The BugBlog Plus
This is the subscription portion of the BugBlog. The first bug of the day listed is always the free bug available to non-subscribers, followed by the subscription-only bugs.
8/2/2007 Apple Patches OS X Core Audio
A number of bugs in Mac OS X 10.3.9 and 10.4 CoreAudio were patched in the Apple Security Update 2007-007. They patched three separate bugs that may allow a hostile web site to run their code on your Mac after you visit the site. The attack takes place via Core Audio's Java Interface. You can get the details, and the download, at http://docs.info.apple.com/article.html?artnum=306172, or wait for Software Update to take its course.
7/31/2007 Firefox Fixes URI Handling Bug
Mozilla Firefox may pass off arguments to other applications without properly encoding spaces and double quotes in URIs. Attackers may be able to exploit this to run hostile code. This is fixed in Mozilla 2.0.0.6, and there is also workaround information at http://www.mozilla.org/security/announce/2007/mfsa2007-27.html, Mozilla credits Jesper Johansson, Billy Rios and Nate McFeters with research on this problem, along with Secunia.
7/27/2007 Windows XP Drivers May Affect iPhone
A problem with the digital signing of some Windows XP drivers may interfere with Apple iTunes for Windows ability to connect with your iPhone or iPod. Instead, you will see this error message:
iTunes might be unable to launch or communicate with iPod or iPhone. For help repairing your operating system, click More Information.
Apple has information on how to create a batch file that will fix this at http://docs.info.apple.com/article.html?artnum=305999
7/18/2007 Mozilla Guards Against an IE Flaw
According to Mozilla, there is a bug in the way that Microsoft Internet Explorer calls registered URL protocols. If you browse a malicious webpage with IE, it could start Mozilla Fifefox and pass the bad data on to the other browser. This may allow an attacker to run hostile code on your computer. The Fifefox 2.0.0.5 update will plug this hole on the Firefox side, but does not fix the original bug in IE. See http://www.mozilla.org/security/announce/2007/mfsa2007-23.html for the details.
7/12/2007 Symantec Backup Exec Bug
There is a bug in Symantec Backup Exec for Windows Servers 10.x and 11 that may allow remote attackers to launch denial of service attacks that turn off the backup service. They may also be able to exploit the bug to run hostile code on the server. Symantec has a hotfix for this at http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11a.html. They credit iDefense with finding this bug. See their explanation at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=553.
7/10/2007 Microsoft Patches .NET Bugs
A number of bugs in the Microsoft .NET Framework 1.x and 2.0 may allow critical attacks against Windows 2000 and Windows XP computers, with less severe attacks possible against Windows Server 2003 and Windows Vista. Remote attackers may be able to exploit these bugs to run their code on the victim's computers. Microsoft has links to the patches at http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx. Microsoft credits Dinis Cruz of OWASP, Paul Craig of Security Assessment, Jeroen Frijters of Sumatra and Ferruh T. Mavituna of Portcullis Computer Security Ltd. for finding these bugs.
7/9/2007 Windows ReadyBoost Leaks Memory
There is a memory leak in the Windows ReadyBoost driver for Windows Vista. ReadyBoost is a way to use flash memory to boost Vista's performance, and according to Microsoft, you may not even know if it is running. In some hardware configurations, it leaks memory which may lead to this error message:
STOP: 0x0000006F (parameter1, parameter2, parameter3, parameter4)
SESSION3_INITIALIZATION_FAILED.
Microsoft also said there could be other problems that could generate this error message, other than the memory leak. They do have a hotfix for it. Either wait for the service pack, or see http://support.microsoft.com/kb/939008/ on how to get it earlier.
7/7/2007 Patch Tuesday is Coming
This Tuesday is Patch Tuesday, and in honor of the occasion Microsoft is giving us six presents. Three of them are Critical level security patches, covering Office, Excel, Windows, and the .NET framework. Two are important, for Office, Publisher, and Windows XP. There's one Moderate security bulletin for Windows Vista. Stay tuned for the details on Tuesday afternoon.
Having problems with your new Apple iPhone? Realize that Apple is going to try to point the finger of blame at AT&T as much as they can. (They may be right.) They've posted all kinds of troubleshooting links to AT&T at http://docs.info.apple.com/article.html?artnum=305747.
There is a bug in the Citrix Presentation Server Clients for 32-bit Windows, version 10.0 that may cause the Citrix Neighborhood Agent to crash if you open a file with a long file name. Citrix has patched this with the 10.100 client. Get the patch and the details at http://support.citrix.com/article/CTX113543.
Detach a removable storage device in Windows Vista without going through the "Safely Remove Hardware" step, and you may see these one or two error messages in your System Log:
Event ID: 12
The device device_name disappeared from the system without first being prepared for removal.
Event ID: 57
The system failed to flush data to the transaction log. Corruption may occur.
In some cases when you do this, the data files being transferred may get corrupted. Thus its always safer to do the Safe Removal procedures. Microsoft gives the details at http://support.microsoft.com/kb/938940/
A number of critical bugs in SAP software, including the SAP DB Web Server, the SAP Message Server, the : Internet Communication Manager, and others are being reported by security researcher Mark Litchfield at NGSSoftware. You can find links to all the SAP bugs at http://www.ngssoftware.com/research/advisories/.
7/6/2007 What Kills Hard Drives?
One of the worst things that can happen to your computer is hard drive failure. What can contribute to drive failure? At ZD Net's Storage Bits blog, there is an article called "Disk Drive Life Depends On...Luck", which is either encouraging or discouraging, depending on your point of view. Read it at http://blogs.zdnet.com/storage/?p=156.
7/5/2007 Mac Audio Update
If you've updated to Mac OS X 10.4.10 on an Intel-based Mac, you may hear some audio distortion from external speakers. Apple describes it as "popping". They have an Audio Update 2007-001 that is supposed to fix it. Read more about it at http://docs.info.apple.com/article.html?artnum=305840.
7/3/2007 Outlook Improves Its Presence
Microsoft has a hotfix for Outlook 2007 that fixes a number of Presence bugs. Presence requests from Office applications to presence applications should now work correctly; if a number of presence icons appear, they should no longer flicker; and they should show the correct information. See http://support.microsoft.com/kb/936864/ for information on how to get the fix.
7/2/2007 Adobe Programs Don't Like Realtek
Try to start up Adobe After Effects, Audition, Encore DVD, Photoshop, Premiere Elements, Premiere Pro, or Soundbooth on a Windows XP computer with a Realtek High Definition Audio integrated sound card, and you may get a system crash with this error message:
"Stop: 0X000000C5" or "Stop: 0x0000008E"
To fix this, Adobe says you need an updated driver from Realtek. Get version 1.33 at http://www.realtek.com.tw.
7/1/2007 Major Update for Mozilla 1.5 Users
Mozilla will not be updated the Firefox 1.5 browser line in the future. To help users make the jump up to Firefox 2.0.0.4, there is a new migration tool called Major Update for Firefox 1.5 to 2.0. They talked about it in early June at http://developer.mozilla.org/devnews/index.php/2007/06/06/rollout-of-major-update-for-firefox-15-to-20/, and it's been offered since June 28 for people ready to make the jump into the future.
6/28/2007 Apple Patches Cross-Site Scripting Bug
A bug in the WebCore for Apple Mac OS X 10.3.9 and 10.4.9 may allow a website to launch a cross-site scripting attack, tricking you into revealing personal data to the wrong website. Apple has fixed this in the 2007-006 Security Update. Read more about it at http://docs.info.apple.com/article.html?artnum=305759. Apple credits Richard Moore of Westpoint Ltd.for finding this bug.
6/27/2007 How To Crash Vista
Information Week tells us a sure-fire way to crash Windows Vista -- hold down the Windows key and the E key together for ten seconds. Read about it at http://www.informationweek.com/blog/main/archives/2007/06/how_to_crash_wi.html. Not having a Vista machine, I can't test it. There's also a link to an article on crash recovery techniques.
If you've been wondering where the BugBlog has been -- a combination of some hardware problems that caused a bunch of platform and software shuffling, some unexpected personal travel, and an influx of high-paying work have all intervened in a perfect storm. That storm is slowly abating (although the high-paying work is still around.)
6/22/2007 System Restore Changed in Vista
According to Microsoft, because of the way the the Trusted Installer has changed in Windows Vista, third-party System Restore tools probably won't work correctly in Windows Vista. You won't end up with a completely restored system. Microsoft has a hotfix for this, which will be in a future service pack. Need the fix right away? See http://support.microsoft.com/kb/935606/.
6/21/2007 Mac OS X 10.4.10 Fixes USB Bugs
Apple has included a number of USB fixes in their OS X 10.4.10 update. The IR remote controller should now work better after waking the computer from sleep; external USB drives should be more stable when mounted; and the bug that kept the TomTom GO 910 from being recognized is fixed
6/20/2007 RealNetworks ActiveX Bug
If you play games at RealNetworks GameHouse website, you use an ActiveX control called dldisplay. There are multiple bugs in this control that may allow a remote user, by constructing a booby-trapped website, to run hostile code on your computer. There is no fix yet, other than disabling the ActiveX control. The bug was found by Will Dormann of US CERT. They show how to disable the control at http://www.kb.cert.org/vuls/id/179105.
6/19/2007 Vertical Fonts, Postscript Printing, and Vista
The three things in the title -- vertical fonts, Postscript, and Windows Vista -- don't go together. If you mix a regular font and a vertical font (typically an Asian font whose name starts with the @ sign) and try to print to a Postscript printer from Vista, and the printing won't be correct. If you do this often, you may want to get the hotfix that Microsoft discusses at http://support.microsoft.com/kb/937018.
That was fast -- there's already an update for Apple Safari for Windows. Get version 3.0.1, which fixes the three security flaws found in the first release. If you already got 3.0, get the update at http://www.apple.com/safari/download/.
There is a bug in the Cerulean Studios Trillian Instant Messenger application that may allow remote users to run their code on your system. It's done through a heap overflow bug. It's been fixed in Trillian 3.1.6.0. iDefense found the bug, and has an explanation and link to the fix at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=545.
Google says some users who are displaying the Google Holiday calendar are having some events labeled as "busy". They don't have a fix yet, but suggest removing the Holiday calendar and then re-adding it.
If you try to view a video in Google Video when your default Flash player is set to QuickTime, you may see only the QuickTime logo and not the video. Google shows how to reverse this at http://video.google.com/support/bin/answer.py?answer=46809&topic=11480.
If a webpage includes both the <SCRIPT> tag and some multibyte character set characters, it may display as a blank page when you first open it in Microsoft Internet Explorer 7. Click Refresh, and the page will display correctly. This is fixed in the Cumulative Security Update for Internet Explorer, which you can get at http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx.
6/18/2007 Safari for Windows is Beta
Just to point out the obvious -- the recently-released Apple Safari for Windows is still a beta product. Beta products are supposed to have bugs. In this case, Symantec (and others) point out that Safari for Windows is vulnerable to a number of well-known browser exploits, including denial of service and remote code exploits. Read more at http://www.symantec.com/enterprise/security_response/weblog/2007/06/vulnerabilities_for_safari_on.html.
When you download a file in Apple Safari, sometimes an extra file extension, typically .html, will get added to your filename. Apple says you can rename that using normal file renaming techniques in either Mac OS X Finder or Windows Explorer.
Yesterday there was news of a whole bunch of compromisted servers in Hong Kong. The focus today shifts to Italy, as there are large scale attacks being mounted against Italian web sites. Read more at http://arstechnica.com/news.ars/post/20070618-security-researchers-uncover-massive-attack-on-italian-web-sites.html.
There is a package of additional fixes for IBM Workplace Web Content Management v6.0.1 and 6.0.0.3. If you've already installed either of those, then you can grab the upgrade for the upgrade at http://www-1.ibm.com/support/docview.wss?uid=swg24016049.
Linked Excel 2007 objects may not get updated in a PowerPoint 2007 presentation, after you close the object in Excel. According to Microsoft, you need to give the Save command first, it won't save automatically. Microsoft must realize that some people won't like this, because they have a hotfix that will make sure the linked object is updated. See http://support.microsoft.com/kb/937493/ for info on getting the fix.
Sun Microsystems says that StarOffice 6 and 7 are vulnerable to the RTF bug that afflicts OpenOffice, written up in the 6/14 BugBlog. That's not surprising, given that StarOffice and OpenOffice are essentially the same program with different branding. Sun's explanation and fix is at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102967-1.
6/17/2007 Vista USB Telephony Bug
Connect a USB telephony device to a Windows Vista computer, and Vista may decide to make it the default audio device. That should play havoc with audio/visual applications. Microsoft says this is because Vista sees that the device has audio capabilities, but doesn't determine the correct kind. There is a hotfix for this, which will be in a future service pack. If you need it right away, see http://support.microsoft.com/kb/936004.
In Adobe Acrobat 8, the first rectangle object in a given section of a PDF document may not have the correct color rendered. This has been fixed in the Acrobat 8.1 update.
If you are publishing an Apple iCal calendar to an iDisk or a WebDAV server, don't use spaces or the @ sign in your password. They won't be recognized by the authentication process. Apple says to stick to letters and numbers.
If your Apple TV is connected via Ethernet, you may not be able to see it in the iTunes Source list. Apple has a set of troubleshooting steps to follow at http://docs.info.apple.com/article.html?artnum=305290 to help make the connection.
One may hope that BugBlog readers would know not to click on a link to a Hong Kong (.hk) website in a spam message. It's especially important right now, for the Internet Storm Center discusses an attack that seems to be coming from multiple HK sites with IP addresses belonging to a local ISP. Read more at http://isc.sans.org/diary.html?storyid=2985.
Windows Media Player 11 in Windows Vista doesn't always want to quit. Microsoft says that if you exit the program while music is playing, the music may still keep on playing although the program disappears. Microsoft says you will need to call up the Task Manager with a Ctrl+Alt+Del
6/16/2007 Red Hat Patches the Kernel
Red Hat has patched the kernel for Red Hat Enterprise Linux 5. This fixes a number of bugs that may have allowed: denial of service attacks from local users via mount handling; denial of service attacks from remote users via PPP over Ethernet; information leaks to local users via Bluetooth. See all the bugs that are fixed, and get the patch, at https://rhn.redhat.com/errata/RHSA-2007-0376.html.
The various toolbars in Adobe Dreamweaver CS3 are dockable -- which means you can move them to different locations or let them float. However, Adobe says that if you un-dock and then re-dock the tool bar that shows Code/Split/Design views, Dreamweaver itself may become unstable and crash. Restarting Dreamweaver should get things corrected.
If you have optimized an image in Adobe Photoshop CS3, and then try to copy over a new image on top of the old image within Adobe Dreamweaver, you will not get the prompt that warns you will be copying over a file. In this particular case, the optimization information will be lost, and you won't be able to undo it.
Microsoft Internet Explorer 7 has a problem with the way it does the IDN (International Domain Name) implementation in the HTTP Basic Authentication dialog. Because of this, someone may be able to mount a spoofing attack using international characters. Secunia credits Alex with finding this bug -- they point to a German site for the details, as well as http://ha.ckers.org/blog/20070608/cross-domain-basic-auth-phishing-tactics/
As an anti-piracy measure, the holograms printed on the surface of the Windows Vista DVDs include smaller embedded pictures. One of these is a photo of three of the members of Microsoft's anti-piracy team. Read more about this at http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9024722 and http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9025058. They are there to make it harder for software pirates to duplicate the holograms, and presumably also to make it easier to tell if the DVD is counterfeit.
Customize Windows Vista so that the .wav file that plays when you shut down is longer than 10 seconds, and you may see this error message when you quit Vista:
The following programs are still running: Explorer.exe Playing logoff sound
You will also see a button to shut down, along with a warning about losing unsaved work. Eventually, Windows will shut down. Microsoft says you can avoid this by selecting a .wav file shorter than ten seconds. See the details on how to do this at http://support.microsoft.com/kb/931330.
6/14/2007 OpenOffice RTF Bug
There is a bug in the way that OpenOffice handles RTF (Rich Text Format) documents. An attacker can design an RTF document, that when launched in OpenOffice 2.2 or earlier, runs hostile code on the computer. This has been fixed in OpenOffice 2.2.1, which you can get at http://www.openoffice.org/. John Heasman of NGSSoftware found this bug.
6/13/2007 8192 Is An Unlucky Number for Dreamweaver
According to the Adobe Dreamweaver CS3 for Windows Read Me, if you create a CSS (Cascading Style Sheet) file in Dreamweaver that is exactly 8192 bytes, or some multiple of 8192, in size, then Dreamweaver will crash. It also won't restart until you change the size of that stylesheet. Luckily, you don't have to use Dreamweaver -- any text editor, including Windows Notepad, will do. Open the file there, and add or subtract a few characters or comments.
Although Adobe Photoshop CS3 can make or open documents as large as 300000 by 300000 pixels, it can't print them. The upper limit for printing is 30000 by 30000. Open anything larger, and all the Print menu commands get grayed out.
Adobe Photoshop CS3 enumerates all active fonts and color profiles when it starts. If you've got lots of these, then it may take Photoshop a long time to launch. The only way to speed it up, says Adobe, is to get rid of fonts or color profiles you don't use.
If you are going to use Adobe Photoshop CS3 Droplets, you have to make sure that the Droplets program (droplet.exe) is running with the same level of User Access Control as the main Photoshop program. If not, the droplet tool probably won't work correctly.
While you can open Adobe Camera Raw files on a Windows Vista computer, you can't do it by double-clicking on a RAW file in Windows Explorer or the desktop. Vista won't recognize them. You will need to open them from Adobe Bridge.
When you install Adobe Dreamweaver CS3 on a Mac OS X computer, it installs a Sample_files folder. It also locks that folder. Adobe says if you want to edit one of those files, you need to make a copy to another folder first.
When running iTunes 7.0 on a Mac OS X system, you may not be able to connect to remote speakers via Airport Express. iTunes sees the speakers, but times out when trying to connect to them. Apple says that upgrading to iTunes 7.0.1 or later should fix this. If it doesn't, you may need to disable IPv6. See the details at http://docs.info.apple.com/article.html?artnum=304371.
There is a cumulative bug fix for IBM WebSphere Portal 6.0 Member Manager. This fix extends compatibility to WebSPhere Portal 6.o.1; fixes a securityName problem in WMMUR; fixes some bugs in LDAP; and a number of other fixes. See the complete list, and get the fix, at http://www-1.ibm.com/support/docview.wss?uid=swg24013740.
There is a bug in Microsoft Visio 2002 and 2003 in the way it validates a .VSD, VSS, or .VST files version number. A corrupt Visio file, sent as an email attachment, may run malicious code. Microsoft labels this an Important vulnerability. They have a fix for it at http://www.microsoft.com/technet/security/Bulletin/MS07-030.mspx. They credit Chris Ries of Vigilant Minds for finding this bug.
A bug in Windows Vista may allow non-administrative users to see sensitive information, including administrative passwords and data from other users in the Registry. Microsoft has a patch for this at http://www.microsoft.com/technet/security/bulletin/ms07-032.mspx. They credit Robbie Sohlman with finding this bug.
A bug in the way that Sun Microsystems Solaris 10 handles XDR data in NFS requests may allow both local and remote unprivileged users to trigger a panic and denial of service attack. This has been fixed by Sun in patch 125100-01. Get it at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102965-1. Sun credits Andrzej Dereszowski with finding the bug.
6/12/2007 Critical Mail Bug in Windows Vista
There is a bug in the Windows Mail application within Windows Vista that an attacker can use to take complete control of the system. The bug is in the way Windows Mail deals with UNC navigation requests. Because of the scope of the damage, which can be triggered by reading an email, Microsoft considers this a critical update. Microsoft has patch information at http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx. In the meantime, reading mail as plain text can serve as a workaround.
Microsoft released six security bulletins on June's Patch Tuesday, but in reality it's a lot worse. One of the bulletins, MS07-034 for instance, covers five different email bugs in two different programs, Outlook Express and Windows Mail for Vista. Overall, these particular bugs cover seven different versions of Windows. The only commonality is they all deal with email. The cumulative security update for IE covers three different versions of IE, and actually fixes seven different bugs.
There is a bug Microsoft Outlook Express 6 running on Windows XP Service Pack 2 that can improperly disclose information. A web page can be constructed to exploit this bug so that when the page is viewed with Microsoft Internet Explorer, the website could read data from other IE domains. Microsoft has a patch for this at http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx.
There is a security bug in the Secure Channel (Schannel) security package in Windows. Microsoft rates it critical for Windows XP, important for Windows Server 2003, and Moderate for Windows 2000. The bug could be triggered by visiting a maliciously designed web page, apparently with any borwser. The attacker may be able to run their own code on the target system after viewing the page, or may only crash the browser. Microsoft has patch information at http://www.microsoft.com/technet/security/Bulletin/MS07-031.mspx. Microsoft credits Thomas Lim of COSEINC for finding this bug.
There is a bug in the way that Microsoft Internet Explorer 6 deals with CSS (Cascading Style Sheet) files. An attacker may be able to construct a web page to exploit this bug, corrupt memory, and take complete control of the system. This has been patched in the MS07-033 cumulative security update for Microsoft Internet Explorer. Get the patch at http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx
There is an Uninitialized Memory Corruption bug in Microsoft Internet Explorer 7. A malicious web site could exploit this bug to take complete control of a computer. It has been patched in the Cumulative Security Update for Microsoft Internet Explorer. Get the patch at http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx. Microsoft credits Sam Thomas working with TippingPoint and the Zero Day Initiative for finding this bug.
There is a critical security bug in a a Win32 API that affects Windows 2000, Windows XP, and Windows Server 2003. An attacker could trigger this bug via a web page that could run hostile code that completely takes over the system. Microsoft patches this at http://www.microsoft.com/technet/security/Bulletin/ms07-035.mspx. They credit Billy Rios from VeriSign for finding this bug.
6/11/2007 Bad Bunny Attack Via OpenOffice
SB.Badbunny is a virus that works via macros in OpenOffice documents, spreading itself via IRC (Internet Relay Chat). The virus is cross-platform, for Symantec reports that it can attack via OpenOffice in Windows, Linux, and Mac OS X computers. The virus also uses Ruby, Javascript, Python and Perl, but there's enough bugs in the scripts that BadBunny doesn't hop to other computers very well. Read more at http://www.symantec.com/enterprise/security_response/weblog/2007/06/bad_bunny.html.
Apple says that Mac Book Pro 15-inch (Early 2006) and iMac (Early 2006) models may have problems running in FireWire target disk mode for extended periods of time. The computer may eventually lock up and become unresponsive. Apple says they've fixed this with a firmware update. See http://docs.info.apple.com/article.html?artnum=303880 for the update details.
iDefense reports on a bug in the Linux kernel that may allow local users to see memory contents they shouldn't see. This could then be used in further attacks. Patches for the various distributions of Linux will be coming from the usual sources. If you want to see more details on the bug, go to http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=541.
Network World Magazine reports that some people have received email that's supposed to be from Microsoft. It reports a new cumulative security update for Internet Explorer. The message has a link that lets you download the fix. This is a fake message; while Microsoft may give notice of upcoming fixes, they always send you to the Knowledge Base or Microsoft Update to get the fix.
Tuesday is Microsoft's Patch Tuesday, with six security bulletins, four of them critical. The patches will cover Windows XP Service Pack 2, Windows Server 2003, IE 5.01 running on Windows 2000 with SP4, Outlook Express and Windows Mail in Vista. Microsoft says a little more at http://blogs.technet.com/msrc/default.aspx.
Micrososft released a hotfix package for Excel 2007 on 5/28/07. This hotfix was for situations where you opened a workbook that has calculations (like most spreadsheets do.) In some cases, Excel will stop responding at each calculation in the workbook. This workbook will work fine in earlier versions of Excel. If you think you are affected by this, see http://support.microsoft.com/kb/937911.
Microsoft says that doing a backup and restore of a Windows Vista computer may not completely restore the Microsoft .NET Framework. Apparently the default backup configuration doesn't cover all the files. See http://support.microsoft.com/kb/937940 for the additional files you need to cover.
Red Hat has an updated fetchmail package for Red Hat Enterprise Linux 3-5. This fixes a bug in fetchmail in the way APOP requests are handled. This may allow attackers to gain part of a user's security credentials. Get the update at https://rhn.redhat.com/errata/RHSA-2007-0385.html.
iDefense says there are a number of bugs in Symantec Ghost Solution Suite 2.0 that may allow remote attackers to crash the Ghost service. Both clients and servers may be affected. They have the bug details at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=540. Symantec has the patch at http://www.symantec.com/avcenter/security/Content/2007.06.05b.html.
McAfee reports that they've found a virus written for the Texas Instruments TI-89 programmable calculator. It doesn't appear to be a major threat, although it may open a new market for McAfee, Symantec, and the like. See the details at http://www.avertlabs.com/research/blog/index.php/2007/06/07/virus-in-your-calculator/.
Yahoo! has patched the bug discussed in the 6/7/ BugBlog that affects their IM service. Yahoo! has a FAQ up at http://messenger.yahoo.com/security_update.php?id=060707 that discusses the bug and also provides the patch.
6/8/2007 Another Vista Activation Problem
Try to activate Windows Vista, and you may see this error message:
Activation Error: Code 0x8007232b DNS Name does not exist
Microsoft says this error would tend to occur if volume-licensed media was used to install Windows Vista, and not an ordinary retail purchase and upgrade. There are three workarounds: set up a Key Management Service server; use a Multiple Activation Key (MAK); or use a license key. See the details at http://support.microsoft.com/kb/938107.
6/7/2007 ActiveX Bugs in Yahoo! Messenger
There are two bugs in the Yahoo! Messenger that may allow attackers to take complete control of your system. The bugs are in ActiveX controls -- one in the Yahoo! Webcam Upload (ywcupl.dll) ActiveX control, and the other in the Yahoo! Webcam Viewer. See more at http://secunia.com/advisories/25547/. Credit for finding these bugs goes to Danny.
6/6/2007 Vista Desktop Bug
Switching from the secure desktop in Windows Vista to the unsecured desktop may trigger this Stop error message:
Stop 0x00000001 (0x00000000, 0x7ffdc000, 0x0000ffff, 0x00000000)
where the first, second, and fourth numbers in parentheses may have different values. This will happen if you are using the Windows Aero color scheme, and you entered your logon credential to unlock the secure desktop. Microsoft says that an event hook must also be running to trigger the bug, which is in Win32k.sys. They have a hotfix, which will be in a future service pack. If you can't wait for the fix, see http://support.microsoft.com/kb/935936 for information on getting it right away.
If you install the Apple Security Update 2007-005 1.0 on a Mac OS X 10.4 Server, the DNS service may not start up automatically when you restart the server. You will need to use the Server Admin to start the service. Once you do it once, Apple says you won't need to do it again. They also say this doesn't happen with the 1.1 version of the Security Update.
If you cut and paste a 3-D graph from a Microsoft Office 2007 application into Adobe Illustrator CS2 or CS3, it will show up as a low-res rater image, rather than as vector objects. Adobe says you will need to create 2-D graphs in Office 2007 to avoid this.
There is a bug in the anti-virus engine for all CA (Computer Associates) products that have AV technology. This would include CA Anti-Virus 2007, CA Internet Security Suite 2007, BrightStor ARCserve Backup, and Unicenter Network and Systems Management. If the AV signature version is less than 30.6, you are probably vulnerable. An attacker may be able to crash your system and run hostile code. CA is sending out a fix via their update mechanism. See http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp for details.
Google's anti-malware research team points out that while Apache has almost triple the market share for web servers compared to Microsoft Internet Information Server (IIS), the two are almost equal when it comes to servers dishing up malware. In other words, the infection rate for IIS is considerably higher. They also find differences between countries. In their words "It is very interesting to see that in China and South Korea, a malicious server is much more likely to be running IIS than Apache." Read the whole thing at http://googleonlinesecurity.blogspot.com/2007/06/web-server-software-and-malware.html.
In Microsoft Office 2007, if you save a message as a missed conversation in the Microsoft Office Communicator folder, the indicator will not show that there is a new unread message in the folder. This has been fixed in the 5/15/2007 hotfix from Microsoft. It will be in a future service pack, but if you need the fix right away see http://support.microsoft.com/kb/937212/.
6/5/2007 Vista Diagnostic Mode Activation Problem
If you start a Windows Vista computer in diagnostic startup mode, you may be prompted to activate your copy of Windows Vista. This will happen even if you've done this before. If you don't comply, Microsoft considers you a pirate (arghh!) and will switch Vista in reduced functionality mode. Given that you are probably using diagnostic mode because of a problem, this is about the last thing you want to deal with. It happens because Windows Licensing depends on Plug and Play, which is disabled when you use diagnostic startup mode. It appears that Microsoft realizes how brainless this is, because they have a hotfix for it. Either wait for a future service pack, or go to http://support.microsoft.com/kb/937426 for the fix.
The Apple iTunes 7.2 update for both OS X and Windows does not appear to be a bug fix release (or if bugs are fixed, I haven't yet been able to turn up the details.) It appears that the changes are mostly to the iTunes Store shopping experience.
US-CERT reports on multiple buffer overflows in the E-Book Systems FlipViewer. The problem is actually in an ActiveX control (that's a surprise!) that comes with the FlipViewer. If you download a maliciously designed HTML document, an attacker may be able to run hostile code on your computer. This has been fixed in FlipViewer 4.1 at http://www.flipviewer.com/download/indexfvenp.php.
A bug in Lotus Domino and Lotus Domino Server 7 may allow a user with designer or manager access to a database on a Domino server to elevate themselves to Full Access Administrator. Lotus says they have fixed this in the Lotus Domino 7.0.2 Fix Pack 2 and will also be fixed in Lotus Domino 7.0.3. See http://www-1.ibm.com/support/docview.wss?uid=swg21258784 for the details.
Browser security researcher Michael Zalewski says there is a critical bug in Microsoft Internet Explorer 6 and 7, which he describes as a bait and switch vulnerability. The bug may let attackers set or manipulate cookies, inject code, and corrupt memory. Read the details at http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063712.html.
Browser security researcher Michael Zalewski says there is a major bug in Mozilla Firefox browsers that may allow IFRAME hijacking. Read the details at http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063712.html.
6/4/2007 Thunderbird Password Problems
Mozilla says there is a bug in the way that Thunderbird handles APOP authentication. Because of this, attackers may be able to interpose a malicious mail server between you and your real server, and use it steal your password. Depending on how your authentication system is set up, it may take some programming skill to steal the password. This has been fixed in Thunderbird 2.0.0.4 and 1.5.0.12. Mozilla credits Gaëtan Leurent for finding this bug.
Try to eject an Apple iPod from a Windows Vista computer via Windows Explorer, or via the Safely Remove Hardware icon, and you may corrupt your iPod. Apple points out that Microsoft has a Windows Vista update that should prevent this. See more at http://docs.info.apple.com/article.html?artnum=305289.
There is a bug in Apple's Lights-Out Management system for Intel-based Xserve systems. Because of the bug in IPMI, an unprivileged user many be able to get administrative rights on the system. Apple has fixed this via a firmware update. Get it at http://docs.info.apple.com/article.html?artnum=305571.
According to IBM's Internet Security Systems, the number of publicly disclosed vulnerabilities is just the tip of the iceberg. While there may be 7,000 of them, their research estimates that there could be as many as 139,000 a year -- the rest are just not disclosed. They may be patched silently by the company in question, or reserved for use by those who may be up to no good. Read more at http://news.zdnet.com/2100-1009_22-6188032.html.
Microsoft says that a Bluetooth file transfer on a Windows Vista computer is not enough to keep the computer awake. If it is a large, time-consuming transfer, one of the two computers involved may go to sleep if it reaches its configured time limit. The only workaround is to make sure the sleep period is far longer than what you think you will need.
Windows Vista behaves differently than Windows XP when it comes to certain unattended tasks. According to Microsoft, tasks such as receiving a fax may cause the Vista computer's monitor to turn on. That was not the case with Windows XP. While Microsoft gives the fax as an example, they don't give a comprehensive list of what tasks may bring your monitor to life.
If you create a Microsoft Word doc in Word 2000, XP, or 2003 that has a table of contents, and then you open that doc in Word 2007 and save it as a docx file, you may have problems with the page numbering when you open the docx file in the version of Word you first used. Microsoft has a workaround to fix this. Get it at http://support.microsoft.com/kb/930940.
iDefense says there is a bug in the Symantec VERITAS Storage Foundation for Windows 4.3.01. This may allow an unauthenticated user to launch a denial of service attack against the computer. This happens via the VVR Administration service port, TCP/8199. iDefense recommends filtering on this port until the problem gets fixed. See http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=539 for the details.
5/31/2007 Mozilla Fixes Some Layout Engine Bugs
Mozilla released the Firefox 2.0.0.4 and Firefox 1.5.0.12 updates, to fix a number of bugs in the layout engine. Some of these bugs could crash Firefox and corrupt memory, which means they could be exploited as a means of installing malware. Mozilla credits Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn Wargers and Olli Pettay for finding these bugs. You can get the update via the Mozilla update function (Help, Check for Updates) if you haven't gotten notified automatically.
Mozilla Firefox 2.0.0.4 did not ship with a Microsoft Windows Media Player plug-in. If you want one, see the instructions at http://kb.mozillazine.org/Windows_Media_Player#Missing_plugin.
If you are using Mozilla Firefox 2.0.0.4 on a Mac OS X system, if you have more than 20 tabs open you may not want to use the "Close Other tabs" on a tab's shortcut menu. This may not work correctly.
Windows Vista Parental Controls do not work correctly with Mozilla Firefox 2.0.0.4. According to Mozilla, controls are not applied to file downloads. They plan to fix this in a later release.
5/30/2007 Flash Player Sound Card Problems
Adobe Flash Player 9.0.45.0 for Windows may have compatibility problems with some sound cards. According to Adobe, the drivers for some Realtek and SoundMax cards may not support WaveOut, which will lead to audio problems. There is no workaround from Adobe -- you'll probably have to wait for a driver update.
5/28/2007 Overflowing iChat Can Allow Attack
A buffer overflow bug in iChat for Mac OS X 10.3.9 and 10.4.9 may allow a malicious local user to trigger either a denial of service attack or run hostile code on the victim's computer. The bug is in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol). Apple has fixed this in the Security Update 2007-005.
If you create new ActionScript 3.0 components in Adobe Flash CS3 Professional, they may not work correctly in older version of the Adobe Flash Player. This has been fixed in the Flash Player 9.0.45.0 update.
There is a bug in the Mac OS X 10.4.9 PPP daemon that may allow a local user to grab system privileges. The Apple Security Update 2007-005 fixes this by doing a better job validating user privileges. Apple credits an anonymous researcher reporting to iDefense for finding this bug.
Apple uses the Security Update 2007-005 to ship patches for the Ruby CGI library. Without the patches, attackers can launch denial of service attacks.
Apple has patched QuickTime 7.1.6 for both Mac OS X and Windows. There is a bug in QuickTime for Java that may allow a malicious website to run their code on your computer and take control. Get the patch for your OS at http://www.apple.com/support/downloads/. Apple credits John McDonald, Paul Griswold, and Tom Cross of IBM Internet Security Systems X-Force, and Dyon Balding of Secunia Research for finding this bug.
If you change an environment variable in Windows Vista so that it is longer than 1024 characters, it may get shortened to 1024 characters at your next log-on. Depending on the variable, that may cause problems. Microsoft has a fix for this, which will be in a future service pack. If you've got a long environment variable, you may want to get the hotfix. See how at http://support.microsoft.com/kb/935765/.
Copyright 2003-2007 BJK Research LLC