Description:
Some vulnerabilities have been reported in Adobe Flash Player / AIR, which can be exploited by malicious people to gain knowledge of system information or compromise a user's system.

1) An error when parsing JPEG dimensions contained within an SWF file can be exploited to cause a heap-based buffer overflow.

2) An unspecified error may allow injection of data and potentially lead to execution of arbitrary code.

3) An unspecified error possibly related to "getProperty()" can be exploited to corrupt memory and may allow execution of arbitrary code.

4) An unspecified error can be exploited to corrupt memory and may allow execution of arbitrary code.

5) An integer overflow error when generating ActionScript exception handlers in Verifier::parseExceptionHandlers() can be exploited to corrupt memory.

6) Various unspecified errors may potentially allow execution of arbitrary code.

7) An error may disclose information about local file names.

The vulnerabilities are reported in Adobe Flash Player version 10.0.32.18 and prior and Adobe AIR version 1.5.2 and prior.

Solution:
Update to Flash Player version 10.0.42.34 and AIR version 1.5.3.

Description:
Some vulnerabilities and weaknesses have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, or compromise a user's system.

1) A use-after-free error when handling pop-up windows and navigating away from the current site can be exploited to corrupt memory via a specially crafted web page.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 3.0.195.38. Other versions may also be affected.

2) An unspecified error can be exploited to bypass the pop-up blocker.

3) A design error in the handling of CSS stylesheets can be exploited to potentially disclose sensitive information from other domains.

4) An unspecified error allows XMLHttpRequests to directories.

5) An unspecified error exists related to escaping characters in shortcuts.

6) Unspecified errors exist related to drawing on canvases, which can corrupt memory.

7) An unspecified error exists during image decoding, which can corrupt memory.

8) An unspecified error exists, which may result in failure to strip "Referer".

9) An unspecified error affects cross-domain access.

10) An unspecified error exists in the deserialisation of bitmaps.

Solution:
Upgrade to version 4.0.249.78.

1) A use-after-free error during event handling when the object firing the event is removed from the markup can be exploited to corrupt memory.

NOTE: This vulnerability is currently being actively exploited.

2) An error in the Internet Explorer 8 XSS filter may cause an HTML attribute to be incorrectly disabled in otherwise properly filtered HTTP response data. This can be exploited to bypass the filter and execute arbitrary HTML and script code in the wrong security context.

3) An error when validating input parameters in URLs may result in execution of a program on the local system.

4) An error exists in the handling of "Col" elements used within an HTML table container, which may result in memory corruption.

5) A use-after-free error exists in the handling of elements that manipulate the font baseline (e.g. "sub" or "sup") when rendering intertwined "strike" and "center" tags.

6) A use-after-free error exists in the handling elements used within a table container.

7) An error in the "mergeAttributes()" method when accessing an object that has not been initialised or has been deleted may result in memory corruption.

8) A use-after-free error in the handling of cloned DOM objects in Javascript can be exploited via a specially crafted sequence of object cloning.

Solution:
Apply patches.

-- Windows 2000 SP4 --

Internet Explorer 5.01 SP4:
http://www.microsoft.com/downloads/de...=51e99e4f-1670-4b12-a9fe-e0ccf50cdabc

Internet Explorer 6 SP1:
http://www.microsoft.com/downloads/de...=a38aa9d0-c3fe-4d41-8805-7d5370263c1b

-- Internet Explorer 6 --

Windows XP SP2/SP3:
http://www.microsoft.com/downloads/de...=207eecad-6e84-48e6-ae18-6794a3618ee0

Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/de...=eb2d8055-4d50-4f83-82b8-055c7b8f5422

Windows Server 2003 SP2:
http://www.microsoft.com/downloads/de...=fea91227-44ad-4549-8732-497a8ceff870

Windows Server 2003 x64 Edition SP2:
http://www.microsoft.com/downloads/de...=633e63f4-605b-43c4-8a4b-2730312a1c72

Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/de...=b9308d50-ca66-43ff-9dc5-d05c90baa764

-- Internet Explorer 7 --

Windows XP SP2/SP3:
http://www.microsoft.com/downloads/de...=3510c7d8-7e8f-479e-b6f9-5745a845664d

Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/de...=cc5aea0b-e553-4f7f-a2cc-cba41bb87ae7

Windows Server 2003 SP2:
http://www.microsoft.com/downloads/de...=14726445-3ff4-463c-9fc1-c9b758079aca

Windows Server 2003 x64 Edition SP2:
http://www.microsoft.com/downloads/de...=c8742230-16d8-4b2f-bd3e-8834c759856b

Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/de...=5622f223-df9c-4a6a-bdf0-feebaf9920fd

Windows Vista (optionally with SP1/SP2):
http://www.microsoft.com/downloads/de...=92495551-dedd-43d4-bb3a-51028bc5c6d6

Windows Vista x64 Edition (optionally with SP1/SP2):
http://www.microsoft.com/downloads/de...=3cb139b3-59f4-44ef-9911-4dd4e3b83e7d

Windows Server 2008 for 32-bit Systems (optionally with SP2):
http://www.microsoft.com/downloads/de...=8c4c91ec-1b2b-4176-bd77-45245b590329

Windows Server 2008 for x64-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/de...=4f9975b8-3f91-4116-9200-ef55ece75854

Windows Server 2008 for Itanium-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/de...=9395547f-b620-4cbd-9ff5-11b76cd73859

-- Internet Explorer 8 --

Windows XP SP2/SP3:
http://www.microsoft.com/downloads/de...=7c2948fb-f486-4801-bc21-bbf40d5a78c2

Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/de...=41b83fad-948b-4a9c-80ed-9c5a60bd35b4

Windows Server 2003 SP2:
http://www.microsoft.com/downloads/de...=7d480c87-2ca9-4505-a59d-a6d73d001fa5

Windows Server 2003 x64 Edition SP2:
http://www.microsoft.com/downloads/de...=3e2e740b-8417-4758-8468-15221249ec71

Windows Vista (optionally with SP1/SP2):
http://www.microsoft.com/downloads/de...=5e2cbd7d-f64f-49e5-a159-1965ebfe2a92

Windows Vista x64 Edition (optionally with SP1/SP2):
http://www.microsoft.com/downloads/de...=b7a7e8e7-f4c5-459d-ab6c-05a192e1e3f9

Windows Server 2008 for 32-bit Systems (optionally with SP2):
http://www.microsoft.com/downloads/de...=f5ce8582-af63-4870-bee3-0abeeefa1458

Windows Server 2008 for x64-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/de...=be11981c-d286-4e3c-94bf-d4e67a975d5a

Windows 7 for 32-bit Systems:
http://www.microsoft.com/downloads/de...=278443c1-15dc-436b-893b-ffea6d29d16d

Windows 7 for x64-based Systems:
http://www.microsoft.com/downloads/de...=a584cd0f-2e05-4e36-8858-0ffead637162

Windows Server 2008 R2 for x64-based Systems:
http://www.microsoft.com/downloads/de...=d3386793-a594-4bc5-8308-28b561d43087

Windows Server 2008 R2 for Itanium-based Systems:
http://www.microsoft.com/downloads/de...=9d137bab-8312-4240-af74-c65ba652fde0

포렌식 네트워크 분석방법에 대해 알아 볼까합니다.

단계별 수집 가능 정보 및 로그 파일 종류  

예)스머프 공격

* 단계별로 기술합니다.

Release Date:  2009-10-09 
 
Critical:  Extremely critical 

Impact:  System access
 
Where:  From remote 

Solution Status:  Unpatched 
 
Software:
Adobe Acrobat 3D 8.x
Adobe Acrobat 7 Professional
Adobe Acrobat 7.x
Adobe Acrobat 8 Professional
Adobe Acrobat 8.x
Adobe Acrobat 9.x
Adobe Reader 7.x
Adobe Reader 8.x
Adobe Reader 9.x

Description:
Adobe Reader and Acrobat에서 발표한 자료로, 현재 패치가 없는 상태 입니다.

본 취약점은 악의적인 사용자가 지시하지 않은 오류 와 임의의 코드 실행이 가능하다고 합니다.

Solution:
신뢰되지 않는 파일은 실행하지 말라고 합니다.

Release Date:  2009-10-05 
 
Critical:  Highly critical 

Impact:  System access
 
Where:  From remote 

Solution Status:  Unpatched 
 
Software:
IBM Informix Client Software Development Kit (CSDK) 3.x
IBM Informix Connect 3.x

Description:
bruiser님이 발견한 취약점으로, IBM Informix Client Software Development Kit (CSDK) 과 IBM Informix Connect를 이용해 악의적인 사용자가 사용자 시스템을 엑세스 할수 있다고 합니다.

본 취약점은 ".nfx" files를 처리할때  넘치도록 긴 "HostList"를 오픈하도록하여 stack-based buffer overflow를 통해 boundary error를 유발하여, 실행하고자 하는 악의적인 코드를 실행할수 있다고 합니다.

Solution:
아직 패치는 없는 상태이며, 신뢰할수 없는 .nfx 파일은 오픈하지 말랍니다.

Release Date:  2009-10-01 
 
Critical:  Highly critical 

Impact:  System access
 
Where:  From remote 

Solution Status:  Vendor Patch 
 
Software: Google Chrome 3.x

Description:
Google Chrome팀이 발견한 취약점으로, Google Chrome를 통해 악의적인 사용자가 사용자 시스템을 엑세스 할수 있다고 합니다.

본 취약점은,악의적인 사이트를 방문하였을때,  floating point numbers를 해부시 boundary error를 유발하여, 버퍼 오버 플로우를 유발 시킨다고 합니다.

Solution:
Update to version 3.0.195.24.
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

Release Date:  2009-10-02 

Critical:  Highly critical 

Impact:  System access
 
Where:  From remote 

Solution Status:  Unpatched 
 
Software: Google Apps 1.x

Description:
pyrokinesis님이 발견한 취약점으로, Google Apps를 통해 악의적인 사용자가 사용자 시스템을 엑세스 할수 있다고 합니다.

본 취약점은,chrome.exe를 통해 "--renderer-path" option를 조작하여, "googleapps.url.mailto:" URI의 조정하는 작업을 수행할때, 네트워크 경로에서 임의의 응용프로그램을 실행할수 있다고 합니다.
요즘 URI관련 취약점이 많이 나오고 있네요 ;;

Solution:
아직 패치가 없으며, 신뢰할수 없는 웹사이트 방문은 하지 말아달라고 합니다.

Release Date:  2009-09-30 
Critical:  Highly critical 
Impact:  System access
Where:  From remote 
Solution Status:  Unpatched 
Software: EMC Captiva QuickScan Pro 4.x

Description:
pyrokinesis님이 발견한 취약점으로 EMC Captiva QuickScan Pro에서 악의적인 사용자가 사용자 시스템을 접근할수 있는 취약점으로,
취약한 KeyHelp Activex control에 포함하여 발생한다고 합니다.

http://retrogod.altervista.org/9sg_emc_keyhelp.html

Solution:
패치는 아직 없고, 감염된 ActiveX control를 kill bit하랍니다.

CLSID: {B7ECFD41-BE62-11D2-B9A8-00104B138C8C}
Progid: KeyHelp.KeyCtrl.1
Binary Path: C:\WINDOWS\system32\KeyHelp.ocx
KillBitted: False
Implements IObjectSafety: True
Safe For Initialization (IObjectSafety): True
Safe For Scripting (IObjectSafety): True

Release Date:  2009-09-30 
Critical:  Highly critical 
Impact:  System access
Where:  From remote 
Solution Status:  Unpatched 
Software: IBM Installation Manager 1.x

Description:
IBM Installation Manager에서의 취약점을 이용하여, 악의적인 사용자가 사용자의 시스템을 사용할수 있다고 합니다.

이 취약점은, IBMIM.exe에서 발생하는데, iim: URI를 조작하여, 특별히 조작된 "-vm" 를 보내 임의의 저장소를 네트워트 공유를 하게 됩니다.

Solution:
패치는 아직 없고, 신뢰할수 없는 사이트는 들어가지 말라고 합니다.

Release Date:  2009-09-23 

Critical:  Highly critical 

Impact:  System access
 
Where:  From remote 

Solution Status:  Vendor Patch 

Software: iTunes 9.x

Description:
iTune에서 발표한 취약점으로, 이 취약점을 이용하여, 악의적인 사용자가 일반 사용자의 시스템의 보안을 무능력하게 만들수 있다고 합니다.

이 취약점은 .pls 처리중 boundary 에러를 유발시켜, 그 결과 buffer overflow를 일으켜 원하는 코드를 실행할수 있다고 합니다.

윈도우와 MAC 둘 제품 모두 포함한다고 되어 있네요.

Solution:

Update to version 9.0.1
http://support.apple.com/kb/HT1222?viewlocale=en_US.

Release Date: 2009-09-08

Critical: Highly critical

Impact:  System access

Where:  From remote 

Solution Status:  Vendor Patch

OS: Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server,
Microsoft Windows Server 2003 Datacenter Edition, Microsoft Windows Server 2003 Enterprise Edition, Microsoft Windows Server 2003 Standard Edition,
Microsoft Windows Server 2003 Web Edition, Microsoft Windows Server 2008, Microsoft Windows Storage Server 2003, Microsoft Windows Vista, Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Software: Microsoft Windows Media Format Runtime 11.x, Microsoft Windows Media Format Runtime 9.x, Microsoft Windows Media Services 2008, Microsoft Windows Media Services 9.x

Description:
1. ASF Header를 조작, 에러를 유발시켜, 악의적인 메모리 영역를 불려올수 있다고 하네요..
2. MP3 meta-data를 조작하여 메모리 충돌을 유발할수 있다고 합니다.

Solution:
아래에서 해당 OS에 맞는 패치를 받아 해결하시기 바랍니다.

-- Windows Media Format Runtime --

Microsoft Windows 2000 Service Pack 4 with Windows Media Format Runtime 9.0:
http://www.microsoft.com/downloads/de...=02b9dc42-38c2-44b1-a77c-34854f4a86c4

Windows XP SP2 with Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, and Windows Media Format Runtime 11:
http://www.microsoft.com/downloads/de...=6ffc081e-f892-4818-acb9-6d79e15d473c

Windows XP SP3 with Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, and Windows Media Format Runtime 11:
http://www.microsoft.com/downloads/de...=31585f5a-9aaa-40da-b15a-11284b4b800c

Windows XP Professional x64 Edition SP2 with Windows Media Format Runtime 9.5:
http://www.microsoft.com/downloads/de...=3780d565-d027-4f54-8fc0-05f5c3c6ba1a

Windows XP Professional x64 Edition SP2 with Windows Media Format Runtime 9.5 x64 Edition:
http://www.microsoft.com/downloads/de...=ce515188-db3c-4694-85da-177c8f76b68c

Windows XP Professional x64 Edition SP2 with Windows Media Format Runtime 11:
http://www.microsoft.com/downloads/de...=9a465f92-3067-4a5a-9882-1fc2cf796c99

Windows Server 2003 SP2 with Windows Media Format Runtime 9.5:
http://www.microsoft.com/downloads/de...=4ab34e3d-34cb-4e35-a2da-b348ace8a8f7

Windows Server 2003 x64 Edition SP2 with Windows Media Format Runtime 9.5:
http://www.microsoft.com/downloads/de...=8654ee33-6083-447f-ae5b-43ef8d8b613d

Windows Server 2003 x64 Edition SP2 with Windows Media Format Runtime 9.5 x64 Edition:
http://www.microsoft.com/downloads/de...=ce515188-db3c-4694-85da-177c8f76b68c

Windows Vista, Windows Vista SP1 and SP2 with Windows Media Format Runtime 11 and Microsoft Media Foundation:
http://www.microsoft.com/downloads/de...=d2bdefcc-f6b9-47c3-a55d-a4f33f967828

Windows Vista x64 Edition (optionally with SP1 and SP2) with Windows Media Format Runtime 11 and Microsoft Media Foundation:
http://www.microsoft.com/downloads/de...=97f00b25-fb8f-4300-80c0-c63179f32182

Windows Server 2008 for 32-bit Systems (optionally with SP2) with Windows Media Format Runtime 11 and Microsoft Media Foundation:
http://www.microsoft.com/downloads/de...=9c111bff-aff6-4ff7-81f6-e736cfcbe3ed

Windows Server 2008 for x64-based Systems (optionally with SP2) with Windows Media Format Runtime 11 and Microsoft Media Foundation:
http://www.microsoft.com/downloads/de...=59615c8b-a07f-4326-836d-f17b2fcc4695

-- Windows Media Services --

Windows Server 2003 SP2 with Windows Media Services 9.1:
http://www.microsoft.com/downloads/de...=61cd0581-c36e-4da6-ae95-41609adbe922

Windows Server 2003 x64 Edition SP2 with Windows Media Services 9.1:
http://www.microsoft.com/downloads/de...=67c46f26-e6df-4ba2-9c03-1590b31e454c

Windows Server 2008 for 32-bit Systems (optionally with SP2) with Windows Media Services 2008:
http://www.microsoft.com/downloads/de...=2801f69b-37d0-4d0f-9632-31382b824d36

Windows Server 2008 for x64-based Systems (optionally with SP2) with Windows Media Services 2008:
http://www.microsoft.com/downloads/de...=7fad3793-174f-46db-9d0a-873a0ea8be65

Release Date: 2009-09-08

Critical: Moderately critical 

Impact:  System access

Where:  From local network 

Solution Status:  Unpatched

OS: Microsoft Windows Server 2008, Microsoft Windows Vista

Description:
아직 패치가 발표되지 않은 취약점으로 각별한 주의가 요합니다.
Laurent Gaffié가 발견한 취약점으로
특별히 조작된 SMB packet을 통해 srv2.sys 커널 드라이브에서 Array indexing에러를 발생하게 하여, 다른 영역의 메모리 영역을 조작할수 있습니다.
Windows 2008 R2 64bit와 Windows 2008 R2 IA에서는 이 취약점이 존재하지 않는다고 하네요

Solution:
이 취약점을 해결하기 위해서는 SMB v2릴 Disable하거나 TCP port 139, 445를 사용하지 말라고 합니다.

1. Click Start, click Run, type Regedit in the Open box, and then click OK.
 
2. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
 
3. Click LanmanServer.
 
4. Click Parameters.
 
5. Right-click to add a new DWORD (32 bit) Value.
 
6. Enter smb2 in the Name data field, and change the Value data field to 0.
 
7. Exit.
 
8. Restart the "Server" service by performing one of the following:

- Open up the computer management MMC, navigate to Services and Applications, click Services, right-click the Server service name and click Restart. Answer Yes in the pop-up menu.
 
해당 서비스를 하지 않아 문제점이 발생하면 생성한 smb2의 값을 1로 조정하시면 됩니다.
- 해당 포트를 막아도 상관없다면 막아버리셔도 됩니다.

CISSP

Domain 6 1.0

http://itka.kr

올엠 : 한주성

Single79@msn.com

cissp-domain 6.pdf

CISSP

Domain 4 1.0

http://itka.kr

올엠 : 한주성

Single79@msn.com

cissp-domain 4.pdf