window: tsk tsk tsk

Madrid, February 22, 2006 - A critical vulnerability has been reported in the Safari browser shipped with Mac OS X, which could allow an attacker to automatically run scripts when a user visited a malicious website.

The flaw affects how MAC OS X determines which program must run to open certain types of files. If a Unix shell script is renamed with a Safari extension, it is considered 'safe'. If the '#!' sequence is omitted and it is compressed in ZIP, Safari can be tricked into downloading the script, decompressing it and assuming that it 'safe', pass it to the Mac OS X Terminal application to run. This could allow an attacker to use a script to delete data or programs, damage the configuration or obtain personal user information.

Apple is working on an update that resolves this problem, known as a 'zero day exploit'. In the meantime, Safari users can disable the option "Open 'safe' files after downloading" in the General panel in the browser preferences. This option is disabled by default in new installations of Mac OS X 10.4.5, but enabled by default in old systems or in systems that have upgraded to Mac OS X 10.4.5.

Finally, we will look at a worm called OSX/Oomp.A. This malicious code is developed for the MacOS/X operating system, which replaces other programs in the copy with a copy of itself which includes the original program among its resources.

When it is run, this replacement file runs the malicious code and then tries to execute the original program. However, due to programming errors, the original program is not launched correctly. This worm spreads via instant messaging in a file called 'latestpics.tgz'.

Madrid, December 27 2005 - iDefense has announced a complete memory exhaustion vulnerability in versions 2.4 and 2.6 of the Linux kernel, which could allow denial of service attacks.

The flaw stems from a limitation in the design of the Linux kernel, and consists of a lack of resource checking during the buffering of data for transfer over a pair of sockets. An attacker could create a situation which, depending on the available system resources, can cause a 'kernel panic' due to memory resource exhaustion.

An attack can be launched by opening up a number of connected file descriptors or socket pairs and creating the largest possible kernel buffer for data transfer between the two sockets. By causing the process to enter a zombie state or closing the file descriptor while keeping a reference open, the data is kept in the kernel until the transfer can complete. If done repeatedly, system memory resources can be exhausted from the kernel.

To fully exploit this vulnerability, an attacker would need local access to the affected system.

Madrid, December 15, 2005 - Debian has released security updates that resolve several vulnerabilities in versions 2.4.27 and 2.6.8 of the Linux kernel.

The updates are critical, as an attacker could exploit, either locally or remotely, several security flaws to cause problems ranging from denial of services to execution of arbitrary code. For this reason, users of affected computers are advised to install the corresponding update and restart their computers for it to come into effect.

More information about the vulnerabilities corrected and the updates (where they are available and the commands for installing them) are available in the advisories published by Debian at the following
addresses:

- Advisory DSA-921-1: http://www.debian.org/security/2005/dsa-921

- Advisory DSA-922-1: http://www.debian.org/security/2005/dsa-922