|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Network Computing and The SANS Institute (sans+ZZ43274860141685134
sans.org)Date: Thu Jun 28 2001 - 14:50:29 CDT
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 103 (01.26)
Thursday, June 28, 2001
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below you
should find information pertaining only to the categories you requested.
If you have any problems or questions, please e-mail us at
<consensusnwc.com>.
----------------------------------------------------------------------
Gartner Group Tells CIO's "Security Certification Will Be Required of
40 percent of personnel having day-to-day technical operations
responsibility for ensuring an enterprise's information Assets."
In an April 2001 report to all clients, the Gartner Group said
certification is becoming a condition of employment for security
managers and system and network professionals with security
responsibility. Gartner went on to say, "With the growth in the use of
the Internet the GIAC certification will likely become the preferred
credential." This is a great summer to start your certification process
with programs in Boston, Washington, Toronto, and Stockholm and San
Diego in the fall. Or you can take the programs online. See
www.sans.org for the schedule and www.sans.org/giactc.htm for more
information on certification. "
----------------------------------------------------------------------
Believe it or not, many OS vendors are aware of this "security thing,"
and most have gone to great lengths to produce recommended
implementation guidelines and security best-practice checklists.
Everyone should take advantage of these resources and follow them as
closely as possible; not following them may cause headaches down the
road. Check with your vendor to find out where it stashes its
security-related documentation, and take a little time to actually read
it -- it may provide valuable insight. You can also look at third-party
produced documents (such as those from SANS or Neohapsis), which, while
not as "official" as the vendor documents, are just as useful.
Until next week,
- Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{01.26.001} Win - Update {00.43.013}: MS00-077: NetMeeting desktop
sharing DoS
{01.26.002} Win - MS01-034: Word Document Auto Macro Execution
{01.26.003} Win - MS01-035: FrontPage/VS RAD buffer overflow
{01.26.011} Win - TrendMicro InterScan WebManager reggo.dll overflow
{01.26.012} Win - Cerberus FTP Server large username DoS
{01.26.015} Win - A-FTP Anonymous FTP Server remote DoS attack
{01.26.017} Win - MS01-036: LDAP over SSL Could Enable Password Change
{01.26.036} Win - 1C: Arcadia Web server file exposure
{01.26.037} Win - Perception LiteServe Web server file exposure
{01.26.004} Linux - Update {01.24.014}: exim remote printf format attack
{01.26.005} Linux - Update {01.24.008}: xinetd umask may cause world
writable files
{01.26.006} Linux - Update {01.24.020}: Potential buffer overflow in
xinetd svc_logprint function
{01.26.007} Linux - Update {01.24.009}: ispell vulnerable to symlink
attacks
{01.26.008} Linux - Update {01.23.004}: Webmin leaves auth data in
environment
{01.26.009} Linux - Update {00.37.022}: Esound unix socket race
condition
{01.26.010} Linux - Update {01.25.018}: fetchmail large header buffer
overflow
{01.26.013} Linux - Update {01.23.002}: gpg filename format string
vulnerability
{01.26.014} Linux - Update {01.13.009}: PGP private key file storage
concern
{01.26.016} Linux - eXtre-mail remotely exploitable format string
condition
{01.26.022} Linux - Update {01.25.019}: sysklogd crashes when receiving
null byte
{01.26.023} Linux - Update {01.16.032}: IPTables FTP RELATED
connections bypass filters
{01.26.032} Linux - Update {01.21.003}: Apache 1.3.20 available
{01.26.019} Sol - Update {01.05.001}: Multiple Bind buffer overflows
(TSIG/infoleak)
{01.26.021} Sol - Update {01.22.024}: yppasswdd RPC service buffer
overflow
{01.26.035} Sol - in.lpd 'transfer job' overflow
{01.26.041} Sol - cb_reset parameter overflow
{01.26.042} Sol - ptexec -o parameter overflow
{01.26.043} Sol - libsldap LDAP_OPTIONS env variable overflow
{01.26.020} AIX - diagrpt DIAGDATADIR trojan program vulnerability
{01.26.025} AIX - July periodic security APAR
{01.26.030} NApps - Multi-vendor 802.11 AP SNMP info leak
{01.26.024} Cross - Samba malicious NetBIOS name file overwrite
{01.26.026} Cross - w3m long MIME header overflow
{01.26.027} Cross - Update {01.24.017}: HP Openview NNM command
execution via SNMP traps
{01.26.028} Cross - ePerl #sinclude processes perl commands
{01.26.029} Cross - cfingerd ALLOW_LINE_PARSING overflow
{01.26.031} Cross - Multiple XFree86 vulnerabilities
{01.26.033} Cross - ktvision config file symlink attack
{01.26.038} Cross - icecast Web server file exposure
{01.26.039} Cross - KAV/AVP avpkeeper syslog format string vulnerability
{01.26.040} Cross - IPv6 mishandling of embedded IPv4 addresses concern
{01.26.044} Cross - Update {01.25.033}: pmpost PCP_LOG_DIR env variable
symlink attack
{01.26.018} Tools - JASS 0.3 released
{01.26.034} Tools - PHP 4.0.6 available
- --- Windows News -------------------------------------------------------
*** {01.26.001} Win - Update {00.43.013}: MS00-077: NetMeeting desktop
sharing DoS
Patch Available for "NetMeeting Desktop Sharing" Vulnerability Microsoft
has re-released MS00-077 ("NetMeeting desktop sharing DoS"), which fixes
a new variant of the original problem discussed in {00.43.013}.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS00-077.asp
Source: Microsoft
http://archives.neohapsis.com/archives/vendor/2001-q2/0064.html
*** {01.26.002} Win - MS01-034: Word Document Auto Macro Execution
Microsoft has released MS01-034 ("Malformed Word Document Could Enable
Macro to Run Automatically"). Particular malicious embedded macros in
Word documents may not be recognized by the security scanner allowing
them to execute regardless of security configurations.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS01-034.asp
Source: Microsoft
http://archives.neohapsis.com/archives/vendor/2001-q2/0063.html
*** {01.26.003} Win - MS01-035: FrontPage/VS RAD buffer overflow
Microsoft has released MS01-035 ("FrontPage Server Extension Unchecked
Buffer"). The Visual Studio RAD (Remote Application Deployment)
FrontPage server extension contains a buffer overflow in the handling
of incoming parameter data, which could result in a remote attacker
executing arbitrary code on the IIS server.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS01-035.asp
Source: Microsoft
http://archives.neohapsis.com/archives/vendor/2001-q2/0062.html
*** {01.26.011} Win - TrendMicro InterScan WebManager reggo.dll overflow
TrendMicro InterScan WebManager version 1.2 contains a remote buffer
overflow within RegGo.dll. This allows a remote attacker to execute
arbitrary code as with local system privileges.
This vulnerability has not been confirmed. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0275.html
*** {01.26.012} Win - Cerberus FTP Server large username DoS
Cerberus FTP Server version 1.x have been found to crash when a remote
attacker submits a particularly large username, thus causing a denial
of service. It is uncertain at this time whether arbitrary code can be
executed.
This vulnerability has not been confirmed. An exploit has been
published.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0279.html
*** {01.26.015} Win - A-FTP Anonymous FTP Server remote DoS attack
A-FTP Anonymous FTP Server has been found to crash when a remote
attacker sends a large username, causing a denial of service situation.
This vulnerability has not been confirmed. An exploit has been
published.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0280.html
*** {01.26.017} Win - MS01-036: LDAP over SSL Could Enable Password
Change
Microsoft has released MS01-036 ("LDAP over SSL Could Enable Password
Change"). When allowing users to change directory information via LDAP
over SSL, it's possible for a remote attacker (with proper user
credentials) to change any other user's password (including an
administrative account), without needing to know the target account's
password.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS01-036.asp
Source: Microsoft
http://archives.neohapsis.com/archives/vendor/2001-q2/0068.html
*** {01.26.036} Win - 1C: Arcadia Web server file exposure
An advisory was posted that indicates a file exposure vulnerability in
the 1C: Arcadia Web server, which could allow a remote attacker to view
arbitrary non-binary files. The server also exposes full system paths
for virtual directories and harbors a denial of service when a request
containing a DOS device name is made.
These vulnerabilities have not been confirmed. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0278.html
*** {01.26.037} Win - Perception LiteServe Web server file exposure
Perception LiteServe Web server versions prior to 1.28 contain a
vulnerability that would allow a remote attacker to download CGI
applications (rather than having the server execute them) by using DOS
8.3 short file names in a URL request.
The vendor has confirmed the problem and released version 1.28, which
can be downloaded at:
http://www.cmfperception.com/liteserve.html
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0328.html
- --- Linux News ---------------------------------------------------------
*** {01.26.004} Linux - Update {01.24.014}: exim remote printf format
attack
RedHat has released updated exim packages that fix the vulnerability
discussed in {01.24.014} ("exim remote printf format attack").
Updated RedHat RPMs are listed at:
http://archives.neohapsis.com/archives/bugtraq/2001-06/0260.html
Source: RedHat (SF Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2001-06/0260.html
*** {01.26.005} Linux - Update {01.24.008}: xinetd umask may cause
world writable files
Conectiva and Immunix have released updated xinetd packages, which fix
the vulnerability discussed in {01.24.008} ("xinetd umask may cause
world writable files").
Updated Conectiva RPMs:
http://archives.neohapsis.com/archives/linux/conectiva/2001-q2/0014.html
Updated Immunix RPMs:
http://archives.neohapsis.com/archives/linux/immunix/2001-q2/0133.html
Source: Conectiva, Immunix
http://archives.neohapsis.com/archives/linux/conectiva/2001-q2/0014.html
http://archives.neohapsis.com/archives/linux/immunix/2001-q2/0133.html
*** {01.26.006} Linux - Update {01.24.020}: Potential buffer overflow
in xinetd svc_logprint function
Conectiva has released updated xinetd packages which fix the
vulnerability discussed in {01.24.020} ("Potential buffer overflow in
xinetd svc_logprint function").
Updated Conectiva RPMs are listed at:
http://archives.neohapsis.com/archives/bugtraq/2001-06/0261.html
Source: Conectiva (SF Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2001-06/0261.html
*** {01.26.007} Linux - Update {01.24.009}: ispell vulnerable to
symlink attacks
Mandrake and Immunix have released updated ispell packages, which fix
the vulnerability discussed in {01.24.009} ("ispell vulnerable to
symlink attacks").
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/bugtraq/2001-06/0269.html
Updated Immunix RPMs:
http://archives.neohapsis.com/archives/linux/immunix/2001-q2/0134.html
Source: Mandrake, Immunix (SF Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2001-06/0269.html
http://archives.neohapsis.com/archives/linux/immunix/2001-q2/0134.html
*** {01.26.008} Linux - Update {01.23.004}: Webmin leaves auth data in
environment
Mandrake has released updated Webmin packages to fix the vulnerability
discussed in {01.23.004} ("Webmin leaves auth data in environment").
Updated Mandrake RPMs are listed at:
http://archives.neohapsis.com/archives/bugtraq/2001-06/0270.html
Source: Mandrake (SF Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2001-06/0270.html
*** {01.26.009} Linux - Update {00.37.022}: Esound unix socket race
condition
TurboLinux has released updated esound RPMs to fix the vulnerability
discussed in {00.37.022} ("Esound unix socket race condition").
Updated TurboLinux RPMs are listed at:
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0031.html
Source: TurboLinux
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0031.html
*** {01.26.010} Linux - Update {01.25.018}: fetchmail large header
buffer overflow
Multiple Linux vendors have released updated fetchmail packages, which
fix the vulnerability discussed in {01.25.018} ("fetchmail large header
buffer overflow").
Updated Engarde RPMs:
http://archives.neohapsis.com/archives/linux/engarde/2001-q2/0008.html
Updated Caldera RPMs:
http://archives.neohapsis.com/archives/linux/caldera/2001-q2/0013.html
Updated Immunix RPMs:
http://archives.neohapsis.com/archives/linux/immunix/2001-q2/0136.html
Source: Engarde, Caldera
http://archives.neohapsis.com/archives/linux/engarde/2001-q2/0008.html
http://archives.neohapsis.com/archives/linux/caldera/2001-q2/0013.html
http://archives.neohapsis.com/archives/linux/immunix/2001-q2/0136.html
*** {01.26.013} Linux - Update {01.23.002}: gpg filename format string
vulnerability
TurboLinux has released updated gnupg packages to fix the vulnerability
discussed in {01.23.002} ("gpg filename format string vulnerability").
Updated TurboLinux packages are listed at:
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0026.html
Source: TurboLinux
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0026.html
*** {01.26.014} Linux - Update {01.13.009}: PGP private key file
storage concern
TurboLinux has released updated gnupg packages to fix the vulnerability
discussed in {01.13.009} ("PGP private key file storage concern").
Updated TurboLinux packages are listed at:
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0026.html
Source: TurboLinux
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0026.html
*** {01.26.016} Linux - eXtre-mail remotely exploitable format string
condition
eXtre-mail version 1.1.9 and prior versions contain an exploitable
format string condition in the handling of SMTP and POP command
parameters, which may result in a remote attacker executing arbitrary
code under root privileges.
This vulnerability has not been confirmed. An exploit is available. The
advisory indicates this issue was patched as of version 1.1.10.
Source: SecurityFocus
http://archives.neohapsis.com/archives/bugtraq/2001-06/0291.html
*** {01.26.022} Linux - Update {01.25.019}: sysklogd crashes when
receiving null byte
Immunix has released updated sysklogd packages, which fix the
vulnerability discussed in {01.25.019} ("sysklogd crashes when receiving
null byte").
Source: Immunix
http://archives.neohapsis.com/archives/linux/immunix/2001-q2/0135.html
*** {01.26.023} Linux - Update {01.16.032}: IPTables FTP RELATED
connections bypass filters
RedHat has released updated patches for the vulnerability discussed in
{01.16.032} ("IPTables FTP RELATED connections bypass filters").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0132.html
Source: RedHat
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0132.html
*** {01.26.032} Linux - Update {01.21.003}: Apache 1.3.20 available
EnGarde has released updated Apache packages, which fix the path
disclosure problem discussed in {01.21.003} ("Apache 1.3.20 available").
Updated EnGarde RPMs are listed at:
http://archives.neohapsis.com/archives/linux/engarde/2001-q2/0009.html
Source: EnGarde
http://archives.neohapsis.com/archives/linux/engarde/2001-q2/0009.html
- --- Solaris News -------------------------------------------------------
*** {01.26.019} Sol - Update {01.05.001}: Multiple Bind buffer
overflows (TSIG/infoleak)
Sun has released multiple named updates, which fix the vulnerabilities
discussed in {01.05.001} ("Multiple Bind buffer overflows
(TSIG/infoleak)").
For a full list of vulnerable platforms and available patches, please
view:
http://archives.neohapsis.com/archives/sun/2001-q2/0002.html
Source: Sun
http://archives.neohapsis.com/archives/sun/2001-q2/0002.html
*** {01.26.021} Sol - Update {01.22.024}: yppasswdd RPC service buffer
overflow
Sun has released updated ypbind packages, which fix the vulnerability
discussed in {01.22.024} ("yppasswdd RPC service buffer overflow").
A full list of available updates can be viewed at:
http://archives.neohapsis.com/archives/sun/2001-q2/0001.html
Source: Sun
http://archives.neohapsis.com/archives/sun/2001-q2/0001.html
*** {01.26.035} Sol - in.lpd 'transfer job' overflow
An advisory has been released that indicates a buffer overflow in the
in.lpd service shipped with Solaris 2.6 through 8. A remote attacker
can overflow the 'transfer job' function in in.lpd, which can be used
to execute arbitrary code with root privileges.
This vulnerability has not been confirmed. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0262.html
*** {01.26.041} Sol - cb_reset parameter overflow
The cb_reset application included in the SUNWssp package contains a
buffer overflow in the handling of commandline parameters, which could
result in a local attacker executing arbitrary code under root
privileges.
This vulnerability has not been confirmed. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0265.html
*** {01.26.042} Sol - ptexec -o parameter overflow
The ptexec application included in the SUNWvts package contains a buffer
overflow in the handling of the -o commandline parameter, which could
allow a local attacker to execute arbitrary code under root privileges.
This vulnerability has not been confirmed. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0282.html
*** {01.26.043} Sol - libsldap LDAP_OPTIONS env variable overflow
The libsldap library included with Solaris 8 contains a buffer overflow
in the handling of the LDAP_OPTIONS environment variable, which could
allow a local attacker to execute arbitrary code when exploited in
conjunction with a setuid/setgid application (such as passwd).
This vulnerability has not been confirmed. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0344.html
- --- AIX News -----------------------------------------------------------
*** {01.26.020} AIX - diagrpt DIAGDATADIR trojan program vulnerability
The diagrpt program has been found to execute user-supplied programs
out of the directory specified by the DIAGDATADIR environment variable,
allowing a local attacker to execute trojan programs with root
privileges.
For more information concerning IBM's temporary fixes, view:
http://archives.neohapsis.com/archives/aix/2001-q2/0014.html
Source: IBM
http://archives.neohapsis.com/archives/aix/2001-q2/0014.html
*** {01.26.025} AIX - July periodic security APAR
IBM has released APAR IY19897 for AIX release 4.3, which contains all
security-related APARs to date (133 total). Those of you who are behind
on your patches (particularly security-related ones) should consider
applying this APAR.
Source: IBM
http://archives.neohapsis.com/archives/aix/2001-q2/0016.html
- --- Network Appliances News --------------------------------------------
*** {01.26.030} NApps - Multi-vendor 802.11 AP SNMP info leak
Two recent advisories detail multiple problems in many implementations
of SNMP agents found in various 802.11 access point devices made by
Atmel, Netgear, LinkSys, 3Com, and Symbol (Symbol and Atmel also OEM
their devices to other vendors). It may be possible for an attacker to
gain the WEP key used to secure wireless communication.
Please view the advisories referenced below for more specific
information.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0266.html
http://archives.neohapsis.com/archives/bugtraq/2001-06/0267.html
- --- Cross-Platform News ------------------------------------------------
*** {01.26.024} Cross - Samba malicious NetBIOS name file overwrite
A vulnerability has been found in Samba 2.0.8 and prior that allows a
remote attacker to use a malicious NetBIOS name in order to take
advantage of particular logging configurations common amongst Samba
installations.
This problem has been confirmed.
Updated Conectiva RPMs:
http://archives.neohapsis.com/archives/linux/conectiva/2001-q2/0015.html
Updated Debian DEBs:
http://archives.neohapsis.com/archives/vendor/2001-q2/0066.html
Updated Caldera RPMs:
http://archives.neohapsis.com/archives/linux/caldera/2001-q2/0015.html
Updated RedHat RPMs:
http://archives.neohapsis.com/archives/bugtraq/2001-06/0345.html
Source: SecurityFocus Bugtraq, Conectiva, Debian, Caldera, RedHat
http://archives.neohapsis.com/archives/bugtraq/2001-06/0313.html
http://archives.neohapsis.com/archives/linux/conectiva/2001-q2/0015.html
http://archives.neohapsis.com/archives/vendor/2001-q2/0066.html
http://archives.neohapsis.com/archives/linux/caldera/2001-q2/0015.html
http://archives.neohapsis.com/archives/bugtraq/2001-06/0345.html
*** {01.26.026} Cross - w3m long MIME header overflow
The w3m Web browser has been found to contain a buffer overflow in the
handling of the MIME header. It's possible for a malicious Web site to
send a large header, which could be used to execute arbitrary code under
the user's privileges.
This vulnerability has been confirmed. A third-party patch is available
at:
http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200106.month/537.html
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0273.html
*** {01.26.027} Cross - Update {01.24.017}: HP Openview NNM command
execution via SNMP traps
HP has released patches for Openview Network Node Manager, which we
assume fix the vulnerability discussed in {01.24.017} ("HP Openview NNM
command execution via SNMP traps").
Apply the applicable patch:
HPUX 11.00: PHSS_23780
HPUX 10.20: PHSS_23779
Solaris 2.x: PSOV_02905
WinNT/2000: NNM_00698
Source: HP
http://archives.neohapsis.com/archives/hp/2001-q2/0067.html
*** {01.26.028} Cross - ePerl #sinclude processes perl commands
ePerl version 2.2.14 and prior contains a bug in which a file using the
'safe include' (#sinclude) directive, which supposedly doesn't allow
any perl commands to be executed, can embed perl commands into a second
file and use the #include directive to run them, thus bypassing the
safety features of #sinclude.
This vulnerability has not been confirmed. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0288.html
*** {01.26.029} Cross - cfingerd ALLOW_LINE_PARSING overflow
cfingerd version 1.4.3 and possibly prior contains a buffer overflow in
the handling of a local user's .nofinger file, which could be used by
a local attacker to execute arbitrary code under root privileges.
This vulnerability has not been confirmed. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0295.html
*** {01.26.031} Cross - Multiple XFree86 vulnerabilities
RedHat has released updated XFree86 packages, which fix over a dozen
security-related problems in version 3.3.6. Other
platforms/distributions should check to see if they are vulnerable to
any of the problems (some have been previously reported in Security
Alert Consensus).
Updated RedHat RPMs are listed at:
http://archives.neohapsis.com/archives/bugtraq/2001-06/0312.html
Source: RedHat (SF Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2001-06/0312.html
*** {01.26.033} Cross - ktvision config file symlink attack
The KDE ktvision application version 0.1.1-271 and prior contains a
symlink attack in the handling of the user's config file, which could
be used by a local attacker to gain root privileges.
This vulnerability has not been confirmed. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0302.html
*** {01.26.038} Cross - icecast Web server file exposure
A recent advisory indicates icecast version 1.3.7 (tested on the Windows
platform) allows a remote attacker to access files outside the specified
public directory by including hex-encoded '..' notation in a URL
request.
This vulnerability has not been confirmed. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0353.html
*** {01.26.039} Cross - KAV/AVP avpkeeper syslog format string
vulnerability
A format string vulnerability was found in Kaspersky KAV antivirus
application for Sendmail, version 3.5.135.2. It's possible for a remote
attacker to send a malicious e-mail that could create a denial of
service situation or possibly execute arbitrary code under root or mail
privileges.
The advisory indicates vendor confirmation. Contact Kaspersky Labs for
an update.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0274.html
*** {01.26.040} Cross - IPv6 mishandling of embedded IPv4 addresses
concern
An interesting post was made about potential malicious situations that
could arise from improperly implemented IPv6 stacks. The problems range
from network-based packet games (denial of service floods, etc.), to
various ways to bypass IPv4 access control restrictions.
Anyone interested in the issue are encouraged to look at the test script
included with the post.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0321.html
*** {01.26.044} Cross - Update {01.25.033}: pmpost PCP_LOG_DIR env
variable symlink attack
SGI has released an updated PCP package, which fixes the vulnerability
discussed in {01.25.033} ("pmpost PCP_LOG_DIR env variable symlink
attack").
Version 2.2.1-3 can be downloaded at:
http://oss.sgi.com/projects/pcp/download
Source: SGI (SF Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2001-06/0272.html
- --- Tool Announcements News --------------------------------------------
*** {01.26.018} Tools - JASS 0.3 released
The Solaris Security Toolkit, also known as JASS, version 0.3 has been
released. JASS allows an administrator to automatically secure a Solaris
operating system per Sun's suggested security guidelines.
For more information and location to download, please view the reference
URL below.
Source: Sun
http://archives.neohapsis.com/archives/sf/sun/2001-q2/0217.html
*** {01.26.034} Tools - PHP 4.0.6 available
PHP version 4.0.6 has been made available. While it does not contain
any security-related fixes per se, it does contain various bug fixes
that could be used in a denial of service manner by a remote attacker.
The latest version can be downloaded from:
http://www.php.net/
Source: PHP
http://archives.neohapsis.com/archives/php/2001-06/0010.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (BSD/OS)
Comment: For info see http://www.gnupg.org
iD8DBQE7O4aZ+LUG5KFpTkYRAjcIAJ9q9FAz3dcsD9/ZCK91MtKlnlqRkACeLZwb
edmqWtO9dFWnndbe8k8XjD0=
=qg/l
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
Gartner Group Tells CIO's "Security Certification Will Be Required of
40 percent of personnel having day-to-day technical operations
responsibility for ensuring an enterprise's information Assets."
In an April 2001 report to all clients, the Gartner Group said
certification is becoming a condition of employment for security
managers and system and network professionals with security
responsibility. Gartner went on to say, "With the growth in the use of
the Internet the GIAC certification will likely become the preferred
credential." This is a great summer to start your certification process
with programs in Boston, Washington, Toronto, and Stockholm and San
Diego in the fall. Or you can take the programs online. See
www.sans.org for the schedule and www.sans.org/giactc.htm for more
information on certification. "
----------------------------------------------------------------------
Become a Security Alert Consensus member! If this e-mail was passed to
you and you would like to begin receiving our security e-mail newsletter
on a weekly basis, we invite you to subscribe today.
http://www.networkcomputing.com/consensus/.
We are signing the Consensus newsletter with PGP. The new SANS PGP key
is posted at:
http://certserver.pgp.com:11371/pks/lookup?op=get&search=0xA1694E46 and
can be accessed from the SANS Web site (http://www.sans.org).
Special Note: To better secure your confidential information, we will
no longer include personal URLs in our Consensus newsletter mailings.
Instead, we have created a new form (http://www.sans.org/sansurl). On
this form you can enter the SD number located near your name at the top
of the newsletter. When you submit this form, an e-mail containing a
URL will be sent to you at the e-mail address on record. With this URL
you can make changes to your account (edit the content of your Consensus
mailing, for example) without endangering the security of your personal
URL. If you'd like to change your e-mail address or other information,
or unsubscribe to this newsletter, please visit your new URL as
described above. If you have any problems or questions, e-mail us at
<consensusnwc.com>.
Missed an issue? You can find all back issues of Security Alert
Consensus (and Security Express) online. http://archives.neohapsis.com/
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2001 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]