Daily Report Tuesday, March 6 , 2007

Daily Highlights

Reuters reports US Airways Group on Monday, March 5, said it has sent extra workers to its Charlotte, North Carolina, hub after a glitch in its self−service reservation system on Sunday forced thousands to wait in lines for up to three hours. (See item 10)
The U.S. Food and Drug Administration is investigating an outbreak of norovirus−associated illness linked to eating raw oysters harvested from San Antonio Bay, Texas; oyster beds in the Bay have been closed by the Texas Department of Health Services. (See item 19)

Information Technology and Telecommunications Sector

29. March 05, SC Magazine — Windows Vista firewall weakness can be corrupted by attackers. The firewall in Microsoft's Windows Vista operating system (OS) can be compromised to perform prohibited functions, according to new research by Symantec. Researcher Orlando Padilla said the problem concerns the unblock button, which can be accessed by an attacker with the same privilege level as a standard user. This configuration of privileges creates a vulnerability in the firewall’s policy that can be exploited by an attacker. "[The firewall] poses a great limitation for malicious code looking to back−door a host. In effect, malicious code can automate the unblock process by simply sending a message to the firewall pop−up dialog box via the SendMessage API call," Padilla said in the Web entry.
Source: http://scmagazine.com/us/news/article/637102/windows−vista−firewall−weakness−corrupted−attackers/

30. March 02, US−CERT — Vulnerability in Citrix Presentation Server Client. US−CERT is aware of an unspecified vulnerability in Citrix Presentation Server Client for Windows. The vulnerability exists in the way ICA connections are handled through proxy servers. By persuading a user to access a specially crafted HTML document (e.g., a Web page or an HTML email message), a remote, unauthenticated attacker may be able to execute arbitrary code with privileges in the context of the client process. US−CERT recommends that administrators upgrade to version 10.0 and later to mitigate the security risks.
Vulnerability Note VU#798364 − Citrix Presentation Server Client vulnerable to arbitrary code
execution: http://www.kb.cert.org/vuls/id/798364
Citrix Advisory CTX112589 − Vulnerability in Citrix Presentation Server Client for Windows
could result in arbitrary code: http://support.citrix.com/article/CTX112589
Source: http://www.us−cert.gov/current/current_activity.html#citrix