|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Network Computing and The SANS Institute (sans+ZZ65374290913384077
sans.org)Date: Thu Dec 13 2001 - 14:31:04 CST
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 127 (01.50)
Thursday, December 13, 2001
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below
you should find information pertaining only to the categories you
requested. Information on how to manage your subscription can be found
at the bottom of the newsletter. If you have any problems or questions,
please e-mail us at <consensusnwc.com>.
----------------------------------------------------------------------
This issue sponsored by NetIQ
Free Security Guide from NetIQ.
Want to keep the bad guys out? Learn how by reading NetIQ's FREE
security guide,"Jack the Hacker Tells All: Insights into Security Dos
and Don'ts." Learn security defenses ways to respond to security threats
before they become major incidents.
http://www.netiq.com/f/form/form.asp?id=215
----------------------------------------------------------------------
We hope all good admins realize that leaving default passwords in
software and on devices is not such a hot idea. Immediately after
installation, any and all default passwords--including administrative
passwords, default accounts, and SNMP community strings--should
be changed. We are starting to see many "advisories" that proclaim
the insecurity of various default passwords found in products. In all
cases, the solution is the same: Change them. Therefore, we are not
going to continue to alert on changing default passwords, or remind you
to choose strong passwords. For the curious, various members of the
community have begun to compile a default password list. Find it at:
http://www.phenoelit.de/dpl/dpl.html
Until next week,
- Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{01.50.010} Win - MS01-057: Malicious HTML e-mail can access OWA files
{01.50.012} Win - Red Faction client/server port access DoS
{01.50.014} Win - McKesson Pathways Homecare weak encryption
{01.50.003} Linux - xtel temp file vulnerabilities
{01.50.004} Linux - wmtv executes commands as root
{01.50.005} Linux - Update {01.49.009}: OpenSSH UseLogin unfiltered
environment
{01.50.009} Linux - Update {01.42.011}: Apache 1.3.22 available, with
security fixes
{01.50.017} Linux - Update {01.48.023}: Cyrus/sasl logging function
format string vuln
{01.50.015} BSD - FreeBSD async I/O memory overwrite
{01.50.008} SCO - saved xterm sessions can gain additional privileges
{01.50.013} SCO - lpstat buffer overflow
{01.50.016} SCO - timed non-terminated string DoS
{01.50.001} Cross - fml index page subject CSS
{01.50.002} Cross - icecast-server multiple vulnerabilities
{01.50.006} Cross - Update {01.49.011}: Valicert Enterprise VA forms
CGI vulnerabilities
{01.50.007} Cross - Platform Computing LSF multiple vulnerabilities
{01.50.011} Cross - IPRoute fragmented packet DoS
- --- Windows News -------------------------------------------------------
*** {01.50.010} Win - MS01-057: Malicious HTML e-mail can access OWA
files
Microsoft has released MS01-057 ("Malicious HTML e-mail can access
OWA files"). An e-mail containing malicious javascript could execute
script with full access to the user's Outlook Web Access functions.
This attack is otherwise known as cross-site scripting and, since
scripting is required to use OWA, cannot be prevented by turning
off scripting.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS01-057.asp
Source: Microsoft
http://archives.neohapsis.com/archives/vendor/2001-q4/0054.html
*** {01.50.012} Win - Red Faction client/server port access DoS
An advisory was released that indicates both the Red Faction network
game client and server are vulnerable to a denial of service attack
whereby a remote attack causes the application to crash by connection
to Port 7755.
This vulnerability has not been confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-12/0066.html
*** {01.50.014} Win - McKesson Pathways Homecare weak encryption
McKesson's Pathways Homecare version 6.5 has been reported to use
weak obfuscation techniques on authentication passwords, allowing
them to be retrieved and decoded.
This vulnerability has not been confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-12/0077.html
- --- Linux News ---------------------------------------------------------
*** {01.50.003} Linux - xtel temp file vulnerabilities
Debian has released an advisory indicating the xtel application does
not securely create temporary files, allowing a local attacker to
perform a symlink attack.
This vulnerability has been confirmed by Debian, who has released
updated DEBs:
http://archives.neohapsis.com/archives/vendor/2001-q4/0047.html
Source: Debian
http://archives.neohapsis.com/archives/vendor/2001-q4/0047.html
*** {01.50.004} Linux - wmtv executes commands as root
The wmtv application has a feature that lets the user run a command.
It has been found that the wmtv application does not properly drop
privileges before running the command, thus allowing a local attacker
to execute arbitrary commands with root privileges.
This vulnerability has been confirmed by Debian, which has released
updated DEBs listed at:
http://archives.neohapsis.com/archives/vendor/2001-q4/0050.html
Source: Debian
http://archives.neohapsis.com/archives/vendor/2001-q4/0050.html
*** {01.50.005} Linux - Update {01.49.009}: OpenSSH UseLogin unfiltered
environment
Debian and SuSE have released updated openssh packages that fix the
vulnerability discussed in {01.49.009} ("OpenSSH UseLogin unfiltered
environment").
Updated Debian DEBs:
http://archives.neohapsis.com/archives/vendor/2001-q4/0048.html
Updated SuSE RPMs:
http://archives.neohapsis.com/archives/linux/suse/2001-q4/1447.html
Source: Debian, SuSE
http://archives.neohapsis.com/archives/vendor/2001-q4/0048.html
http://archives.neohapsis.com/archives/linux/suse/2001-q4/1447.html
*** {01.50.009} Linux - Update {01.42.011}: Apache 1.3.22 available,
with security fixes
RedHat has released updated secureWeb packages that fix the
vulnerability discussed in {01.42.011} ("Apache 1.3.22 available,
with security fixes"). These updates apply to the RedHat Secure
Server only.
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/redhat/2001-q4/0153.html
Source: RedHat
http://archives.neohapsis.com/archives/linux/redhat/2001-q4/0153.html
*** {01.50.017} Linux - Update {01.48.023}: Cyrus/sasl logging function
format string vuln
Conectiva has released updated sasl packages that fix the vulnerability
discussed in {01.48.023} ("Cyrus/sasl logging function format string
vuln").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/conectiva/2001-q4/0019.html
Source: Conectiva
http://archives.neohapsis.com/archives/linux/conectiva/2001-q4/0019.html
- --- BSD News -----------------------------------------------------------
*** {01.50.015} BSD - FreeBSD async I/O memory overwrite
A bug was found in FreeBSD's asynchronous I/O capabilities that
could result in a race condition: It's possible that an AIO write
scheduled before an execve() call could happen after the completion
of the execve(), overwriting the new applications memory. If this
application is setuid, this could allow for the execution of arbitrary
code with elevated privileges. AIO is an experimental feature found
in FreeBSD 4-STABLE, and is not enabled by default.
This vulnerability has not been confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-12/0090.html
- --- SCO News -----------------------------------------------------------
*** {01.50.008} SCO - saved xterm sessions can gain additional
privileges
Caldera/SCO has released an advisory indicating the possibility
of xterms saved in CDE sessions could gain additional privileges
once resumed. This could let a local attacker execute commands with
elevated privileges.
Updated binaries are available at:
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.37/
Source: Caldera/SCO
http://archives.neohapsis.com/archives/linux/caldera/2001-q4/0017.html
*** {01.50.013} SCO - lpstat buffer overflow
Caldera/SCO has released an advisory indicating a buffer overflow
exists in lpstat. No additional information is available. OpenServer
5.6.0a and prior are vulnerable.
Updated binaries are available at:
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.38/
Source: Caldera/SCO
http://archives.neohapsis.com/archives/linux/caldera/2001-q4/0018.html
*** {01.50.016} SCO - timed non-terminated string DoS
Caldera/SCO has released an advisory indicating that the time daemon
does not terminate incoming strings properly, which could allow a
remote attacker to cause a denial of service situation.
Updated binaries are available at:
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.39
Source: Caldera/SCO
http://archives.neohapsis.com/archives/linux/caldera/2001-q4/0020.html
- --- Cross-Platform News ------------------------------------------------
*** {01.50.001} Cross - fml index page subject CSS
The fml mailing list archiving program does not filter HTML characters
from subject lines when producing the index HTML page, which could
result in a cross-site scripting issue.
Debian has confirmed this problem and has released updated DEBs
listed at:
http://archives.neohapsis.com/archives/vendor/2001-q4/0045.html
Source: Debian
http://archives.neohapsis.com/archives/vendor/2001-q4/0045.html
*** {01.50.002} Cross - icecast-server multiple vulnerabilities
Debian has released an advisory indicating that the icecast server
contains multiple vulnerabilities: arbitrary file access via encoded
'..' notation; denial of service by appending a '/' to request; and
various buffer overflows that might be used to execute arbitrary code.
Debian has confirmed these problems and has released updated DEBs
listed at:
http://archives.neohapsis.com/archives/vendor/2001-q4/0046.html
Source: Debian
http://archives.neohapsis.com/archives/vendor/2001-q4/0046.html
*** {01.50.006} Cross - Update {01.49.011}: Valicert Enterprise VA
forms CGI vulnerabilities
Valicert has released workarounds concerning the vulnerabilities
discussed in {01.49.011} ("Valicert Enterprise VA forms CGI
vulnerabilities"). They are available at:
http://www.valicert.com/support/security_advisory_eva.html
Source: NTBugtraq
http://archives.neohapsis.com/archives/ntbugtraq/2001-q4/0168.html
*** {01.50.007} Cross - Platform Computing LSF multiple vulnerabilities
Platform Computing's LSF suite version 4.0 has been reported to
contain multiple vulnerabilities, including buffer overflows and file
overwrite/access problems by local and possibly remote attackers,
that could yield root privileges.
Some of these vulnerabilities have been confirmed by the vendor.
Additional info is available at:
http://archives.neohapsis.com/archives/bugtraq/2001-12/0073.html
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-12/0045.html
*** {01.50.011} Cross - IPRoute fragmented packet DoS
IPRoute version 1.18 has been found to handle fragmented Packets
improperly, causing the service to crash.
This vulnerability has not been confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-12/0047.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (BSD/OS)
Comment: For info see http://www.gnupg.org
iD8DBQE8GQ4/+LUG5KFpTkYRAq5rAJ41Ib75gYfr48e11ThKJiR6elLz4ACfZW+R
UE0muX4vuCsZ35D/+FcuBig=
=5rmZ
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
This issue sponsored by NetIQ
Free Security Guide from NetIQ.
Want to keep the bad guys out? Learn how by reading NetIQ's FREE
security guide,"Jack the Hacker Tells All: Insights into Security Dos
and Don'ts." Learn security defenses ways to respond to security threats
before they become major incidents.
http://www.netiq.com/f/form/form.asp?id=215
----------------------------------------------------------------------
Become a Security Alert Consensus member! If this e-mail was passed
to you and you would like to begin receiving our security e-mail
newsletter on a weekly basis, we invite you to subscribe today.
http://www.networkcomputing.com/consensus/.
We are signing the Consensus newsletter
with PGP. The new SANS PGP key is posted at:
http://certserver.pgp.com:11371/pks/lookup?op=get&search=0xA1694E46
and can be accessed from the SANS Web site (http://www.sans.org).
Special Note: To better secure your confidential information,
we will no longer include personal URLs in our Consensus
newsletter mailings. Instead, we have created a new form
(http://www.sans.org/sansurl). On this form you can enter the SD
number located near your name at the top of the newsletter. When you
submit this form, an e-mail containing a URL will be sent to you at
the e-mail address on record. With this URL you can make changes to
your account (edit the content of your Consensus mailing, for example)
without endangering the security of your personal URL. If you'd like
to change your e-mail address or other information, or unsubscribe
to this newsletter, please visit your new URL as described above. If
you have any problems or questions, e-mail us at <consensusnwc.com>.
Missed an issue? You can find all back issues of
Security Alert Consensus (and Security Express) online.
http://archives.neohapsis.com/
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2001 Network Computing, a CMP Media LLC
publication. All Rights Reserved. Distributed by Network
Computing (http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]