Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SAC/Security Express> 2000

Security Express Archives: Network Computing Security Express #

Network Computing Security Express #023

Subject: Network Computing Security Express #023
From: Network Computing Express (expresslist.nwc.com)
Date: Thu Dec 09 1999 - 09:09:07 CST

Next message: Network Computing Express: "Network Computing Security Express #024"
Previous message: Network Computing Express: "Network Computing Security Express #022"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Network Computing Security Express #023
12/9/99
-- Number 023 ------------------------------------------------------------

Welcome to the latest edition of Security Express! Below you should
find only the information pertaining to the categories you requested.
Please bear in mind that you may have little or no information in
particular categories--this means no security problems pertaining to
those categories were found this week. If you have any problems or
questions, please e-mail us at expressnwc.com.

Enjoy Security Express!

--------------------------------------------------------------------------
Now you can get the scoop on the newest security products with Security
Express! Each week, you'll receive new security product announcements
from leaders in computer and information security. If you do not want
to receive this new source of security industry news, simply log into
your existing Security Express newsletter profile page at:
http://www.0mm.com/express/login.html (that is zero-M-M ) and select the
"Check this box if you would NOT like to receive periodic product
announcements from security vendors" option.

--------------------------------------------------------------------------

Don't miss these exciting alerts on the latest security products!

If you have any problems or questions, please e-mail us at
expressnwc.com.

If this e-mail was passed to you and you would like to begin receiving our
e-mail newsletter on a weekly basis, we invite you to subscribe today.
Just go to http://www.networkcomputing.com/express/ to become a Security
Express member.

--------------------------------------------------------------------------

Looking for the latest IT security news, trends and opinions...plus a
chance to discuss vital issues with other security experts like yourself?
Come to Planet IT's Security Technology Center. Planet IT is the
community for IT professionals. Visit the Security Tech Center at:
http://www.PlanetIT.com/techcenters/security

--------------------------------------------------------------------------

In case you haven't heard, Windows NT 4.0 with Service Pack 6a has been
evaluated at C2 level. You can get more information on the subject at
http://www.microsoft.com/security/issues/C2Evaluation.asp

Until next week,
-Security Express Team

-------------------------------------------------------------------------

---------------------------------------------------------

Key Area: Windows
Key Element: Information Publishing

Denial of service in Serv-U FTP
A denial of service has been found in Serv-U FTP version 2.5a that lets
an attacker cause a buffer overflow in the SITE command.

-No patches have been made available. Serv-U homepage:

http://ftpserv-u.deerfield.com/
Source: Technotronic
http://www.security-express.com/archives/hacker/0082.html

---------------------------------------------------------

Key Area: Windows
Key Element: Applications

Patch for 'WPAD Spoofing' available.
Microsoft has released a patch for the Web Proxy Autodection
(WPAD) spoofing vulnerability in Internet Explorer. The
vulnerability could let an attacker register
a "wpad" DNS name and receive browser requests.

-Patch and FAQ:

http://www.microsoft.com/security/bulletins/MS99-054faq.asp
Source: Microsoft
http://www.security-express.com//archives/vendor/0149.html

----

Patch available for the 'Multithreaded SSL ISAPI Filter' vulnerability Microsoft has released a patch for the 'Multithreaded SSL ISAPI Filter' vulnerability, which fixes a bug that made it possible to send a packet of SSL data unencrypted.

-Patch and FAQ:

http://www.microsoft.com/security/bulletins/MS99-053faq.asp Source: Microsoft http://www.security-express.com/archives/vendor/0150.html

----

Denial of service in CommuniGatePro CommuniGatePro version 3.1 contains a buffer overflow that lets a remote attack launch a denial of service attack against the application, which results in the service crashing.

-The new 3.2 betas solve this problem.

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0209.html

----

Denial of service in GoodTech Telnet Server GoodTech Telnet Server NT version 2.2.1 has a buffer overflow that lets a remote attacker crash the service by sending an overly long user name.

-No patches have been made available. Homepage:

http://www.goodtechsys.com/ Source: Bugtraq http://www.security-express.com/archives/bugtraq/0223.html

---------------------------------------------------------

Key Area: Solaris Key Element: Applications

arp and chkperm allow reading of bin-owned files The arp and chkperm binaries shipped with Solaris 2.6 and 2.7 are sgid bin by default. Both binaries contain a bug that lets a local user read a file that is owned by the user "bin."

-No patches have been made available. You can safely remove the sgid bin permission from arp.

Source: Bugtraq http://www.security-express.com//archives/bugtraq/0154.html

----

Buffer overflow in snoop Solaris 2.7's snoop is vulnerable to a buffer overflow when used in verbose (-v) mode. When logging an overly long domain name, it is possible for snoop to execute arbitrary code (as root).

-No patches have been made available.

Source: Technotronic http://www.security-express.com/archives/hacker/0085.html

---------------------------------------------------------

Key Area: Linux and BSD Key Element: Applications

Vulnerabilities in FreeBSD's gated A few vulnerabilities have been found in gated version 3.5.11. The problem rises from the fact that gated is set with suid 'bin' in FreeBSD Release 3.3. The vulnerabilities include a local elevation of privilege by two different buffer overflows, and the ability to overwrite any file by using symlinks.

-No patches have been made available.

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0146.html

----

Multiple FreeBSD 3.3 vulnerabilities FreeBSD Release 3.3, by default, comes with many suid applications that are susceptible to buffer overflows and other bugs.

-The vulnerabilities in seyon have been fixed, and are available with the current FreeBSD released. The maintainers of xmindpath have not yet corrected the problem in xmindpath. The vulnerabilities in angband have been fixed as well.

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0148.html

----

New fixes available for Slakware Linux Slakware has released updated packages that correct many vulnerabilities. Packages include: nfs-server.tgz, bind.tgz, ping.tgz, imap.tgz, raidtool.tgz, sh_utils.tgz, sysvinit.tgz, write.tgz, and wuftpd.tgz. All packages correct vulnerabilties of some sort.

-The new patches can be downloaded from:

ftp://ftp.cdrom.com:/pub/linux/slackware-7.0/patches Source: Bugtraq http://www.security-express.com/archives/bugtraq/0165.html

----

New version of dump for Debian Debian has released a new dump package that fixes a bug that lets a local user corrupt files by using symlinks during a dump restore.

-New packages are available for download: http://security.debian.org/dists/stable/updates/ binary-alpha/dump_0.4b9-0slink1_lpha.deb http://security.debian.org/dists/stable/updates/ binary-i386/dump_0.4b9-0slink1_386.deb http://security.debian.org/dists/stable/updates/ binary-m68k/dump_0.4b9-0slink1_68k.deb http://security.debian.org/dists/stable/updates/ binary-sparc/dump_0.4b9-0slink1sparc.deb

Source: Debian http://www.security-express.com/archives/vendor/0151.html

---------------------------------------------------------

Key Area: Other Key Element: Messaging

Remote buffer overflow in qpop qpop version 3.0b20 has a remote buffer overflow in the AUTH command that can let an attacker gain system access. Versions 2.52 and 2.53 do not seem to be vulnerable; however, it is suspected that versions of 3.0 are.

-The vulnerability has been fixed in qpop version 3.0b22, which is now available. Version 3.0b22 also fixes some potential denial of service attacks.

http://www.qualcomm.com/ Source: Bugtraq http://www.security-express.com/archives/bugtraq/0135.html

---------------------------------------------------------

Key Area: Other Key Element: Information Publishing

Remote buffer overflow in Netscape Enterprise & Fasttrack A remotely exploitable buffer overflow has been found in the authentication mechanism of both Netscape Enterprise 3.5.1 through 3.6sp2, as well as Netscape Fasttrack 3.01. Both NT and Unix were found vulnerable.

-Netscape has released a patch for Enterprise 3.6sp2. It has stated it will not support Fasttrack in this issue. A patch is available at:

http://www.iplanet.com/downloads/testdrive/detail_161_243.html Source: ISS http://www.security-express.com/archives/iss/0102.html

----

Insecure file permissions in IBM WebSphere IBM WebSphere installs Web content and directories mode 777, which lets any user modify the files. In addition, WebSphere also installs a deinstallation script with mode 777, which means a malicious user could trojan the script (which would be run by root).

-No patches have been made available.

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0192.html

---------------------------------------------------------

Key Area: Other Key Element: Applications

Vulnerabilities in RSAREF library Four buffer overflows were found in the RSAREF library. This means any application built upon them (which includes some versions of ssh) could be susceptible to a buffer overflow attack.

-No patches have been made available. You should contact your vendors or read product documentation to determine if your application is using the RSAREF library.

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0169.html

----

Many vulnerabilities in Unixware Unixware 7.1 has many vulnerabilities, including: buffer overflow in uidadmin (gain local root privileges), gethostbyname() overflow in libc (exploit applications that use this function to gain elevated privilege), core files/ coredumps that will follow symlinks (attacker may overwrite arbitrary files), buffer overflow in xauto, abuse of the dacread permission that let users read any file, insecure permissions on /var/mail that let users read all e-mail and pkg* commands that may allow (partial) viewing of the shadow password file.

-No patches have been made available.

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0171.html

----

Insecure file permissions in MailMan MailMan Professional Edition version 3.0.18 creates world-readable and writable files and directories--this lets local users view and modify other user's e-mail.

-No patches have been made available. It has been suggested that you remove world read and write permissions from user files and directories.

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0178.html

----

Insecure directory permissions in PostgresSQL PostgresSQL 6.5.3-1, when installed from an RPM, incorrectly sets the permissions of the /var/lib/pgsql directory. This directory contains a file with plain-text user names and passwords used by PostgresSQL.

-The problem has been fixed in version 7.0. In the meantime, you can fix this yourself by running: chmod 700 /var/lib/pgsql

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0198.html

---------------------------------------------------------

Key Area: Network Hardware Key Element: Applications

HP Secure Web Console uses weak encryption The HP Secure Web Console (with firmware A1.6) has been found to transmit all administrative session data with a simple encryption (XOR). Another bug also gives operators the same access as administrators, including the ability to reboot the appliance. Lastly, there is a denial of service that could let operators take away the administrator's right to make changes.

-No patches have been made available.

Source: Bugtraq http://www.security-express.com/archives/bugtraq/0157.html

--------------------------------------------------------- If this e-mail was passed to you and you would like to begin receiving our e-mail newsletter on a weekly basis, we invite you to subscribe today. Just go to http://www.networkcomputing.com/express/ to become a Security Express member.

We'd like to know what you think about the newsletter and what information you'd like to see in future editions. E-mail your comments to mailto:expressnwc.com.

If you'd like to change your account information or unsubscribe from this newsletter please go to http://www.0mm.com/express/login.html.

Copyright 1999 CMP Media Inc. A service of Network Computing. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Network Computing, is prohibited.

Distributed by MessageMedia, Inc. -- http://www.messagemedia.com/

Next message: Network Computing Express: "Network Computing Security Express #024"
Previous message: Network Computing Express: "Network Computing Security Express #022"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Thu Dec 09 1999 - 09:09:07 CST