Here's a collection of recent security vulnerabilities and alerts, which covers patches for multiple products from Adobe, a backdoor discovered in Cisco's IPM, an IFRAME exploit that showed up at Trend Micro's Web site, and news that the Mifare Classic RFID has been cracked.
Here’s a collection of recent security vulnerabilities and alerts, which covers patches for multiple products from Adobe, a backdoor discovered in Cisco's IPM, an IFRAME exploit that showed up at Trend Micro's Web site, and news that the Mifare Classic RFID has been cracked.
- Adobe releases patches for multiple products
Adobe has released multiple updates for its products, such as Adobe Reader for Unix, Form Designer and Form Client, ColdFusion, and LiveCycle Workflow. If you are using any of these products, you are strongly encouraged to update.
- CVE–2007-6253: Form Designer 5.0 and Form Client 5.0
- CVE-2008-0643: ColdFusion 8 and ColdFusion MX 7
- CVE-2008-1203: ColdFusion 8 and MX 7
- CVE-2008-0883: Adobe Reader 8.1.2 for Unix
- CVE-2008-1202: Lifecycle Workflow 6.2
You can check out a short excerpt of some of the above issues over at ZDNet blogs.
- Backdoor found on Cisco's IPM
A bizarre critical security hole has been found in version 2.6 of the CiscoWorks Internetwork Performance Monitor (IPM) for both Sun Solaris and Microsoft Windows operating systems.
The IPM monitors the availability of the network under CiscoWorks LAN Managment Solution (LMS). The vulnerability allows remote, unauthenticated users to execute arbitrary commands.
IPM version 2.6 for Solaris and Windows contains a process that causes a command shell to automatically be bound to a randomly selected TCP port. Remote, unauthenticated users are able to connect to the open port and execute arbitrary commands with casuser privileges on Solaris systems and with SYSTEM privileges on Windows systems.
This vulnerability has been listed by Cisco as critical, though no explanation has been offered as to how this strange flaw came about. There are no workarounds, and all affected users are strongly urged to install it as soon as possible.
If you have a service contract with Cisco, you can access the update via the Software Center on Cisco's worldwide website.
- Trend Micro's Web site infected
The incident has since been rectified. “In response to this incident, we shut down the VE (Virus Encyclopedia) for several hours, patched the systems, removed the inserted code, and brought it back to life again," stated the blog.
- Trend Micro victim of malicious hack (ChannelWeb)
- Trend Micro CTO puts record straight (ArabianBusiness.com)
- Trend Micro patches online search after hack (SC Magazine Australia)
The vector that resulted in the Web pages being contaminated in the first place seems to be Microsoft's ASP (Active Server Pages) technology. This incident highlights a trend of malware threats targeting legitimate and well-known sites in the hopes that users will lower their guard on these sites.
- Mifare Classic RFID cracked
Two independent groups of researchers have managed to crack the encryption scheme used in the popular Mifare Classic RFID chip algorithm.
In fact, one of the team demonstrated how they managed to sniff sufficient data to clone multiple copies of access cards based on this technology - simply by walking past the victim with a portable reader. You can see it in action via the YouTube video I embedded in my IT News Digest piece here.
This is particularly troubling as the Mifare RFID is used extensively in the office and building access control arena. The technology is also used by transit operators in various cities, such as London, Boston, and the Netherlands.
A Mifare "Plus" version of the chip has been announced, though it will probably not be available until the end of the year. In addition, readers will have to be upgraded to support the more robust encryption used in the Mifare Plus.
In the meantime, it would be prudent to add in a second factor check -- such as a photo ID, if the security of your current installations rely heavily on the uniqueness of a Mifare Classic RFID-based access card.