|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Network Computing and The SANS Institute (sans+ZZ55810644528863926
sans.org)Date: Thu May 24 2001 - 13:40:47 CDT
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 098 (01.21)
Thursday, May 24, 2001
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below you
should find information pertaining only to the categories you requested.
If you have any problems or questions, please e-mail us at
<consensusnwc.com>.
----------------------------------------------------------------------
E-BUSINESS INTEGRATION IS CRITICAL.
If you are a Network Computing subscriber, then you need to be an expert
in e-business integration. More than 50 conferences cover CRM, customer
service, infrastructure and wireless. Start with the eBusiness
Conference & Expo June 12 through 14 at the San Jose Convention Center.
Click here to become an expert:
http://www.ebusinessexpo.com/NL4
----------------------------------------------------------------------
Hopefully, everyone is aware of the potential security vulnerabilities
inherent in wireless networking. However, you also must consider the
whole range of wireless devices -- including keyboards. A recent
advisory to Bugtraq talks about how easy it is to modify a receiver to
extend the range of wireless keyboards, which then can be used to snoop
on other users with the same device. The result? A remote attacker can
sniff users' keystrokes. So the next time you're tempted by that fancy,
new Logitech wireless keyboard, consider an infrared alternative. It's
harder to intercept the infrared line of sight signal.
http://archives.neohapsis.com/archives/bugtraq/2001-05/0161.html
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{01.21.005} Win - MS01-027: IE certificate/site spoofing vulnerabilities
{01.21.006} Win - MS01-028: Word runs macros in RTF document templates
{01.21.008} Win - IIS WebDAV LOCK DoS
{01.21.015} Win - eEye SecureIIS restriction bypassing
{01.21.019} Win - TrendMicro Interscan VirusWall buffer overflow
{01.21.023} Win - Alladin eSafe Gateway JavaScript filtering bypass
{01.21.001} Linux - Update {01.13.009}: PGP private key file storage
concern
{01.21.002} Linux - Update {01.17.001}: Samba insecure temp file
handling
{01.21.009} Linux - Update {01.06.022}: gnuserv/xemacs remote buffer
overflow/code execution
{01.21.010} Linux - Update {00.56.023}: mgetty insecure temp file
handling
{01.21.011} Linux - Update {01.13.018}: Linux kernel 2.2.19 released
{01.21.013} Linux - Update {01.19.020}: Format string vulnerabilities
in minicom
{01.21.018} Linux - Debian ftpd SITE command buffer overflow
{01.21.020} Linux - Update {01.13.019}: Multiple OpenSSH vulnerabilities
{01.21.021} Linux - Update {01.20.018}: man -S heap overflow
{01.21.022} Linux - mktemp doesn't support directory creation
{01.21.024} Linux - kerberos ftp contains buffer overflow
{01.21.007} NApps - Cisco CSS unprivileged users can FTP files
{01.21.012} Cross - Update {01.20.031}: DCForum user registration
grants admin privileges
{01.21.014} Cross - ARCservIT Unix client temp file handling
vulnerabilities
{01.21.016} Cross - dqs command line buffer overflow
{01.21.017} Cross - iPlanet/Netscape large HTTP method buffer overflow
{01.21.003} Tools - Apache 1.3.20 available
{01.21.004} Tools - Source code reviewers: RATS and flawfinder
- --- Windows News -------------------------------------------------------
*** {01.21.005} Win - MS01-027: IE certificate/site spoofing
vulnerabilities
Microsoft has released MS01-027 ("IE certificate/site spoofing
vulnerabilities"). This patch fixes several problems. SSL certificates
are not correctly validated: It's possible for a malicious site to
modify the URL in the browser location bar, which causes users to think
they are at a different site. More variants of the 'frame domain
verification' vulnerability: This allows a malicious Web site to read
files off the user's file system.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS01-027.asp
Source: Microsoft
http://archives.neohapsis.com/archives/vendor/2001-q2/0039.html
*** {01.21.006} Win - MS01-028: Word runs macros in RTF document
templates
Microsoft has released MS01-028 ("Word runs macros in RTF document
templates"). Microsoft Word, regardless of security settings, will run
macros embedded in templates if those templates are linked by an RTF
document. Normally, Word will scan the template as well (as is the case
with normal Word documents).
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS01-028.asp
Source: Microsoft
http://archives.neohapsis.com/archives/vendor/2001-q2/0041.html
*** {01.21.008} Win - IIS WebDAV LOCK DoS
Internet Information Server version 5.0 contains a denial of service in
the LOCK HTTP request method (part of the WebDAV extensions) that allows
a remote attacker to consume all the available memory on the system.
Microsoft has confirmed the vulnerability and included a fix in the
Windows 2000 service pack 2.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0170.html
*** {01.21.015} Win - eEye SecureIIS restriction bypassing
eEye's SecureIIS versions 1.0.3 and prior contain vulnerabilities that
would allow a remote attacker to not only bypass the various configured
restrictions but also potentially attack the protected IIS server.
eEye has confirmed the problem and released version 1.0.4.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html
http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html
*** {01.21.019} Win - TrendMicro Interscan VirusWall buffer overflow
A report was released indicating a buffer overflow somewhere in
TrendMicro's Interscan VirusWall version 3.5. The buffer overflow
supposedly allows for the execution of arbitrary code.
The report indicates confirmation by the vendor, TrendMicro.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0186.html
*** {01.21.023} Win - Alladin eSafe Gateway JavaScript filtering bypass
Alladin's eSafe Gateway version 3.0 has been found vulnerable to a
particular attack that would allow a malicious Web site to bypass any
JavaScript filtering, thus leaving the client browser at risk.
This vulnerability has not been confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0209.html
- --- Linux News ---------------------------------------------------------
*** {01.21.001} Linux - Update {01.13.009}: PGP private key file
storage concern
Caldera and RedHat have released updated gnupg packages that fix the
vulnerability discussed in {01.13.009} ("PGP private key file storage
concern").
Updated Caldera RPMs:
http://archives.neohapsis.com/archives/linux/caldera/2001-q2/0007.html
Updated RedHat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0092.html
Source: Caldera, RedHat
http://archives.neohapsis.com/archives/linux/caldera/2001-q2/0007.html
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0092.html
*** {01.21.002} Linux - Update {01.17.001}: Samba insecure temp file
handling
RedHat, Mandrake and Caldera have released updated samba packages that
fix the vulnerability discussed in {01.17.001} ("Samba insecure temp
file handling ").
Updated RedHat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0085.html
Updated Caldera RPMs:
http://archives.neohapsis.com/archives/linux/caldera/2001-q2/0008.html
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/bugtraq/2001-05/0212.html
Source: RedHat, Caldera, Mandrake (SF Bugtraq)
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0085.html
http://archives.neohapsis.com/archives/linux/caldera/2001-q2/0008.html
http://archives.neohapsis.com/archives/bugtraq/2001-05/0212.html
*** {01.21.009} Linux - Update {01.06.022}: gnuserv/xemacs remote
buffer overflow/code execution
TurboLinux has released updated xemacs packages that fix the
vulnerability discussed in {01.06.022} ("gnuserv/xemacs remote buffer
overflow/code execution").
Updated TurboLinux RPMs:
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0017.html
Source: TurboLinux
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0017.html
*** {01.21.010} Linux - Update {00.56.023}: mgetty insecure temp file
handling
TurboLinux has released updated mgetty packages that fix the
vulnerability discussed in {00.56.023} ("mgetty insecure temp file
handling").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0019.html
Source: TurboLinux
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0019.html
*** {01.21.011} Linux - Update {01.13.018}: Linux kernel 2.2.19 released
TurboLinux and SuSE have released updated kernel packages that fix the
vulnerability discussed in {01.13.018} ("Linux kernel 2.2.19 released").
Updated TurboLinux RPMs:
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0016.html
Updated SuSE RPMs:
http://archives.neohapsis.com/archives/linux/suse/2001-q2/0895.html
Source: TurboLinux, SuSE
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0016.html
http://archives.neohapsis.com/archives/linux/suse/2001-q2/0895.html
*** {01.21.013} Linux - Update {01.19.020}: Format string
vulnerabilities in minicom
RedHat and Immunix have released updated minicom packages that fix the
vulnerability discussed in {01.19.020} ("Format string vulnerabilities
in minicom").
Updated RedHat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0073.html
Updated Immunix RPMs:
http://archives.neohapsis.com/archives/linux/immunix/2001-q2/0083.html
Source: RedHat, Immunix
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0073.html
http://archives.neohapsis.com/archives/linux/immunix/2001-q2/0083.html
*** {01.21.018} Linux - Debian ftpd SITE command buffer overflow
Debian's ftp server version 6.2 has been found to have a buffer overflow
in the handling of the SITE command. This causes a denial of service
and potentially allows for the execution of arbitrary code by a remote
attacker.
This vulnerability has not been confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0188.html
*** {01.21.020} Linux - Update {01.13.019}: Multiple OpenSSH
vulnerabilities
Mandrake has released updated openSSH packages that fix the
vulnerability discussed in {01.13.019} ("Multiple OpenSSH
vulnerabilities"). The previous patch had a regression error.
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/bugtraq/2001-05/0213.html
Source: Mandrake (SF Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2001-05/0213.html
*** {01.21.021} Linux - Update {01.20.018}: man -S heap overflow
RedHat has released updated man packages that fix the vulnerability
discussed in {01.20.018} ("man -S heap overflow ").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0091.html
Source: RedHat
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0091.html
*** {01.21.022} Linux - mktemp doesn't support directory creation
RedHat has released a security advisory, which is really more of a
feature enhancement, for the new version of mktemp that supports the
creation of secure temporary directories.
Updated RedHat RPMs are listed at:
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0098.html
Source: RedHat
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0098.html
*** {01.21.024} Linux - kerberos ftp contains buffer overflow
A buffer overflow has been found in the gssapi-aware ftp daemon shipped
in the Kerberos distribution included with RedHat Linux.
Updated RedHat RPMs are listed at:
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0094.html
Source: RedHat
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0094.html
- --- Network Appliances News --------------------------------------------
*** {01.21.007} NApps - Cisco CSS unprivileged users can FTP files
Cisco Content Service Switches (CSS) allow unprivileged users to upload
and download files via the FTP service, which allows them to access
sensitive data.
WebNS software prior to 4.01B23s and 4.10B13s are vulnerable. Contact
Cisco for an update.
Source: Cisco
http://archives.neohapsis.com/archives/cisco/2001-q2/0002.html
- --- Cross-Platform News ------------------------------------------------
*** {01.21.012} Cross - Update {01.20.031}: DCForum user registration
grants admin privileges
DCScripts.com has released an updated version of DCForum that fixes the
vulnerability discussed in {01.20.031} ("DCForum user registration
grants admin privileges").
The update is available at:
http://www.dcscripts.com/dcforum/dcfNews/167.html
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0152.html
*** {01.21.014} Cross - ARCservIT Unix client temp file handling
vulnerabilities
The ARCservIT Unix client has been reported to contain various temporary
file handling vulnerabilities that may allow a local attacker to
overwrite arbitrary files on the file system.
This vulnerability has not been confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0184.html
*** {01.21.016} Cross - dqs command line buffer overflow
A report has surfaced indicating a buffer overflow in the dsh
application included in dqs packages (particularly on Linux). A long
command line parameter results in a buffer overflow, which allows a
local attacker to execute arbitrary code under root privileges (since
dsh is typically setuid root).
SuSE has confirmed the vulnerability. No updates have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0193.html
http://archives.neohapsis.com/archives/bugtraq/2001-05/0195.html
http://archives.neohapsis.com/archives/bugtraq/2001-05/0196.html
*** {01.21.017} Cross - iPlanet/Netscape large HTTP method buffer
overflow
A buffer overflow was found in the iPlanet/Netscape Web server (tested
with version 4.0 SP7). A remote attacker can send an overly long method
in an HTTP request, which causes a buffer overflow.
It is unknown whether or not this vulnerability can be used to execute
arbitrary code. Netscape has confirmed the problem and released fix
information, available at:
http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0203.html
- --- Tool Announcements News --------------------------------------------
*** {01.21.003} Tools - Apache 1.3.20 available
The Apache Group has released Apache version 1.3.20. Although mostly
bug fixes, this version does include a fix for a denial of service when
running Apache on Windows or OS2 (reported last week as {01.20.024}
"Apache on Windows DoS").
Apache source can be downloaded at:
http://httpd.apache.org/dist/httpd/
Source: Apache
http://archives.neohapsis.com/archives/apache/2001/0010.html
*** {01.21.004} Tools - Source code reviewers: RATS and flawfinder
Two recently released open-source tools will help you review C and C++
source code for common problems (similar to ITS4).
RATS is available at:
http://www.securesw.com/rats
Flawfinder is available at:
http://www.dwheeler.com/flawfinder
Keep in mind that while these tools make a code auditor's life easier,
they are by no means a complete replacement for a knowledgeable
reviewer.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0210.html
http://archives.neohapsis.com/archives/bugtraq/2001-05/0216.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (BSD/OS)
Comment: For info see http://www.gnupg.org
iD8DBQE7DVPY+LUG5KFpTkYRAv/IAJ9S8IpalxDa8zGkiduV1r3GuiZWaQCfYSVw
Nv8KpDsVzsTd1ci64055/T8=
=noCy
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
E-BUSINESS INTEGRATION IS CRITICAL.
If you are a Network Computing subscriber, then you need to be an expert
in e-business integration. More than 50 conferences cover CRM, customer
service, infrastructure and wireless. Start with the eBusiness
Conference & Expo June 12 through 14 at the San Jose Convention Center.
Click here to become an expert:
http://www.ebusinessexpo.com/NL4
----------------------------------------------------------------------
Become a Security Alert Consensus member! If this e-mail was passed to
you and you would like to begin receiving our security e-mail newsletter
on a weekly basis, we invite you to subscribe today.
http://www.networkcomputing.com/consensus/.
We are signing the Consensus newsletter with PGP. The new SANS PGP key
is posted at:
http://certserver.pgp.com:11371/pks/lookup?op=get&search=0xA1694E46 and
can be accessed from the SANS Web site (http://www.sans.org).
Special Note: To better secure your confidential information, we will
no longer include personal URLs in our Consensus newsletter mailings.
Instead, we have created a new form (http://www.sans.org/sansurl). On
this form you can enter the SD number located near your name at the top
of the newsletter. When you submit this form, an e-mail containing a
URL will be sent to you at the e-mail address on record. With this URL
you can make changes to your account (edit the content of your Consensus
mailing, for example) without endangering the security of your personal
URL. If you'd like to change your e-mail address or other information,
or unsubscribe to this newsletter, please visit your new URL as
described above. If you have any problems or questions, e-mail us at
<consensusnwc.com>.
Missed an issue? You can find all back issues of Security Alert
Consensus (and Security Express) online. http://archives.neohapsis.com/
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2001 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]