June 2006

OpenOffice has its vulnerabilities too

More information available at Security Bulletin 2006-06-29.

They use CVEs to identify three separate issues.

* Java Applet sandbox restriction bypass issue is openoffice.org/security/CVE-2006-2199.html.
Disabling support for Java Applets is a workaround provided.

* Issue related to BASIC macros is openoffice.org/security/CVE-2006-2198.html, in turn.

* And finally, flaws in XML documents handling are being covered at openoffice.org/security/CVE-2006-3117.html.
Credits goes to Wade Alcorn of NGSSoftware, see advisory here.

It is worth of mentioning that both 1.1.x and 2.0.x releases are affected. Fixes for version 1.1.5 are not available yet, however. But they will be released soon.

Update: Sun StarOffice and StarSuite are affected to these issues too.
Details available at Sun security advisories.

diSlib (A Python PE Parser)

gil dabah (arkon), the creator of the fastest stream disassembler around, which also happens to be open source, distorm, released dislib, a python pe parser. i’ve discussed it before briefly while covering distorm.

dislib (a python pe parser):

dislib is a an easy to use python module to parse pe executables. it will give you all necessary information such as:

* sections with their accompanying information
* imported functions and their addresses (iat)
* exported functions by name, ordinal and address
* supports imagebase relocation
* relocated entries by offsets and their original dword values.
* lets you apply the relocations
* uses exceptions and oo interface (thanks to shenberg!)

enjoy,

gadi evron,
ge@beyondsecurity.com.

Joanna’s Blue Pill – Invisible Rootkits

the overly cool joanna rutkowska has been working on what she calls blue pill technology. using advanced virtualization technology from amd called svm/pacifica, her research shows she can create “invisible malware”. this is not related to any bug or os dependent, although she says it she will demonstrate how she gets by vista’s interesting technology to prevent unsigned code from being injected to the kernel.

you can read more about it in her blog.

gadi evron,
ge@beyondsecurity.com.

Leo Stoller Targets CastleCops (!)

leo stoller is targeting castlecops, apparently trying to bully them into paying him settlement money for their trademark.

castlecops are doing important work in the realm of anti phishing, for no charge.

it pisses me off considerably when injustice online is done, especially when it is done to those who can’t afford expensive lawyers!

leo stoller is known for such attacks, and apparently makes a living from it. you can read about him here, here and here.

you can read more from castlecops who are going live in a couple of minutes here:
http://www.castlecops.com/a6615-leo_stoller_targets_castlecops_trademark.html

castlecops is one of us, and it hurts us all when one of us is targeted.

gadi evron,
ge@beyondsecurity.com.