SecUpdSrvr2005-007Ti.dmg
* References *
http://www.frsirt.com/english/advisories/2005/1419
http://docs.info.apple.com/article.html?artnum=302163
OOPS, that's for Apple.
There aren't a lot of software producers willing to accept liability for consequential damages as a result of bugs.
That reluctance is reasonably well-established as being due to the near impossibility of producing any large application that is 100% free of bugs.
Without that release of liability, virtually no one would be able to publish software without being sued into bankruptcy.
Hence the disclaimers.
Exactly. I challenge anyone to show me a software EULA that renders the company producing it liable for bug damage.
That being said... in the interest of accuracy, Apple also had to fix the fix by releasing Security Update 2005-007 V1.1 because it broke 64 bit applications. ;^)>
" Are you so insecure in your choice of computer you have to be insulting to those who have not made the same choice?" 14 posted on 08/18/2005 1:13:16 AM PDT by Swordmaker (Beware of Geeks bearing GIFs.)
This thread was posted by HAL9000 without a negative comment. Your insertion of the Mac Security Update list was obviously intended to be a snide negative comment on the Mac... includding your gratuitous "OOPS, that's for Apple."
As for posting Mac vulnerabilities, I beat you to that by at least 48 hours:
Apple Security Update 2005-007
And posted the announcement about the flaw in THAT update as soon as I could after that was announced:
Security Update breaks 64 bit Applications
Which was immediately invaded by PC snobs insulting Mac users calling us names such as "MacMoonies" and "Mac cultists" and refering to our computers as "Toys".
All of which you are obviously quite aware because you cut and pasted my comment to Hank Reardon from one of those threads. As I related in that thread, an unbiased assessment of comparable threads show FAR MORE insults and thread invasions coming from PC users in Mac threads than vice versa. So, your "returned favor" is, I think, a case of a pot calling the kettle black.
Incidentally, there is a difference between "exploits" and "vulnerabilities".
Both the Microsoft flaw reported in this thread and the Apple announcements which you posted involve "vulnerabilities" which, to the best of the information available, have not been "exploited" unlike this exploited flaw (offered as a favor to PC users):
You guys won't change your ways, even when an olive branch is thrown your way. I'm sure I read about the Apple patch two days ago, I just don't happen to find posting it my job, as a Windows user. I'm often more apt to be reading hardware reviews for myself, than worrying about Mac and their security. The mindless needling of Windows users is what causes the hammer to come down like what Hank did tonight. You guys use negative advertising in much the same way as democrats, then you cry like a victim when the hammer comes down. I seriously could care less about a box that is bundled with software. I use boxes that I build, with the AMD 64 processor under freon at -55 C, processor overclocked 22%, ram overclocked 44% and I have no use for a machine that I can't even set my ram timings on, or set my HTT, or my multiplier. I run circles around the best you guys have. Don't worry, you might learn about those things when your switch comes. If you want the bickering to stop...you might just clean up your own backyard.
How did you happen to see this?
One thing I have noticed in watching both Apple and Windows threads is that Windows users who complain about Windows act like people who are trapped in some tyrannical state from which they cannot escape, while Apple users are a little more philosophical and believe that, while Apple Computer and the Apple OS are not perfect, it's still the best system out there for what they want to do.
Problem went away after the new patch and the addition of a Soho external fire wall.
Know it had to be a router problem as the hacker would change the way that I connected to the internet, it gave me a manually configured connection that was way above my expertise.
And I see FAR MORE Windows threads started as flamebait by Mac users than vice versa. I'm serious about improving the relationship between users around here. I was hoping you would see that, even though I did go to an extreme to illustrate it.
The network congiguration was changed from the standard windows to a VPN after hooking this computer to the router, set up remote procedure calls and changed my admin privileges.
Forgot to mention that the mozilla address only stayed up for aboutg 8 seconds and the computer would make the noise associated with sending/posting something.
Make any sense?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.