Wednesday, May 13, 2009

US-CERT Technical Cyber Security Alert TA09-133B -- Adobe Reader and Acrobat JavaScript Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-133B


Adobe Reader and Acrobat JavaScript Vulnerabilities

Original release date: May 13, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Adobe Reader versions 9.1, 8.1.4, 7.1.1 and earlier

* Adobe Acrobat Standard, Pro, and Pro Extended versions 9.1,
8.1.4, 7.1.1 and earlier


Overview

Adobe has released Security Bulletin APSB09-06, which describes
Adobe Reader and Acrobat updates for two JavaScript vulnerabilities
that could allow a remote attacker to execute arbitrary code.


I. Description

Adobe Security Bulletin APSB09-06 announces updates for two
JavaScript vulnerabilities that affect Adobe Reader and Acrobat.

* A vulnerability in the getAnnots() method (CVE-2009-1492)
affects Adobe Reader and Acrobat for Microsoft Windows, Apple
Mac OS X, and UNIX.

* A vulnerability in the customDictionaryOpen() method
(CVE-2009-1493) appears to only affect Adobe Reader for UNIX.

Further details are available in Vulnerability Note VU#970180.

An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted Adobe Portable Document Format
(PDF) file. Acrobat integrates with popular web browsers, and
visiting a website is usually sufficient to cause Reader or Acrobat
to open a PDF file.


II. Impact

By convincing a victim to open a specially crafted PDF file, a
remote, unauthenticated attacker may be able to execute arbitrary
code.


III. Solution

Update

Adobe has released updates to address this issue. Users are
encouraged to read Adobe Security Bulletin APSB09-06 and update
vulnerable versions of Adobe Reader and Acrobat. According to
APSB09-06, these vulnerabilities are addressed in versions 9.1.1,
8.1.5, and 7.1.2 of Adobe Reader and Acrobat.

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript prevents these vulnerabilities from being
exploited and reduces attack surface. If this workaround is
applied to updated versions of the Adobe Reader and Acrobat, it
may protect against future vulnerabilities.

To disable JavaScript in Adobe Reader:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the Preferences... option.
4. Choose the JavaScript section.
5. Uncheck the Enable Acrobat JavaScript check box.

Disabling JavaScript will not resolve the vulnerabilities, it
will only disable the vulnerable JavaScript component. When
JavaScript is disabled, Adobe Reader and Acrobat prompt to
re-enable JavaScript when opening a PDF that contains JavaScript.

Prevent Internet Explorer from automatically opening PDF documents

The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to the safer option of
prompting the user by importing the following as a .REG file:

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]"EditFlags"=hex:00,00,00,00

Disable the display of PDF documents in the web browser

Preventing PDF documents from opening inside a web browser
reduces attack surface. If this workaround is applied to updated
versions of the Adobe Reader and Acrobat, it may protect against
future vulnerabilities. To prevent PDF documents from
automatically being opened in a web browser with Adobe Reader:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the preferences option.
4. Choose the Internet section.
5. Un-check the "Display PDF in browser" check box.

Rename or remove Annots.api

To disable the vulnerable getAnnots() method, rename or remove
the Annots.api file. This will disable some Annotation
functionality, however annotations can still be viewed. This does
not protect against the customDictionaryOpen() vulnerability. On
Windows, Annots.api is typically located here:

"%ProgramFiles%\Adobe\Reader 9.0\Reader\plug_ins"

Example location on GNU/Linux:

/opt/Adobe/Reader8/Reader/intellinux/plug_ins/Annots.api

Do not access PDF documents from untrusted sources

Do not open unfamiliar or unexpected PDF documents, particularly
those hosted on web sites or delivered as email
attachments. Please see Cyber Security Tip ST04-010.


IV. References

* Vulnerability Note VU#970180 -
<http://www.kb.cert.org/vuls/id/970180>

* Cyber Security Tip ST04-010: Using Caution with Email Attachments -
<http://www.us-cert.gov/cas/tips/ST04-010.html>

* Adobe Security Bulletin APSB09-06 -
<http://www.adobe.com/support/security/bulletins/apsb09-06.html>

* CVE-2009-1492 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1492>

* CVE-2009-1493 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1493>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-133B.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-133B Feedback VU#970180" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

May 13, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSgsuwnIHljM+H4irAQLRAQf+OjeDGX/M6wdh8SkqOru0HB3KsqmzZjOq
BvwX7B3Z/my9FVUmxIz1nQH4MjZqSlxIZdmAVU2YW+jv1oFgyT9ltminL4v6RGM1
oEaQHIEiu+N+dXwWqvtsOrszEN/Q9GMOckxUGkDNran/9OvplZJfh6pFjCxP02Im
2Y07Z0eIBqx5ULoIXHzfvGBe/7k5djxr2F2KaEZFwL3vSmw3Xlz9+/OD2iJC/yT6
sxuiKXX8OCRRiLe0B5pInFgS9o01L8y5AMqfET6QqyIqkFq2KnwV5eKhWqLNAljq
EFOKJHN8IQPTwJi+qbd9uHlRrqf6ekOkfkql49ZXvSbUSdYcnlfMPQ==
=uewj
-----END PGP SIGNATURE-----

US-CERT Technical Cyber Security Alert TA09-133A -- Apple Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-133A


Apple Updates for Multiple Vulnerabilities

Original release date: May 13, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.6 (Leopard)
* Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.6 (Leopard)
* Safari 3 for Windows, Mac OS X 10.4, and Mac OS X 10.5


Overview

Apple has released multiple Security Updates, 2009-002 / Mac OS X
version 10.5.7 and Safari 3.2.3, to correct multiple
vulnerabilities affecting Apple Mac OS X , Mac OS X Server, and the
Safari web browser. Attackers could exploit these vulnerabilities
to execute arbitrary code, gain access to sensitive information, or
cause a denial of service.


I. Description

Apple Security Update 2009-002 / Mac OS X v10.5.7 addresses a
number of vulnerabilities affecting Apple Mac OS X and Mac OS X
Server, the Safari security update addresses vulnerabilities
affecting the Safari web browser (for Windows and OS X). These
updates also address vulnerabilities in other vendors' products
that ship with Apple Mac OS X or Mac OS X Server.


II. Impact

The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.


III. Solution

Install Apple Security Update 2009-002 / Mac OS X v10.5.7, or
Safari 3.2.3. These and other updates are available via Software
Update or via Apple Downloads.


IV. References

* Apple Security Update 2009-002 -
<http://support.apple.com/kb/HT3549>

* Safari 3.2.3 - <http://support.apple.com/kb/HT3550>

* Apple Downloads - <http://support.apple.com/downloads/>

* Software Update -
<https://support.apple.com/kb/HT1338?viewlocale=en_US>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-133A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-133A Feedback VU#175188" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

May 13, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSgsdiHIHljM+H4irAQIsGAf+IykbS/FD1X/R2ooezndAmZjrcT29XnpV
HO4DiMlKmqW+dUffk4mdJLVR7y8pwUuP4TbjwncoT39SDR9UoEankv7+Dao/qkM/
Jp0flkEpb5qtcIm9VnuWvpCE31OZZgwBwJ7f2WWzbBLqoZ5FIWAhCcW6E5v6mjVy
J+Z4BmHYUIapPLzGzV8+HT6/7LRNpg+mZoldEBUoXXjik8o78v5A7iGyMSXoaBlV
vL8N/3GG9a9xecLqbbv5N6ABsncHA9f/GzBnfJUqVHkUM1xnjqmgd7TZikObw+fJ
xcgWvmYmoRdCMzM3b1jPqWPDGJDbo0oHZM3J3hKE+opsLe9xChM1qA==
=dQ2L
-----END PGP SIGNATURE-----

California Fire News - Updates in your mail box

California Fire News - Updates in your mail box

Link to California Fire News - Structure, Wildland, EMS

Breaking News: Atlantis Damaged After Lift-Off

Posted: 12 May 2009 01:02 PM PDT


Astronauts Inspect Atlantis, Set to Reach Hubble Wednesday

Update: May 12 2009 12:51:28 PM PDT - Heat Shield Survey Complete

Atlantis' crew completed a planned survey of the shuttle heat shielding today, noting a few dings in tiles that experts will continue to analyze. Flight Director Tony Ceccacci said that upon an initial look, damage found during the inspection appeared to be minor and likely not a concern, but he said experts would analyze it as is normal to be certain the shuttle's heat shielding is in good shape. The damage included small dings along an area of about 21 inches spanning four of the shuttle's thermal tiles located on the starboard side of the spacecraft where the wing blends into the forward fuselage
The space shuttle Atlantis sustained damage to the exterior two minutes after take-off.
Astronauts have discovered a line of nicks on shuttle during post launch inspection.

Hubble upgrade Mission:

This is the crew's first full day in orbit. They are scheduled to rendezvous with the Hubble Space Telescope on Wednesday when astronauts will use the shuttle's robotic arm again - this time to grab onto the orbiter and pull it into the shuttle's payload bay. On Thursday, two astronauts will make the first of the mission's five spacewalks.

The shuttle is carrying 22,500 pounds of equipment for the maintenance and upgrade of the 19-year-old telescope, including new grapple hooks and a platform that can be used in case future missions go up to service the telescope. This will be the shuttle's last trip to Hubble though, since the NASA space shuttles are scheduled to be retired next year.

This week's mission includes plans to install new gyroscopes, circuit boards and critical camera systems. The NASA astronauts are also bringing up a new backup computer system to replace an onboard backup system that had to be put into use last fall when the main system failed, leaving the Hubble unable to do much of its scientific work. NASA engineers made the remote switchover to a backup system from a room in the Goddard Space Flight Center in Greenbelt, Md., while the telescope hurtled along its orbit around Earth at 17,500 mph.

Civilian Fire Fatality Notice Modesto, California - 1 dead

Posted: 12 May 2009 12:55 PM PDT


U.S. Fire Administrations Civilian Fire Fatality Notice Modesto, California - 1 dead Occurred Friday, 5/8 Modesto, CA (Sacramento, CA): A man was killed in a home fire. The cause of the fire is under investigation.
Source: www.usfa.dhs.gov - Link

EDIS: Fire weather - Red Flag Warning and Wind Watches - Jesusita fire Area

Posted: 12 May 2009 11:03 AM PDT



HEADS UP - SECURE THAT LINE - CRITICAL FIRE WEATHER APPROACHING JESUSITA FIRE AREA -
RED FLAG WARNING IN EFFECT FOR THE SANTA YNEZ RANGE AND THE SOUTH COAST OF SANTA BARBARA COUNTY FROM 5 PM THIS AFTERNOON THROUGH 11 AM THURSDAY MORNING DUE TO GUSTY NORTH WINDS AND LOW RELATIVE HUMIDITY

STRONG WINDS ACROSS PARTS OF THE WESTERN MOJAVE DESERT TODAY Actual/Immediate/Severe/Likely
WESTERN MOJAVE DESERT-INCLUDING THE CITIES OF... BARSTOW... DAGGETT... FT IRWIN
Update sent at 10:24 PDT on 2009-05-12
HIGH WIND WATCH IN EFFECT FROM 6 PM PDT THIS EVENING THROUGH LATE TONIGHT Actual/Future/Severe/Possible
SANTA BARBARA COUNTY MOUNTAINS-INCLUDING THE CITIES OF... SAN MARCOS PASS... SAN RAFAEL WILDERNESS AREA... DICK SMITH WILDERNESS AREA
Alert sent at 10:03 PDT on 2009-05-12
HIGH WIND WATCH IN EFFECT FROM 6 PM PDT THIS EVENING THROUGH LATE TONIGHT Actual/Future/Severe/Possible
SANTA BARBARA COUNTY SOUTH COAST-INCLUDING THE CITIES OF... SANTA BARBARA... MONTECITO... CARPINTERIA
Alert sent at 10:03 PDT on 2009-05-12
WIND ADVISORY IN EFFECT UNTIL 9 PM PDT THIS EVENING Actual/Future/Severe/Possible
SAN LUIS OBISPO COUNTY CENTRAL COAST-SANTA BARBARA COUNTY CENTRAL COAST-INCLUDING THE CITIES OF... SAN LUIS OBISPO... PISMO BEACH... MORRO BAY... CAMBRIA... SAN SIMEON... SANTA MARIA... LOMPOC... VANDENBERG
Cancel sent at 10:03 PDT on 2009-05-12
HIGH WIND WARNING REMAINS IN EFFECT UNTIL 3 AM PDT WEDNESDAY Actual/Immediate/Severe/Observed
VENTURA COUNTY MOUNTAINS-LOS ANGELES COUNTY MOUNTAINS EXCLUDING THE SANTA MONICA RANGE-INCLUDING THE CITIES OF... LOCKWOOD VALLEY... MOUNT PINOS... ACTON... MOUNT WILSON... SANDBERG
Update sent at 10:03 PDT on 2009-05-12
STRONG TO DAMAGING WINDS WILL AFFECT PORTIONS OF SOUTHWESTERN CALIFORNIA INTO TONIGHT Actual/Immediate/Severe/Likely
ANTELOPE VALLEY-INCLUDING THE CITIES OF...LANCASTER...PALMDALE
Update sent at 10:03 PDT on 2009-05-12
RED FLAG WARNING IN EFFECT FROM 5 PM THIS AFTERNOON TO 11 AM PDT THURSDAY DUE TO GUSTY NORTH WINDS AND LOW RELATIVE HUMIDITIES Actual/Immediate/Severe/Observed
SANTA BARBARA COUNTY MOUNTAINS / LOS PADRES NATIONAL FOREST-
Alert sent at 09:31 PDT on 2009-05-12
RED FLAG WARNING IN EFFECT FOR THE SANTA YNEZ RANGE AND THE SOUTH COAST OF SANTA BARBARA COUNTY FROM 5 PM THIS AFTERNOON THROUGH 11 AM THURSDAY MORNING DUE TO GUSTY NORTH WINDS AND LOW RELATIVE HUMIDITY Actual/Immediate/Severe/Observed
SANTA BARBARA COUNTY SOUTH COAST-
Alert sent at 09:31 PDT on 2009-05-12

CA-LPF- Jesusita fire - Quick Look - 8,733 acres 80%

Posted: 12 May 2009 08:59 AM PDT


Tanker 17 dropping retardant on the Jesusita fire
Credit: Robert P. Brown

Jesusita Fire Fact Sheet

May 12, 2009 at 0700 (7:00 A.M.)

Fire Status:

  • Acres burned: 8,733
  • Percent contained: 80%
  • Damage assessment to date: 145 Structures destroyed - 78 homes destroyed, 22 homes damaged, 67 outbuildings destroyed and 69 outbuildings damaged. Damage assessment teams have been working in the field providing more accurate survey numbers.
  • Residences threatened: 500
  • Commercial properties threatened: 0
  • Personnel on scene: 3,141
  • Engines: 257
  • Crews: 88
  • Air Tankers: 8
  • Helicopters: 12
  • Firefighter injuries to date: 28
  • Cause: Under investigation (Tip line - 805-686-5074)
  • Air quality warning remains in effect
  • Estimated costs to date: $13.5 million dollars
  • Expected containment: 5/13/09

CNN.com

News: Breaking News -- MercuryNews.com

AP Top U.S. News At 8:45 p.m.