Posts tagged Stephen ramsay

Security Bulletin – Windows Help system Hack

Jul 2nd

As some of you may have read in the press (http://news.bbc.co.uk/1/hi/technology/10473495.stm) there is currently a major security vulnerability in the Windows Help system that is currently being exploited by hackers to take control of PCs worldwide. Once they have control obviously they use the PCs for all kinds of nastiness. This vulnerability exists whether or not you use any of the Microsoft help functions which use the HPC protocol.

Over the course of this week Krayatec have been deploying to all of our clients a fix for this issue via automatic log in scripts. This means that if you have restarted your computer every night and are on a managed domain you will already be protected. If you do not have domain control on your site, we will be calling you shortly to manually apply the fix.

I have written a custom automated script to do this which can be found here : http://www.kraya.co.uk/downloads/xpfix.zip Simply download, save and run the enclosed xpfix.bat file. It takes less than a second and once completed you see a black screen saying “Krayatec XP HCP Protocol fix applied”.

There is also a fully bloated Microsoft Windows XP MSI which can be downloaded from the Microsoft KB2219475 article page here http://support.microsoft.com/kb/2219475

We would recommend that all users also apply the “Microsoft Fix it update 50459”, either via the Microsoft site or our automated script to all Windows XP computers at home and work as soon as possible.

It should be noted that whilst Anti-virus and Ant-Spyware software may detect some of the “nasties” hackers might try to install on your computer, they will not prevent this problem. To do secure your computer and prevent this vulnerability being exploited, you must run the above script.

As always if you have any questions or concerns please do not hesitate to call.

More detailed Technical Info:

On the 10th of June 2010, Microsoft announced that it was investigating new public reports of a vulnerability in the Windows Help and Support Center function of Windows XP and Windows Server 2003. The vulnerability could allow a remote attacker to use the HCP protocol to remotely execute code on any Windows XP or Windows Server 2003 computer if a user views a specially crafted web page. At this time Microsoft stated that it was aware of a proof-of-concept exploit code and limited, targeted active attacks that use this exploit code.

Subsequently Microsoft and a number of security vendors have reported wide spread attacks in the wild using this exploit to deliver a number of different malicious payloads as reported on the BBC link above.

The custom script linked above closed this vulnerability be de-registering the HCP Protocol on the computer, hence a remote attacker is not able to use the Microsoft Windows Help and Support Center function to attack the computer. This is done by deleting the HKEY_CLASSES_ROOT\HCP registry key. The old registry key is backed up to HCP_Protocol_Backup.reg incase (of reasons unknown) you decide you want to re-enable this feature.

.bat, 2219475, 50459, Ant-Spyware, anti-virus, applied, article, automated, automated script, automatic, bloated, Computer, control, custom, deploying, detect, domain, download, exploit, exploited, file, fix, Fix it, hackers, help, help functions, HKEY_CLASSES_ROOT\HCP, home, HPC, HPC protocol, issue, KB2219475, key, KrayaTec, log in scripts, Major, Microsoft, Microsoft Fix it, Microsoft windows, MSI, PC, press, prevent, problem, protected, Registry, registry key, restarted, run, save, Script, Security, software, Stephen ramsay, system, update, Vulnerability, windows XP, work, XP, XP HPC Protocol

ACER Travelmate 6592 screen fault

Feb 23rd

Posted by stephen in Linux

No comments

Folks, I know I said I would blog more in the new year and I will but in the mean time I just wanted to share an interesting point about my laptop screen.

I have an ACER Travelmate 6592, the power supply blew for it last week and after buying what I thought was a genuine replacement only to find it was a dud, I now have the genuine part (from a different supplier). I have now started having issues with the back-light of the LCD display, it would hiss and flicker before dieing completely. I should say this problem occurred on both Windows vista & 7 and on Ubuntu Linux regardless of kernel version.

Thinking the un-clean power from the dodgie replacement power adapter may have damaged the back light bulb I was all for buying a new one and embarking on the daunting task of changing the back-light, until that is I discovered this blog post by Aral Balkan

Running the laptop on mains with the battery in causes screen flicker / black screen, where as running it with just mains or just battery it works fine.

I should also say that if you are running a laptop on mains all of the time you will shorten the life of your battery, therefore removing the battery from all laptops whilst running on mains for a long period of time is not necessarily a bad thing.

The only question is do I want to pay acer to repair my now out of warranty acer travelmate 6592?

Hope this helps some others out there and a massive thanks to Aral Balkan for his blog post.

6592, 7, acer, back, backlight, battery, black, blank, broken, charging, circut, display, fault, flicker, Kraya, KrayaTec, laptop, lcd, light, Linux, mains, monitor, power, powerboard, ramsay, screen, Stephen, Stephen ramsay, travel mate, travelmate, Ubuntu, Vista, Windows

Adobe update – excessive traffic to ardownload.adobe.com

Dec 16th

Posted by stephen in Rants

No comments

Adobe has not been without its problems of late, and whilst there have been security issues that could have lead to losses, so far none of our clients have suffered financially from Adobe’s failings. Until now that is.

One of our Clients had their ADSL cut off this week as they had exceeded the usage policy. Why? Adobe Update Manager on one Windows XP PC had decided to download over 70GB of data over the course of a 7 day period. It would appear that it was getting itself in a loop and just kept trying to update continuously, 70GB worth of continuously.

The Adobe website serves the update MSI binary files as content type Text/Plain, the Adobe Update client has a very short timeout and immediately opens another connection to re-start the download. Hence if there is a slow connection or the caching server does not return the whole file in a timely manner the Adobe Update client enters the infinite loop of retries, causing the excessive bandwidth consumption witnessed here.

There are several forum threads including on Adobe’s own site http://forums.adobe.com/thread/392129 all linking this issue to a conflict between and old version of WebMarshall and Adobe updater; however our machines do not use WebMarshall and we do not have it installed anywhere on our networks.

We do however use Squid caching on our CentOS 5 servers. The server in this instance seems to be fulfilling the requests on each occasion in a timely manner – the issue is that each time Adobe updater passes a URL it is different in key areas, which Squid interprets as a separate request. This is not abnormal and we have seen this before when we have tried to configure squid to cache Windows updates. However rather than enter a loop of requests, Windows updates simply fail. Other automatic updaters work well with caching systems and indeed most ISPs are now implementing different forms of web caching on their own networks. Dose this mean the Adobe issue is affecting them in the same way?

The issue seems to only affect PCs (or at least we have seen no affected Mac users as yet), and it also seems to affect most Adobe products.

For now Adobe and the ISPs have remained quiet on the issue, however we have 3 other clients (and my own home ADSL ) who cannot update Adobe at all, access to ardownload.adobe.com appears to have been blocked by the ISP. Quite when the Adobe update issue will be resolved is unknown; however we have also taken the decision to block access to ardownload.adobe.com from all of our networks, for the moment.

Richard, one of our Systems Admin Team has published a more detailed account of the technicalities involved here: http://richard.blog.kraya.co.uk/2009/12/16/a-big-adobe-problem/

abnormal, Adobe, Adobe products, Adobe update, Adobe Update client, Adobe Update manager, adobe updater, Adobe website, Adobe’s, ADSL, Apple, ardownload.adobe.com, automatic, bandwidth, bandwidth consumption, block, blocked, cache, caching, caching system, CentOS, CentOS 5, CentOS 5 servers, Clients, Computer, configure squid, conflict, connection, continuously, Cut off, data, download, exceeded, excessive, excessive bandwidth consumption, fail, failings, financially, fix resolve, GB, immediately, infinite loop, ISP, IT, Kraya, KrayaTec, loop, loop of requests, Mac, MSI binary files, PC, problems, resolved, retries, security issues, Server, serves, slow, Squid, Squid caching, Stephen, Stephen ramsay, suffered, support, timeout, to ardownload.adobe.com, traffic, update, update Adobe, update continuously, update MSI binary files, updater, updaters, Updates, URL, usage, users, web caching, Web Marshall, WebMarshall, Windows, Windows updates, XP

Its been a while………

Dec 15th

Posted by stephen in Journeys

No comments

It has been a while since I posted to my blog – sorry about that.

There have been a number of reasons: Firstly, things have been very busy here at krayatec and more importantly, Angela and I got married. Thanks to all who came to our wedding and I do hope you all had a good time. We certainly enjoyed ourselves and I’m glad to report that after his wee trip to hospital my grandfather is well; one operation over and waiting on his second.

So what’s been happening around here?

Due to family illness Andrei has decided to return to Canada, so we are now recruiting for his position. To help cover while we recruit a replacement, David will shortly return for Christmas, it’ll be nice to have him back for a while.

We have had some new clients come on stream in the last few months and have seen an large increase in the number of computers covered via our existing clients.

With the VAT changes coming to an end this month, we have also seen a number of large hardware purchases as people seek to take advantage before the VAT rate returns to 17.5%.

There has been lots of other exciting news, some of which I will blog about over the next few months and some of which is already on twitter.

As we approach Christmas, I have also been thinking about new year’s resolutions and well, along with the usual ones like diet and putting the toilet seat down (can’t believe how much that annoys her – such a cliché! ), I have made myself a work resolution to Blog at least once a fortnight and tweet once a day.

We’ll see how I get on… As always, comments welcome.

15%, 17.5%, Andrei, Andrei Hogar, Angela, Blog, Canada, changes, Christmas, cliché, Clients, computers, David, David Forrest, Day, diet, end this month, exciting news, family, fortnight, grandfather, hardware purchases, hospital, illness, Kraya, KrayaTec, married, new year, new year’s, operation, recruiting, replacement, resolutions, sorry, Stephen, Stephen ramsay, toilet seat down, tweet, twitter, VAT, waiting, Wedding, work resolution

Krayatec are Hiring

Aug 6th

Posted by stephen in Journeys

No comments

Are you a geek at heart looking for your first Real IT job?

Do you have what it takes to join the krayatec team?

Krayatec are currently looking for a Junior IT Support Engineer, to join our team. This is an opportunity for someone with a good general IT and computing skills who is looking for one of their first jobs in IT. Qualifications are not top of our wish list, most important of all is the right attitude and aptitude, someone who is articulate with good customer service skills. They must be a quick learner with good problem solving skills and a great telephone manner.

Krayatec is not your run of the mill IT Company and we’re not looking for a run of the mill person.

To tell us why you’re as unique as we are and apply, or f or more information and to read the formal job Advert please see http://www.krayatec.co.uk/careers/

For more info on Kraya see http://www.kraya.co.uk/

Stephen Ramsay
Head of Krayatec

Update I have added an Application Closing Date of 9am, Friday 14th August 2009

Apple Mac, aptitude, articulate, attitude, background, basic knowledge, careers, CentOS, computer hardware, computing, customer service, Customer Service Experience, DEBIAN, Edinburgh, eh, eh3, Engineer, first job, geek, general IT, Head of Krayatec, IT, IT Support, job Advert, join, Junior, Junior IT Support Engineer, knowledge, Kraya, KrayaTec, krayatech, krayatek, Linux, office, opportunity, polite, problem solving, Professional, quick learner, ramsay, scotland, skills, Stephen, Stephen ramsay, Support Engineer, system configuration, tec, tech, tek, Ubuntu, uk, Vista, wanted, Windows, XP

Changing your password in Kerio Mailserver

Jun 16th

Posted by stephen in Security

No comments

Changing your passwords is very easy.

Under your Windows computer press Crtl + Alt + Del and select change password.

To Change your email password, simply log into your Web Mail (call us if you don’t know the address)

Then Select change password from the Settings drop down menu as below

settings menu in kerio webmail

And then enter your old and new passwords in the box below.

kerio password change dialog box

Remember to make it something secure that no one will guess, no kids, partners or team names and no dictionary words. Random Numbers and letters, remember capitals and lower case combinations are best, or try a sentence like “Why can 1 never remember 555″ you can use spaces. Remember the best passwords are not necessarily easy to remember but they can be if your clever about it. Hackers offten use a dictionary or password list attack to crack passwords, this is where a system tires every word in the dictionary or in a common password list, things like Rangers, Rang3rs or Celtic, C3lt1c will be near the top of that list.

+, +, Alt, attack, best, best passwords, broken, capitals, change password, Changing your passwords, combinations, common password list, Crtl, Del, dictionary, dictionary words, drop down, easy to remember, email password, guesed, Kerio, Kerio MailServer, kerio webmail, kids, Kraya, KrayaTec, letters, lower case, MailServer, Microsoft, Microsoft Widows, no one will guess, Numbers, partners, password list, ramsay, Random, Remember, secure, sentence, settings, spaces, Stephen, Stephen ramsay, system, team names, tires, try, Web Mail change password, webmail, Widows

Kerio Mail Server – Feedback and Updates

May 14th

Posted by stephen in Linux

No comments

Kerio have recently introduced a new update for the Kerio MailServer (KMS), which has fast become krayatec’s favoured mail server.

We have now deployed Kerio MailServer 6.2 to most of our clients and despite a handful of teething problems, most are now seeing advantages over Exchange and their previous IMAP based systems.

Feedback from clients has generally been positive, however for two of our clients the switch has not been as pain free as we would have liked and they are still experiencing several issues:

VERY Slow connections between the Kerio Outlook connector and the Server.
Kerio Outlook Connector seems to consume huge amounts of RAM, particularity on older Systems.
Outlook and MS Word Mail merge function seams to fail after installation of Kerio Off-line Outlook connector. This issue is still under investigation by both our own and Kerio’s Technical teams.
IMAP sync issues when using Thunderbird: Kerio and Thunderbird seem to be unable to share junk, sent and deleted folders leading to duplication.
Thunderbird and Kerio integration is not perfect in general and Thunderbird is unable to feed back junk mail training data, or rule learning, to the Kerio Mail Server.

The release notes for the new Update to Kerio MailServer 6.7 suggests that this upgrade will fix most of these issues. The update has now been deployed to our own Kerio system and we are currently testing this in full prior to deployment to our clients systems. After discussing the updates with the Kerio team, we are very hopeful of resolving the above issues. However, it is indisputable that issues may remain with legacy systems, particularity Windows 2000.

Feedback / comments and suggestions for the above issues are always welcome.

6.2, advantages, clients systems, comments, Connector, data, deleted, deployed, deployment, duplication, Exchange, fail, feed back, Feedback, fix, folders, help, IMAP, IMAP sync, indisputable, installation, investigation, issues, junk, junk mail, Kerio, Kerio integration, Kerio MailServer, Kerio MailServer 6.2, Kerio MailServer 6.7, Kerio Off-line Outlook connector, Kerio Outlook connector, KMS, KrayaTec, legacy systems, Mail, Mail merge, Mail Server, MailServer, not perfect, Off-line Outlook connector, older Systems, Outlook, pain, particularity, previous, problem, RAM, ramsay, release notes, resolving, rule learning, sent, Server, several, slow, Slow connections, Stephen, Stephen ramsay, suggestions, system, systems, Technical, teething problems, testing, Thunderbird, training, Windows 2000, Word

Security Bulletin – Adobe Reader and Acrobat

May 14th

Posted by stephen in Apple

No comments

Below is an update to Security Bulletin – Adobe – April 09

Adobe have published a new Security Bulletin and provided updates for Adobe Reader and Acrobat patches. These updates resolve the previously reported vulnerabilities in Adobe Reader 9.1 and Acrobat 9.1 and earlier versions. This vulnerability (CVE-2009-1492) would cause the application to crash and could potentially allow an attacker to take control of the affected system remotely and install Malicious code.

We have already recommended that user consider using alternatives to Adobe reader, this continues to be our current advice. However users still using Adobe should now update and install these patches as soon as practical.

Adobe recommends users of Adobe Reader 9.1 and Acrobat 9.1 and earlier versions update to Adobe Reader 9.1.1 and Acrobat 9.1.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.5, and users of Acrobat 7 update to Acrobat 7.1.2. For Adobe Reader users who can’t update to Adobe Reader 9.1.1, Adobe has provided the Adobe Reader 8.1.5 and Adobe Reader 7.1.2 updates.

7.1, 7.1.2, 8, 8.15, 9.1, 9.1.1, Acrobat, Acrobat 7, Acrobat 7.1.2, Acrobat 8, Acrobat 8.1.5, Acrobat 9.1, Acrobat 9.1.1, Adobe, Adobe Acrobat, Adobe Reader, Adobe Reader 7.1.2, Adobe Reader 8.1.5, Adobe Reader 9.1, Adobe Reader 9.1.1, alternatives, Apple, Apple Mac, APSB09-06, attacker, Bulletin, current advice, CVE-2009-1492, CVE-2009-1493, earlier, install, Mac, Malicious code, Microsoft, patch, ramsay, Reader, remotely, resolve, Security, Security Bulletin, stephe, Stephen ramsay, system, take control, update, versions, Vulnerabilities, Vulnerability, Windows

Apple Security Update

May 14th

Posted by stephen in Apple

No comments

Apple have today issued a massive set of security updates for Mac OS X update to correct total of 67 security vulnerabilities. The unexpected and abrupt Apple Patch issue also includes patch to fix a number of security flaws in Safari Web browser on both Mac OS X and Microsoft Windows.

The OS X update fixes security vulnerabilities and flaws in a total of 31 different Apple components, including issues in open-source packages used by Apple. The updates also fix code execution vulnerabilities in several pieces of apple software. These are very similar to the vulnerabilities seen in Adobe and Microsoft products.

The detailed list of affected software, components is shown below and more information can be found on Apple’s support site. For ease of understanding I have combined a few of these into one.

An Important phrase you will get to know is ” may lead to execution of malicious code” this essentially means attackers could run a program on your computer that allows them to, well do anything they like, from taking note of your bank details to reeking havoc with your system configuration.

APPLE-SA-2009-05-12 Security Update 2009-002 / Mac OS X v10.5.7

Apache CVE-2008-2939
Affected: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Details: An input validation issue exists in Apache’s handling of FTP proxy requests containing wildcard characters. Visiting a malicious website via an Apache proxy may result in an attack.

Apache CVE-2008-2939
Affected: Mac OS X v10.5, v10.5.6 & Mac OS X Server v10.5, v10.5.6
Details: Visiting a malicious website may allow an attack to run a malicious program.

Apache CVE-2008-0456
Affected: Mac OS X v10.5, v10.5.6 & Mac OS X Server v10.5, v10.5.6
Details: Web sites that allow users to control the name of a file may be vulnerable to redirection the user to a different file without the users knowledge by forging the malicious file name. Thus tricking users into opening malicious content.

ATS CVE-2009-0154
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Viewing or downloading a document containing a maliciously
crafted font may lead to execution of malicious code.

BIND CVE-2009-0025
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: BIND is susceptible to a spoofing attack, were one website pretends to be another, if configured in a certain way using OpenSSL. A maliciously crafted security certificate could bypass the validation, which may lead to a spoofing attack.

CFNetwork / Safari CVE-2009-0144
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Safari and other Applications that use CFNetwork may send secure cookies unexpectedly over a unencrypted connection. Systems prior to Mac OS X v10.5 are unaffected.

CFNetwork / Safari CVE-2009-0157
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Visiting a malicious website may lead to an application terminating unexpectedly or malicious code execution. Systems prior to Mac OS X v10.5 are not affected.

CoreGraphics CVE-2009-0145, CVE-2009-0155
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Opening a maliciously crafted PDF file may lead to an application terminating unexpectedly or malicious code execution.

CoreGraphics CVE-2009-0146, CVE-2009-0147, CVE-2009-0165
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an application terminating unexpectedly or malicious code execution.

Cscope CVE-2009-0148
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Processing a maliciously crafted source file with Cscope may lead to an application terminating unexpectedly or malicious code execution.

CUPS CVE-2009-0164
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Visiting a maliciously crafted web site may lead to unauthorized access of the Web Interface of the printing service. This may allow a maliciously crafted website to start and stop printers, and access information about printers and jobs and even print documents.

Disk Images CVE-2009-0150, CVE-2009-0149
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Mounting a maliciously crafted disk image may lead to an application terminating unexpectedly or malicious code execution.

Enscript CVE-2004-1184, CVE-2004-1185, CVE-2004-1186, CVE-2008-3863
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Multiple vulnerabilities in enscript which may lead to malicious code execution.

Flash Player plug-in CVE-2009-0519, CVE-2009-0520, CVE-2009-0114
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Multiple issues exist in the Adobe Flash Player plug-in, when viewing a maliciously crafted web site these may lead to malicious code execution.

Help Viewer CVE-2009-0942, CVE-2009-0943
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: A maliciously crafted Apple “help:” page may be used to invoke AppleScript files, which may lead to malicious code execution.

Ichat CVE-2009-0152
Affected: Mac OS X v10.5 – v10.5.6,Mac OS X Server v10.5 – v10.5.6
Details: iChat can use Secure Sockets Layer (SSL) for AOL Instant Messenger and Jabber accounts. If iChat is unable to connect it will authenticate via plain text (non secure) methods until SSL is manually re-enabled. A remote attacker with the ability to observe network traffic may observe the contents of AOL Instant Messenger conversations.

International Components for Unicode CVE-2009-0153
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Maliciously crafted content may bypass website filters and result in malicious code execution.

IPSec CVE-2008-3651, CVE-2008-3652
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Multiple vulnerabilities and memory leaks exist in the racoon daemon in ipsec-tools which may lead to a denial of service.

Kerberos CVE-2009-0845, CVE-2009-0846, CVE-2009-0847, CVE-2009-0844
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: An attacked could send maliciously crafted authentication information or an encoded message which may lead to a denial of service of a Kerberos-enabled program

Kernel CVE-2008-1517
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: An issue exists which may lead to a local user obtaining system privileges or to an unexpected system shutdown. This vulnerability may also allow malicious code execution with Kernel privileges.

Launch Services CVE-2009-0156
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Downloading a maliciously crafted Mach-O executable (application) may cause Finder to repeatedly terminate and relaunch.

Libxml CVE-2008-3529
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Visiting a maliciously crafted website may lead to an application terminating unexpectedly or malicious code execution.

Net-SNMP CVE-2008-4309
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: A remote attacker may terminate the operation of the SNMP service by sending specificity crafted messages.

Network Time CVE-2009-0021, CVE-2009-0159
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Network Time is susceptible to a spoofing attack if NTP authentication is enabled. Once spoofing has take place a remote NTP server could maliciously execute code.

Networking CVE-2008-3530
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: When IPv6 support is enabled, A remote user may be able to cause an unexpected system shutdown.

OpenSSL CVE-2008-5077
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: An attacked could use a man-in-the-middle attack and be able to impersonate a secure trusted server or user in applications using OpenSSL for SSL certificate verification. Permiting an attacker to capture information the user thought was secure.

PHP CVE-2008-3659, CVE-2008-2829, CVE-2008-3660, CVE-2008-2666,CVE-2008-2371, CVE-2008-2665, CVE-2008-3658, CVE-2008-5557
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Multiple vulnerabilities in PHP which may lead to malicious execute code.

QuickDraw Manager CVE-2009-0160, CVE-2009-0010
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Opening a maliciously crafted PICT image may lead to an application terminating unexpectedly or malicious code execution.

Ruby CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2009-0161
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Multiple vulnerabilities exist in Ruby 1.8.6 including the fact that Ruby programs may accept revoked or invalid security certificates as genuine.

Safari CVE-2009-0162
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Multiple input validation vulnerabilities exist in Safari’s handling of “feed:” URLs. Accessing a maliciously crafted “feed:” URL may lead to malicious code execution.

Spotlight CVE-2009-0944
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Downloading a maliciously crafted Microsoft Office file may lead to an application terminating unexpectedly or malicious code execution.

system_cmds
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: The “login” command starts an interactive shell after a local user is authenticated. The priority level for the interactive shell is reset to the system default, which can cause the shell to run with an unexpectedly high priority and authorization level.

telnet CVE-2009-0158
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an application terminating unexpectedly or malicious code execution.

WebKit CVE-2009-0945
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Visiting a maliciously crafted website may lead to an application terminating unexpectedly or malicious code execution.

X11 CVE-2006-0747, CVE-2007-2754, CVE-2008-2383, CVE-2008-1382, CVE-2009-0040
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Multiple vulnerabilities exist in FreeType v2.1.4 & v2.3.8, the most serious of which may lead to an application terminating unexpectedly or malicious code execution when processing a maliciously crafted font. Displaying maliciously crafted data within an xterm terminal may also lead to malicious code execution. Further vulnerabilities exist in libpng version 1.2.26, the most serious of which may also lead to arbitrary code execution.

Security Update 2009-002 / Mac OS X v10.5.7 may be obtained from the Software Update pane in System Preferences, or Apple’s Software Downloads web site: http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2009-002 or Mac OS X v10.5.7.

10.5, 10.5.6, 2.0.63, abrupt, accept revoked certificate, Adobe, Adobe Flash, Adobe Flash Player plug-in, AIM, AOL Instant Messenger, Apache, Apache 2.0, Apache 2.2, Apache 2.2.11, Apache 2.2.9, Apache patch, Apple, Apple components, Apple Kernel, apple macintosh, Apple Patch issue, Apple Product Security, Apple Safari, apple software, Apple Type Services, APPLE-SA-2009-05-12, AppleScript files, application termination, arbitrary, arbitrary code execution, ASN.1 encoded message, ATS, attackers, authentication packet, bank details, BIND, boot, bypass, Cascading Style Sheets, CFF, CFNetwork, Code, code execution, code execution vulnerabilities, command, Compact Font Format, components, Computer, containing, contents, conversations, CoreGraphics, crafted, cross-site scripting, Cscope, CUPS, CUPS 1.3.9, CUPS Web Interface, CVE-2004-1184, CVE-2004-1185, CVE-2004-1186, CVE-2006-0747, CVE-2007-2754, CVE-2008-0456, CVE-2008-1382, CVE-2008-1517, CVE-2008-2371, CVE-2008-2383, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3443, CVE-2008-3529, CVE-2008-3530, CVE-2008-3651, CVE-2008-3652, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-3790, CVE-2008-3863, CVE-2008-4309, CVE-2008-5077, CVE-2008-5557, CVE-2009-0010, CVE-2009-0021, CVE-2009-0025, CVE-2009-0040, CVE-2009-0114, CVE-2009-0144, CVE-2009-0145, CVE-2009-0146, CVE-2009-0147, CVE-2009-0148, CVE-2009-0149, CVE-2009-0150, CVE-2009-0152, CVE-2009-0153, CVE-2009-0154, CVE-2009-0155, CVE-2009-0156, CVE-2009-0157, CVE-2009-0158, CVE-2009-0159, CVE-2009-0160, CVE-2009-0161, CVE-2009-0162, CVE-2009-0164, CVE-2009-0165, CVE-2009-0519, CVE-2009-0520, CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847, CVE-2009-0942, CVE-2009-0943, CVE-2009-0944, CVE-2009-0945, CVE-2009-0946, CVE-ID, DECRQSS, denial of service, disk image, Disk Images, DNS rebinding attack, DNS Security Extensions, DNSSEC, document, downloading, DSA certificate, embedded, enscript, execution, exists, feed:, Finder, flash, Flash Player, Flash Player plug-in, font, fonts, forgery, FreeType v2.1.4, FTP proxy requests, havoc, Help Viewer, HTTP requests, HTTP response injection, iChat, iChat AIM, ICMPv, Instant Messenger, Intel, IPSec, IPv4, IPv6, issue, issues, Jabber, JavaScript, JBIG2 stream, Kerberos, Kernel, Kernel privileges, Launch Services, libxml, Mac, Mac OS, Mac OS X, Mac OS X Server, Mac OS X Server v10.4, Mac OS X Server v10.4.11, Mac OS X Server v10.5, Mac OS X Server v10.5.6, Mac OS X v10.4.11, Mac OS X v10.5, Mac OS X v10.5.5, Mac OS X v10.5.6, Mac OS X v10.5.7, Mach-O executable, Macintosh, malicious, malicious website, maliciously, maliciously crafted, maliciously crafted PDF, may lead to, may lead to execution of malicious code, memory corruption, Microsoft, Microsoft Office, Microsoft Office Spotlight Importer, Microsoft windows, Multiple vulnerabilities, Net-SNMP, network, Network Time, NTP authentication, ntpq, observe, obtain system privileges, open-source packages, OpenSSL, Packet Too Big, patch, Patch issue, PDF, PDF file, PHP, PICT image, plaintext, Player, plug-in, PowerPC, preference, Product Security, program, proxy, QuickDraw, QuickDraw Manager, racoon daemon, ramsay, reboot, reeking havoc, relaunch, remote attacker, repeatedly, Require SSL, revoked certificate, ruby, Ruby 1.8.6, SA-2009-05-12, Safari, Safari Web browser, secure cookies, Secure Sockets Layer, Security, security flaws, security update, security updates, security vulnerabilities, shutdown, Smug, source file, spoofing, spoofing attack, Spotlight, SSL, SSL certificate verification, Stephen, Stephen ramsay, susceptible, system configuration, telnet, TELNET server, terminate, traffic, unauthorized access, unencrypted, unencrypted HTTP requests, unexpected, unexpected application termination, v10.4.11, v10.5, v10.5.5, v10.5.5Mac OS X Server v10.5.5, v10.5.6, v10.5.7, validation, Viewing, Visiting a maliciously crafted web site, Vulnerabilities, Vulnerability, vulnerable, Web Interface, WebKit, website, Windows, X, X11, xterm, xterm terminal

Technological Ramblings by Stephen

Stephen Ramsay is the Head of Krayatec Edinburgh’s leading Linux centric IT Support Company. We provide IT Support, telecoms and technology partnerships to businesses running Windows, Linux and Apple based systems. We also manage the complete and seamless integration of, all these operating systems into one coherent, network and technology strategy.
This blog is part work, part personal, so I hope you enjoy the mix and feel free to leave some comments, reply via Twitter, or drop me an Email for more information, on anything you read here, or to find out a bit more about what we do and how we do it.
Categories
- hardware
- how to
- Journeys
- Kraya
- Linux
- Privacy
- Random Rambelings
- Rants
- Security
  - Apple
  - Windows updates
- tweets
- Uncategorized
- Windows
Tag Cloud
anti-virus Apple Apple Mac Computer computers email IMAP issues junk Kerio Kerio MailServer Kerio Offline Outlook Connector Kraya KrayaTec Linux Mac Mail Server MailServer Microsoft Microsoft windows network office Outlook ramsay Random Security Server slow Social Networks software spam Stephen Stephen ramsay stepram Thunderbird tweets twitter Ubuntu update Vista Vulnerability webmail Windows windows XP XP
blogrol
Kraya
Open Source Software
Social Networks
usefull geekerie
- DNS / MX Propagation Checker
- Whats my dns
Calendar
September 2010

M T W T F S S

« Jul

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30
Blog Archives

Posts tagged Stephen ramsay

Update I have added an Application Closing Date of 9am, Friday 14th August 2009

Technological Ramblings by Stephen

Categories

Tag Cloud

blogrol

Kraya

Open Source Software

Social Networks

usefull geekerie

Calendar

Blog Archives