Here's a collection of recent security vulnerabilities and alerts, which covers a priviledge escalation vulnerability in Microsoft's DebugView, a buffer overflow flaw in Oracle 10g R2, and also information on how the firewall in Mac OS X Leopard can break some programs.
Here's a collection of recent security vulnerabilities and alerts, which covers a privilege escalation vulnerability in Microsoft's DebugView, a buffer overflow flaw in Oracle 10g R2, and also information on how the firewall in Mac OS X Leopard can break some programs.
- Privilege escalation vulnerability in Microsoft's DebugView
iDefense has discovered a local vulnerability in Microsoft's DebugView analysis tool. Exploitation allows attackers to modify the kernel, resulting in the arbitrary execution of code in kernel context.
In order to exploit this vulnerability, an administrator must launch the DebugView application, which will load the Dbgv.sys driver into the kernel. Once loaded, the vulnerable kernel module will be accessible by all users, and will remain loaded until the system is rebooted.
The bug was discovered in dbgv.sys version 188.8.131.52, included in DebugView 4.64. Microsoft has released DebugView 4.72 which fixes this bug.
- Buffer overflow vulnerability in Oracle 10g R2
There is a buffer overflow condition in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 database. It can be exploited by an authenticated session to allow a user to execute arbitrary code.
iDefense has confirmed this vulnerability on Oracle Database 10g Release 2 with all Critical Patch Updates as of February 2007. Previous versions could also be vulnerable.
Oracle has been informed of this problem since February. It appears to have been fixed in main codeline, but scheduled for a future CPU (Critical Patch Update).
A third-party public exploit has been released at the beginning of this month. There is no known effective workaround for this vulnerability.
- Mac OS X Leopard firewall breaks certain applications
The firewall in Leopard no longer operates at the packet level but rather it works with applications, to which it permits or denies specific network activities. In order to unambiguously identify applications, Apple uses code signatures, something which has also been introduced for the first time in Leopard...
... To achieve this, Apple furnishes unsigned programs with a digital signature in the process. If changes are made to the program subsequently, the permission is withdrawn.
The problem with the code signing is that it becomes a problem when an application - such as World of Warcraft or Skype perform its own self-integrity check. The only available workaround so far is to reinstall the affected applications completely.