|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Network Computing and The SANS Institute (sans+ZZ86667004737604681_at_sans.org)
Date: Thu Feb 13 2003 - 13:09:33 CST
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 006 (03.06)
Thursday, February 13, 2003
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below
you should find information pertaining only to the categories you
requested. Information on how to manage your subscription can be found
at the bottom of the newsletter. If you have any problems or questions,
please e-mail us at <consensus
nwc.com>.
************************* Begin Advertisement ************************
ALERT: SQL Injection Attacks via Port 80 and 443! It's as simple as
placing additional SQL commands into a Web Form input box giving hackers
complete access to all your backend systems! Firewalls and IDS will not
stop such attacks because SQL Injections are NOT seen as intruders.
Download this *FREE* white paper from SPI Dynamics for a complete guide
to protection! Click here:
http://www.spidynamics.com/mktg/sqlinjection22
************************** End Advertisement *************************
It's been a slow week for advisories, which is a welcome change after
the flood of recent problems. One of the notable items this week
includes bugs in the Unreal game engine (we all know it's standard
corporate practice to indulge in first-person shooter games). There
also is a pair of Windows updates (an Internet Explorer cumulative
patch and a local privilege elevation via Windows redirector service).
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{03.06.010} Win - MS03-004: IE cumulative patch 02/2003
{03.06.011} Win - MS03-005: Windows XP redirector overflow
{03.06.016} Win - CryptoBuddy insecure encryption
{03.06.017} Win - WinZip weak zip encryption
{03.06.019} Win - AbsoluteTelnet term title overflow
{03.06.001} Linux - Update {02.45.006}: Window Maker image size integer
overflow
{03.06.002} Linux - w3m CSS vulnerabilities
{03.06.003} Linux - RH8.0 uml_net incorrectly setuid
{03.06.004} Linux - Update {03.04.011}: Hypermail attachment name
progress overflow
{03.06.005} Linux - Update {03.05.015}: Linux O_DIRECT vulnerability
{03.06.006} Linux - Update {03.01.028}: libmcrypt buffer overflows and
memory leak
{03.06.009} Linux - Update {03.04.013}: slocate -r/-c parameter overflow
{03.06.020} Linux - Update {02.49.008}: OpenLDAP2 multiple
vulnerabilities
{03.06.007} AIX - XFS buffer overflows
{03.06.008} AIX - libnsl signed integer overflow
{03.06.018} HPUX - wall input file overflow
{03.06.012} Cross - CGI::Lite Perl lib escape_dangerous_chars
vulnerability
{03.06.013} Cross - NOD32 antivirus path overflow
{03.06.014} Cross - SQLBase server execute parameter overflow
{03.06.015} Cross - Multiple bugs in Unreal game engine
- --- Windows News -------------------------------------------------------
*** {03.06.010} Win - MS03-004: IE cumulative patch 02/2003
Microsoft released MS03-004 ("IE cumulative patch 02/2003"). The latest
cumulative patch for Internet Explorer fixes all known issues to date,
as well as two new cross-domain vulnerabilities.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/ms03-004.asp
Source: Microsoft
http://archives.neohapsis.com/archives/microsoft/2003-q1/0006.html
*** {03.06.011} Win - MS03-005: Windows XP redirector overflow
Microsoft released MS03-005 ("Windows XP redirector overflow"). The
redirector service in Windows XP contains a buffer overflow that
could allow local attackers to execute arbitrary code with elevated
(system) privileges.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/ms03-005.asp
Source: Microsoft
http://archives.neohapsis.com/archives/microsoft/2003-q1/0005.html
*** {03.06.016} Win - CryptoBuddy insecure encryption
The RTS CryptoBuddy encryption suite versions 1.2 and prior insecurely
encrypt files. Basically, an attacker can decrypt arbitrary encrypted
files because CryptoBuddy doesn't actually use the supplied key/pass
phrase in the actual encryption process.
This vulnerability is not confirmed. An exploit was published.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-02/0120.html
*** {03.06.017} Win - WinZip weak zip encryption
The WinZip program uses a weak random number generator, which could
make cracking encrypted .zip files made by WinZip possible in a short
amount of time.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-02/0110.html
*** {03.06.019} Win - AbsoluteTelnet term title overflow
The AbsoluteTelnet client version 2.0 contains a buffer overflow
when handling escape sequences that set the terminal title to a large
string. This would allow a malicious telnet server, or a Trojan file
displayed by the user, to cause a buffer overflow of the user's client.
This vulnerability is confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-02/0089.html
- --- Linux News ---------------------------------------------------------
*** {03.06.001} Linux - Update {02.45.006}: Window Maker image size
integer overflow
Red Hat released updated Window Maker packages, which fix the
vulnerability discussed in {02.45.006} ("Window Maker image size
integer overflow").
Updated RPMs are listed at the reference URL below.
Source: Red Hat
http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0032.html
*** {03.06.002} Linux - w3m CSS vulnerabilities
The w3m utility reportedly contains two cross-site scripting bugs.
This vulnerability is confirmed.
Updated Red Hat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0036.html
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0325.html
Source: Red Hat, Debian
http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0036.html
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0325.html
*** {03.06.003} Linux - RH8.0 uml_net incorrectly setuid
The uml_net utility included in the Red Hat 8.0 kernel-utils RPM has
the setuid bit incorrectly turned on. This allows a local attacker
to tamper with various network parameters.
This vulnerability is confirmed. Updated Red Hat RPMs are listed at
the reference URL below.
Source: Red Hat
http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0038.html
*** {03.06.004} Linux - Update {03.04.011}: Hypermail attachment name
progress overflow
Debian released updated Hypermail packages, which fix the vulnerability
discussed in {03.04.011} ("Hypermail attachment name progress
overflow").
Updated DEBs are listed at the reference URL below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0326.html
*** {03.06.005} Linux - Update {03.05.015}: Linux O_DIRECT vulnerability
Mandrake released updated kernel packages, which fix the vulnerability
discussed in {03.05.015} ("Linux O_DIRECT vulnerability").
Updated RPMs are listed at the reference URL below.
Source: Mandrake
http://archives.neohapsis.com/archives/linux/mandrake/2003-q1/0134.html
*** {03.06.006} Linux - Update {03.01.028}: libmcrypt buffer overflows
and memory leak
Conectiva released updated mcrypt packages, which fix the
vulnerabilities discussed in {03.01.028} ("libmcrypt buffer overflows
and memory leak").
Updated RPMs are listed at the reference URL below.
Source: Conectiva
http://archives.neohapsis.com/archives/linux/conectiva/2003-q1/0009.html
*** {03.06.009} Linux - Update {03.04.013}: slocate -r/-c parameter
overflow
Mandrake released updated slocate packages, which fix the vulnerability
discussed in {03.04.013} ("slocate -r/-c parameter overflow").
Updated RPMs are listed at the reference URL below.
Source: Mandrake
http://archives.neohapsis.com/archives/linux/mandrake/2003-q1/0147.html
*** {03.06.020} Linux - Update {02.49.008}: OpenLDAP2 multiple
vulnerabilities
Red Hat released updated OpenLDAP packages, which fix the vulnerability
discussed in {02.49.008} ("OpenLDAP2 multiple vulnerabilities").
Updated RPMs are listed at the reference URL below.
Source: Red Hat
http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0030.html
- --- AIX News -----------------------------------------------------------
*** {03.06.007} AIX - XFS buffer overflows
IBM released APAR IY37886 for AIX 5.1.0, which fixes various remotely
exploitable buffer overflows.
This vulnerability is confirmed.
Source: IBM
http://archives.neohapsis.com/archives/aix/2003-q1/0001.html
*** {03.06.008} AIX - libnsl signed integer overflow
IBM released APAR IY38434, which fixes a signed integer overflow
problem in the libnsl library; any program using libnsl could
potentially be affected.
This vulnerability is confirmed.
Source: IBM
http://archives.neohapsis.com/archives/aix/2003-q1/0001.html
- --- HP-UX News ---------------------------------------------------------
*** {03.06.018} HPUX - wall input file overflow
An advisory indicates that the wall command contains a buffer overflow
in the handling of large lines read from an input file. Since wall
is setgid tty, this could possibly lead to elevated privileges by a
local attacker.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-02/0101.html
- --- Cross-Platform News ------------------------------------------------
*** {03.06.012} Cross - CGI::Lite Perl lib escape_dangerous_chars
vulnerability
The escape_dangerous_chars() function in the CGI::Lite Perl module
does not properly filter all shell metacharacters; as such, programs
using this function are possibly vulnerable to some forms of attack.
This vulnerability is not confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0065.html
*** {03.06.013} Cross - NOD32 antivirus path overflow
The NOD32 antivirus package for Unix contains a locally exploitable
buffer overflow in the handling of large path names. Any user (or cron
process) scanning a malicious directory could be caused to execute
arbitrary code, possibly elevating privileges.
This vulnerability is fixed in version 1.013.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0064.html
*** {03.06.014} Cross - SQLBase server execute parameter overflow
The SQLBase SQL server version 8.1.0 reportedly contains a buffer
overflow in the handling of large parameters passed to the EXECUTE
command, thereby allowing an attacker with SQL query access to execute
arbitrary code on the system with elevated privileges.
This vulnerability is confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0062.html
*** {03.06.015} Cross - Multiple bugs in Unreal game engine
An advisory details multiple bugs in the Unreal game engine, which
is used by many popular PC games. The bugs relate to client/server
interaction; as such, they may be remotely exploitable.
These vulnerabilities are confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0060.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (BSD/OS)
Comment: For info see http://www.gnupg.org
iD8DBQE+S+uy+LUG5KFpTkYRAssmAJ9S+Q6KRccvWqq8PL8rbDWJp3902wCdHfea
2A4lVkfTvH5qjw2+zN74ZNQ=
=BPJ0
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
************************* Begin Advertisement ************************
ALERT: SQL Injection Attacks via Port 80 and 443! It's as simple as
placing additional SQL commands into a Web Form input box giving hackers
complete access to all your backend systems! Firewalls and IDS will not
stop such attacks because SQL Injections are NOT seen as intruders.
Download this *FREE* white paper from SPI Dynamics for a complete guide
to protection! Click here:
http://www.spidynamics.com/mktg/sqlinjection22
************************** End Advertisement *************************
Become a Security Alert Consensus member! If this e-mail was passed
to you and you would like to begin receiving our security e-mail
newsletter on a weekly basis, we invite you to subscribe today.
http://www.networkcomputing.com/consensus/.
We are signing the Consensus newsletter
with PGP. The new SANS PGP key is posted at:
http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
also be accessed from the SANS Web site (http://www.sans.org).
Special Note: To better secure your confidential information,
we will no longer include personal URLs in our Consensus
newsletter mailings. Instead, we have created a new form
(http://www.sans.org/sansurl). On this form you can enter the SD
number located near your name at the top of the newsletter. When you
submit this form, an e-mail containing a URL will be sent to you at
the e-mail address on record. With this URL you can make changes to
your account (edit the content of your Consensus mailing, for example)
without endangering the security of your personal URL. If you'd like
to change your e-mail address or other information, please visit your
new URL as described above. If you have any problems or questions,
e-mail us at <consensusnwc.com>.
If you would like to unsubscribe from this newsletter, grab your SD
number (next to your name at the top of this message) and visit the
URL below. You will be sent a personal URL via E-mail, from which
you can unsubscribe. http://www.sans.org/sansurl
Missed an issue? You can find all back issues of
Security Alert Consensus (and Security Express) online.
http://archives.neohapsis.com/
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2003 Network Computing, a CMP Media LLC
publication. All Rights Reserved. Distributed by Network
Computing (http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]