Keane Insight

Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same.

Vulnerability in Firefox

A vulnerability has been detected in Firefox, which can be exploited to cause a DoS (Denial of Service) or potentially to compromise a user’s system. It is caused due to an error in the handling of a URL that contains the 0xAD character in its domain name. This can be exploited to cause a heap-based buffer overflow. Successful exploitation crashes Firefox and may potentially allow code execution, but requires that the user is tricked into visiting a malicious Web site or open a specially crafted HTML file. The vulnerability has been confirmed in version 1.0.6. Further, it is reported to affect versions prior to 1.0.6, and version 1.5 Beta 1.

Vulnerability reported in Cisco switch

A vulnerability has been reported in Cisco CSS (Content Services Switch), which can be employed to bypass certain security restrictions. This is caused due to an error in handling the situation when SSL clients fail to renegotiate the SSL session. This can be exploited to bypass client certificate authentication and may allow access to the protected content. The vulnerability has been reported in the Cisco CSS 11500 Series (with the CSS5-SSL-K9 SSL module) and the CSS 11501 with SSL (SS11501S-K9). Successful exploitation requires that client authentication using SSL certificates be enabled.

Sun Java System Web Proxy Server DoS vulnerabilities

Three vulnerabilities have been reported in Sun Java System Web Proxy Server, which can be used to cause a DoS.

It is reported in version 3.6 Service Pack 7 and prior.

The vulnerabilities are caused due to some unspecified errors and can be exploited to cause the server to become unresponsive to requests. Patches are available at www.sun.com/download/products.xml