OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Network Computing and The SANS Institute (sans+ZZ86667004737604681_at_sans.org)
Date: Thu Feb 13 2003 - 13:09:33 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Re: Your personalized newsletter

                     -- Security Alert Consensus --
                           Number 006 (03.06)
                      Thursday, February 13, 2003
                           Created for you by
                Network Computing and the SANS Institute
                          Powered by Neohapsis

    ----------------------------------------------------------------------

    Welcome to the latest edition of Security Alert Consensus! Below
    you should find information pertaining only to the categories you
    requested. Information on how to manage your subscription can be found
    at the bottom of the newsletter. If you have any problems or questions,
    please e-mail us at <consensusnwc.com>.

    ************************* Begin Advertisement ************************

    ALERT: SQL Injection Attacks via Port 80 and 443! It's as simple as
    placing additional SQL commands into a Web Form input box giving hackers
    complete access to all your backend systems! Firewalls and IDS will not
    stop such attacks because SQL Injections are NOT seen as intruders.
    Download this *FREE* white paper from SPI Dynamics for a complete guide
    to protection! Click here:
    http://www.spidynamics.com/mktg/sqlinjection22

    ************************** End Advertisement *************************

    It's been a slow week for advisories, which is a welcome change after
    the flood of recent problems. One of the notable items this week
    includes bugs in the Unreal game engine (we all know it's standard
    corporate practice to indulge in first-person shooter games). There
    also is a pair of Windows updates (an Internet Explorer cumulative
    patch and a local privilege elevation via Windows redirector service).

    Until next week,
    --Security Alert Consensus Team

    ************************************************************************

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    TABLE OF CONTENTS:

    {03.06.010} Win - MS03-004: IE cumulative patch 02/2003
    {03.06.011} Win - MS03-005: Windows XP redirector overflow
    {03.06.016} Win - CryptoBuddy insecure encryption
    {03.06.017} Win - WinZip weak zip encryption
    {03.06.019} Win - AbsoluteTelnet term title overflow
    {03.06.001} Linux - Update {02.45.006}: Window Maker image size integer
                overflow
    {03.06.002} Linux - w3m CSS vulnerabilities
    {03.06.003} Linux - RH8.0 uml_net incorrectly setuid
    {03.06.004} Linux - Update {03.04.011}: Hypermail attachment name
                progress overflow
    {03.06.005} Linux - Update {03.05.015}: Linux O_DIRECT vulnerability
    {03.06.006} Linux - Update {03.01.028}: libmcrypt buffer overflows and
                memory leak
    {03.06.009} Linux - Update {03.04.013}: slocate -r/-c parameter overflow
    {03.06.020} Linux - Update {02.49.008}: OpenLDAP2 multiple
                vulnerabilities
    {03.06.007} AIX - XFS buffer overflows
    {03.06.008} AIX - libnsl signed integer overflow
    {03.06.018} HPUX - wall input file overflow
    {03.06.012} Cross - CGI::Lite Perl lib escape_dangerous_chars
                vulnerability
    {03.06.013} Cross - NOD32 antivirus path overflow
    {03.06.014} Cross - SQLBase server execute parameter overflow
    {03.06.015} Cross - Multiple bugs in Unreal game engine

    - --- Windows News -------------------------------------------------------

    *** {03.06.010} Win - MS03-004: IE cumulative patch 02/2003

    Microsoft released MS03-004 ("IE cumulative patch 02/2003"). The latest
    cumulative patch for Internet Explorer fixes all known issues to date,
    as well as two new cross-domain vulnerabilities.

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/ms03-004.asp

    Source: Microsoft
    http://archives.neohapsis.com/archives/microsoft/2003-q1/0006.html

    *** {03.06.011} Win - MS03-005: Windows XP redirector overflow

    Microsoft released MS03-005 ("Windows XP redirector overflow"). The
    redirector service in Windows XP contains a buffer overflow that
    could allow local attackers to execute arbitrary code with elevated
    (system) privileges.

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/ms03-005.asp

    Source: Microsoft
    http://archives.neohapsis.com/archives/microsoft/2003-q1/0005.html

    *** {03.06.016} Win - CryptoBuddy insecure encryption

    The RTS CryptoBuddy encryption suite versions 1.2 and prior insecurely
    encrypt files. Basically, an attacker can decrypt arbitrary encrypted
    files because CryptoBuddy doesn't actually use the supplied key/pass
    phrase in the actual encryption process.

    This vulnerability is not confirmed. An exploit was published.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2003-02/0120.html

    *** {03.06.017} Win - WinZip weak zip encryption

    The WinZip program uses a weak random number generator, which could
    make cracking encrypted .zip files made by WinZip possible in a short
    amount of time.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2003-02/0110.html

    *** {03.06.019} Win - AbsoluteTelnet term title overflow

    The AbsoluteTelnet client version 2.0 contains a buffer overflow
    when handling escape sequences that set the terminal title to a large
    string. This would allow a malicious telnet server, or a Trojan file
    displayed by the user, to cause a buffer overflow of the user's client.

    This vulnerability is confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2003-02/0089.html

    - --- Linux News ---------------------------------------------------------

    *** {03.06.001} Linux - Update {02.45.006}: Window Maker image size
                    integer overflow

    Red Hat released updated Window Maker packages, which fix the
    vulnerability discussed in {02.45.006} ("Window Maker image size
    integer overflow").

    Updated RPMs are listed at the reference URL below.

    Source: Red Hat
    http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0032.html

    *** {03.06.002} Linux - w3m CSS vulnerabilities

    The w3m utility reportedly contains two cross-site scripting bugs.

    This vulnerability is confirmed.

    Updated Red Hat RPMs:
    http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0036.html

    Updated Debian DEBs:
    http://archives.neohapsis.com/archives/linux/debian/2003-q1/0325.html

    Source: Red Hat, Debian
    http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0036.html
    http://archives.neohapsis.com/archives/linux/debian/2003-q1/0325.html

    *** {03.06.003} Linux - RH8.0 uml_net incorrectly setuid

    The uml_net utility included in the Red Hat 8.0 kernel-utils RPM has
    the setuid bit incorrectly turned on. This allows a local attacker
    to tamper with various network parameters.

    This vulnerability is confirmed. Updated Red Hat RPMs are listed at
    the reference URL below.

    Source: Red Hat
    http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0038.html

    *** {03.06.004} Linux - Update {03.04.011}: Hypermail attachment name
                    progress overflow

    Debian released updated Hypermail packages, which fix the vulnerability
    discussed in {03.04.011} ("Hypermail attachment name progress
    overflow").

    Updated DEBs are listed at the reference URL below.

    Source: Debian
    http://archives.neohapsis.com/archives/linux/debian/2003-q1/0326.html

    *** {03.06.005} Linux - Update {03.05.015}: Linux O_DIRECT vulnerability

    Mandrake released updated kernel packages, which fix the vulnerability
    discussed in {03.05.015} ("Linux O_DIRECT vulnerability").

    Updated RPMs are listed at the reference URL below.

    Source: Mandrake
    http://archives.neohapsis.com/archives/linux/mandrake/2003-q1/0134.html

    *** {03.06.006} Linux - Update {03.01.028}: libmcrypt buffer overflows
                    and memory leak

    Conectiva released updated mcrypt packages, which fix the
    vulnerabilities discussed in {03.01.028} ("libmcrypt buffer overflows
    and memory leak").

    Updated RPMs are listed at the reference URL below.

    Source: Conectiva
    http://archives.neohapsis.com/archives/linux/conectiva/2003-q1/0009.html

    *** {03.06.009} Linux - Update {03.04.013}: slocate -r/-c parameter
                    overflow

    Mandrake released updated slocate packages, which fix the vulnerability
    discussed in {03.04.013} ("slocate -r/-c parameter overflow").

    Updated RPMs are listed at the reference URL below.

    Source: Mandrake
    http://archives.neohapsis.com/archives/linux/mandrake/2003-q1/0147.html

    *** {03.06.020} Linux - Update {02.49.008}: OpenLDAP2 multiple
                    vulnerabilities

    Red Hat released updated OpenLDAP packages, which fix the vulnerability
    discussed in {02.49.008} ("OpenLDAP2 multiple vulnerabilities").

    Updated RPMs are listed at the reference URL below.

    Source: Red Hat
    http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0030.html

    - --- AIX News -----------------------------------------------------------

    *** {03.06.007} AIX - XFS buffer overflows

    IBM released APAR IY37886 for AIX 5.1.0, which fixes various remotely
    exploitable buffer overflows.

    This vulnerability is confirmed.

    Source: IBM
    http://archives.neohapsis.com/archives/aix/2003-q1/0001.html

    *** {03.06.008} AIX - libnsl signed integer overflow

    IBM released APAR IY38434, which fixes a signed integer overflow
    problem in the libnsl library; any program using libnsl could
    potentially be affected.

    This vulnerability is confirmed.

    Source: IBM
    http://archives.neohapsis.com/archives/aix/2003-q1/0001.html

    - --- HP-UX News ---------------------------------------------------------

    *** {03.06.018} HPUX - wall input file overflow

    An advisory indicates that the wall command contains a buffer overflow
    in the handling of large lines read from an input file. Since wall
    is setgid tty, this could possibly lead to elevated privileges by a
    local attacker.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2003-02/0101.html

    - --- Cross-Platform News ------------------------------------------------

    *** {03.06.012} Cross - CGI::Lite Perl lib escape_dangerous_chars
                    vulnerability

    The escape_dangerous_chars() function in the CGI::Lite Perl module
    does not properly filter all shell metacharacters; as such, programs
    using this function are possibly vulnerable to some forms of attack.

    This vulnerability is not confirmed.

    Source: VulnWatch
    http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0065.html

    *** {03.06.013} Cross - NOD32 antivirus path overflow

    The NOD32 antivirus package for Unix contains a locally exploitable
    buffer overflow in the handling of large path names. Any user (or cron
    process) scanning a malicious directory could be caused to execute
    arbitrary code, possibly elevating privileges.

    This vulnerability is fixed in version 1.013.

    Source: VulnWatch
    http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0064.html

    *** {03.06.014} Cross - SQLBase server execute parameter overflow

    The SQLBase SQL server version 8.1.0 reportedly contains a buffer
    overflow in the handling of large parameters passed to the EXECUTE
    command, thereby allowing an attacker with SQL query access to execute
    arbitrary code on the system with elevated privileges.

    This vulnerability is confirmed.

    Source: VulnWatch
    http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0062.html

    *** {03.06.015} Cross - Multiple bugs in Unreal game engine

    An advisory details multiple bugs in the Unreal game engine, which
    is used by many popular PC games. The bugs relate to client/server
    interaction; as such, they may be remotely exploitable.

    These vulnerabilities are confirmed.

    Source: VulnWatch
    http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0060.html

    ************************************************************************

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (BSD/OS)
    Comment: For info see http://www.gnupg.org

    iD8DBQE+S+uy+LUG5KFpTkYRAssmAJ9S+Q6KRccvWqq8PL8rbDWJp3902wCdHfea
    2A4lVkfTvH5qjw2+zN74ZNQ=
    =BPJ0
    -----END PGP SIGNATURE-----
    ------------------------------------------------------------------------

    ************************* Begin Advertisement ************************

    ALERT: SQL Injection Attacks via Port 80 and 443! It's as simple as
    placing additional SQL commands into a Web Form input box giving hackers
    complete access to all your backend systems! Firewalls and IDS will not
    stop such attacks because SQL Injections are NOT seen as intruders.
    Download this *FREE* white paper from SPI Dynamics for a complete guide
    to protection! Click here:
    http://www.spidynamics.com/mktg/sqlinjection22

    ************************** End Advertisement *************************

    Become a Security Alert Consensus member! If this e-mail was passed
    to you and you would like to begin receiving our security e-mail
    newsletter on a weekly basis, we invite you to subscribe today.
    http://www.networkcomputing.com/consensus/.

    We are signing the Consensus newsletter
    with PGP. The new SANS PGP key is posted at:
    http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
    also be accessed from the SANS Web site (http://www.sans.org).

    Special Note: To better secure your confidential information,
    we will no longer include personal URLs in our Consensus
    newsletter mailings. Instead, we have created a new form
    (http://www.sans.org/sansurl). On this form you can enter the SD
    number located near your name at the top of the newsletter. When you
    submit this form, an e-mail containing a URL will be sent to you at
    the e-mail address on record. With this URL you can make changes to
    your account (edit the content of your Consensus mailing, for example)
    without endangering the security of your personal URL. If you'd like
    to change your e-mail address or other information, please visit your
    new URL as described above. If you have any problems or questions,
    e-mail us at <consensusnwc.com>.

    If you would like to unsubscribe from this newsletter, grab your SD
    number (next to your name at the top of this message) and visit the
    URL below. You will be sent a personal URL via E-mail, from which
    you can unsubscribe. http://www.sans.org/sansurl

    Missed an issue? You can find all back issues of
    Security Alert Consensus (and Security Express) online.
    http://archives.neohapsis.com/

    Your opinion counts. We'd like to hear your thoughts on Security Alert
    Consensus. E-mail any questions or comments to <consensusnwc.com>.

    Copyright (c) 2003 Network Computing, a CMP Media LLC
    publication. All Rights Reserved. Distributed by Network
    Computing (http://www.networkcomputing.com) and The SANS Institute
    (http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
    security assessment and integration services consulting group
    (infoneohapsis.com | http://www.neohapsis.com/).