|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Network Computing and The SANS Institute (sans+ZZ20708403432025738_at_sans.org)
Date: Thu Jul 11 2002 - 15:25:08 CDT
To: Security Express (SD397643)
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 027 (02.27)
Thursday, July 11, 2002
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to SANS' distribution of the Security Alert Consensus.
----------------------------------------------------------------------
The Center for Internet Security Will Soon Release Benchmark Security
Standards For Securing Apache Servers; SANS Will Launch A New Training
Program Based On The Benchmark on August 28 in DC.
See for course outline: http://www.sans.org/CIS_Apache
Register for the DC Course:
https://registration.sans.org/cgi-bin/SecuringApache_register
----------------------------------------------------------------------
This week's recap is not as grim as in weeks prior. While vendors
are still releasing patches for the previous DNS resolver, OpenSSH
and Apache vulnerabilities, the notable items this week include a
security update to the Squid proxy server (item {02.27.004}) and two
problems in the iPlanet Web Server search feature (items {02.27.009}
and {02.27.016}).
On the lighter side of security, an advisory released this week
details various security problems in the new Sharp Zaurus PDA. If
you connect your Zaurus to a network of some sort, an attacker
can potentially access the FTP service -- and your files --
unhindered. So, much like a laptop or a desktop, you need to be weary
when connecting other portable computing devices to public networks.
http://archives.neohapsis.com/archives/bugtraq/2002-07/0093.html
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{02.27.011} Win - Worldspan gateway malformed connection DoS
{02.27.013} Win - BEA Weblogic connection flood DoS
{02.27.015} Win - MyWebServer large URL DoS
{02.27.019} Win - Argosoft Mail Server Pro arbitrary file retrieval
{02.27.021} Win - KF Web Server %00 directory browsing
{02.27.005} Linux - Update {02.25.023}: OpenSSH version 3.4 available,
security vulnerabilities
{02.27.010} Linux - Updated Mandrake kernels
{02.27.008} Sol - SUNWspvnc weak password protocol
{02.27.001} AIX - DFSWeb scripts relative command execution
{02.27.002} AIX - SMIT scripts relative command execution
{02.27.003} AIX - Update {02.26.002}: DNS libresolve/resolver buffer
overflow
{02.27.017} NApps - Watchguard Firebox DVCP service DoS
{02.27.012} Other - MacOSX SoftwareUpdate unauthenticated downloads
{02.27.004} Cross - Squid 2.4.STABLE7 released, with security fixes
{02.27.006} Cross - Ethereal 0.9.5 released, with security fixes
{02.27.007} Cross - Lotus Domino R4 file download
{02.27.009} Cross - iPlanet Web Server search CGI file reading
{02.27.014} Cross - Urlcount.cgi report CSS vulnerability
{02.27.016} Cross - iPlanet Web Server search CGI overflow
{02.27.018} Cross - Inktomi Traffic Server traffic_manager command line
overflow
{02.27.020} Cross - Xircon IRC client large message DoS
- --- Windows News -------------------------------------------------------
*** {02.27.011} Win - Worldspan gateway malformed connection DoS
The Worldspan gateway daemon shipped with Worldspan for Windows
version 4.1 crashes when sent malformed data, leading to a denial of
service attack.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-07/0048.html
*** {02.27.013} Win - BEA Weblogic connection flood DoS
BEA Weblogic versions 7.0 and prior that use the performance pack
(enabled by default) crash when a remote attacker causes a particular
connection flood, leading to a denial of service attack.
The advisory indicates confirmation by the vendor, which released
a patch.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html
*** {02.27.015} Win - MyWebServer large URL DoS
MyWebServer version 1.02 crashes when a remote attacker submits a
large URL request, leading to a denial of service attack.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-07/0073.html
*** {02.27.019} Win - Argosoft Mail Server Pro arbitrary file retrieval
The HTTP server included with Argosoft Mail Server Pro version
1.8.1.5 allows remote attackers to view/download arbitrary files
located outside the Webroot by using reverse directory traversal
('..') notation in URL requests.
This vulnerability is confirmed; a patch is available at:
http://www.argosoft.com/applications/mailserver/
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-07/0029.html
*** {02.27.021} Win - KF Web Server %00 directory browsing
KF Web Server version 1.0.2 displays directory indexes regardless
of the existence of a default HTML document (index.html). This
vulnerability is triggered by appending '%00' to the URL request.
This vulnerability is confirmed by the vendor, which released version
1.0.3. It is available at:
http://www.keyfocus.net/kfws/download/
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0007.html
- --- Linux News ---------------------------------------------------------
*** {02.27.005} Linux - Update {02.25.023}: OpenSSH version 3.4
available, security vulnerabilities
Mandrake released updated OpenSSH packages, which fix the vulnerability
discussed in {02.25.023} ("OpenSSH version 3.4 available, security
vulnerabilities").
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/bugtraq/2002-07/0027.html
Source: Mandrake (SF Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2002-07/0027.html
*** {02.27.010} Linux - Updated Mandrake kernels
Mandrake released updated kernel packages, which fix various
vulnerabilities previously reported in SAC.
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/bugtraq/2002-07/0042.html
Source: Mandrake (SF Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2002-07/0042.html
- --- Solaris News -------------------------------------------------------
*** {02.27.008} Sol - SUNWspvnc weak password protocol
Sun's SUNWspvnc package, which provides a modified VNC client and
server, reportedly uses a weak authentication method. As a result,
attackers who are capable of observing the initial client-server
traffic would be able to recover the valid password.
This vulnerability is not confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0003.html
- --- AIX News -----------------------------------------------------------
*** {02.27.001} AIX - DFSWeb scripts relative command execution
IBM released APAR IY29749, which fixes various DFSWeb scripts to use
absolute file names when executing external commands.
Source: IBM
http://archives.neohapsis.com/archives/aix/2002-q3/0000.html
*** {02.27.002} AIX - SMIT scripts relative command execution
IBM released APARs IY23359 and IY29579, which fix potential security
problems in various SMIT scripts that do not use absolute file names
when executing external commands.
Source: IBM
http://archives.neohapsis.com/archives/aix/2002-q3/0000.html
*** {02.27.003} AIX - Update {02.26.002}: DNS libresolve/resolver
buffer overflow
IBM released APARs, which fix the vulnerability discussed in
{02.26.002} ("DNS libresolve/resolver buffer overflow").
Install APAR IY32719 for AIX 4.3 and APAR IY32746 for AIX 5.1.
Source: IBM
http://archives.neohapsis.com/archives/aix/2002-q3/0001.html
- --- Network Appliances News --------------------------------------------
*** {02.27.017} NApps - Watchguard Firebox DVCP service DoS
The DVCP service included with the Watchguard Firebox running firmware
prior to version 6.0.b1140 crashes when a remote attacker submits
a particular stream of malformed data to the service, leading to a
denial of service attack.
This vulnerability is confirmed and fixed in firmware version
6.0.b1140.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0012.html
- --- Other News ---------------------------------------------------------
*** {02.27.012} Other - MacOSX SoftwareUpdate unauthenticated downloads
A released advisory indicates the MacOSX SoftwareUpdate component
downloads software updates over unauthenticated HTTP before executing
them with root privileges. It's possible for a malicious proxy server
or attacker who is capable of redirecting traffic to feed trojaned
updates to the system.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-07/0061.html
- --- Cross-Platform News ------------------------------------------------
*** {02.27.004} Cross - Squid 2.4.STABLE7 released, with security fixes
Squid version 2.4.STABLE7 was released. The new version contains
several security fixes, many of which were previously reported in SAC.
Source code available at:
http://www.squid-cache.org/Versions/v2/2.4/
Updated Red Hat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2002-q3/0003.html
Updated Conectiva RPMs:
http://archives.neohapsis.com/archives/linux/conectiva/2002-q3/0002.html
Updated SuSE RPMs:
http://archives.neohapsis.com/archives/linux/suse/2002-q3/0191.html
Source: SecurityFocus Bugtraq, Red Hat, Conectiva, SuSE
http://archives.neohapsis.com/archives/bugtraq/2002-07/0036.html
http://archives.neohapsis.com/archives/linux/redhat/2002-q3/0003.html
http://archives.neohapsis.com/archives/linux/conectiva/2002-q3/0002.html
http://archives.neohapsis.com/archives/linux/suse/2002-q3/0191.html
*** {02.27.006} Cross - Ethereal 0.9.5 released, with security fixes
Ethereal version 0.9.5 was released. This version corrects security
vulnerabilities found in various protocol decode plugins.
Source code is available from:
http://www.ethereal.com/
Updated Conectiva RPMs:
http://archives.neohapsis.com/archives/linux/conectiva/2002-q3/0001.html
Source: Conectiva
http://archives.neohapsis.com/archives/linux/conectiva/2002-q3/0001.html
*** {02.27.007} Cross - Lotus Domino R4 file download
An advisory indicates the R4 series of the Lotus Domino server allows
a remote attacker to download files from the Webroot (regardless
of any access control lists) by appending a '?' character to the
request. Requests for admin.nsf and other default databases appear
to be immune. The Domino R5 series is reportedly not vulnerable. Only
files in the default Webroot are vulnerable to exposure.
The advisory indicates vendor confirmation.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0001.html
*** {02.27.009} Cross - iPlanet Web Server search CGI file reading
iPlanet Web Server versions 6.0SP2 and prior contain a bug in the
search CGI interface that allows a remote attacker to use reverse
directory traversal notation in the 'NS-query-pat' URL parameter to
access and read files outside the Webroot.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html
*** {02.27.014} Cross - Urlcount.cgi report CSS vulnerability
PowerBASIC Inc.'s Urlcount CGI contains a cross-site scripting
vulnerability in the handling of URLs inserted in generated reports.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-07/0072.html
*** {02.27.016} Cross - iPlanet Web Server search CGI overflow
The search service included with iPlanet Web Server versions
6.0 and prior contains a buffer overflow in the handling of the
'NS-rel-doc-name' URL parameter, allowing a remote attacker to execute
arbitrary code.
The advisory indicates confirmation by the vendor, which fixed this
vulnerability in the latest service packs.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0011.html
*** {02.27.018} Cross - Inktomi Traffic Server traffic_manager command
line overflow
The traffic_manager utility shipped with Inktomi Traffic Server
versions 5.2.2 and prior contains a buffer overflow in the handling
of a long 'path' argument, resulting in the execution of arbitrary
code under root privileges.
This vulnerability is confirmed by the vendor, which published a
workaround that is available at:
http://support.inktomi.com/kb/070202-003.html
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-07/0023.html
*** {02.27.020} Cross - Xircon IRC client large message DoS
The Xircon IRC client version .10B4 contains a denial of service
whereby an attacker sends a large private message to the vulnerable
user, which causes the user to be disconnected from the IRC server.
This vulnerability is not confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0005.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (BSD/OS)
Comment: For info see http://www.gnupg.org
iD8DBQE9LeI2+LUG5KFpTkYRAj40AJoDmxQJy7vI491CD4Oc833AmNCrEgCePZiQ
5xfoOgvBwsF+vpoLopmjPiI=
=2oiC
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
The Center for Internet Security Will Soon Release Benchmark Security
Standards For Securing Apache Servers; SANS Will Launch A New Training
Program Based On The Benchmark on August 28 in DC.
See for course outline: http://www.sans.org/CIS_Apache
Register for the DC Course:
https://registration.sans.org/cgi-bin/SecuringApache_register
----------------------------------------------------------------------
Become a Security Alert Consensus member! If this e-mail was passed
to you and you would like to begin receiving our security e-mail
newsletter on a weekly basis, we invite you to subscribe today.
http://www.sans.org/sansnews/
We are signing the Consensus newsletter
with PGP. The new SANS PGP key is posted at:
http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
also be accessed from the SANS Web site (http://www.sans.org).
Special Note: To better secure your confidential information,
we will no longer include personal URLs in our Consensus
newsletter mailings. Instead, we have created a new form
(http://www.sans.org/sansurl). On this form you can enter the SD
number located near your name at the top of the newsletter. When you
submit this form, an e-mail containing a URL will be sent to you at
the e-mail address on record. With this URL you can make changes to
your account (edit the content of your Consensus mailing, for example)
without endangering the security of your personal URL. If you'd like
to change your e-mail address or other information, please visit your
new URL as described above. If you have any problems or questions,
e-mail us at <consensus
nwc.com>.
If you would like to unsubscribe from this newsletter, grab your SD
number (next to your name at the top of this message) and visit the
URL below. You will be sent a personal URL via E-mail, from which
you can unsubscribe. http://www.sans.org/sansurl
Missed an issue? You can find all back issues of
Security Alert Consensus (and Security Express) online.
http://archives.neohapsis.com/
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2002 Network Computing, a CMP Media LLC
publication. All Rights Reserved. Distributed by Network
Computing (http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]