Jump to content


Photo

Multiple AV vendor vulns - updates available


  • Please log in to reply
146 replies to this topic

#51 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 04 July 2009 - 07:49 AM

FYI...

McAfee false-positive glitch...
- http://www.theregist...ositive_glitch/
3 July 2009 22:48 GMT - "IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attack their core system files. In some cases, this caused the machines to display the dreaded BSOD. Details are still coming in, but forums here* and here** show that it's affecting McAfee customers in Germany, Italy, and elsewhere... Based on anecdotes, the glitch appears to be caused when older VirusScan engines install DAT 5664..."
* http://forums.mcafee...ad.php?p=569669
** http://forums.mcafee...ad.php?t=231904

- http://www.eweek.com...n...0&hide_js=1
2009-07-06 - "... On July 3, McAfee users running old versions of the VirusScan engine found themselves facing false positives after downloading a DAT file that labeled legitimate programs as malware. According to McAfee support forums, the glitch led to authorized programs being quarantined, and in some cases brought about the infamous "blue screen of death"... A McAfee spokesperson said the incorrect identification was resolved in the daily release, and stressed that customers running the most current software were not affected... According to McAfee, customers running Version 5200 or newer were not impacted by the problem. The most current versions are VirusScan Enterprise 8.7 and scanning engine 5301... "

:ph34r: :scratchhead:

Edited by apluswebmaster, 07 July 2009 - 08:28 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#52 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 10 July 2009 - 06:30 AM

FYI...

CA - false positive
- http://www.theregist...ogue_av_update/
10 July 2009 - "... The update, issued on Wednesday, falsely labeled important Windows system files as potentially malign, dispatching them into quarantine. The action prevents Windows XP systems from booting properly... In a statement (below), CA said it issued a revised update on Thursday that resolved the problem.
'On July 8, 2009 at 11:00am EST, a CA DAT file release contained improperly formed malware detections that errantly detected clean files from Microsoft Windows Service Pack 3 and from the commercial Cygwin application. Affected files were detected as "Win32\Amalum" variants with extensions such as ZZNRA, ZZOFK, ZZNPB, and ZZNRA.
All files falsely detected as malware by these errant signatures were quarantined and renamed with the following text added to the file name "*.AVB". This prevented the affected files from running as the ".exe" file. It's important to note that the affected files remain fully intact, only the file extensions were modified.
On July 9, 2009 at 3:30am EST the file was corrected and released.
' ..."

> http://preview.tinyurl.com/lyh5s9
Document ID: 3413 - Modify Date: Thursday, July 09, 2009 - "... false positive due to CA Anti-Virus Update # 6604 and has been corrected with CA Anti-Virus Update # 6606 or later..."

:ph34r: :ph34r: :scratchhead:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#53 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 24 July 2009 - 08:55 AM

FYI...

Kaspersky Anti-Virus / Kaspersky Internet Security 2010
Critical Fix 1 (version 9.0.0.463)
- http://www.kaspersky...ws?id=203038755
07.23.2009
"FIXES:
1. Problem with system instability after long period of program operation has been fixed.
2. Error causing BSOD while updating the emulator driver has been fixed.
3. Pop-up message in the URL checking module has been fixed (for the Spanish version).
4. Problem with pausing the scan task while third party programs are running in full-screen mode has been fixed.
5. Problem with the update task freezing at system startup has been fixed.
6. Vulnerability that allowed disabling of computer protection using an external script has been eliminated.
7. Driver crash in rare cases while processing a write operation has been fixed.
8. Crash while processing data incompliant with the protocol of Mail.Ru Agent has been fixed.
Download Here..."

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#54 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 12 August 2009 - 05:31 AM

FYI...

Sophos SAVScan vuln - updates available
- http://web.nvd.nist....d=CVE-2008-6904
Last revised: 08/07/2009
CVSS v2 Base Score: 10.0 (HIGH)

> http://www.sophos.co...icle/50611.html
"... The vulnerability has been removed from all versions of Sophos Anti-Virus running the virus engine, version 2.82.1 and above...
1. Check that you have the latest version of Sophos Anti-Virus on your computers.
2. If necessary update to ensure you have virus engine version 2.82.1 or above..."

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#55 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 12 August 2009 - 07:50 PM

FYI...

CA false positives...
- http://www.dynamoo.c...dwin32-and.html
12 August 2009 - "CA eTrust ITM has gone completely nuts today, with a load of seemingly random false positives mostly for StdWin32 in a large number of binaries, including some components of eTrust itself. The core problem seems to be a signature update from 31.6.6672 to 33.3.7051, there seems to be little consistency in what is being detected as a false positive although there are multiple occurrences of Nokia software, VNC and event DLLs and EXEs belonging to eTrust's core components...
Update 2: Signature pattern 34.0.6674 appears to fix this problem..."

CA / ITM False Positive Notice
> http://www.ca.com/us...aspx?cid=214397
Published: 12 Aug 2009

> https://support.ca.c...ontentID=214394
___

- http://www.theregist..._immune_update/
12 August 2009

- http://isc.sans.org/...ml?storyid=6955
Last Updated: 2009-08-13 01:35:11 UTC

:ph34r: :ph34r:

Edited by apluswebmaster, 13 August 2009 - 08:24 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#56 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 26 August 2009 - 04:19 AM

FYI...

Symantec SYM09-010 - Symantec Products KeyView XLS Processing Buffer Overflow
- http://secunia.com/advisories/36421/2/
Release Date: 2009-08-26
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
OS: Symantec Brightmail Gateway 8.x, Symantec Mail Security Appliance 5.0.x ...
Solution: Please see the vendor advisory for a patch matrix.
Symantec (SYM09-010): http://preview.tinyurl.com/mp5rza ...

Norton 2009 product or Norton 360 Version 3.0 - Error: "Symantec Service Framework has encountered a problem and needs to close..." after you install the latest updates
- http://www.symantec....0090821103237EN
Last modified: 08/25/2009 - "Download and run the fix tool
1. Download the fix tool*.
Save the file to the Windows desktop.
DOWNLOAD
2. On the Windows desktop, double-click KB20090821103237EN.exe.
3. In the Open File - Security Warning window, click Run.
4. In the Norton Hotfix window, click Yes.
5. Accept the license agreement, and click OK.
6. Follow the on-screen instructions.
Restart your computer... In some cases you may need to restart the computer twice to apply the hotfix correctly. After you run the fix tool and restart the computer, if you still see this error message, restart the computer once again.
DOCID: 20090821103237EN
Operating System: Windows Vista, Windows XP
* ftp://ftp.symantec.com/public/english_us_...821103237EN.exe

:ph34r: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#57 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 25 September 2009 - 08:28 AM

FYI...

avast! vuln - update available
- http://secunia.com/advisories/36858/2/
Last Update: 2009-09-25
Impact: Privilege escalation, DoS
Where: Local system
Solution Status: Vendor Patch
Solution: Update to version 4.8.1356...
Original Advisory: avast!:
http://www.avast.com...on-history.html

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#58 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 21 October 2009 - 01:36 PM

FYI...

CA Anti-Virus Engine - CA20091008-01
- http://support.ca.co...ontentID=218878
"... CA has issued fixes to address the vulnerabilities.
The first vulnerability, CVE-2009-3587, is due to improper handling of a specially crafted RAR archive file by the CA Anti-Virus engine arclib component. An attacker can create a malformed RAR archive file that results in heap corruption and allows the attacker to cause a denial of service or possibly further compromise the system.
The second vulnerability, CVE-2009-3588, is due to improper handling of a specially crafted RAR archive file by the CA Anti-Virus engine arclib component. An attacker can create a malformed RAR archive file that results in stack corruption and allows the attacker to cause a denial of service.
... If the file version is earlier than indicated below, the installation is vulnerable.
File Name File Version
arclib.dll 8.1.4.0
> For eTrust Intrusion Detection 2.0, the file is located in "Program Files\eTrust\Intrusion Detection\Common", and for eTrust Intrusion Detection 3.0 and 3.0 sp1, the file is located in "Program Files\CA\Intrusion Detection\Common".
> For CA Anti-Virus r8.1 on non-Windows platforms:
Use the compver utility provided on the CD to determine the version of Arclib. If the version is less than 8.1.4.0, the installation is vulnerable..."

- http://web.nvd.nist....d=CVE-2009-3587

- http://web.nvd.nist....d=CVE-2009-3588

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#59 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 29 October 2009 - 08:03 AM

FYI...

F-Secure PDF handling vuln - update available
- http://secunia.com/advisories/37192/2/
Release Date: 2009-10-29
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch...
Original Advisory: F-Secure:
http://www.f-secure....fsc-2009-3.html
Last updated: 2009-10-29
Risk level: High
"... A fix for the problem has been distributed through the malware definition database update channel. This advisory only affects systems that, for some reason, are not updated automatically..."

:ph34r: :blink:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#60 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 13 November 2009 - 12:22 PM

FYI...

Panda vuln - update available
- http://secunia.com/advisories/37373/2/
Release Date: 2009-11-13 ...
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch
Software: Panda Antivirus Pro 2010 9.x, Panda Global Protection 2010 3.x, Panda Internet Security 2010 15.x ...
Original Advisory: Panda:
http://www.pandasecu...0164&idIdioma=2

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#61 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 18 November 2009 - 07:50 AM

FYI...

Kaspersky AV vuln - update available
- http://secunia.com/advisories/37398/2/
Release Date: 2009-11-18
Impact: DoS
Where: Local system
Solution Status: Vendor Patch
Software: Kaspersky Anti-Virus 2010
Solution: Update to version 9.0.0.736.
Original Advisory:
http://sysdream.com/...3&section_id=78
"... Patch Updated: 2009/11/16..."

- http://www.kaspersky...latest_versions

- http://usa.kaspersky...e vulnerability
October 21, 2009

:ph34r:

Edited by apluswebmaster, 18 November 2009 - 08:16 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#62 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 19 November 2009 - 02:09 PM

FYI...

ClamAV v0.95.3 released
- http://www.clamav.net/download/sources
Latest stable release: ClamAV 0.95.3...

- http://wiki.clamav.n...pgradeNotes0953
If you have trouble compiling ClamAV please apply this patch (see bug #1737)
You can apply the patch ...
- http://wiki.clamav.n....3-bug1737.diff

- http://wiki.clamav.n...UninstallClamAV
... Make sure that you haven’t got old libraries (libclamav.so) lying around your
filesystem. You can verify it using: $ ldd `which freshclam`
Also make sure there is really only one version of ClamAV installed on your system...

- http://www.clamwin.c...ent/view/220/1/
11 November 2009

- http://www.securityf.../bid/35410/info
Updated: Nov 18 2009 05:16PM

:ph34r: :ph34r:

Edited by apluswebmaster, 20 November 2009 - 07:57 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#63 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 03 December 2009 - 07:14 AM

FYI...

Avast false positives - fix released
- http://isc.sans.org/...ml?storyid=7681
Last Updated: 2009-12-03 11:04:57 UTC - "We have received a number of reports of Avast Antivirus false positives... With a recent update the Avast antivirus product have started identifying legitimate products as containing Win32-Dell-MZG...
Update:
A new update was released fixing the issue. 091203-1. If you haven't used your computer between 12:00am UTC and 5.50 am UTC, then you will receive the new update and you should be fine. For those that were affected I recommend you keep an eye on the Avast blog http://forum.avast.c...php?topic=51647 as they are working on some how to's to help fix any issues."

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#64 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 17 December 2009 - 05:56 AM

FYI...

Kaspersky - Insecure default directory permissions
- http://secunia.com/advisories/37730/2/
Release Date: 2009-12-17
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch
Software:
Kaspersky Anti-Virus for Windows Server 6.x
Kaspersky Anti-Virus for Windows Workstations 6.x
Kaspersky Internet Security 9.x ...
Solution:
Kaspersky Internet Security 2010:
Update to version 9.0.0.736.
Kaspersky Anti-Virus 6.0 for Windows Workstations:
Update to version 6.0.4.1212.
Kaspersky Anti-Virus 6.0 for Windows File Servers:
Update to version 6.0.4.1212...

- http://www.kaspersky...latest_versions

- http://web.nvd.nist....d=CVE-2009-4114

- http://web.nvd.nist....d=CVE-2009-4452

:ph34r:

Edited by apluswebmaster, 04 January 2010 - 10:11 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#65 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 23 December 2009 - 08:08 PM

FYI...

AV-Comparatives rates Anti-Malware performance
- http://preview.tinyurl.com/yhmay7g
12.22.09 - "... AV-Comparatives.org released the results* of their recent "Whole Product Dynamic Test," which challenges anti-malware products to protect test systems as if in the real world... AV-Comparatives used just-defragmented disks for testing and worked to eliminate any external factors that would influence performance... They repeated each test several times and averaged the results. In several cases they ran the test and then ran the same test again, to handle programs that learn and therefore run more quickly after the first time..."

* http://www.av-compar...summary-reports
Summary - December 2009 (PDF link from this URL)

- http://www.av-compar...rformance-tests
Performance Tests (PDF link from this URL)

- http://www.av-compar...s/dynamic-tests
Dynamic Test (PDF link from this URL)

:cool:

Edited by apluswebmaster, 23 December 2009 - 08:11 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#66 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 04 January 2010 - 02:57 PM

FYI...

Symantec ...having 2010 date problems
- http://isc.sans.org/...ml?storyid=7870
Last Updated: 2010-01-04 17:22:08 UTC - "... post from Symantec:
- http://www.symantec....ted-04-jan-2010
... stating that Symantec Endpoint Protection Manager considers any definition update with a date newer than 11:59PM December 31 2009 will be considered out of date. They say they are working on a fix but are currently handling this by releasing new definitions with higher version numbers but the same date. This is impacting:
* Symantec Endpoint Protection v11.x Product Line
* Symantec Endpoint Protection Small Business Edition v12.x Product Line ..."
- http://service1.syma...010010308571348

:scratchhead:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#67 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 25 January 2010 - 05:41 PM

FYI...

F-secure - false alarm in show_ads.js
- http://www.f-secure....s/00001865.html
January 25, 2010 - "Some of our antivirus products had a brief false alarm today. The alert was from a common Javascript file called show_ads.js. The false alarm was for a trojan called Trojan.JS.Redirector.ar. The false alarm has been fixed in our update 2010-01-25_17. This only affected our older products, such as the 2009 product range. F-Secure Internet Security 2010 had no issues. We apologize for the false alarm. Sorry."

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#68 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 26 January 2010 - 08:28 AM

FYI...

Kaspersky - false positive
- http://www.theregist...false_positive/
25 January 2010 16:06 GMT - "Updated: An update to Kaspersky's popular anti-virus software on Monday falsely identified Google AdSense as a malicious script. As a result of the false alarm, Kaspersky users visiting sites in Google ad syndication network were falsely warned a site was infected with malicious Trojan-linked JavaScript... 'An incorrect signature was added to the company's antivirus databases on 25 January at 07:00 Moscow time (GMT+3). As a result, Kaspersky Lab products erroneously blocked some legitimate websites containing the link on script http://pagead2.googl...ead/show_ads.js, which is used in the contextual advertising system Google AdSense. When users visited an affected web resource, a message was displayed stating that the page contained the malicious program Trojan.JS.Redirector.ar. The problem was quickly resolved and by 19:00 Moscow time the company's products had stopped generating alerts for legitimate internet pages. Kaspersky Lab would like to apologize for any inconvenience this problem may have caused users...'..."

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#69 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 28 January 2010 - 04:48 PM

FYI...

Symantec false positives...
- http://isc.sans.org/...ml?storyid=8104
Last Updated: 2010-01-28 16:59:13 UTC - "... might be a false positive in Symantec's host based detection, flagging the Adobe Flash Installer as a Trojan Horse... Symantec is encouraging people that are affected to call Symantec support... Seems that the affected Revision is:
2010-01-27 rev 049..."

- http://www.theregist...fy_false_alarm/
28 January 2010 - "...A misfiring anti-virus definition update caused Symantec's Norton security software to wrongly classified Spotify program files as malign and shuffled them off into quarantine. Symantec responded quickly to the problem by issuing a fix that quashed the false alarm. Even after they update their security software, Symantec users may still have to reinstall Spotify in order to listen to the service again..."

> ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_corp/rapidrelease/sequence/

:scratchhead:

Edited by apluswebmaster, 28 January 2010 - 05:23 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#70 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 23 February 2010 - 02:08 PM

FYI...

avast! vuln - updates available
- http://secunia.com/advisories/38689/
Release Date: 2010-02-23
Impact: Privilege escalation, DoS
Where: Local system
Solution Status: Vendor Patch...
Solution: The vulnerability is fixed in version 5.0.418...

- http://secunia.com/advisories/38677/
Release Date: 2010-02-23
Impact: Privilege escalation, DoS
Where: Local system
Solution Status: Vendor Patch...
Solution: Update to version 5.0.418...

> http://forum.avast.c...p?topic=55484.0

- http://web.nvd.nist....d=CVE-2010-0705
Last revised: 02/26/2010
CVSS v2 Base Score: 7.2 (HIGH)

:ph34r:

Edited by apluswebmaster, 02 March 2010 - 12:54 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#71 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 24 February 2010 - 04:08 PM

FYI...

CA Service Desk Tomcat CSS vuln - workaround
- http://secunia.com/advisories/37606/
Release Date: 2010-02-23
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Workaround
Software: CA Service Desk 12.x
Original Advisory: CA20100222-01:
https://support.ca.c...ontentID=229526

- http://web.nvd.nist....d=CVE-2008-1947

CA eHealth Performance Manager CSS vuln - patch available
- http://secunia.com/advisories/38694/
Release Date: 2010-02-24
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: CA eHealth Performance Manager 6.x
Solution: Enable "Scan user input for potentially malicious HTML content". Please see the vendor's advisory for more information.
Original Advisory: CA20100223-01:
https://support.ca.c...ontentID=229652

- http://web.nvd.nist....d=CVE-2010-0640

Installation and Upgrade Issues... CA eHealth Performance Manager r6.1.x through r6.2
>>> https://support.ca.c...ontentID=227051

:ph34r:

Edited by apluswebmaster, 24 February 2010 - 04:24 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#72 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 20 March 2010 - 11:23 PM

FYI...

Faulty Update for 64 bit Operating Systems
- http://news.bitdefen...ng-Systems.html
22 March 2010

- http://forum.bullgua...ssue_84115.html
22-03-2010

BitDefender 2010 - false positive on X64 systems
- http://isc.sans.org/...ml?storyid=8464
Last Updated: 2010-03-21 00:44:19 UTC (Version: 2) - "... BitDefender 2010 appears to have released a set of bad definitions. Unfortunately, these bad virus definitions appear to detect core DLL files and even parts of BitDefender, itself, as infected by "Trojan.FakeAlert.5". There is quite a thread discussing this issue on the BitDefender Forums*. If you or your organization uses BitDefender, I would heavily recommend that you disable auto-update of the definitions until corrected ones are released soon. Also, I would recommend preparing to do a lot of hands-on clean up to reverse those files which were quarantined by accident.
Update: BitDefender has been sharing more information about this incident involving 64-bit architecture via their twitter account**. They point users to their knowledge base*** for more details on how to recover from this problem. I hope that beyond the initial response of this major issue, BitDefender and all antivirus vendors will recheck how they test, do quality assurance, and prepare to use social media as a communication tool for their customers in the case of an emergency."
* http://forum.bitdefe...opic=18759&st=0

** http://twitter.com/bitdefender/

*** http://www.bitdefend...e/consumer/#638

:ph34r: :blink:

Edited by apluswebmaster, 22 March 2010 - 10:55 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#73 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 07 April 2010 - 03:46 AM

FYI...

ClamAV vuln - update available
- http://secunia.com/advisories/39329/
Release Date: 2010-04-07
Criticality level: Highly critical
Impact: Security Bypass, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x
CVE Reference: CVE-2010-0098
Solution: Update to version 0.96.

- http://web.nvd.nist....d=CVE-2010-0098
Last revised: 04/09/2010
CVSS v2 Base Score: 10.0 (HIGH)

Download
- http://www.clamav.net/
Latest ClamAV stable release is: 0.96

Changelog
- http://git.clamav.ne...geLog;hb=master

:ph34r:

Edited by apluswebmaster, 13 April 2010 - 07:34 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#74 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 12 April 2010 - 06:26 AM

FYI...

F-Secure advisory FSC-2010-1
- http://www.f-secure....fsc-2010-1.html
2010-04-12
Security Advisory FSC-2010-1
Malformed archive bypass vulnerability

- http://secunia.com/advisories/39396/

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#75 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 21 April 2010 - 02:06 PM

FYI...

McAfee DAT 5958 update issues
- http://isc.sans.org/...ml?storyid=8656
Last Updated: 2010-04-21 19:22:30 UTC ...(Version: 2) - "McAfee's "DAT" file version 5958 is causing widespread problems with Windows XP SP3. The affected systems will enter a reboot loop and loose all network access. We have individual reports of other versions of Windows being affected as well. However, only particular configurations of these versions appear affected. The bad DAT file may infect individual workstations as well as workstations connected to a domain. The use of "ePolicyOrchestrator", which is used to update virus definitions across a network, appears to have lead to a faster spread of the bad DAT file. The ePolicyOrchestrator is used to update "DAT" files throughout enterprises. It can not be used to undo this bad signature because affected system will lose network connectivity. The problem is a false positive which identifies a regular Windows binary, "svchost.exe", as "W32/Wecorl.a", a virus. If you are affected, you will see a message like:
The file C:WINDOWSsystem32svchost.exe contains the W32/Wecorl.a Virus.
Undetermined clean error, OAS denied access and continued.
Detected using Scan engine version 5400.1158 DAT version 5958.0000.
McAfee released an updated DAT file, and an "EXTRA.DAT" file to fix the problem. An EXTRA.DAT file is a patch to just fix the bad signature. McAfee's support web sites currently respond slowly and are down at times, likely due to the increased load caused by this issue. Several readers reported that this procedure worked to recover:
1 - Boot the system in "Safe Mode"
2 - copy extra.dat in c:/program files/common files/mcafee/engine
3 - reboot.
If you lost "svchost.exe", then you need to copy it back to c:/Windows/system32/svchost.exe while in safe mode. This fix has to be applied locally at the workstation. However, it may be possible to do this remotely if your workstations support Intel's "vPro" technology. We should have a link to instructions shortly. Additional information from McAfee:
http://community.mca.../24056?tstart=0
McAfee Knowledgebase Article:
https://kc.mcafee.co...tent&id=KB68780
EXTRA.DAT file:
http://home.mcafee.c...aspx?key=265240 ..."

Corporate or Business users
- http://vil.nai.com/vil/5958_false.htm
April 25, 2010 - Windows XP with SP3...
• If you receive a detection for w32/wecorl.a, Do not restart your computer until you have performed the remediation steps in this article...

Home Users
- http://service.mcafe...spx?id=TS100969
___

- http://www.symantec....-false-positive
April 22, 2010 - "... We have seen poisoned search results since the problem first surfaced. Search terms such as McAfee, 5958, or DAT are returning results that can lead to malicious and fake antivirus scan sites, resulting in the installation of malware... This attack by the malware creators is quite insidious since many of the people searching for information about this problem are most likely already affected by the problem and are looking for a solution using another computer..."

:( :ph34r:

Edited by apluswebmaster, 26 April 2010 - 06:47 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#76 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 17 May 2010 - 03:02 PM

FYI...

Symantec - false positive - W.o.W....
- http://forums.wow-eu...525762488&sid=1
* 14. Re: Infostealer in scan.dll and scan.dll.new 15/05/2010 03:20:48 PDT
"Looks like Norton is giving a false positive* ... "
* http://www.virustota...3b5e-1273917649
File Scan.dll received on 2010.05.15 10:00:49 (UTC)
Result: 1/40 (2.50%)

- http://www.theregist...ow_false_alarm/

- http://isc.sans.org/...ml?storyid=8803

:scratchhead:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#77 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 24 May 2010 - 02:10 PM

FYI...

ClamAV v0.96.1 released
- http://secunia.com/advisories/39895/
Last Update: 2010-05-24
Criticality level: Moderately critical
Impact: DoS
Where: From remote
Solution: Update to version 0.96.1...

- http://www.clamav.ne...wnload/sources/
"... Latest stable release: ClamAV 0.96.1..."

- http://web.nvd.nist....d=CVE-2010-1639

- http://web.nvd.nist....d=CVE-2010-1640

:ph34r:

Edited by apluswebmaster, 28 May 2010 - 04:10 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#78 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 26 May 2010 - 05:09 AM

FYI...

AV detection evasion...
- http://isc.sans.org/...ml?storyid=8857
Last Updated: 2010-05-26 05:41:55 UTC - "... Authors of malware often build various modules that allow them to extend functionality of malware but also to make analysis more difficult. The rationale behind this is pretty simple if this particular infected machine does not need the module that, for example, attacks a certain bank it will not be downloaded and installed. This makes it more difficult for the AV vendors to collect all samples of various modules as the attackers can target them. One example of such highly modular (and heavily protected) malware is certainly Clampi you can see a series of articles about this malware family posted on Symantec's web site*. The attackers can also use modularization to rapidly change fingerprints of malware if only one module is detected by an AV vendor, the attacker only has to modify that particular module... One very simple malicious file was submitted to us couple of days... found the file in the /Windows/SysWOW64 directory on his Windows 7 machine. The file was named netset.exe and it wasn't signed, so it immediately looked suspicious... However, online malware scanners all happily declared the file safe when it was initially submitted to VirusTotal it resulted in 0 detections (yes 0 out of 40 AV programs on VirusTotal, see the report here**)... attackers are using those simple tricks to make automated analysis more difficult. Since even emulators such as Anubis, which execute the malware in an isolated environment, will not know which argument it needs, the file will appear to be benign. And judging by the VirusTotal results they have no problems with evading signature based scanning..."

* http://www.symantec....ws-trojanclampi

** http://www.virustota...ac7c-1272595124
File netset.exe received on 2010.04.30 02:38:44 (UTC)
Result: 0/40 (0.00%)

:grrr: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#79 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 23 August 2010 - 12:14 PM

FYI...

AV struggles against exploits
- http://krebsonsecuri...ainst-exploits/
August 23, 2010 - "... a series of reports released earlier this month by anti-virus testing lab AV-Test* comes to similar conclusions as NSS report about the exploit-blocking abilities of the major anti-virus products. According to AV-Test, the industry average in protecting against exploits (both known and unknown) was 75 percent."
* http://www.av-test.org/certifications

(More detail available at both URLs above.)

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#80 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 07 September 2010 - 01:18 PM

FYI...

Trend Micro Internet Security Pro 2010 vuln - Hotfix available
- http://web.nvd.nist....d=CVE-2010-3189
Last revised: 09/01/2010
CVSS v2 Base Score: 9.3 (HIGH)
Patch Information
Hyperlink: http://esupport.tren...-attackers.aspx

- http://securitytrack...ug/1024364.html

- http://xforce.iss.ne...orce/xfdb/61397
High Risk

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#81 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 13 September 2010 - 07:00 AM

FYI...

avast! Antivirus v5.0.677 released
- http://secunia.com/advisories/41109/
Last Update: 2010-09-13
Impact: System access
Where: From remote
... The vulnerability is confirmed in avast! Free Antivirus version 5.0.594 for Windows. Other versions may also be affected.
Solution: Update to version 5.0.677 ...
Original Advisory: Avast!:
http://www.avast.com...release-history

- http://web.nvd.nist....d=CVE-2010-3126
Last revised: 08/26/2010
CVSS v2 Base Score: 9.3 (HIGH)

:ph34r: :ph34r:

Edited by apluswebmaster, 13 September 2010 - 07:09 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#82 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 21 September 2010 - 01:42 AM

FYI...

ClamAV v0.96.3 released
- http://secunia.com/advisories/41503/
Release Date: 2010-09-21
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
CVE Reference: CVE-2010-0405
Solution: Update to version 0.96.3.

- http://www.clamav.ne...wnload/sources/

- http://web.nvd.nist....d=CVE-2010-3434
Last revised: 10/01/2010
CVSS v2 Base Score: 9.3 (HIGH)
___

- http://www.h-online....ne-1139430.html
19 November 2010

:ph34r:

Edited by AplusWebMaster, 03 December 2010 - 09:48 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#83 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 23 November 2010 - 10:00 AM

FYI...

Sophos/Mac AV - Top malware seen
- http://sophosnews.fi...d-mac.jpg?w=640
Nov. 2 - Nov. 16, 2010 [150K users]

> http://www.sophos.com/freemacav

- http://nakedsecurity...-malware-found/
November 18, 2010 - "... 50,000 malware reports from the Mac users during the time period... We don't see as much Mac malware as Windows malware... unfortunately, so long as Mac users don't properly defend themselves they will increasingly be perceived as a soft target by cybercriminals..."

:huh:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#84 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 01 December 2010 - 02:24 PM

FYI...

McAfee SB10013...
- http://isc.sans.edu/...l?storyid=10012
Last Updated: 2010-12-01 15:55:08 UTC - "McAfee Released Security Bulletin SB10013 this morning. The bulletin pertains to a potential code execution vulnerability for VirusScan Enterprise 8.5i and earlier versions. According to the information from McAfee they are investigating the publicly disclosed security issue and will publish a hotfix as soon as the investigation is complete. They have listed this as a Severity Rating of Medium. For more information and to check for the hotfix* ..."
* https://kc.mcafee.co...tent&id=SB10013
December 01, 2010 - "... McAfee is aware of a publicly disclosed security issue that may affect VirusScan Enterprise version 8.5 and prior. We are investigating the claims and will update this KB with additional details when they are available. We will be publishing a hotfix for this issue as soon as we are certain the fix closes all avenues of attack. This hotfix will mitigate the issue in affected configurations. .. VSE 8.7i and beyond are not affected by this issue and are readily available immediately. Upgrading to the newest version effectively closes this issue completely... Remediation: Upgrade to or install VSE 8.7..."

- http://secunia.com/advisories/41482/
Release Date: 2010-11-29
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
... The vulnerability is caused due to the application loading libraries (e.g. traceapp.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a Word Document with an embedded ActiveX control located on a remote WebDAV or SMB share in Microsoft Office 2003...

:ph34r:

Edited by AplusWebMaster, 01 December 2010 - 04:03 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#85 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 03 December 2010 - 01:35 AM

FYI...

AVG bad update bricks Win7 64-bit
- http://isc.sans.edu/...l?storyid=10030
Last Updated: 2010-12-03 04:24:55 UTC - "... reports on AVG updates breaking things on Windows 7 64 bit... The problem lies with the mandatory update. The AVG site has some info on how to deal with the issue here http://forums.avg.co...t=show&id=94159
* Basically get the machine started somehow (use AVG rescue Disk or any Linux Live CD). In the windows/system32/drivers directory rename everything starting with avg. Reboot and your system will be back (minus the AV). I guess it will then be a matter of waiting for it to be fixed, reinstall or change to something else."
___

AVG fix for computers running on Windows 7 64-bit platform - updated
- http://product-team....t-platform.html
12/02/2010 - "... we have identified a potential conflict between one of our recent updates (3292) and a significant number of systems running on the Windows 7 64-bit platform that has caused systems to go into an infinite crash loop... video to help you solve this problem..."

- http://forums.avg.co...999#post_132999
[Read -entire- thread]

System crash after the recent AVG 2011 update 3292 (BSOD)
- http://free.avg.com/ww-en/faq?num=4080

- http://www.avg.com/us-en/faq?num=4079

Updated AVG 2011 Rescue CD/USB (for 3292 update)
-
___

- http://forums.avg.co...=show&id=132917

-

:!: :ph34r: :scratchhead:

Edited by AplusWebMaster, 03 December 2010 - 05:31 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#86 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 08 December 2010 - 06:48 AM

FYI...

ClamAV v0.96.5 released
- http://secunia.com/advisories/42426
Last Update: 2010-12-08
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
... The vulnerabilities are reported in versions prior to 0.96.5.
Solution: Update to version 0.96.5.

- http://www.clamav.ne...wnload/sources/
Latest stable release: ClamAV 0.96.5

- http://web.nvd.nist....d=CVE-2010-4260
- http://web.nvd.nist....d=CVE-2010-4261

- http://www.h-online....ne-1139430.html
19 November 2010

:ph34r: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#87 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 09 December 2010 - 10:25 AM

FYI...

Avira v10 SP1 updated
- http://techblog.avir...ol-problems/en/
December 8, 2010 - "We just published an update for Avira AntiVir 10 with Service Pack 1 that solves an issue some users were experiencing where their computers stopped to respond after a short time of running. An error message indicates in those cases that the paged pool memory isn’t sufficient. As a workaround it was possible to disable the process protection of Avira AntiVir. The now released update solves that issue. Those who disabled the process protection may enable it again after applying that update, which should happen automatically within the usual update cycle (exception: if the default configuration got changed and product updates explicitly got disabled)..."
Update 09.12.2010 - "On developer systems, this update may lead to problems when trying to debug software (thus only developers should be affected). We are still investigating the issue. As a workaround in case you experience this problem, disable the registry- and file-protection for the Avira AntiVir files in the configuration: Switch to expert mode in the configuration and scroll down to “general”, “security”. There untick the box next to the entry which protects from file- and registry manipulations. After that, reboot the computer. In some cases it is necessary to rename the Avira file avipbb.sys to avipbb.old (possible in safe mode)."

:ph34r: :blink: :question:

Edited by AplusWebMaster, 09 December 2010 - 03:11 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#88 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 10 December 2010 - 09:42 AM

FYI...

F-secure: false positive...
- http://www.f-secure....s/00002073.html
December 10, 2010 07:22 GMT - "Unfortunately we had a nasty false alarm couple of hours ago. The false alarm involved the detection Adware.smartad.d, which was in the database update 2010-12-09_10, released on 9th Dec 2236 UTC. This detection inadvertently triggered on the file google-analytics.com/ga.js. This file is a script associated with Google Analytics, and it's found on a fair number of websites. An exclusion for the file was released in the database update 2010-12-10_01 at 10th Dec 0052 UTC - about 2.5 hours after the bad update went out.
Apologies for any disruptions caused by this false alarm. We're sorry. To minimize disruptions, please make sure your product has been updated to use the latest database updates."

:!: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#89 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 15 December 2010 - 08:53 AM

FYI...

F-Secure remote binary vuln - updates available
- http://secunia.com/advisories/42566/
Release Date: 2010-12-15
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Solution: Apply patches. Patches are also distributed via the automatic update channel.
Original Advisory: F-Secure Security Advisory FSC-2010-4:
http://www.f-secure....fsc-2010-4.html
Last updated: 2010-12-15
Risk level: High
Brief description: Under certain circumstances, an attacker can trick the system into executing a binary file that has been planted on a disk resource that the computer can access... Administrators should download and apply the hotfixes listed...

- http://www.securityt....com/id?1024895
Dec 15 2010

:ph34r: :ph34r:

Edited by AplusWebMaster, 16 December 2010 - 08:16 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#90 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 27 January 2011 - 05:41 AM

FYI...

Symantec AV multiple vulns - update available
- http://secunia.com/advisories/43099/
Release Date: 2011-01-27
Criticality level: Moderately critical
Impact: DoS, System access
Where: From local network
Solution Status: Vendor Patch
Software: Symantec AntiVirus Corporate Edition 10.x, System Center 10.x
CVE Reference(s): CVE-2010-0110, CVE-2010-0111
... Intel AMS2 component when processing certain messages can be exploited to run arbitrary commands | cause a buffer overflow | create arbitrary events | cause a DoS ...
Solution: Update to version 10.1 MR10.
Original Advisory:
- http://www.symantec....uid=20110126_00
- http://www.symantec....uid=20110126_01

- http://www.securityt....com/id/1024996
Jan 27 2011
- http://www.securityt....com/id/1024997
Jan 28 2011

:ph34r:

Edited by AplusWebMaster, 28 January 2011 - 04:22 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#91 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 22 February 2011 - 06:53 AM

FYI...

Clam AV vuln - update v0.97 available
- http://secunia.com/advisories/43392/
Release Date: 2011-02-21
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
... The vulnerability is reported in versions prior to 0.97.
Solution: Update to version 0.97...
- http://www.clamav.ne...wnload/sources/
"... Latest stable release: ClamAV 0.97... Please read the upgrade instructions before upgrading..."
* http://wiki.clamav.n...deInstructions"

- http://web.nvd.nist....d=CVE-2011-1003
Last revised: 02/24/2011

- http://www.securityt....com/id/1025100
Feb 21 2011

:ph34r:

Edited by AplusWebMaster, 28 February 2011 - 02:29 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#92 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 24 February 2011 - 09:33 PM

FYI...

CA ActiveX vuln - update available
* http://secunia.com/advisories/43377/
Release Date: 2011-02-24
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch ...
Original Advisory: ZDI / CA (CA20110223-01):
http://www.zerodayin...ies/ZDI-11-093/

CA ActiveX vuln - update available
- http://secunia.com/advisories/43490/
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
Solution: Set the kill-bit for the affected ActiveX control. Reportedly, the vendor will issue fix information soon.
For more information: SA43377*

- http://www.securityt....com/id/1025120
Updated: Feb 26 2011
___

- http://web.nvd.nist....d=CVE-2011-1036
Last revised: 03/11/2011
CVSS v2 Base Score: 8.8 (HIGH)

:!: :ph34r:

Edited by AplusWebMaster, 14 March 2011 - 01:39 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#93 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 25 February 2011 - 06:03 AM

FYI...

F-Secure multiple vulns - update available
- http://secunia.com/advisories/43049/
Release Date: 2011-02-24
Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information
Where: From remote...
Software: F-Secure Policy Manager 8.x, F-Secure Policy Manager 9.x
... The weakness and the vulnerability are confirmed in version 9.00.30231 and also reported in versions 8.00 and 8.1x.
Solution: Apply patches.
Original Advisory: F-Secure (FSC-2011-2):
http://www.f-secure....fsc-2011-2.html

- http://www.securityt....com/id/1025124
Feb 24 2011
___

- http://web.nvd.nist....d=CVE-2011-1102
- http://web.nvd.nist....d=CVE-2011-1103
Last revised: 03/11/2011
"... before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux..."

:ph34r:

Edited by AplusWebMaster, 14 March 2011 - 01:38 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#94 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 15 March 2011 - 12:56 PM

FYI...

F-secure beta f/Macs false positive, fix available
- http://www.f-secure....s/00002121.html
March 15, 2011 - "The beta version of our Mac OSX software, F-Secure Mac Protection, had a serious false alarm last night. Database update 2011-03-14_03 caused several false alarms in clean files with detection names such as
Exploit:W32/NeosploitPDF.gen!A and Exploit:JS/Brooks.gen!A. The problematic update was removed after two hours. Beta users who received the update have seen some of their clean files moved to Trash. This problem only affected users of our Mac OSX beta version (Technology Preview). Our Windows and Linux products were not affected in any way... We have now released a tool that will restore the files back to their original locations. You can download the tool from here*."
* http://www.f-secure....mac/FSMACTP-01/
F-Secure Mac Protection Technology Preview advisory 15.3.2011...

:(
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#95 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 12 April 2011 - 06:08 AM

FYI...

McAfee Firewall Reporter vuln - fix
- https://kc.mcafee.co...tent&id=SB10015
Security Bulletins ID: SB10015
Last Modified: April 11, 2011
This update fixes a bug that leverages an issue in the authentication sequence to allow unauthorized users access to the system...
> Remediation..."
(See the URL above.)

- http://www.securityt....com/id/1025314
Apr 11 2011
Version: prior to 5.1.0.13...

- http://secunia.com/advisories/44110/
Criticality level: Moderately critical
___

- http://www.theregist...ilter_screw_up/
6 April 2011 - "McAfee has apologised for a Sesame Street-style mix-up over the weekend that temporarily prevented any customers with addresses that start with the letter A from receiving email. The glitch... bounced emails sent to supported inboxes that began with an A or a non-alphanumeric special character (eg, @£$). In a statement, McAfee blamed a rogue script for the mix-up, which has now been resolved..."

:(

Edited by AplusWebMaster, 12 April 2011 - 10:42 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#96 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 21 April 2011 - 05:10 AM

FYI...

CA ActiveX controls vuln...
- http://secunia.com/advisories/43681/
Release Date: 2011-04-21
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: CVE-2011-1719
Solution: Apply APARs.
Original Advisory: CA:
https://support.ca.c...5-B2AF457B5364}
___

- http://www.securityt....com/id/1025423
CVE Reference: CVE-2011-1718
Apr 21 2011
- http://www.securityt....com/id/1025424
CVE Reference: CVE-2011-1719
Apr 21 2011

:!: :ph34r:

Edited by AplusWebMaster, 21 April 2011 - 05:18 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#97 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 28 April 2011 - 02:09 PM

FYI...

McAfee - False Positive in DAT 6329...
- http://isc.sans.edu/...l?storyid=10783
Last Updated: 2011-04-28 12:26:24 UTC - McAfee Labs have issued an alert that McAfee VirusScan DAT file 6329 is returning a false positive for spsgui.exe. This is impacting SAP telephone connectivity functionality. McAfee... work around for the issue documented in KB71739:
https://kc.mcafee.co...tent&id=KB71739

:(
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#98 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 28 June 2011 - 01:16 PM

FYI...

Avira AV v10 SP2 released
- http://techblog.avir...antivir-v10/en/
June 28, 2011 - "... Service Pack 2 to all AntiVir v10 products today: Personal, Premium, Premium Security Suite, Professional and Server. Avira’s Service Pack 2 update will be made available as product update to all customers, paid and free in English and German. The other languages will follow in the next few weeks. Please make sure you have enabled Product Updates by choosing the first option in Configuration -> Update->Product Update...
... fixed many issues which our users reported
... improved the protection overall by enhancing the heuristic detection and the repair functionality
... enabled the protection of the product itself and that of the entire operating system by enabling automatically the advanced process protection which prevents malware to terminate the Avira processes and to change the registry keys of the system.
... antirootkits protection was enhanced in order to be able to detect new methods of hiding malware...
You must restart your system after SP2 is installed in order to use the new drivers. Please save your work to prevent any loss of data.
Please read here about how to prepare for the reboot if you are in a company: http://www.avira.com...detail?kbid=841
... and check this document for the default values http://www.avira.com...SP2_Prof_EN.pdf ...

... The SP2 brings also an optional toolbar to the users of the AntiVir Personal Free. If the user installs it, uses the toolbar and clicks on the links provided, Avira gets some money from the provider of the toolbar, the well-known search provider Ask .com... For more information about data collected, please read the Ask’s privacy policy available here:
http://sp.ask.com/en...t/privacy.shtml
Most visible innovations in the SP2: http://www.avira.com...etail/faqid/854
Release Information of SP2 at a glance: http://www.avira.com...tail/faqid/840.
Detailed information of the changes performed in the products by the SP2: http://www.avira.com...AV10_SP2_EN.pdf
How to install the new Avira Toolbar after updating to SP2: http://www.avira.com...etail/faqid/861
How to install the new Avira Toolbar later via setup: http://www.avira.com...etail/faqid/862
How to -remove- the Avira Toolbar: http://www.avira.com...etail?faqid=863

Update: Some of our users experienced that the online protection is inactive after the SP2 update. Please see here* how to fix it.
* http://www.avira.com...detail/kbid/566
___

- http://www.h-online....rs-1271030.html
30 June 2011

:ph34r:

Edited by AplusWebMaster, 03 July 2011 - 03:17 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#99 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 22 July 2011 - 07:25 AM

FYI...

CA Gateway v8.1 Security advisory...
- http://h-online.com/-1284003
22 July 2011 - "CA is warning of a critical vulnerability in its Gateway Security 8.1 business security solution that allows attackers to inject malicious code into systems... The company has provided a fix* for Gateway Security. Alternatively, users can upgrade to version 9.0. Users of Total Defense Suite r12 are also advised to take action quickly as the vulnerable version of Gateway Security is part of this security package."

* https://support.ca.c...2642&actionID=4
07/13/2011

CA20110720-01: Security Notice for CA Gateway Security and Total Defense
- https://support.ca.c...D-027D05B6285D}
July 20, 2011
Risk Rating: High
Platform: Windows
Affected Products: CA Gateway Security 8.1, CA Total Defense r12
Non-Affected Products: CA Gateway Security 9.0 ...
___

- http://secunia.com/advisories/45332/
Release Date: 2011-07-21
Criticality level: Moderately critical
... vulnerability is reported in versions prior to 8.1.0.69...

:!: :ph34r:

Edited by AplusWebMaster, 24 July 2011 - 05:44 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#100 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 27 July 2011 - 06:52 AM

FYI...

ClamAV DoS vuln - update available
- http://secunia.com/advisories/45382/
Release Date: 2011-07-26
Criticality level: Moderately critical
Impact: DoS
Where: From remote...
Solution Status: Vendor Patch
... The vulnerability is reported in versions prior to 0.97.2.
Solution: Update to version 0.97.2.

- http://www.clamav.net/lang/en/
"... ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing
detection, hash matcher, and other minor issues. Please see the ChangeLog file for details..."
* http://git.clamav.ne...b=clamav-0.97.2

:!: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.




Member of UNITE
Support SpywareInfo Forum - click the button