|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Alert Consensus #024
From: Network Computing and The SANS Institute (sans
sans.org)
Date: Thu Jun 19 2003 - 17:03:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 024 (03.24)
Thursday, June 19, 2003
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below you
should find information pertaining only to the categories you requested.
Information on how to manage your subscription can be found at the
bottom of the newsletter. If you have any problems or questions, please
e-mail us at <consensusnwc.com>.
************************* Begin Advertisement ************************
This issue is sponsored by ISS.
The fastest way into your network might be your CEO's laptop!
Learn how to extend your online security the same way your
mobile users are extending your network in this free whitepaper
from ISS. Discover how to integrate desktop protection into your
overall enterprise security solution to protect remote users.
http://www.iss.net/ad/desk_cmpnetsansdesktopwp061903
************************** End Advertisement *************************
Microsoft released its latest Patterns and Practice guide, entitled
"Improving Web Application Security: Threats and Countermeasures." This
is essentially a 900+ page PDF/e-book that goes over the many types of
security problems challenging Web applications today. The guide also
includes a large number of checklists applicable to many
security-related tasks, such as database and Web server lockdown. All
in all, it's definitely a superb resource for the price (free!).
You can download it at:
http://msdn.microsoft.com/library/en-us/dnnetsec/html/ThreatCounter.asp
Yesterday, the Federal Trade Commission showed there are legal
consequences for organizations that have weak security. Expect a surge
of security audits, demand for better training for system administrators
and application developers, and a quest for "minimum standards of due
care" in security.
The FTC published some educational guidance to help.
FTC Announcement: http://www.ftc.gov/opa/2003/06/guess.htm
FTC Guidance: http://www.ftc.gov/bcp/conline/pubs/buspubs/security.htm
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{03.24.013} Win - Mailtraq multiple vulns
{03.24.017} Win - Snitz Forum CGI password reset vuln
{03.24.001} Linux - Updated patches for previous vulnerabilities
{03.24.012} Linux - getlogin() spoofing vuln
{03.24.015} SGI - IP connections accepted to broadcast address
{03.24.016} SGI - PIOCSWATCH kernel panic DoS
{03.24.002} Cross - Ethereal multiple vulns
{03.24.003} Cross - slashem/nethack -s parameter overflow
{03.24.004} Cross - gnocatan server multiple overflows
{03.24.005} Cross - lyskom-server large query DoS
{03.24.006} Cross - mikmod long archive file name overflow
{03.24.007} Cross - radiusd-cistron NAS-port attribute overflow
{03.24.008} Cross - typespeed networked mode buffer overflow
{03.24.009} Cross - noweb noroff insecure temp file handling
{03.24.010} Cross - ike-scan parameter format string vuln
{03.24.011} Cross - Progress DB utilities trojan library loading
{03.24.014} Cross - Vulnerable PHP applications, 06/17
{03.24.018} Cross - portmon arbitrary file reading/writing
- --- Windows News -------------------------------------------------------
*** {03.24.013} Win - Mailtraq multiple vulns
The mailtraq server version 2.1.0.1302 reportedly contains multiple
vulnerabilities: HTTP Web root escaping; various denial of service
attacks; cross-site scripting; and stored password recovery.
These vulnerabilities are not confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0106.html
*** {03.24.017} Win - Snitz Forum CGI password reset vuln
Snitz Forum CGI suite version 3.4.0.3 reportedly contains a
vulnerability in the password reset process that could allow a remote
attacker to reset the passwords of arbitrary users. A cross-site
scripting attack also was reported.
These vulnerabilities are not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-06/0110.html
- --- Linux News ---------------------------------------------------------
*** {03.24.001} Linux - Updated patches for previous vulnerabilities
The following is a list of Linux vendor patches for vulnerabilities
previously reported in Security Alert Consensus.
- --- Conectiva:
CLA-2003:661: Apache
http://archives.neohapsis.com/archives/linux/conectiva/2003-q2/0042.html
- --- Debian:
DSA-309-2: eterm
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0919.html
DSA-314-1: atftp
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0921.html
DSA-317-1: cupsys
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0930.html
DSA-319-1: webmin
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0935.html
- --- Mandrake:
MDKSA-2003:066: kernel
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0177.html
MDKSA-2003:068: gzip
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0183.html
MDKSA-2003:069: BitchX
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0184.html
Source: Conectiva, Debian, Mandrake
http://archives.neohapsis.com/archives/linux/conectiva/2003-q2/0042.html
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0919.html
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0921.html
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0930.html
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0935.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0177.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0183.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0184.html
*** {03.24.012} Linux - getlogin() spoofing vuln
The getlogin() function used on Linux can be tricked into returning an
arbitrary user name. The man page for getlogin() indicates it should
not be used for security purposes. However, there are a few programs
(like pam_wheel) that do rely on getlogin() for security reasons. The
end result is that local users may be able to gain elevated privileges.
This vulnerability is confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0107.html
- --- SGI News -----------------------------------------------------------
*** {03.24.015} SGI - IP connections accepted to broadcast address
SGI released patches to fix a bug that causes IRIX to accept IP
connections to network broadcast addresses.
Patch information is available at the reference URL below.
Source: SGI
http://archives.neohapsis.com/archives/vendor/2003-q2/0068.html
*** {03.24.016} SGI - PIOCSWATCH kernel panic DoS
SGI released patches to fix a vulnerability whereby local attackers can
use PIOCSWATCH ioctl() calls to cause a kernel panic, which leads to a
denial of service.
Patch information is available at the reference URL below.
Source: SGI
http://archives.neohapsis.com/archives/vendor/2003-q2/0069.html
- --- Cross-Platform News ------------------------------------------------
*** {03.24.002} Cross - Ethereal multiple vulns
The Ethereal network sniffer prior to version 0.9.13 contains multiple
buffer overflow and denial of service vulnerabilities in various
protocol dissectors.
These vulnerabilities are confirmed and fixed in version 0.9.13.
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0920.html
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0182.html
Source: Debian, Mandrake
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0920.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0182.html
*** {03.24.003} Cross - slashem/nethack -s parameter overflow
The slashem and nethack console games contain a buffer overflow in the
handling of the -s command-line parameter, which allows a local attacker
to potentially gain gid 'games'.
This vulnerability is confirmed. Updated Debian DEBs are listed at the
reference URLs below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0925.html
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0929.html
http://archives.neohapsis.com/archives/vendor/2003-q2/0084.html
*** {03.24.004} Cross - gnocatan server multiple overflows
Debian released an advisory indicating the gnocatan server is vulnerable
to various remotely exploitable buffer overflows.
Updated Debian DEBs are listed at the reference URL below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0924.html
*** {03.24.005} Cross - lyskom-server large query DoS
Debian released an advisory indicating the lyskom-server is vulnerable
to a denial of service caused by a remote attacker sending an abnormally
large query.
Updated Debian DEBs are listed at the reference URL below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0934.html
*** {03.24.006} Cross - mikmod long archive file name overflow
Debian released an advisory indicating a long file name within a
malicious archive opened by mikmod can cause a buffer overflow and the
execution of arbitrary code.
Updated Debian DEBs are listed at the reference URL below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0944.html
*** {03.24.007} Cross - radiusd-cistron NAS-port attribute overflow
The radiusd-cistron server contains a buffer overflow in the handling
of NAS-port attributes, which allows a remote attacker to execute
arbitrary code.
This vulnerability is confirmed.
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0946.html
Updated SuSE RPMs:
http://archives.neohapsis.com/archives/linux/suse/2003-q2/0793.html
Source: Debian, SuSE
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0946.html
http://archives.neohapsis.com/archives/linux/suse/2003-q2/0793.html
*** {03.24.008} Cross - typespeed networked mode buffer overflow
The typespeed game, when used in networked game play mode, contains a
buffer overflow that can allow a remote attacker to execute arbitrary
code.
This vulnerability is confirmed. Updated Debian DEBs are listed at the
reference URL below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0993.html
*** {03.24.009} Cross - noweb noroff insecure temp file handling
The noroff utility included in the noweb suite does not securely handle
temporary files, which allows a local attacker to perform a symlink
attack that causes an unsuspecting user to delete files.
This vulnerability is confirmed. Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0994.html
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0994.html
*** {03.24.010} Cross - ike-scan parameter format string vuln
The ike-scan security tool contains a format string vulnerability in
the handling of command-line parameters. On systems where ike-scan is
installed setuid/setgid, this can allow a local attacker to execute
arbitrary code with elevated privileges.
This vulnerability is not confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0101.html
*** {03.24.011} Cross - Progress DB utilities trojan library loading
Various Progress database utilities in versions 9.1D06 and prior use a
user-specified path when searching for external libraries to load. A
local attacker can trick the utilities into loading a trojaned library
and thus execute arbitrary code with elevated privileges.
These vulnerabilities are not confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0102.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0103.html
*** {03.24.014} Cross - Vulnerable PHP applications, 06/17
The following is a list of reportedly vulnerable third-party PHP CGI
applications. These vulnerabilities are not confirmed.
Xoops/E-xoops CMS 2.0: script upload and execution
http://archives.neohapsis.com/archives/vuln-dev/2003-q2/0272.html
Sphera HostingDirector 3.x: multiple vulnerabilities
http://archives.neohapsis.com/archives/vuln-dev/2003-q2/0273.html
pMachine 2.2.1: remote file include code execution
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0104.html
Source: Vuln-Dev, VulnWatch
http://archives.neohapsis.com/archives/vuln-dev/2003-q2/0272.html
http://archives.neohapsis.com/archives/vuln-dev/2003-q2/0273.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0104.html
*** {03.24.018} Cross - portmon arbitrary file reading/writing
The portmon utility version 1.7 reportedly allows local attackers to
read and write to arbitrary files on the system. The vulnerability stems
from allowing the user to specify various log file names to read/write.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-06/0125.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (BSD/OS)
Comment: For info see http://www.gnupg.org
iD8DBQE+8hQd+LUG5KFpTkYRAgnVAJ0ed/fqxHHUb1Um5oTDOvriyhTVdwCeIPXD
lmPx0U9n0QXNtJsTGG2WMmM=
=6hma
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
************************* Begin Advertisement ************************
This issue is sponsored by ISS.
The fastest way into your network might be your CEO's laptop!
Learn how to extend your online security the same way your
mobile users are extending your network in this free whitepaper
from ISS. Discover how to integrate desktop protection into your
overall enterprise security solution to protect remote users.
http://www.iss.net/ad/desk_cmpnetsansdesktopwp061903
************************** End Advertisement *************************
Become a Security Alert Consensus member! If this e-mail was passed to
you and you would like to begin receiving our security e-mail newsletter
on a weekly basis, we invite you to subscribe today.
http://portal.sans.org
We are signing the Consensus newsletter with PGP. The new SANS PGP key
is posted at:
http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
also be accessed from the SANS Web site (http://www.sans.org).
To unsubscribe from this newsletter, or to edit your subscription
information, please go to: http://portal.sans.org/
Missed an issue? You can find back issues of Security Alert Consensus
(and other SANS newsletters) online. http://www.sans.org/newsletters
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2003 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]