Here's a collection of recent security vulnerabilities and alerts, which covers a new version of Apache Tomcat, a local privilege escalation in Trend Micro anti-virus products, and six new flaws fixed in the latest version of RealPlayer.
- New version of Apache Tomcat fixes vulnerability
A new version of Apache Tomcat has been releases which fixes a vulnerability which could allow arbitrary file contents to be displayed.
Apache Tomcat could allow an authenticated remote attacker to traverse directories and view any known file on the system. An attacker could exploit this vulnerability by sending a specially-crafted WebDAV write request containing the absolute path of the targeted file within the SYSTEM ENTITY tag.
Affected versions are 4.1.0 to 4.1.SVN, 5.0.0 to 5.0.SVN, 5.5.0 to 5.5.25, and 6.0.0 to 6.0.14. The vulnerability is resolved in Apache Tomcat 5.5.SVN and 6.0.SVN. There is no update for versions 4.1.x.
An exploit has already been released.
- Local privilege escalation found in Trend Micro anti-virus products
A vulnerability in Trend Micro anti-virus products for corporate and individual users has been discovered which could allow local users to execute arbitrary code at SYSTEM privilege level.
The Tmxpflt.sys driver provides access to the \\.\Tmfilter DOS device interface. However, access privileges allow write access for Everyone. A driver function called this way does not validate the length of a user-supplied parameter before copying the parameter to a fixed-size buffer. This can cause a buffer overflow allowing arbitrary code to be executed in the kernel context.
The flawed driver is used in PC-Cillin Internet Security 2007, Client Server Messaging Security for SMB 3.6, Client Server Security for SMB 3.6, OfficeScan 7 and 8 and in ServerProtect for Microsoft Windows as well as Novell NetWare 5.58.
Trend Micro plans to fix this vulnerability in a Scan Engine update on October 30th.
- New version of RealPlayer fixes six new bugs
Six new critical vulnerabilities have been fixed in the new version of RealPlayer released last Friday.
All six bugs involve RealPlayer's problems parsing file formats and could be exploited by hackers who first crafted malicious files, then duped users into either opening those rigged files when they received them as e-mail attachments or visiting an attack site that hosted such files. Among the file types: .mov, .mp3, .rm, SMIL, .swf, .ram and .pl.
Four of the six new vulnerabilities could also be exploited on Mac and Linux machines that have RealPlayer installed.
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.