|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Network Computing and The SANS Institute (sans+ZZ18819860587113624
sans.org)Date: Thu Nov 01 2001 - 14:46:04 CST
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 121 (01.44)
Thursday, November 1, 2001
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Our thoughts and prayers remain with the victims and families affected
by the tragic events of September 11th. Our support also goes out to
all the brave individuals working in the recovery efforts.
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below
you should find information pertaining only to the categories you
requested. If you have any problems or questions, please e-mail us
at <consensusnwc.com>.
----------------------------------------------------------------------
Not worried about hackers? You should be. If your customers don't feel
comfortable with you online, they'll go with someone else. With IBM
infrastructure, you'll have the security your company needs to keep your
networks safe & clients comfortable. Get our free book on online
security today. Go to
http://www.ibm.com/e-business/soready/n168
----------------------------------------------------------------------
For those Windows admins who are trying to stay on top of the countless
hot fixes and service packs offered by Microsoft, you will (or should
be) happy to hear that a new version of HFNetChk was released. For
those of you not privy, HFNetChk allows you to scan your network and
get a list of servers and the patches they are missing.
http://archives.neohapsis.com/archives/sf/ms/2001-q4/0222.html
We're slightly embarrassed to report that, due to a glitch in the
back-end mail system used by archives.neohapsis.com, a few posts from
between October 26 and October 30 were lost. We will be replacing these
missing posts over the next few days, and any missing entries from this
week's SAC will be posted in next week's newsletter.
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{01.44.017} Win - Compaq Insight Manager SNMP/DMI overflows
{01.44.019} Win - DeltaThree PC-to-Phone credentials stored in plain
text
{01.44.002} Linux - RPM info query heap overflow
{01.44.003} Linux - Update {01.36.030}: mod_auth_pgsql SQL injection
{01.44.005} Linux - Update {01.40.016}: OpenSSH from restriction bypass
{01.44.006} Linux - Update {01.43.015}: Linux kernel security updates
(both 2.2 and 2.4)
{01.44.007} Linux - Update {01.36.007}: Multiple xinetd vulnerabilities
{01.44.008} Linux - Update {01.42.011}: Apache 1.3.22 available, with
security fixes
{01.44.009} Linux - Update {01.33.005}: Fetchmail LIST response memory
overwrite
{01.44.010} Linux - Update {01.39.015}: Squid FTP mkdir PUT DoS
{01.44.016} BSD - NetBSD releng-1-5 lacks IPv6 pfilt_hooks
{01.44.011} Other - OpenVMS/SEVMS Dec Motif window manager vulnerability
{01.44.001} Cross - 6tunnel connection close DoS
{01.44.004} Cross - Webalizer referrer/host name CSS vulnerability
{01.44.012} Cross - Update {01.43.011}: Oracle 9 iAS Web services
DoS/overflow
{01.44.013} Cross - Update {01.32.022}: Oracle log file symlink attack
{01.44.014} Cross - Update {01.32.017}: Oracle otrcrep command line
parameter overflow
{01.44.015} Cross - NSI/ARIN rwhoisd SOA format string vulnerability
{01.44.018} Cross - iBill ibillpm.pl CGI auth brute force
- --- Windows News -------------------------------------------------------
*** {01.44.017} Win - Compaq Insight Manager SNMP/DMI overflows
Compaq Insight Manager XE versions prior to 2.1c contain a buffer
overflow in the SNMP and DMI handling code, which could allow a remote
attacker to execute arbitrary code on the system under administrator
privileges.
Compaq will be releasing SoftPaq SP17982 to solve the problem.
Source: Compaq
http://archives.neohapsis.com/archives/compaq/2001-q4/0018.html
*** {01.44.019} Win - DeltaThree PC-to-Phone credentials stored in
plain text
DeltaThree's PC-to-Phone application version 3.0.3 has been found
to store a user's account number and password in plain text within
a world-readable file. This could allow possible recovery.
The advisory indicates confirmation by the vendor, which will release
a fixed version in the future.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-10/0239.html
- --- Linux News ---------------------------------------------------------
*** {01.44.002} Linux - RPM info query heap overflow
A bug found in RedHat's package manager could allow a trojaned
RPM to execute arbitrary code upon looking at the RPM's package
information. An exploit path to locally gain lP privileges via lpd/lpr
also is mentioned.
This vulnerability has not been confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-10/0219.html
*** {01.44.003} Linux - Update {01.36.030}: mod_auth_pgsql SQL injection
RedHat has released updated mod_auth_pgsql packages, which fix
the vulnerability discussed in {01.36.030} ("mod_auth_pgsql SQL
injection").
Source: RedHat (SF Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2001-10/0221.html
*** {01.44.005} Linux - Update {01.40.016}: OpenSSH from restriction
bypass
Conectiva has released updated OpenSSH packages, which fix the
vulnerability discussed in {01.40.016} ("OpenSSH from restriction
bypass").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/conectiva/2001-q4/0004.html
Source: Conectiva
http://archives.neohapsis.com/archives/linux/conectiva/2001-q4/0004.html
*** {01.44.006} Linux - Update {01.43.015}: Linux kernel security
updates (both 2.2 and 2.4)
SuSE, EnGarde and Mandrake have released updated kernel packages,
which fix the vulnerability discussed in {01.43.015} ("Linux kernel
security updates (both 2.2 and 2.4)").
Updated SuSE RPMs:
http://archives.neohapsis.com/archives/linux/suse/2001-q4/0462.html
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/bugtraq/2001-10/0248.html
Updated EnGarde RPMs:
http://archives.neohapsis.com/archives/linux/engarde/2001-q4/0004.html
Source: SuSE, Mandrake, EnGarde (SF Bugtraq)
http://archives.neohapsis.com/archives/linux/suse/2001-q4/0462.html
http://archives.neohapsis.com/archives/bugtraq/2001-10/0248.html
http://archives.neohapsis.com/archives/linux/engarde/2001-q4/0004.html
*** {01.44.007} Linux - Update {01.36.007}: Multiple xinetd
vulnerabilities
EnGarde has released updated xinetd packages, which fix the
vulnerability discussed in {01.36.007} ("Multiple xinetd
vulnerabilities").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/engarde/2001-q4/0005.html
Source: EnGarde
http://archives.neohapsis.com/archives/linux/engarde/2001-q4/0005.html
*** {01.44.008} Linux - Update {01.42.011}: Apache 1.3.22 available,
with security fixes
EnGarde has released updated Apache packages, which fix the
vulnerability discussed in {01.42.011} ("Apache 1.3.22 available,
with security fixes").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/engarde/2001-q4/0006.html
Source: EnGarde
http://archives.neohapsis.com/archives/linux/engarde/2001-q4/0006.html
*** {01.44.009} Linux - Update {01.33.005}: Fetchmail LIST response
memory overwrite
EnGarde has released updated fetchmail packages, which fix the
vulnerability discussed in {01.33.005} ("Fetchmail LIST response
memory overwrite").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/engarde/2001-q4/0007.html
Source: EnGarde
http://archives.neohapsis.com/archives/linux/engarde/2001-q4/0007.html
*** {01.44.010} Linux - Update {01.39.015}: Squid FTP mkdir PUT DoS
SuSE has released updated squid packages, which fix the vulnerability
discussed in {01.39.015} ("Squid FTP mkdir PUT DoS").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/suse/2001-q4/0537.html
Source: SuSE
http://archives.neohapsis.com/archives/linux/suse/2001-q4/0537.html
- --- BSD News -----------------------------------------------------------
*** {01.44.016} BSD - NetBSD releng-1-5 lacks IPv6 pfilt_hooks
It has been found that the NetBSD releng-1-5 branch has omitted the
proper packet filter hooks in the IPv6 forwarding code, which means
that IPv6 packets are not filterable.
A patch to fix this is available at:
http://archives.neohapsis.com/archives/netbsd/2001-q4/0046.html
Source: NetBSD
http://archives.neohapsis.com/archives/netbsd/2001-q4/0042.html
- --- Other News ---------------------------------------------------------
*** {01.44.011} Other - OpenVMS/SEVMS Dec Motif window manager
vulnerability
Compaq has released an advisory indicating that a security
vulnerability existed in the Motif window manager included with
various versions of OpenVMS and SEVMS for VAX and Alpha systems.
A full list of affected systems, along with patches, is available at:
http://archives.neohapsis.com/archives/compaq/2001-q4/0034.html
Source: Compaq
http://archives.neohapsis.com/archives/compaq/2001-q4/0034.html
- --- Cross-Platform News ------------------------------------------------
*** {01.44.001} Cross - 6tunnel connection close DoS
An advisory was released indicating it's possible to perform a denial
of service attack on 6tunnel versions prior to 0.09 by opening many
connections to the target host.
The vendor apparently has confirmed this vulnerability and released
version 0.09. It is available for download at:
ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gz
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-10/0200.html
*** {01.44.004} Cross - Webalizer referrer/host name CSS vulnerability
The Webalizer log parser, version 2.01-06, has been found vulnerable
to cross-site scripting in its handling of certain referrer URLs and
resolved DNS host names. This could potentially allow a remote attacker
to insert arbitrary JavaScript code into the Webalizer HTML output.
The author has confirmed this vulnerability and released a patch,
which is available at:
ftp://ftp.mrunix.net/pub/Webalizer/sec-fix.patch
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-10/0223.html
*** {01.44.012} Cross - Update {01.43.011}: Oracle 9 iAS Web services
DoS/overflow
Oracle has released an update for the vulnerability discussed in
{01.43.011} ("Oracle 9 iAS Web services DoS/overflow").
Patch information is available at the URL referenced below.
Source: Vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0020.html
*** {01.44.013} Cross - Update {01.32.022}: Oracle log file symlink
attack
Oracle has released an advisory concerning the vulnerability discussed
in {01.32.022} ("Oracle log file symlink attack"). The company has
essentially recommended a "chmod o-x" on the Oracle binary as a
workaround until it releases the next version, which will include
a fix.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0022.html
*** {01.44.014} Cross - Update {01.32.017}: Oracle otrcrep command line
parameter overflow
Oracle has released workaround information for the vulnerability
discussed in {01.32.017} ("Oracle otrcrep command line parameter
overflow").
Full information is available at the URL referenced below.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0021.html
*** {01.44.015} Cross - NSI/ARIN rwhoisd SOA format string vulnerability
NSI's rwhoisd service contains a format string bug in the handling
of the SOA parameter, which could allow a remote attacker to execute
arbitrary code on the system with rwhoisd privileges. Versions prior
to 1.5.7-1 are vulnerable.
The vendor has confirmed this vulnerability and released a patch,
which is available at:
ftp://ftp.arin.net/pub/rwhois/rwhoisd-1.5.7-1.tar.gz
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-10/0237.html
*** {01.44.018} Cross - iBill ibillpm.pl CGI auth brute force
iBill's ibillpm.pl CGI script, in a default setup, has been found
to typically use a weak authentication password, which can be easily
brute forced in a small number (52 at most) of guesses. This could
allow a remote attacker to bypass the billing process entirely and
create valid user accounts.
This vulnerability has not been confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-10/0242.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (BSD/OS)
Comment: For info see http://www.gnupg.org
iD8DBQE74bGk+LUG5KFpTkYRAvxOAJ903YiLuqDNIcRQW9K/LBOwqh6fVQCfSv0d
LvilTi/ISdryULTeQ1LybYo=
=Br/t
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
Not worried about hackers? You should be. If your customers don't feel
comfortable with you online, they'll go with someone else. With IBM
infrastructure, you'll have the security your company needs to keep your
networks safe & clients comfortable. Get our free book on online
security today. Go to
http://www.ibm.com/e-business/soready/n168
----------------------------------------------------------------------
Become a Security Alert Consensus member! If this e-mail was passed
to you and you would like to begin receiving our security e-mail
newsletter on a weekly basis, we invite you to subscribe today.
http://www.networkcomputing.com/consensus/.
We are signing the Consensus newsletter
with PGP. The new SANS PGP key is posted at:
http://certserver.pgp.com:11371/pks/lookup?op=get&search=0xA1694E46
and can be accessed from the SANS Web site (http://www.sans.org).
Special Note: To better secure your confidential information,
we will no longer include personal URLs in our Consensus
newsletter mailings. Instead, we have created a new form
(http://www.sans.org/sansurl). On this form you can enter the SD
number located near your name at the top of the newsletter. When you
submit this form, an e-mail containing a URL will be sent to you at
the e-mail address on record. With this URL you can make changes to
your account (edit the content of your Consensus mailing, for example)
without endangering the security of your personal URL. If you'd like
to change your e-mail address or other information, or unsubscribe
to this newsletter, please visit your new URL as described above. If
you have any problems or questions, e-mail us at <consensusnwc.com>.
Missed an issue? You can find all back issues of
Security Alert Consensus (and Security Express) online.
http://archives.neohapsis.com/
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2001 Network Computing, a CMP Media LLC
publication. All Rights Reserved. Distributed by Network
Computing (http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]