|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Alert Consensus #022
From: Network Computing and The SANS Institute (sans
sans.org)
Date: Thu Jun 05 2003 - 21:34:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 022 (03.22)
Thursday, June 5, 2003
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below you
should find information pertaining only to the categories you requested.
Information on how to manage your subscription can be found at the
bottom of the newsletter. If you have any problems or questions, please
e-mail us at <consensusnwc.com>.
************************* Begin Advertisement ************************
********* This Issue Sponsored by VeriSign, Inc. *********
FREE White Paper -- Key Trends in Managed Security Services
Order the new VeriSign FREE White Paper and learn how to...
- Reduce the cost of security infrastructure
- Integrate security policies with a consistent approach
- Relieve internal resources from complicated security activities
and more. Click here now for your FREE White Paper:
https://www.verisign.com/cgi-bin/go.cgi?a=n38090126744776000
************************** End Advertisement *************************
An interesting paper entitled "Algorithmic Complexity Attacks" was
released last week. Essentially, this type of attack involves causing
a denial of service situation by forcing hash trees to become linear,
incurring major processing overhead to search. We've already seen this
attack applied to the network routing functions of the Linux kernel
(reported two weeks ago). It is likely other software will be found
vulnerable in the upcoming days, as well. Those curious to find out more
information can view:
http://archives.neohapsis.com/archives/bugtraq/2003-05/0314.html
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{03.22.004} Win - MS03-018: IIS cumulative patch, 06/03
{03.22.005} Win - MS03-019: Windows Media Services ISAPI overflow
{03.22.009} Win - Remote PC Access Server handshake DoS
{03.22.010} Win - Tornado www-server Web root escaping and overflow
{03.22.011} Win - Philboard ASP CGI admin login bypass
{03.22.012} Win - WebStore2000 CGI SQL tampering
{03.22.013} Win - iisCart2000 CGI arbitrary file upload
{03.22.018} Win - Crob FTP server USER format string vuln
{03.22.019} Win - Yahoo Voice Chat control overflow
{03.22.020} Win - GoldMine e-mail agent HTML code exec
{03.22.021} Win - MS03-020: IE cumulative patch, 06/03
{03.22.001} Linux - Updated patches for previous vulnerabilities
{03.22.016} Linux - kon2 command-line param overflow
{03.22.017} HP-UX - Updated patches for previous vulnerabilities
{03.22.002} Cross - Apache2 multiple DoS vulns
{03.22.006} Cross - PHP 4.3.2 released, with security fixes
{03.22.007} Cross - Vulnerable PHP applications, 06/03
{03.22.008} Cross - gPS multiple vulns
{03.22.014} Cross - JBoss JSP source code disclosure
{03.22.015} Cross - mod_gzip debug mode vulns
{03.22.003} Tools - BIND 8.3.5 and 8.4.0 released
- --- Windows News -------------------------------------------------------
*** {03.22.004} Win - MS03-018: IIS cumulative patch, 06/03
Microsoft released MS03-018 ("IIS cumulative patch 05/28"). This patch
is a cumulative patch that fixes all prior vulnerabilities as well as
four new vulnerabilities: cross-site scripting in the error redirect
message; a malicious SSI/SHTML page buffer overflow; a malicious ASP
page header memory denial of service; and an IIS long WebDAV request
denial of service.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS03-018.asp
Source: Microsoft
http://archives.neohapsis.com/archives/microsoft/2003-q2/0014.html
*** {03.22.005} Win - MS03-019: Windows Media Services ISAPI overflow
Microsoft released MS03-019 ("Windows Media Services ISAPI overflow").
The Windows Media Services nsiislog.dll ISAPI extension contains a
buffer overflow that allows a remote attacker to execute arbitrary code
on the IIS system.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS03-019.asp
Source: Microsoft
http://archives.neohapsis.com/archives/microsoft/2003-q2/0015.html
*** {03.22.009} Win - Remote PC Access Server handshake DoS
The Remote PC Access Server suite version 2.2 crashes when a particular
malformed client handshake is performed with the server, leading to a
denial of service attack.
The advisory indicates vendor confirmation.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-05/0305.html
*** {03.22.010} Win - Tornado www-server Web root escaping and overflow
Tornado www-server version 1.2 allows a remote attacker to access files
outside the Web root. It also contains a buffer overflow in the handling
of large URL requests, allowing the execution of arbitrary code.
These vulnerabilities are not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-05/0309.html
*** {03.22.011} Win - Philboard ASP CGI admin login bypass
The Philboard ASP CGI forum suite version 1.14 does not properly handle
administrator authentication. Any attacker presenting a
'philboard_admin=True' cookie to the administrative pages will be given
administrative access.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-05/0326.html
*** {03.22.012} Win - WebStore2000 CGI SQL tampering
The WebStore2000 CGI suite version 6.0 is vulnerable to SQL tampering
in the browse_item_details.asp script.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-05/0334.html
*** {03.22.013} Win - iisCart2000 CGI arbitrary file upload
The iisCart2000 ASP CGI suite includes an upload.asp sample script that
remote attackers can use to upload arbitrary files to the system.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-05/0335.html
*** {03.22.018} Win - Crob FTP server USER format string vuln
Crob FTP server version 2.50.4 Build 228 reportedly contains a format
string vulnerability in the handling of the USER FTP command, allowing
a remote attacker to potentially execute arbitrary code.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-06/0006.html
*** {03.22.019} Win - Yahoo Voice Chat control overflow
The Yahoo! Voice Chat control included with Yahoo! Chat and Yahoo!
Messenger contains a buffer overflow that could allow a malicious Web
site or e-mail to execute arbitrary code on the user's system. Versions
prior to 1,0,0,45 are vulnerable.
This vulnerability is confirmed and fixed by the vendor; the update is
available at:
http://messenger.yahoo.com/messenger/security
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-05/0353.html
*** {03.22.020} Win - GoldMine e-mail agent HTML code exec
The GoldMine e-mail agent passes malicious HTML e-mails to the default
Web browser, causing any active scripting to occur in the 'local
computer' security zone. This allows a malicious e-mail to execute
arbitrary applications.
This vulnerability is confirmed by the vendor, which released version
5.70.30503.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0091.html
*** {03.22.021} Win - MS03-020: IE cumulative patch, 06/03
Microsoft released MS03-020 ("IE cumulative patch 06/03"). This patch
fixes all known Internet Explorer problems to date as well as two new
vulnerabilities: a buffer overflow in the handling of object tag
parameters and execution of a local application because of a flaw in
the file download dialog box.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS03-020.asp
Source: Microsoft
http://archives.neohapsis.com/archives/microsoft/2003-q2/0016.html
- --- Linux News ---------------------------------------------------------
*** {03.22.001} Linux - Updated patches for previous vulnerabilities
The following is a list of Linux vendor patches for vulnerabilities
previously reported in Security Alert Consensus.
- --- Red Hat:
RHSA-2003:098-03: kernel
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0065.html
RHSA-2003:145-01: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-05/0307.html
RHSA-2003:181-01: ghostscript
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0064.html
RHSA-2003:187-01: kernel
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0066.html
- --- Mandrake:
MDKSA-2003:062: cups
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0162.html
- --- Slackware:
SSA:2003-149-01: CUPS
http://archives.neohapsis.com/archives/bugtraq/2003-05/0321.html
Source: Red Hat, Mandrake, Slackware
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0065.html
http://archives.neohapsis.com/archives/bugtraq/2003-05/0307.html
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0064.html
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0066.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0162.html
http://archives.neohapsis.com/archives/bugtraq/2003-05/0321.html
*** {03.22.016} Linux - kon2 command-line param overflow
The kon2 Kanji console emulator contains a buffer overflow in the
handling of large command-line parameters, allowing a local attacker to
execute arbitrary code with root privileges.
This vulnerability is confirmed.
Updated Red Hat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0067.html
Source: Red Hat
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0067.html
- --- HP-UX News ---------------------------------------------------------
*** {03.22.017} HP-UX - Updated patches for previous vulnerabilities
The following is a list of HP-UX vendor patches for vulnerabilities
previously reported in Security Alert Consensus.
HPSBUX0306-263: CDE
http://archives.neohapsis.com/archives/hp/2003-q2/0057.html
HPSBUX0306-262: uucp
http://archives.neohapsis.com/archives/hp/2003-q2/0057.html
Source: HP
http://archives.neohapsis.com/archives/hp/2003-q2/0057.html
- --- Cross-Platform News ------------------------------------------------
*** {03.22.002} Cross - Apache2 multiple DoS vulns
Apache 2.x versions prior to 2.0.46 contain two denial of service
vulnerabilities: a bug in the basic authentication handler could prevent
any further basic auth logins and a bug in the WebDAV components can
cause the process to crash.
These vulnerabilities are confirmed and fixed in Apache version 2.0.46.
Updated Red Hat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0063.html
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0164.html
Source: Apache, Red Hat, Mandrake
http://archives.neohapsis.com/archives/apache/2003/0002.html
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0063.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0164.html
*** {03.22.006} Cross - PHP 4.3.2 released, with security fixes
PHP version 4.3.2 was released. This new version contains multiple
security-related fixes relating to buffer overflows and integer
problems, among others.
The new version can be downloaded from:
http://www.php.net/
Source: PHP
http://archives.neohapsis.com/archives/php/2003-05/0056.html
*** {03.22.007} Cross - Vulnerable PHP applications, 06/03
The following is a list of reported vulnerable third-party PHP CGI
applications. These vulnerabilities are not confirmed.
Webfroot Shoutbox 2.32: local file reading
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0090.html
Geeklog 1.3.7sr1: SQL tampering, PHP code execution
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0092.html
b2 cafelog 0.6.1: remote file include code execution
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0093.html
http://archives.neohapsis.com/archives/bugtraq/2003-06/0011.html
PHP-Nuke 5.6 and 6.5: SQL injection
http://archives.neohapsis.com/archives/bugtraq/2003-05/0346.html
Source: VulnWatch, SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0090.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0092.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0093.html
http://archives.neohapsis.com/archives/bugtraq/2003-06/0011.html
http://archives.neohapsis.com/archives/bugtraq/2003-05/0346.html
*** {03.22.008} Cross - gPS multiple vulns
Debian released an advisory indicating the gPS application suite prior
to version 1.1.0 contains multiple vulnerabilities: various buffer
overflows and arbitrary hosts are allowed to connect, despite
configuration.
These vulnerabilities are confirmed and fixed in version 1.1.0.
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0761.html
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0761.html
*** {03.22.014} Cross - JBoss JSP source code disclosure
JBoss version 3.2.1 reportedly contains a vulnerability whereby a remote
attacker can retrieve the source code to JSP pages by appending '%00'
to the end of the requested URL.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-05/0347.html
*** {03.22.015} Cross - mod_gzip debug mode vulns
The mod_gzip Apache module version 1.3.26.1a contains multiple
vulnerabilities if the module is compiled with debugging enabled. The
vulnerabilities include format string problems, buffer overflows and
race conditions.
These vulnerabilities are not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-06/0003.html
- --- Tool Announcements News --------------------------------------------
*** {03.22.003} Tools - BIND 8.3.5 and 8.4.0 released
BIND versions 8.3.5 and 8.4.0 were released. Both are
general/maintenance releases and do not include any security-related
fixes.
The new versions can be downloaded from:
http://www.isc.org/products/BIND/
Source: BIND
http://archives.neohapsis.com/archives/bind/2003/0008.html
http://archives.neohapsis.com/archives/bind/2003/0009.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (BSD/OS)
Comment: For info see http://www.gnupg.org
iD8DBQE+392i+LUG5KFpTkYRAm8MAJ4xgrD7TYN8jK6u5SjPCZh6YrqFFwCfT6om
6yXbLr31NjhKzA2WEo/jrDs=
=P2fh
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
************************* Begin Advertisement ************************
********* This Issue Sponsored by VeriSign, Inc. *********
FREE White Paper -- Key Trends in Managed Security Services
Order the new VeriSign FREE White Paper and learn how to...
- Reduce the cost of security infrastructure
- Integrate security policies with a consistent approach
- Relieve internal resources from complicated security activities
and more. Click here now for your FREE White Paper:
https://www.verisign.com/cgi-bin/go.cgi?a=n38090126744776000
************************** End Advertisement *************************
Become a Security Alert Consensus member! If this e-mail was passed to
you and you would like to begin receiving our security e-mail newsletter
on a weekly basis, we invite you to subscribe today.
http://portal.sans.org
We are signing the Consensus newsletter with PGP. The new SANS PGP key
is posted at:
http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
also be accessed from the SANS Web site (http://www.sans.org).
To unsubscribe from this newsletter, or to edit your subscription
information, please go to: http://portal.sans.org/
Missed an issue? You can find back issues of Security Alert Consensus
(and other SANS newsletters) online. http://www.sans.org/newsletters
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2003 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]