|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Alert Consensus #012
From: Network Computing and The SANS Institute (sans+ZZ26931041914097399
sans.org)
Date: Thu Mar 27 2003 - 15:27:34 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 012 (03.12)
Thursday, March 27, 2003
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below
you should find information pertaining only to the categories you
requested. Information on how to manage your subscription can be found
at the bottom of the newsletter. If you have any problems or questions,
please e-mail us at <consensusnwc.com>.
************************* Begin Advertisement ************************
This issue sponsored by SPI Dynamics.
ALERT: How a Hacker Launches a SQL Injection Attack -- Step-by-Step!
It's as simple as placing additional SQL commands into an input box on
a Web form giving hackers complete access to all your backend data!
Firewalls and IDS will not stop SQL Injection attempts because they are
NOT seen as intrusions.
Download this *FREE* white paper from SPI Dynamics for a complete guide
to protection!
http://www.spidynamics.com/mktg/sqlinjection36
************************** End Advertisement *************************
A large RPC vulnerability affecting many Unix-based systems surfaced
late last week. More information is reported in {03.12.004}. Microsoft
also released a patch that fixes a buffer overflow in Windows'
JavaScript support. This overflow can be exploited via a malicious
Web page read by Internet Explorer. Further information is found in
item {03.12.016}. Other vendors continue to release patches for the
previously announced OpenSSL and Kerberos attacks, Samba overflows
and the Linux kernel ptrace bug.
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{03.12.016} Win - MS03-008: JScript engine sort overflow
{03.12.017} Win - MS03-009: ISA DNS IDS DoS
{03.12.001} Linux - Update {03.08.017}: Terminal escape sequence
vulnerabilities
{03.12.003} Linux - Update {03.09.017}: NetPBM multiple vulnerabilities
{03.12.005} Linux - Update {03.11.005}: Linux 2.2/2.4 ptrace
vulnerability
{03.12.007} Linux - Vulnerable PHP applications 03/25
{03.12.008} Linux - Update {03.10.004}: MySQL my.cnf user override
{03.12.010} Linux - Update {03.09.018}: file utility local overflow
{03.12.011} Linux - Update {03.11.020}: Qpopper qvnsprintf overflow
{03.12.012} Linux - Update {03.10.009}: Ethereal SOCKS decoder format
string vulnerability
{03.12.015} Linux - Update {03.10.019}: LXR CGI v parameter file reading
{03.12.002} Cross - Update {03.11.010}: OpenSSL timing attack/private
key disclosure
{03.12.004} Cross - xdrmem getbytes RPC overflow
{03.12.006} Cross - Update {03.11.024}: Kerberos v4 protocol weaknesses
{03.12.009} Cross - Mutt IMAP client folder overflow
{03.12.013} Cross - Update {03.11.009}: Samba packet reassembly overflow
{03.12.014} Cross - bonsai CGI multiple vulnerabilities
{03.12.018} Cross - Checkpoint FW1 NG syslog DoS
{03.12.019} Cross - Ximian Evolution multiple vulnerabilities 3/25
{03.12.020} Cross - apcupsd multiple vulnerabilities
- --- Windows News -------------------------------------------------------
*** {03.12.016} Win - MS03-008: JScript engine sort overflow
Microsoft released MS03-008 ("Script engine sort overflow"). The
internal JScript JsArrayFunctionHeapSort function contains an integer
overflow that allows a malicious Web site or e-mail to execute
arbitrary code on the user's system.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS03-008.asp
Source: Microsoft
http://archives.neohapsis.com/archives/microsoft/2003-q1/0012.html
*** {03.12.017} Win - MS03-009: ISA DNS IDS DoS
Microsoft released MS03-009 ("ISA DNS IDS DoS"). The DNS intrusion
detection filter of ISA Server stops forwarding requests upon receipt
of a particular malformed DNS packet, resulting in a denial of service.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS03-009.asp
Source: Microsoft
http://archives.neohapsis.com/archives/microsoft/2003-q1/0011.html
- --- Linux News ---------------------------------------------------------
*** {03.12.001} Linux - Update {03.08.017}: Terminal escape sequence
vulnerabilities
Mandrake released updated rxvt packages, which fix the vulnerabilities
discussed in {03.08.017} ("Terminal escape sequence vulnerabilities").
Updated RPMs are listed at the reference URL below.
Source: Mandrake
http://archives.neohapsis.com/archives/linux/mandrake/2003-q1/0212.html
*** {03.12.003} Linux - Update {03.09.017}: NetPBM multiple
vulnerabilities
Mandrake released updated NetPBM packages, which fix the
vulnerabilities discussed in {03.09.017} ("NetPBM multiple
vulnerabilities").
Updated RPMs are listed at the reference URL below.
Source: Mandrake
http://archives.neohapsis.com/archives/linux/mandrake/2003-q1/0214.html
*** {03.12.005} Linux - Update {03.11.005}: Linux 2.2/2.4 ptrace
vulnerability
SuSE released updated kernel packages, which fix the vulnerability
discussed in {03.11.005} ("Linux 2.2/2.4 ptrace vulnerability").
Updated RPMs are listed at the reference URL below.
Source: SuSE
http://archives.neohapsis.com/archives/linux/suse/2003-q1/0872.html
*** {03.12.007} Linux - Vulnerable PHP applications 03/25
The following is a list of reportedly vulnerable third-party PHP CGI
applications. These vulnerabilities are not confirmed.
PHP Nuke 5.6-6.5: SQL injection; file viewing
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0146.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0147.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0365.html
PHP Web Chat 2.0: cross-site scripting
http://archives.neohapsis.com/archives/bugtraq/2003-03/0358.html
VChat 1.0: message recovery; denial of service
http://archives.neohapsis.com/archives/bugtraq/2003-03/0363.html
SimpleChat: user/data file recovery
http://archives.neohapsis.com/archives/bugtraq/2003-03/0336.html
Guestbook tr3.a 1.0: application password file recovery
http://archives.neohapsis.com/archives/bugtraq/2003-03/0323.html
XOOPS 2.0: path disclosure
http://archives.neohapsis.com/archives/bugtraq/2003-03/0311.html
paFileDB 3.1: SQL injection
http://archives.neohapsis.com/archives/bugtraq/2003-03/0346.html
Source: VulnWatch, SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0146.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0147.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0358.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0363.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0336.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0323.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0365.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0311.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0346.html
*** {03.12.008} Linux - Update {03.10.004}: MySQL my.cnf user override
EnGarde released updated MySQL packages, which fix the vulnerability
discussed in {03.10.004} ("MySQL my.cnf user override").
Updated RPMs are listed at the reference URL below.
Source: EnGarde
http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0018.html
*** {03.12.010} Linux - Update {03.09.018}: file utility local overflow
SuSE released updated file packages, which fix the vulnerability
discussed in {03.09.018} ("file utility local overflow").
Updated RPMs are listed at the reference URL below.
Source: SuSE
http://archives.neohapsis.com/archives/linux/suse/2003-q1/0823.html
*** {03.12.011} Linux - Update {03.11.020}: Qpopper qvnsprintf overflow
SuSE released updated qpopper packages, which fix the vulnerability
discussed in {03.11.020} ("Qpopper qvnsprintf overflow").
Updated RPMs are listed at the reference URL below.
Source: SuSE
http://archives.neohapsis.com/archives/linux/suse/2003-q1/0825.html
*** {03.12.012} Linux - Update {03.10.009}: Ethereal SOCKS decoder
format string vulnerability
SuSE released updated Ethereal packages, which fix the vulnerability
discussed in {03.10.009} ("Ethereal SOCKS decoder format string
vulnerability").
Updated RPMs are listed at the reference URL below.
Source: SuSE
http://archives.neohapsis.com/archives/linux/suse/2003-q1/0827.html
*** {03.12.015} Linux - Update {03.10.019}: LXR CGI v parameter file
reading
Debian released updated LXR packages, which fix the vulnerability
discussed in {03.10.019} ("LXR CGI v parameter file reading").
Updated DEBs are listed at the reference URL below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0818.html
- --- Cross-Platform News ------------------------------------------------
*** {03.12.002} Cross - Update {03.11.010}: OpenSSL timing
attack/private key disclosure
Multiple vendors released updated OpenSSL packages, which fix the
vulnerability discussed in {03.11.010} ("OpenSSL timing attack/private
key disclosure").
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/linux/mandrake/2003-q1/0213.html
Updated Caldera RPMs:
http://archives.neohapsis.com/archives/linux/caldera/2003-q1/0022.html
FreeBSD branches as of Mar. 21, 2003, contain fixes.
OpenBSD patch information:
http://archives.neohapsis.com/archives/openbsd/2003-03/1592.html
EnGarde RPMs:
http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0016.html
Source: Mandrake, Caldera, FreeBSD, OpenBSD, EnGarde
http://archives.neohapsis.com/archives/linux/mandrake/2003-q1/0213.html
http://archives.neohapsis.com/archives/linux/caldera/2003-q1/0022.html
http://archives.neohapsis.com/archives/freebsd/2003-03/0191.html
http://archives.neohapsis.com/archives/openbsd/2003-03/1592.html
http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0016.html
*** {03.12.004} Cross - xdrmem getbytes RPC overflow
The xdrmem_getbytes() RPC function used by Sun libnsl, BSD libc and
Linux glibc (as well as other libraries based on/derived from these
sources) contains a buffer overflow that could allow the remote
execution of arbitrary code. This vulnerability is confirmed.
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/linux/mandrake/2003-q1/0215.html
Updated Red Hat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0075.html
MIT Krb5 patch:
http://archives.neohapsis.com/archives/bugtraq/2003-03/0290.html
Updated Caldera RPMs:
http://archives.neohapsis.com/archives/linux/caldera/2003-q1/0021.html
Various FreeBSD branches as of Mar. 20, 2003, contain the fix.
Updated EnGarde RPMs:
http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0017.html
Updated SCO binaries:
http://archives.neohapsis.com/archives/linux/caldera/2003-q1/0020.html
Source: CERT, VulnWatch, Mandrake, Red Hat, Caldera/SCO, EnGarde,
FreeBSD, SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/cc/2003-q1/0009.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q1/0215.html
http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0075.html
http://archives.neohapsis.com/archives/linux/caldera/2003-q1/0021.html
http://archives.neohapsis.com/archives/linux/caldera/2003-q1/0020.html
http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0017.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0290.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0303.html
*** {03.12.006} Cross - Update {03.11.024}: Kerberos v4 protocol
weaknesses
Debian and OpenBSD released krb updates, which fix the vulnerability
discussed in {03.11.024} ("Kerberos v4 protocol weaknesses").
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0951.html
OpenBSD patch information:
http://archives.neohapsis.com/archives/openbsd/2003-03/1858.html
Source: Debian, OpenBSD
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0951.html
http://archives.neohapsis.com/archives/openbsd/2003-03/1858.html
*** {03.12.009} Cross - Mutt IMAP client folder overflow
Mutt prior to versions 1.4.1 and 1.5.4 contain a buffer overflow in
the IMAP client code that allows a malicious IMAP server to execute
arbitrary code on the user's system.
This vulnerability is confirmed.
Updated SuSE RPMs:
http://archives.neohapsis.com/archives/linux/suse/2003-q1/0846.html
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0959.html
Source: SecurityFocus Bugtraq, SuSE, Debian
http://archives.neohapsis.com/archives/bugtraq/2003-03/0293.html
http://archives.neohapsis.com/archives/linux/suse/2003-q1/0846.html
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0959.html
*** {03.12.013} Cross - Update {03.11.009}: Samba packet reassembly
overflow
Multiple vendors released updated Samba packages, which fix the
vulnerability discussed in {03.11.009} ("Samba packet reassembly
overflow").
Updated SuSE RPMs:
http://archives.neohapsis.com/archives/linux/suse/2003-q1/0800.html
IRIX update information:
http://archives.neohapsis.com/archives/vendor/2003-q1/0086.html
Updated Red Hat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0074.html
Source: SuSE, SGI, Red Hat
http://archives.neohapsis.com/archives/linux/suse/2003-q1/0800.html
http://archives.neohapsis.com/archives/vendor/2003-q1/0086.html
http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0074.html
*** {03.12.014} Cross - bonsai CGI multiple vulnerabilities
Debian reported that the bonsai CVS CGI suite contains multiple
vulnerabilities: cross-site scripting errors; execution of arbitrary
code; and access to configuration information.
Updated Debian DEBs are listed at the reference URL below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0893.html
*** {03.12.018} Cross - Checkpoint FW1 NG syslog DoS
Checkpoint FW1 NG FP3 contains a denial of service vulnerability in the
syslog service that could allow a remote attacker to cause the service
to crash. Versions between FP3 and FP3 HF2 are indicated as vulnerable.
This vulnerability is not confirmed. The advisory indicates FP3 HF2
fixes the problem.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-03/0313.html
*** {03.12.019} Cross - Ximian Evolution multiple vulnerabilities 3/25
Red Hat released an advisory indicating that Ximian Evolution
contains multiple vulnerabilities: denial of service by crashing
the application; denial of service via resource starvation; and
circumvention of security restrictions.
Updated RPMs are listed at the reference URL below.
Source: Red Hat
http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0079.html
*** {03.12.020} Cross - apcupsd multiple vulnerabilities
The apcupsd APC UPS daemon contains multiple remotely exploitable
format string buffer overflows that allow the execution of arbitrary
code.
Updated Caldera RPMs are listed at the reference URL below.
Source: Caldera
http://archives.neohapsis.com/archives/linux/caldera/2003-q1/0023.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (BSD/OS)
Comment: For info see http://www.gnupg.org
iD8DBQE+g2Zu+LUG5KFpTkYRAtJ6AKCA1QZoVNnjsgnaiFnGgDdpOTfihgCfbgfj
wmrHyzO/IcNCdEJsULXXgQo=
=dfrn
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
************************* Begin Advertisement ************************
This issue sponsored by SPI Dynamics.
ALERT: How a Hacker Launches a SQL Injection Attack -- Step-by-Step!
It's as simple as placing additional SQL commands into an input box on
a Web form giving hackers complete access to all your backend data!
Firewalls and IDS will not stop SQL Injection attempts because they are
NOT seen as intrusions.
Download this *FREE* white paper from SPI Dynamics for a complete guide
to protection!
http://www.spidynamics.com/mktg/sqlinjection36
************************** End Advertisement *************************
Become a Security Alert Consensus member! If this e-mail was passed
to you and you would like to begin receiving our security e-mail
newsletter on a weekly basis, we invite you to subscribe today.
http://www.sans.org/sansnews/
We are signing the Consensus newsletter
with PGP. The new SANS PGP key is posted at:
http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
also be accessed from the SANS Web site (http://www.sans.org).
Special Note: To better secure your confidential information,
we will no longer include personal URLs in our Consensus
newsletter mailings. Instead, we have created a new form
(http://www.sans.org/sansurl). On this form you can enter the SD
number located near your name at the top of the newsletter. When you
submit this form, an e-mail containing a URL will be sent to you at
the e-mail address on record. With this URL you can make changes to
your account (edit the content of your Consensus mailing, for example)
without endangering the security of your personal URL. If you'd like
to change your e-mail address or other information, please visit your
new URL as described above. If you have any problems or questions,
e-mail us at <consensusnwc.com>.
If you would like to unsubscribe from this newsletter, grab your SD
number (next to your name at the top of this message) and visit the
URL below. You will be sent a personal URL via E-mail, from which
you can unsubscribe.
http://www.sans.org/sansurl
Missed an issue? You can find back issues of Security Alert Consensus
(and other SANS newsletters) online. http://www.sans.org/newsletters/
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2003 Network Computing, a CMP Media LLC
publication. All Rights Reserved. Distributed by Network
Computing (http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]