|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Network Computing Security Express #014
Network Computing Express (express
list.nwc.com)
Thu, 7 Oct 1999 08:02:19 -0600
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Network Computing Express: "Network Computing Security Express #015"
- Previous message: Network Computing Express: "Network Computing Security Express #013"
Network Computing Security Express #014
10/7/99
-- Number 014 ------------------------------------------------------------
Welcome to the latest edition of Security Express! Below you should find
only the information pertaining to the categories requested. Please
bear in mind that you may receive little or no information in particular
categories--this means no security problems pertaining to those categories
were found this week. If you have any problems or questions, please e-mail
us at us at expressnwc.com.
Enjoy Security Express!
--------------------------------------------------------------------------
Keep Your Network Data Secure! Get the scoop on today's newest security
products!
Our Security Express newsletter now features the latest product
announcements from leaders in computer and information security. Each
week you'll receive new security product announcements. If you would not
like to receive this new source of security industry news, simply log in
to your existing Security Express newsletter profile page at:
http://www.0mm.com/express/login.html (that is zero-M-M ) and select the
{"Check this box if you would NOT like to receive periodic product
announcements from security vendors"} option.
Don't miss these exciting alerts on the newest security products!
If you have any problems or questions, please e-mail us at
expressnwc.com.
If this e-mail was passed to you and you would like to begin receiving our
e-mail newsletter on a weekly basis, we invite you to subscribe today.
Just go to http://www.networkcomputing.com/express/ to become a Security
Express member.
Looking for the latest IT security news, trends and opinions...plus a
chance to discuss vital issues with other security experts like yourself?
Come to Planet IT's Security Technology Center. Planet IT is the
Community for IT Professionals. Visit the Security Tech Center at:
http://www.PlanetIT.com/techcenters/security
-- This week -------------------------------------------------------------
Microsoft was not a fault for the HotMail security hole, according to a
commissioned audit by an unnamed "Top 5" auditing firm. What
that means exactly remains unclear. As one reporter stated, "If I
was the judge at my own trial I'd clear myself too."
This week SANS is hosting Network Security 99 in New Orleans. Next week
The Internet Security Conference (TISC) will be held in Boston. Both
conferences feature many worthwhile sessions and labs regarding security.
We recommend attending as many as possible.
Until next week,
-Security Express Team
-------------------------------------------------------------------------
Centrax 2.3
CyberSafe Corp.
Available Q4 1999
Hands-free intrusion detection. Automates report generation, audit
policies and network-vulnerability assessments.
For more details see: http://www.cybersafe.com
Membership Monitor
Greyware Automation Products
Available now
Membership Monitor is a Windows NT-based service that gives network
administrators automatic notification of changes to NT security by
real-time monitoring of NT user groups.
For more details see: http://www.greyware.com
AirGap (firewall)
Spearhead Technologies
Available October 6th
AirGap topology, which is based on a standard operating system, Pentium
processors and additional proprietary chips developed by Spearhead, is
the key to providing physical isolation for the trusted network.
For more details see: http://www.spearhead.net
Content Inspector(TM)
Computer Software Manufaktur
Available now
Content Inspector(TM) first to combine site blocking, antivirus
protection, Java security, centralized alerting, logging and remote
administration tools in a single software package.
For more details see: http://www.csm-usa.com
ePatrol Scanning Service
ISS
Available now
ISS Extends ePatrol Managed Services -- Launches scanning service to
deliver remote security assessment solutions.
For more details see: http://www.iss.net
Java (TM) Authentication and Authorization Service
Sun
Available now
The Java (TM) Authentication and Authorization Service (JAAS) technology
enables developers to more easily deploy authentication and authorization
control within the Java 2 platform.
For more details see: http://java.sun.com/security
Guardian IPSec VPN
NetGuard
Available now
All the functionality associated with VPN hardware has been implemented on
a PCI-based card that is installed just like an Ethernet card into a NT 4.0
platform. Simply add the Guardian IPSec Accelerator to the Guardian
Firewall for immediate security for both peer-to-peer and peer-to-client
communications.
For more details see http://www.ntfirewall.com
NetCrusader/Web
Gradient Technologies
Available now
NetCrusader/Web provides fine-grained user authentication and access
control for Web content aimed at Microsoft and Netscape Web servers.
For more details see http://www.gradient.com
SecuritE-Guard
Meta Security Group
Available now
SecuritE-Guard service detects security defects in a company's
e-commerce and telecom infrastructures, providing a "virtual security
staff" to "beat hackers to the hole" before a serious breach
occurs.
For more details see http://www.metasecuritygroup.com/
---------------------------------------------------------
Key Area: Windows
Key Element: Messaging
Multiple vulnerabilities in Internet Anywhere Mail Server
Internet Anywhere Mail Server version 2.3.1 has many
denial-of-service attacks that would allow an attacker to
crash the service by sending various long command lines to
the POP3 and SMTP services. Also all account passwords are
stored in plaintext within msgboxes.dbf configuration file.
-The denial of service attacks have been fixed in version
3.1; however, the plaintext password storage has not
currently been fixed. You can download the latest version
from True North Software's home page:
http://www.tnsoft.com/
Source: NTBugtraq
http://www.security-express.com/archives/ntbugtraq/0230.html
---------------------------------------------------------
Key Area: Windows
Key Element: Information Publishing
Follow-up to "Domain Resolution" and "FTP Download" vulnerabilities
Microsoft has released a patch for the "Domain Resolution"
and "FTP Download" vulnerabilities found in IIS 4.0 and
MCIS 2.5.
-FAQ and patch:
http://www.microsoft.com/security/bulletins/ms99-039faq.asp
Source: Microsoft
http://www.security-express.com/archives/vendor/0108.html
----
Flaws in Mediahouse Statistics Server
Mediahouse Statistics Server v4.28 & 5.01 are subject
to a denial of service where an attacker can crash the
Web service by sending a long URL. Also, the configuration
file (typically located at c:\StatisticsServer\ss.cfg)
contains plaintext passwords readable by everyone.
-No patches have been made available. We suggest you
remove read access from ss.cfg for Everyone/Authenticated
Users, and block traffic to Port 80 of this system on
an upstream router, if available.
Source: Bugtraq
http://www.security-express.com/archives/bugtraq/1141.html
----
TeamTrack server allows unrestricted file access
TeamShare's TeamTrack server includes a Web server for use
in remote access. This included Web server, however, allows
for anyone to retrieve restricted files from the system by
using ../../ notation.
-The issue will be fixed in TeamTrack 4.0, which is to be
released early in the year 2000. In the meantime,
TeamShare gives instructions on how to use other commercial
Web servers in place of their (vulnerable) Web server
(a user name/password is required to log in):
http://www.teamtrack.com/support/kbase/ReadmeSP4.txt
Source: Bugtraq
http://www.security-express.com/archives/bugtraq/1154.html
----
Denial of service in Sambar Web Server
Sambar Web Server 4.2.1 contains a denial of service that
an attacker can use to crash the service when given a long URL.
-No patches have been made available. Sambar home page:
http://www.sambar.com/
Source: Bugtraq
http://www.security-express.com/archives/bugtraq/1157.html
---------------------------------------------------------
Key Area: Windows
Key Element: Applications
Solution to IE 5 "Download Behavior" vulnerability
Microsoft has released MS99-040 which details the solution
for the "Download Behavior" bug, which lets malicious
Web sites to retrieve files from a users computer or
intranet.
-Microsoft indicates a patch is forthcoming, but until then
you should disable Active Scripting in IE. The FAQ is
located at:
http://www.microsoft.com/security/bulletins/MS99-040faq.asp
Source: Microsoft
http://www.security-express.com/archives/vendor/0105.html
----
Yahoo! Messenger denial of service
Yahoo! Messenger Build 733 contains a denial of service
whereby an attacker can send garbled data to Port 5010 and
cause Messenger to crash.
-Build 734 seems to correct the issue.
Source: Bugtraq
http://www.security-express.com/archives/bugtraq/1104.html
----
Follow-up to "RASMAN Security Descriptor" vulnerability
Microsoft has released a patch for the "RASMAN Security
Descriptor," which allows an attacker to remotely change
RASMAN registry keys, thereby running programs under
LocalSystem context.
-FAQ and patch:
http://www.microsoft.com/security/bulletins/MS99-041faq.asp
Source: Microsoft
http://www.security-express.com/archives/vendor/0107.html
----
Insecure registry permissions
Windows NT Server and Workstation have been found to
contain insecure registry permissions on the AeDebug key
found under:
\HKLM\Software\Microsoft\Windows NT\Currentversion
This key, by default, has permissions that allow domain
users to change values, which would allow them to choose
applications to run on a program crash (the debugger to
run). Furthermore, the SCM (Security Configuration
Manager) misconfigures this key when using the basicdc4,
basicsv4, basicwk4, or comp4dc profiles.
-Remove any access by the Everyone/Authenticated Users
group from this key.
Source: Bugtraq
http://www.security-express.com/archives/bugtraq/1158.html
---------------------------------------------------------
Key Area: Windows
Key Element: Network Level Security
NT SP5 has predictable ISNs
Reports have indicated that Windows NT with Service Pack
5 still have predictable Initial Sequence Numbers (ISNs)
on their IP packets. Predictable ISNs let an attacker
spoof and hijack connections to and from the system.
-No patches have currently been released.
Source: Bugtraq
http://www.security-express.com/archives/bugtraq/1099.html
---------------------------------------------------------
Key Area: Linux and BSD
Key Element: Messaging
RedHat rpmmail remote vulnerability
Rpmmail shipped with RedHat 6.0 has a bug that lets
an attacker run arbitrary commands under rpmmail's
user context (typically root) remotely by sending an e-mail
to the rpmmail process with command-line commands in the
From: field.
-No patches have been made available. We suggest you
disable rpmmail (remove it from your /etc/aliases file)
until further notice.
Source: Bugtraq
http://www.security-express.com/archives/bugtraq/1177.html
---------------------------------------------------------
Key Area: Linux and BSD
Key Element: Information Publishing
ARCAD file insecurities
ARCAD 0.078-5 from ARCAD Systemhaus installs files with
world-writable permissions, which could allow an attacker
to modify the files and/or substitute trojan horse scripts.
-Change the permissions on all the directories and
executable files to 755, and all non-executable files to
644.
Source: Bugtraq
http://www.security-express.com/archives/bugtraq/1120.html
---------------------------------------------------------
Key Area: Linux and BSD
Key Element: Applications
cdaa2cdr buffer overflow
Cdaa2cdr distributed with cdwtools-0.93-78 contains a
buffer overflow that would allow an attacker to gain
read/write privilege to your entire file system (gid disk).
-No patches have been made available. We recommend removing
the sgid bit from cdaa2cdr.
Source: Bugtraq
http://www.security-express.com/archives/bugtraq/1138.html
----
SuSE mirror allows creation of files
Mirror-2.8.f4 included with SuSE (and possibly other Linux
distributions) allows creation of files above the current
directory. The problem is due to mirror trying to duplicate
FTP sites that may have symlinks containing ../../
notation--mirror will execute the reverse transversal and
attempt to make that file.
-SuSE has made updated packages available:
ftp://ftp.suse.com/pub/suse/i386/update/5.3/n1/mirror-2.8.f4-89.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/mirror-2.8.f4-89.i386.rpm
ftp://ftp.suse.com/pub/suse/axp/update/6.1/n1/mirror-2.8.f4-89.alpha.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/mirror-2.8.f4-89.i386.rpm
We suggest you check with your Linux vendor to see if your
distribution has updates as well.
Source: SuSE
http://www.security-express.com/archives/vendor/0111.html
---------------------------------------------------------
Key Area: Linux and BSD
Key Element: Network Level Security
Linux 2.2.x has predictable ISNs
Reports have indicated that the Linux kernel version
2.2.x has a flaw that gives predictable Initial Sequence
Numbers (ISNs). This flaw would allow attackers to spoof
and hijack connections to and from the system.
-A third-party patch has been made available:
http://kernelnotes.org/lnxlists/linux-kernel/lk_9909_04/msg00664.html
Source: Bugtraq
http://www.security-express.com/archives/bugtraq/1101.html
---------------------------------------------------------
Key Area: Other
Key Element: Information Publishing
Follow up to AIX 4.3.2 ftpd vulnerability
IBM has released an updated ftpd for AIX 4.3.2 that fixes a
buffer overflow that allowed remote attackers to execute
arbitrary code on the system.
-The new ftpd for 4.3.2 can be downloaded from:
ftp://aix.software.ibm.com/aix/efixes/security/ftpd.tar.Z
Source: IBM (Bugtraq)
http://www.security-express.com/archives/bugtraq/1109.html
----
iHTML Merchant allows retrieval/overwriting of files
A vulnerability in files included with iHTML Merchant could
allow an attacker to overwrite or retrieve files on the
server.
-A patch has been posted:
http://www.ihtmlmerchant.com/support_patches_feedback.htm
Source: Bugtraq
http://www.security-express.com/archives/bugtraq/1103.html
----
Patch for Cold Fusion undocumented features released
Allaire has released a patch that fixes the undocumented
tags and functions found in Cold Fusion 4.0 servers.
These tags and functions allow a local developer to gain
full access to the system, and enable many denial of
service attacks.
-ASB99-10 patch information and download:
http://www1.allaire.com/handlers/index.cfm?ID=12286&Method=Full
Source: Allaire
http://www.security-express.com/archives/vendor/0106.html
----
mini-sql buffer overflow
There is a buffer overflow found in w3-auth that comes
with mSql from Hughes Technology. The buffer overflow
lets authenticated db admins run arbitrary commands
under the context of the Web server (typically nobody). An
exploit has been released.
-No patches have been made available. We suggest you
disable the w3-auth CGI.
Source: Bugtraq
http://www.security-express.com/archives/bugtraq/1127.html
---------------------------------------------------------
Key Area: Other
Key Element: Applications
Cactus Software Shell-lock vulnerability
Cactus Software publishes a Unix utility named Shell-lock
that supposedly encrypts and secures Unix shell scripts.
It was found, however, that the original scripts can be
extracted and decoded, and under certain circumstances,
Shell-lock generated executables can be used to run
commands as root.
-No patches have been made available. We suggest you do not
use utilities such as Shell-lock as a concrete form of
security.
Source: L0pht (Bugtraq)
http://www.security-express.com/archives/bugtraq/1182.html
----
Patches available for ssh denial of service
Ssh 1.2.27 features a denial of service attack whereby a
race condition exists when using authentication sockets.
This could allow an attacker to overwrite or create root
owned files in the file system.
-A third-party patch has been made available:
http://www.security-express.com/archives/bugtraq/1137.html
Source: Bugtraq
http://www.security-express.com/archives/bugtraq/1137.html
----
Remotely crash X-Window terminals
Many X-Window terminals have been found to crash when
given overly long window title commands. Affected terminals
include kvt and xterm.
-A third-party patch has been made available for kvt:
http://www.security-express.com/archives/bugtraq/1176.html
No patches have yet been made for xterm.
Source: Bugtraq
http://www.security-express.com/archives/bugtraq/1113.html
---------------------------------------------------------
If this e-mail was passed to you and you would like to begin receiving
our e-mail newsletter on a weekly basis, we invite you to subscribe
today. Just go to http://www.networkcomputing.com/express/ to become
a Security Express member.
We'd like to know what you think about the newsletter and what
information you'd like to see in future editions. E-mail your
comments to mailto:comments to mailto:expressnwc.com.
If you'd like to change your account information or unsubscribe
from this newsletter please go to http://www.0mm.com/express/login.html.
Copyright 1999 CMP Media Inc. A service of Network Computing.
All Rights Reserved. Reproduction in whole or in part in any form or
medium without express written permission of Network Computing, is
prohibited.
Distributed by MessageMedia, Inc. -- http://www.messagemedia.com/
- Next message: Network Computing Express: "Network Computing Security Express #015"
- Previous message: Network Computing Express: "Network Computing Security Express #013"
This archive was generated by hypermail 2.0b3 on Thu Oct 07 1999 - 09:01:24 CDT