|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Network Computing and The SANS Institute (sans+ZZ57775399085624681_at_sans.org)
Date: Wed Nov 27 2002 - 10:29:29 CST
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 047 (02.47)
Wednesday, November 27, 2002
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below
you should find information pertaining only to the categories you
requested. Information on how to manage your subscription can be found
at the bottom of the newsletter. If you have any problems or questions,
please e-mail us at <consensus
nwc.com>.
************************* Begin Advertisement ************************
This issue sponsored by Network Computing's Tech Library and Bitpipe Inc.
Is your network performing the way it needs to?
FREE Sprint White Paper: Ensure the Reliability, Security and
Performance of Your Network
This white paper gives insight into the importance of choosing the right
network vendor to maintain a reliable mission-critical system.
For more white papers, case studies and product info related to Network
Security, go to:
http://techlibrary.networkcomputing.com/data/rlist?t=itmgmt_10_50_20_14&src=email
************************** End Advertisement *************************
A number of notable vulnerabilities were reported this week, including:
a remotely exploitable overflow in Samba smbd (item {02.47.003});
MDAC client component buffer overflows (item {02.47.002}); Sun's Java
JVM uses a vulnerable version of the zlib bug (item {02.47.010});
and Solaris fs.auto XFS daemon contains a remote overflow (item
{02.47.015}). Plus, a cumulative Internet Explorer patch was
released. As always, if you are missing any of these items, it's
because you are not currently subscribed to the OS category to which
they belong. You can change your subscription information using the
instructions at the bottom of this newsletter.
The latest version of HFNetChk (v3.86) was released. For those not
familiar with HFNetChk, it is a free tool used to diagnose missing
patches and hotfixes on Windows systems. You can get the latest
version from: http://hfnetchk.shavlik.com
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{02.47.001} Win - MS02-065: MDAC/RDS components overflow
{02.47.002} Win - MS02-066: IE cumulative patch Nov/2002
{02.47.012} Win - RealPlayer/RealOne multiple overflows
{02.47.004} Linux - Update {02.35.017}: Python insecure temp file
handling
{02.47.005} Linux - Update {02.46.030}: Linux kernel lcall7 DoS
{02.47.006} Linux - Update {02.39.013}: gv sscanf() overflow
{02.47.007} Linux - Update {02.45.027}: KDE KIO rlogin/telnet protocol
handler overflows
{02.47.008} Linux - Update {02.45.026}: KDE Lisa/resLISa multiple
vulnerabilities
{02.47.009} Linux - Update {02.40.024}: Sendmail smrsh execution
restriction bypass
{02.47.011} Linux - Update {02.37.005}: PHP mail() command may bypass
safe_mode
{02.47.014} Linux - Update {02.45.022}: Pine 4.44 malformed From field
vulnerability
{02.47.015} Sol - fs.auto remote overflow
{02.47.016} NApps - Cisco PIX authentication vulnerabilities
{02.47.018} NApps - NetScreen IP fragment URL filtering bypass
{02.47.003} Cross - Samba encrypted pass change request overflow
{02.47.010} Cross - Java zlib double-free vulnerability
{02.47.013} Cross - BIND ID DNS spoofing vulnerability
{02.47.017} Cross - WSMP3 HTTP server request overflow
- --- Windows News -------------------------------------------------------
*** {02.47.001} Win - MS02-065: MDAC/RDS components overflow
Microsoft released MS02-065 ("MDAC/RDS components overflow"). Both
the client and the server side RDS components included with the MDAC
data access component suite prior to version 2.7 contain a buffer
overflow that can be exploited to execute arbitrary code. Servers with
access to the /msadc/msadcs.dll RDS handler, as well as IE clients,
are vulnerable.
FAQ and patch:
http://archives.neohapsis.com/archives/microsoft/2002-q4/0012.html
Source: Microsoft
http://archives.neohapsis.com/archives/microsoft/2002-q4/0012.html
*** {02.47.002} Win - MS02-066: IE cumulative patch Nov/2002
Microsoft released MS02-066 ("IE cumulative patch Nov/2002"). This
latest IE cumulative security patch fixes all known problems to date
as well as six new vulnerabilities. The vulnerabilities include
a handful of cross-domain accessing, a denial of service and the
possible execution of commands on the user's system.
FAQ and patch:
http://archives.neohapsis.com/archives/microsoft/2002-q4/0013.html
Source: Microsoft
http://archives.neohapsis.com/archives/microsoft/2002-q4/0013.html
*** {02.47.012} Win - RealPlayer/RealOne multiple overflows
The RealPlayer and RealOne media players from www.real.com contain
multiple overflows that may let a malicious Web site execute arbitrary
code on a user's system.
An update is available at www.real.com or by using the programs'
"auto-update" feature.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0085.html
- --- Linux News ---------------------------------------------------------
*** {02.47.004} Linux - Update {02.35.017}: Python insecure temp file
handling
Mandrake released updated python packages, which fix the vulnerability
discussed in {02.35.017} ("Python insecure temp file handling").
Updated RPMs are listed at the reference URL below.
Source: Mandrake
http://archives.neohapsis.com/archives/linux/mandrake/2002-q4/0213.html
*** {02.47.005} Linux - Update {02.46.030}: Linux kernel lcall7 DoS
Red Hat released updated kernel packages, which fix the vulnerability
discussed in {02.46.030} ("Linux kernel lcall7 DoS").
Updated Red Hat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2002-q4/0045.html
Updated EnGarde RPMs:
http://archives.neohapsis.com/archives/linux/engarde/2002-q4/0013.html
Source: Red Hat, EnGarde
http://archives.neohapsis.com/archives/linux/redhat/2002-q4/0045.html
http://archives.neohapsis.com/archives/linux/engarde/2002-q4/0013.html
*** {02.47.006} Linux - Update {02.39.013}: gv sscanf() overflow
Caldera released updated gv packages, which fix the vulnerability
discussed in {02.39.013} ("gv sscanf() overflow").
Updated RPMs are listed at the reference URL below.
Source: Caldera
http://archives.neohapsis.com/archives/linux/caldera/2002-q4/0021.html
*** {02.47.007} Linux - Update {02.45.027}: KDE KIO rlogin/telnet
protocol handler overflows
Mandrake released updated kdelibs packages, which fix the vulnerability
discussed in {02.45.027} ("KDE KIO rlogin/telnet protocol handler
overflows").
Updated RPMs are listed at the reference URL below.
Source: Mandrake
http://archives.neohapsis.com/archives/linux/mandrake/2002-q4/0196.html
*** {02.47.008} Linux - Update {02.45.026}: KDE Lisa/resLISa multiple
vulnerabilities
Mandrake released updated kdenetwork packages, which fix the
vulnerability discussed in {02.45.026} ("KDE Lisa/resLISa multiple
vulnerabilities").
Updated RPMs are listed at the reference URL below.
Source: Mandrake
http://archives.neohapsis.com/archives/linux/mandrake/2002-q4/0197.html
*** {02.47.009} Linux - Update {02.40.024}: Sendmail smrsh execution
restriction bypass
Caldera released updated sendmail packages, which fix the vulnerability
discussed in {02.40.024} ("Sendmail smrsh execution restriction
bypass").
Updated RPMs are listed at the reference URL below.
Source: Caldera
http://archives.neohapsis.com/archives/linux/caldera/2002-q4/0020.html
*** {02.47.011} Linux - Update {02.37.005}: PHP mail() command may
bypass safe_mode
EnGarde released updated PHP packages, which fix the vulnerability
discussed in {02.37.005} ("PHP mail() command may bypass safe_mode").
Updated RPMs are listed at the reference URL below.
Source: EnGarde
http://archives.neohapsis.com/archives/linux/engarde/2002-q4/0014.html
*** {02.47.014} Linux - Update {02.45.022}: Pine 4.44 malformed From
field vulnerability
SuSE released updated pine packages, which fix the vulnerability
discussed in {02.45.022} ("Pine 4.44 malformed From field
vulnerability").
Updated RPMs are listed at the reference URL below.
Source: SuSE
http://archives.neohapsis.com/archives/linux/suse/2002-q4/0953.html
- --- Solaris News -------------------------------------------------------
*** {02.47.015} Sol - fs.auto remote overflow
The Solaris XFS daemon, fs.auto, is confirmed to contain a remotely
exploitable buffer overflow. Further details were not released.
Sun is currently producing patches.
Source: CERT
http://archives.neohapsis.com/archives/cc/2002-q4/0007.html
- --- Network Appliances News --------------------------------------------
*** {02.47.016} NApps - Cisco PIX authentication vulnerabilities
A Cisco advisory indicates three vulnerabilities in the PIX firewall:
an attacker could reuse a client's current ISAKMP association;
TACAS/RADIUS server access is still allowed after authentication;
and an HTTP authentication buffer overflow.
Cisco confirmed these vulnerabilities and released updates, listed
at the reference URL below.
Source: Cisco
http://archives.neohapsis.com/archives/cisco/2002-q4/0003.html
*** {02.47.018} NApps - NetScreen IP fragment URL filtering bypass
The 'malicious URL' URL filtering capability included within the
NetScreen ScreenOS does not filter URLs contained across multiple,
fragmented IP packets, thereby allowing a remote attacker to otherwise
bypass the URL filtering.
This vulnerability is confirmed. ScreenOS 4.0.1 is available at:
http://www.netscreen.com/support/updates.html
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0094.html
- --- Cross-Platform News ------------------------------------------------
*** {02.47.003} Cross - Samba encrypted pass change request overflow
Samba versions 2.2.2 through 2.2.6 contain a remotely exploitable
buffer overflow in the handling of malformed encrypted password
change requests.
This vulnerability is confirmed.
Updated SuSE RPMs:
http://archives.neohapsis.com/archives/linux/suse/2002-q4/0894.html
Updated Red Hat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2002-q4/0044.html
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/linux/mandrake/2002-q4/0212.html
Updated Conectiva RPMs:
http://archives.neohapsis.com/archives/linux/conectiva/2002-q4/0022.html
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2002-q4/0746.html
Source: SuSE, Red Hat, Mandrake, Conectiva, Debian
http://archives.neohapsis.com/archives/linux/suse/2002-q4/0894.html
http://archives.neohapsis.com/archives/linux/redhat/2002-q4/0044.html
http://archives.neohapsis.com/archives/linux/mandrake/2002-q4/0212.html
http://archives.neohapsis.com/archives/linux/conectiva/2002-q4/0022.html
http://archives.neohapsis.com/archives/linux/debian/2002-q4/0746.html
*** {02.47.010} Cross - Java zlib double-free vulnerability
Sun is reporting that multiple versions of the Sun SDK and JRE for
all platforms use a version of zlib vulnerable to the previously
reported double-free bug. All hosts using Sun's JVM are vulnerable.
Updated SDK and JRE packages are listed at:
http://archives.neohapsis.com/archives/bugtraq/2002-11/0281.html
HPUX update information:
http://archives.neohapsis.com/archives/hp/2002-q4/0041.html
Source: SecurityFocus Bugtraq, HP
http://archives.neohapsis.com/archives/bugtraq/2002-11/0281.html
http://archives.neohapsis.com/archives/hp/2002-q4/0041.html
*** {02.47.013} Cross - BIND ID DNS spoofing vulnerability
A bug reported in all 4.x and 8.x versions of BIND could allow a
remote attacker to spoof a DNS request by guessing the dNS ID of
outstanding requests made by the target server.
This vulnerability is not confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0087.html
*** {02.47.017} Cross - WSMP3 HTTP server request overflow
The WSMP3 HTTP server reportedly contains a buffer overflow in the
handling of large URL requests. This could allow the execution of
arbitrary code.
This vulnerability is not confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0091.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (BSD/OS)
Comment: For info see http://www.gnupg.org
iD8DBQE95PDp+LUG5KFpTkYRAlHzAJ9hcLZbgO7xMoQIXFl7n7uLUuwSSwCeKK2Y
cLzqecTZhLqX75jJS+gzN9Y=
=cKeL
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
************************* Begin Advertisement ************************
This issue sponsored by Network Computing's Tech Library and Bitpipe Inc.
Is your network performing the way it needs to?
FREE Sprint White Paper: Ensure the Reliability, Security and
Performance of Your Network
This white paper gives insight into the importance of choosing the right
network vendor to maintain a reliable mission-critical system.
For more white papers, case studies and product info related to Network
Security, go to:
http://techlibrary.networkcomputing.com/data/rlist?t=itmgmt_10_50_20_14&src=email
************************** End Advertisement *************************
Become a Security Alert Consensus member! If this e-mail was passed
to you and you would like to begin receiving our security e-mail
newsletter on a weekly basis, we invite you to subscribe today.
http://www.networkcomputing.com/consensus/.
We are signing the Consensus newsletter
with PGP. The new SANS PGP key is posted at:
http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
also be accessed from the SANS Web site (http://www.sans.org).
Special Note: To better secure your confidential information,
we will no longer include personal URLs in our Consensus
newsletter mailings. Instead, we have created a new form
(http://www.sans.org/sansurl). On this form you can enter the SD
number located near your name at the top of the newsletter. When you
submit this form, an e-mail containing a URL will be sent to you at
the e-mail address on record. With this URL you can make changes to
your account (edit the content of your Consensus mailing, for example)
without endangering the security of your personal URL. If you'd like
to change your e-mail address or other information, please visit your
new URL as described above. If you have any problems or questions,
e-mail us at <consensusnwc.com>.
If you would like to unsubscribe from this newsletter, grab your SD
number (next to your name at the top of this message) and visit the
URL below. You will be sent a personal URL via E-mail, from which
you can unsubscribe. http://www.sans.org/sansurl
Missed an issue? You can find all back issues of
Security Alert Consensus (and Security Express) online.
http://archives.neohapsis.com/
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2002 Network Computing, a CMP Media LLC
publication. All Rights Reserved. Distributed by Network
Computing (http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]