Here's a collection of recent security vulnerabilities and alerts, which covers Symantec releasing security fixes for both its Backup Exec for Windows Server and the Symantec Scan Engine products, a critical hole found in the ICQ 6 instant messaging client, and a new version of Wireshark that resolves flaws in three of its dissectors.
- Symantec releases security hotfix for Backup Exec for Windows Server
Symantec has released a hotfix that resolves a number of vulnerabilities in its Backup Exec for Windows Server product. The fault revolves around an ActiveX control that is installed together with its scheduler module.
Exploitation could possibly lead to unauthorized information disclosure, system information corruption, or even arbitrary code execution in the context of the user's browser. However, the risk of exploitation has been classified as low as a victim has to use Internet Explorer to visit a specially crafted Web page, which is less likely on a server.
Affected versions of Backup Exec for Windows Server are version 11d with a build number of 11.0.6235 and 11.0.7170 and version 12.0 build 12.0.1364.
You can check out the Symantec security bulletin here for more information and the download URL for the hotfix.
- Critical hole found in ICQ 6 client
A critical vulnerability has been found in version 6 of the ICQ client. It is caused due to a format string error when generating HTML code to display in the embedded Internet Explorer component. A successful exploit can either cause the ICQ version 6 instant messenger client to crash or lead to arbitrary execution of code.
ICQ Version 6 (Build 6043) has been tested to be affected, though it's very likely that other versions also contain the flaw.
There are no patches available to fix this flaw at the moment. Restricting receipt of messages to known contacts might help mitigate risks somewhat, though this would offer scant protection in the event of a worm.
- New version of Wireshark fixes three vulnerabilities
A new version of the Wireshark network analysis tool — formally known as Ethereal — has been released. This new version resolves three vulnerabilities in its protocol handlers that may result in Wireshark crashing or using up all available memory by means of injecting a malicious packet onto the wire or by reading the same via a packet trace file.
The flawed modules support the common SNMP and TFTP protocols as well as the rarer SCTP protocol. The TFTP problem only arises under Ubuntu 7.10 in what appears to be a bug in the Cairo library on that platform.
If an upgrade is not possible, the developers recommend that users disable the SCTP, SNMP, and TFTP dissectors via selecting Analyze | Enable Potocols from the menu.
- Symantec patches remote vulnerabilities in Symantec Scan Engine 5.1.2
In another vulnerability report involving a Symantec product, security research lab iDefense has discovered that version 5.1.2 of the Symantec Scan Engine is vulnerable to a remote denial-of-service vulnerability.
By sending a malformed RAR file to the listening port (1344) of the Symantec Scan Engine, an unauthenticated attacker is able to cause the service to consume a massive amount of memory, resultig in a DoS condition for the server. For the attack to succeed, the malicious RAR file have to be scanned by the Symantec Scan Engine. This is so by default as no authentication is required to reach the vulnerable code.
This flaw affects both the Windows and Linux builds of the product and does not currently have any known workaround.
Symantec has addressed this vulnerability by releasing updates to the Symantec Scan Engine. Check out the Symantec security bulletin page for details and download links.
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.