Infigo - New Security Announcement

IN Focus

Thu, 30 Mar 2006 16:25:03 +0200

Research and development is an important element in the information security area. INFIGO IS understands the importance of continuous investment in research about vulnerabilities and prevention methods. That's why INFIGO IS started the In Focus project.

Security advisories published in this section are result of the INFIGO IS research. The main goal of that research work is raising consciousness about information security and making the security community aware of new security threats and vulnerabilities. Research results are also used for company's commercial activities in order to raise our clients' overall information systems' security.

INFIGO IS publishes security advisories according to INFIGO IS Disclosure policy.
All e-mail communication with the vendor must be encrypted. INFIGO IS uses PGP for e-mail encryption. Public key can be downloaded here.

Security advisories and the program code published on these pages are sole property of INFIGO IS and can be used only according to the Terms of Use.

INFIGO IS Security Advisory #INFIGO-2009-07-09

Mon, 20 Jul 2009 23:19:13 +0200

Title:	NASA Common Data Format remote buffer overflow(s)
Advisory ID:	INFIGO-2009-07-09
Date:	2009-07-20
Risk Level:	High
Summary:	CDF is the Common Data Format. It is a conceptual data abstraction for storing, manipulating, and accessing multidimensional data sets. The basic component of CDF is a software programming interface that is a device-independent view of the CDF data model. The CDF software package is used by hundreds of government agencies, universities, and private and commercial organizations as well as independent researchers on both national and international levels. CDF has been adopted by the International Solar-Terrestrial Physics (ISTP) project as well as the Central Data Handling Facilities (CDHF) as their format of choice for storing and distributing key parameter data. A list of some applications that use the CDF library can be found at http://cdf.gsfc.nasa.gov/html/examples.html.

INFIGO IS Security Advisory #INFIGO-2008-04-08

Mon, 14 Apr 2008 16:26:23 +0200

Title:	ICQ 6 remote buffer overflow vulnerability
Advisory ID:	INFIGO-2008-04-08
Date:	2008-04-14
Risk Level:	High
Summary:	ICQ (I Seek You) Instant Messenger is one of the most popular internet chat software. Since 1996, it has grown to a community of over 180 million users. It has features for instant messaging, chat, sending e-mail, SMS, file transfer, wireless-pager messages, etc. INFIGO IS's security team identified a critical remote buffer overflow vulnerability in the latest ICQ version (ICQ 6.0). When a user writes a message in the status manager, the text string is processed with the boxelyRenderer module. The boxelyRenderer module has a vulnerability in the HTML tags processing code. If malformed HTML tags are set for the 'status message', boxelyRenderer will try to process the HTML tags, and a UNICODE heap overflow will occur.

INFIGO IS Security Advisory #INFIGO-2008-03-07

Fri, 21 Mar 2008 10:02:59 +0100

Title:	Surgemail 38k4 IMAP server remote stack overflow
Advisory ID:	INFIGO-2008-03-07
Date:	2008-03-21
Risk Level:	High
Summary:	SurgeMail Mail Server Software Suite - combines advanced features, high performance and ease of use. Works on Windows, UNIX (Linux, Solaris etc.), Mac OSX, FreeBSD and others. Surgemail integrated email server is an Antispam Server, Antivirus Server, Webmail Server, Groupware Server, Blog Server and much more. A remote vanilla stack overflow vulnerability exists in the Surgemail IMAP server. The vulnerability is caused due to a boundary error in the IMAP server, when processing overly long arguments of the 'LSUB' command. The vulnerability results in a simple stack overflow condition that can be trivially exploited.

INFIGO IS Security Advisory #INFIGO-2008-02-13

Fri, 15 Feb 2008 14:50:54 +0100

Title:	SOPHOS Email Security Appliance Cross Site Scripting Vulnerability
Advisory ID:	INFIGO-2008-02-13
Date:	2008-02-13
Risk Level:	Medium
Summary:	Sophos ES1000 Email Security Appliance delivers protection against spam, viruses, Trojans, spyware and other malware. Sophos's award-winning anti-virus engine detects all types of malware in a single, high-speed scan. During an audit of Sophos ES1000 Email Security Appliance, a Cross Site Scripting vulnerability was discovered in its web administration interface. Lack of input validation for 'error' and 'go' parameters of the 'Login' script can be exploited by a malicious user to steal Sophos ES1000 Email Security Appliance administrator credentials, and shut down the appliance, or change its configuration.

INFIGO IS Security Advisory #INFIGO-2008-01-06

Wed, 09 Jan 2008 14:00:26 +0100

Title:	McAfee E-Business Server Remote Preauth Code Execution / DoS
Advisory ID:	INFIGO-2008-01-06
Date:	2008-01-06
Risk Level:	High
Summary:	McAfee E-Business Server guards sensitive corporate data with industry-standard PGP 128-bit encryption and authentication. McAfee E-Business Server supports a variety of platforms and security certificates. During an audit of McAfee E-Business Server, we have discovered a vulnerability in the administration interface (TCP port 1718). It is possible to crash McAfee E-Business Server during the authentication process. McAfee further researched the vulnerability and confirmed that it also allows an attacker to execute code remotely.

INFIGO IS Security Advisory #INFIGO-2007-04-05

Tue, 10 Apr 2007 13:38:57 +0200

Title:	Enterprise Security Analyzer server remote buffer overflows
Advisory ID:	INFIGO-2007-04-05
Date:	2007-04-10
Risk Level:	High
Summary:	Enterprise Security Analyzer (ESA) from eIQnetworks (http://www.eIQnetworks.com) is a Security Information Management (SIM) solution that provides security intelligence across the enterprise. During an audit of Enterprise Security Analyzer, multiple remote buffer overflows have been discovered in the ESA server (TCP port 10616). Specially crafted ESA requests can lead to various stack and heap overflows.

INFIGO IS Security Advisory #INFIGO-2006-08-04

Mon, 21 Aug 2006 11:17:40 +0200

Title:	MDaemon POP3 server remote buffer overflow (preauth)
Advisory ID:	INFIGO-2006-08-04
Date:	2006-08-21
Risk Level:	High
Summary:	During security analysis of POP3 protocol in various e-mail server software products INFIGO IS research team discovered a critical vulnerability in the MDaemon e-mail server software. After successful exploitation, remote attacker can take complete control of the vulnerable e-mail server. Nature of the e-mail and POP3 protocol which are often accessible not only form internal network, but from the Internet furthermore increases severity of the problem. With assistance of INFIGO IS, the vendor has released a new version of MDaemon e-mail server which eliminates the vulnerability.

INFIGO IS Security Advisory #INFIGO-2006-05-03

Thu, 04 May 2006 10:54:02 +0200

Title:	Multiple FTP Servers vulnerabilities
Advisory ID:	INFIGO-2006-05-03
Date:	2006-05-05
Risk Level:	High
Summary:	Infigo IS released a simple GUI FTP fuzzer which can be downloaded from http://www.infigo.hr/en/in_focus/tools. An announcement which was posted to the multiple security groups included overview of several vulnerabilities discovered with the Fuzzer. This advisory is published due to some misinterpretations in further reposts discussing vulnerabilities discovered. Vulnerabilities described in this advisory were found in the following FTP server software products: - ArgoSoft FTP Server - Golden FTP Server - Filezilla - War FTP Daemon - Guild FTP Server

INFIGO IS Security Advisory #INFIGO-2006-04-02

Mon, 24 Apr 2006 15:17:58 +0200

Title:	Multiple PHP4/PHP5 vulnerabilities
Advisory ID:	INFIGO-2006-04-02
Date:	2006-04-24
Risk Level:	Medium
Summary:	The INFIGO IS research team audited the PHP interpreter code and more than 20 vulnerabilities in PHP4 and PHP5 have been discovered. Most of them have been reported and fixed. However, several vulnerabilities are still present in current PHP 4 and PHP 5 versions. During the last two months the vendor has been contacted several times but no official response has been received. At the moment no official patches are available.

INFIGO IS Security Advisory #INFIGO-2006-03-01

Fri, 31 Mar 2006 11:11:27 +0200

Title:	PeerCast streaming server remote buffer overflow
Advisory ID:	INFIGO-2006-03-01
Date:	2006-03-08
Risk Level:	High
Summary:	INFIGO IS security research team discovered a high risk vulnerability in PeerCast Streaming server software. Malicious remote user can exploit this vulnerability by sending specialy crafted HTTP request. PeerCast is a simple, free way to listen to radio and watch video on the Internet. Versions for Linux,Windows and MacOS platforms are available.