OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Network Computing and The SANS Institute (sans+ZZ97640888109116493_at_sans.org)
Date: Thu Aug 29 2002 - 15:37:06 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Re: Your personalized newsletter

                       -- Security Alert Consensus --
                           Number 034 (02.34)
                       Thursday, August 29, 2002
                           Created for you by
                 Network Computing and the SANS Institute
                          Powered by Neohapsis

    ----------------------------------------------------------------------

    Welcome to SANS' distribution of the Security Alert Consensus.

    ----------------------------------------------------------------------

    This issue sponsored by SPI Dynamics

    ALERT: Cyber-Warfare's Weapon of Choice- Web App Attacks Firewalls, IDS
    and Access Controls don't stop these attacks because hackers using the
    Web application layer are NOT seen as intruders. Learn why 75% of
    today's successful system hacks involve Web App vulnerabilities, not
    network security flaws. Download this *FREE* white paper from SPI
    Dynamics.

    http://www.spidynamics.com/mktg/webappsecurity20

    ----------------------------------------------------------------------

    An interesting advisory released this week details how it's possible
    to use some Microsoft Word field trickery to create a document that
    can actually display different text to different people at different
    times. This can lead to some interesting situations. Imagine, for
    example, a legal document that while read on the computer screen
    says one thing, but when printed (and signed) says another. Did you
    go back and verify that the printed version matched what you read in
    the electronic version? Didn't think so. Read the details at:
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0274.html

    The only other notable item this week is a mega patch for Internet
    Explorer that fixes six new security vulnerabilities. It's reported
    as item {02.34.002}.

    Until next week,
    --Security Alert Consensus Team

    ************************************************************************

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    TABLE OF CONTENTS:

    {02.34.001} Win - MS02-046: TSAC ActiveX control buffer overflow
    {02.34.002} Win - MS02-047: Cumulative Internet Explorer patch
    {02.34.003} Win - MS02-045: Network share provider buffer overflow/DoS
    {02.34.004} Win - Multiple OmniHTTPd sample CGI CSS vulnerabilities
    {02.34.026} Win - mIRC asctime decoding overflow
    {02.34.006} Linux - Update {02.33.043}: KDE Konqueror ignores SSL
                certificate basic constraints
    {02.34.008} Linux - Multiple Linux kernel vulnerabilities
    {02.34.014} Linux - Update {02.30.024}: Mailman ml-name CGI CSS
                vulnerability
    {02.34.021} Linux - Update {02.23.022}: Bugzilla 2.14.1 multiple
                vulnerabilities
    {02.34.024} Linux - Update {02.32.017}: xinetd signal pipe descriptor
                DoS
    {02.34.007} NW - RconJ authentication bypass
    {02.34.009} SGI - Update {00.35.031}: SGI WorldView Wnn buffer overflow
    {02.34.013} SCO - ndcfg command line overflow
    {02.34.019} SCO - XServer command execution with privileges
    {02.34.022} SCO - Update {02.26.002}: DNS libresolve/resolver buffer
                overflow
    {02.34.005} NApps - LG Electronics LG3100 router DoS
    {02.34.020} NApps - Belkin F5D6130 SNMP DoS
    {02.34.010} Cross - Abyss Web server multiple vulnerabilities
    {02.34.011} Cross - Light IRC script command execution
    {02.34.012} Cross - Achievo CGI config_atkroot code execution
    {02.34.015} Cross - Blazix HTTP server source retrieval and ACL bypass
    {02.34.016} Cross - Mantis CGI private bug viewing
    {02.34.018} Cross - GAIM Manual command execution
    {02.34.023} Cross - Update {02.33.024}: Multiple Postgres function
                buffer overflows
    {02.34.025} Cross - irssi channel topic DoS
    {02.34.017} Tools - Sendmail 8.12.6 available

    - --- Windows News -------------------------------------------------------

    *** {02.34.001} Win - MS02-046: TSAC ActiveX control buffer overflow

    Microsoft released MS02-046 ("TSAC ActiveX control buffer
    overflow"). The Terminal Services Advanced Client ActiveX control
    contains a buffer overflow in the handling of one of the input
    parameters that allows a malicious Web site to execute arbitrary code
    on the user's system.

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/MS02-046.asp

    Source: Microsoft (NT Bugtraq)
    http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0108.html

    *** {02.34.002} Win - MS02-047: Cumulative Internet Explorer patch

    Microsoft released MS02-047 ("Cumulative Internet Explorer
    patch"). This is a cumulative Internet Explorer patch that fixes all
    past security vulnerabilities as well as six new vulnerabilities,
    including the official patch for the Gopher protocol overflow reported
    earlier.

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/MS02-047.asp

    Source: Microsoft (NTBugtraq)
    http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0109.html

    *** {02.34.003} Win - MS02-045: Network share provider buffer
                    overflow/DoS

    Microsoft released MS02-045 ("Network share provider buffer
    overflow/DoS"). The network share provider service included with
    Windows NT, 2000 and XP contains a buffer overflow in the handling
    of certain SMB parameters that allows a remote attacker to crash the
    system, thereby leading to a denial of service attack.

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/MS02-045.asp

    Source: Microsoft (NTBugtraq)
    http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0107.html

    *** {02.34.004} Win - Multiple OmniHTTPd sample CGI CSS vulnerabilities

    Multiple vulnerabilities reportedly exist in the sample CGI scripts
    included with OmniHTTPd. The test.shtml, test.php and redir.exe sample
    scripts all are vulnerable to cross-site scripting.

    These vulnerabilities are not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0263.html
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0264.html
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0266.html

    *** {02.34.026} Win - mIRC asctime decoding overflow

    Versions 6.02 and prior of the mIRC client contain a buffer overflow
    in the handling of data passed to the $asctime function, potentially
    allowing a malicious IRC user or server to execute arbitrary code.

    This vulnerability is confirmed and fixed in version 6.03.

    Source: VulnWatch
    http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0092.html

    - --- Linux News ---------------------------------------------------------

    *** {02.34.006} Linux - Update {02.33.043}: KDE Konqueror ignores SSL
                    certificate basic constraints

    Debian released updated kdelibs packages that fix the vulnerability
    discussed in {02.33.043} ("KDE Konqueror ignores SSL certificate
    basic constraints").

    Updated DEBs are listed at the reference URL below.

    Source: Debian
    http://archives.neohapsis.com/archives/vendor/2002-q3/0044.html

    *** {02.34.008} Linux - Multiple Linux kernel vulnerabilities

    A Red Hat advisory indicates that multiple kernel security
    vulnerabilities exist in the 2.4.18 and prior kernels. All Linux
    kernels are affected.

    It is unknown at this time whether the 2.4.19 Linux kernel fixes
    these problems.

    Updated Red Hat RPMs are available at the reference URL below.

    Source: Red Hat
    http://archives.neohapsis.com/archives/linux/redhat/2002-q3/0060.html

    *** {02.34.014} Linux - Update {02.30.024}: Mailman ml-name CGI CSS
                    vulnerability

    Both Red Hat and Debian rereleased updated mailman packages that
    fix the vulnerability discussed in {02.30.024} ("Mailman ml-name CGI
    CSS vulnerability").

    Updated Red Hat RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0245.html

    Updated Debian DEBs:
    http://archives.neohapsis.com/archives/vendor/2002-q3/0048.html

    Source: Red Hat, Debian
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0245.html
    http://archives.neohapsis.com/archives/vendor/2002-q3/0048.html

    *** {02.34.021} Linux - Update {02.23.022}: Bugzilla 2.14.1 multiple
                    vulnerabilities

    Red Hat released updated bugzilla packages that fix the vulnerability
    discussed in {02.23.022} ("Bugzilla 2.14.1 multiple vulnerabilities").

    Updated RPMs are listed at the reference URL below.

    Source: Red Hat
    http://archives.neohapsis.com/archives/linux/redhat/2002-q3/0058.html

    *** {02.34.024} Linux - Update {02.32.017}: xinetd signal pipe
                    descriptor DoS

    Mandrake released updated xinetd packages that fix the vulnerability
    discussed in {02.32.017} ("xinetd signal pipe descriptor DoS").

    Updated RPMs are listed at the reference URL below.

    Source: Mandrake (SF Bugtraq)
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0279.html

    - --- NetWare News -------------------------------------------------------

    *** {02.34.007} NW - RconJ authentication bypass

    A Novell advisory indicates that RconJ authentication can be bypassed
    when using the Secure IP/SSL option. This allows a remote attacker
    to gain console access to the server.

    A patch is available at:
    http://support.novell.com/servlet/tidfinder/2963349

    Source: Novell (SF Bugtraq)
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0216.html

    - --- SGI News -----------------------------------------------------------

    *** {02.34.009} SGI - Update {00.35.031}: SGI WorldView Wnn buffer
                    overflow

    SGI finally released updated worldview packages that fix the
    vulnerability discussed in {00.35.031} ("SGI WorldView Wnn buffer
    overflow").

    Full patch information is available at the reference URL below.

    Source: SGI
    http://archives.neohapsis.com/archives/vendor/2002-q3/0045.html

    - --- SCO News -----------------------------------------------------------

    *** {02.34.013} SCO - ndcfg command line overflow

    The ndcfg utility contains a buffer overflow in the handling of
    command-line parameters that allows a local attacker to execute
    arbitrary code with elevated privileges.

    The vendor confirmed this vulnerability. Updated binaries are listed
    at the reference URL below.

    Source: Caldera/SCO
    http://archives.neohapsis.com/archives/linux/caldera/2002-q3/0012.html

    *** {02.34.019} SCO - XServer command execution with privileges

    A Caldera/SCO advisory indicates that the XServer does not properly
    drop privileges before executing external commands, thereby allowing
    a local attacker to gain root privileges.

    The vendor confirmed this vulnerability. Updated binaries are listed
    in the reference URL below.

    Source: Caldera/SCO
    http://archives.neohapsis.com/archives/linux/caldera/2002-q3/0014.html

    *** {02.34.022} SCO - Update {02.26.002}: DNS libresolve/resolver
                    buffer overflow

    Caldera/SCO released updates for UnixWare 7.1.1 that fix the
    vulnerability discussed in {02.26.002} ("DNS libresolve/resolver
    buffer overflow").

    Updated UnixWare 7.1.1 binaries are available at:
    ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37

    Source: Caldera/SCO
    http://archives.neohapsis.com/archives/linux/caldera/2002-q3/0013.html

    - --- Network Appliances News --------------------------------------------

    *** {02.34.005} NApps - LG Electronics LG3100 router DoS

    The LG Electronics LG3100f and LG3100p routers contain denial
    of service vulnerabilities that come from buffer overflows in the
    handling of large HTTP and telnet data streams as well as from handling
    malformed TCP packets.

    These vulnerabilities are not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0210.html
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0228.html

    *** {02.34.020} NApps - Belkin F5D6130 SNMP DoS

    The Belkin F5D6130 wireless access point is vulnerable to a remotely
    exploitable denial of service, whereby a flood of particular SNMP
    requests will cause the device to cease to function.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0265.html

    - --- Cross-Platform News ------------------------------------------------

    *** {02.34.010} Cross - Abyss Web server multiple vulnerabilities

    The Abyss Web server version 1.0.3 reportedly contains two
    vulnerabilities: an administration console authentication bypass and
    a reverse directory traversal vulnerability. The end result is that
    remote attackers can access files outside the Web root and change
    configuration settings.

    These vulnerabilities are not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html

    *** {02.34.011} Cross - Light IRC script command execution

    The Light IRC script prior to version 2.7.30p5 contains a vulnerability
    in the handling of channel names that may allow a malicious IRC
    attacker to execute arbitrary script code on the user's system.

    This vulnerability is confirmed and fixed in version 2.7.30p5, which
    is available at:
    ftp://ftp.light.canuck.gen.nz/pub/Light/

    Debian also released updated DEBs, which are listed at:

    Source: SecurityFocus Bugtraq, Debian
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0231.html
    http://archives.neohapsis.com/archives/vendor/2002-q3/0046.html

    *** {02.34.012} Cross - Achievo CGI config_atkroot code execution

    Versions of the Achievo CGI suite prior to 0.8.2 do not properly handle
    the config_atkroot URL parameter, which allows a remote attacker to
    execute arbitrary PHP code on the system.

    The vendor confirmed this vulnerability and released version 0.8.2,
    which is available at:
    http://www.achievo.org/download/

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html

    *** {02.34.015} Cross - Blazix HTTP server source retrieval and ACL
                    bypass

    Versions 1.2.1 and prior of the Blazix HTTP server contain two
    vulnerabilities: retrieval of the source code of server-side scripts
    by appending particular characters to the URL and access to Web
    directories that are explicitly configured to be forbidden.

    The vendor confirmed these vulnerabilities and released version 1.2.2.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0259.html

    *** {02.34.016} Cross - Mantis CGI private bug viewing

    The Mantis CGI suite prior to version 0.17.5 allows a remote attacker
    to view bugs that are otherwise marked private.

    The vendor confirmed this vulnerability and released version 0.17.5.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0253.html
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0255.html

    *** {02.34.018} Cross - GAIM Manual command execution

    GAIM contains a vulnerability in the handling of the 'Manual' browser
    command that could allow a link clicked on by the user to execute
    arbitrary command-line commands.

    Debian confirmed this vulnerability and released updated DEBs, which
    are listed at:
    http://archives.neohapsis.com/archives/vendor/2002-q3/0049.html

    Source: Debian
    http://archives.neohapsis.com/archives/vendor/2002-q3/0049.html

    *** {02.34.023} Cross - Update {02.33.024}: Multiple Postgres function
                    buffer overflows

    Postgres version 7.2.2 was released. It fixes the vulnerability
    discussed in {02.33.024} ("Multiple Postgres function buffer
    overflows").

    The update can be downloaded from:
    ftp://ftp.postgresql.org/pub/sources/v7.2.2

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-08/0258.html

    *** {02.34.025} Cross - irssi channel topic DoS

    The irssi IRC client crashes when a user joins a channel with a
    particularly long topic description. This then leads to a denial of
    service attack.

    Debian released updated DEBs, which are available at the reference
    URL below.

    Source: Debian
    http://archives.neohapsis.com/archives/vendor/2002-q3/0047.html

    - --- Tool Announcements News --------------------------------------------

    *** {02.34.017} Tools - Sendmail 8.12.6 available

    Sendmail version 8.12.6 was released. The new version contains bug
    fixes only; no new security problems are involved.

    The source code can be downloaded at:
    ftp://ftp.sendmail.org/pub/sendmail/

    Source: Sendmail
    http://archives.neohapsis.com/archives/sendmail/2002-q3/0001.html

    ************************************************************************

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (BSD/OS)
    Comment: For info see http://www.gnupg.org

    iD8DBQE9bn8Q+LUG5KFpTkYRAljVAJ42i1vS2svUvuLS0rTnfm3NTqPzPwCeJo7H
    qMhdILThDz22RvpFT75QTWo=
    =Cy5o
    -----END PGP SIGNATURE-----
    ------------------------------------------------------------------------

    This issue sponsored by SPI Dynamics

    ALERT: Cyber-Warfare's Weapon of Choice- Web App Attacks Firewalls, IDS
    and Access Controls don't stop these attacks because hackers using the
    Web application layer are NOT seen as intruders. Learn why 75% of
    today's successful system hacks involve Web App vulnerabilities, not
    network security flaws. Download this *FREE* white paper from SPI
    Dynamics.

    http://www.spidynamics.com/mktg/webappsecurity20

    ----------------------------------------------------------------------

    Become a Security Alert Consensus member! If this e-mail was passed
    to you and you would like to begin receiving our security e-mail
    newsletter on a weekly basis, we invite you to subscribe today.
    http://www.sans.org/sansnews/

    We are signing the Consensus newsletter
    with PGP. The new SANS PGP key is posted at:
    http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
    also be accessed from the SANS Web site (http://www.sans.org).

    Special Note: To better secure your confidential information,
    we will no longer include personal URLs in our Consensus
    newsletter mailings. Instead, we have created a new form
    (http://www.sans.org/sansurl). On this form you can enter the SD
    number located near your name at the top of the newsletter. When you
    submit this form, an e-mail containing a URL will be sent to you at
    the e-mail address on record. With this URL you can make changes to
    your account (edit the content of your Consensus mailing, for example)
    without endangering the security of your personal URL. If you'd like
    to change your e-mail address or other information, please visit your
    new URL as described above. If you have any problems or questions,
    e-mail us at <consensusnwc.com>.

    If you would like to unsubscribe from this newsletter, grab your SD
    number (next to your name at the top of this message) and visit the
    URL below. You will be sent a personal URL via E-mail, from which
    you can unsubscribe. http://www.sans.org/sansurl

    Missed an issue? You can find all back issues of
    Security Alert Consensus (and Security Express) online.
    http://archives.neohapsis.com/

    Your opinion counts. We'd like to hear your thoughts on Security Alert
    Consensus. E-mail any questions or comments to <consensusnwc.com>.

    Copyright (c) 2002 Network Computing, a CMP Media LLC
    publication. All Rights Reserved. Distributed by Network
    Computing (http://www.networkcomputing.com) and The SANS Institute
    (http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
    security assessment and integration services consulting group
    (infoneohapsis.com | http://www.neohapsis.com/).