|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Alert Consensus #31
From: Network Computing and The SANS Institute (sans
sans.org)
Date: Thu Aug 07 2003 - 21:16:25 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 031 (03.31)
Thursday, August 7, 2003
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below you
should find information pertaining only to the categories you requested.
Information on how to manage your subscription can be found at the
bottom of the newsletter. If you have any problems or questions, please
e-mail us at <consensusnwc.com>.
----------------------------------------------------------------------
This issue is sponsored by CMP Media LLC and Microsoft Corporation.
What are the top considerations when determining the best of
breed servers for your needs? Our server resource center houses
industry news articles and reviews, spotlighting the latest and
most reputable servers and server-related news in today's market.
http://www.techweb.com/cha/serverresources
----------------------------------------------------------------------
Notable bugs this week include yet another wu-ftpd vulnerability (item
{03.31.001} in the Cross-Platform category), a BSD libc library overflow
(item {03.31.002} in the BSD category) and a Postfix e-mail DoS (item
{03.31.003 in the Cross-Platform category).
This past weekend we also saw signs of the beginning of a Microsoft DCOM
worm. If you haven't had a chance to patch yet, you should definitely
consider it a top priority.
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{03.31.007} Win - McAfee ePolicy Orchestrator multiple vulns
{03.31.010} Win - IISShield HTTP request DoS
{03.31.015} Win - ZoneAlarm local device driver privileged code exec
{03.31.021} Win - GameSpy Arcade APK file writing
{03.31.004} Linux - man-db multiple overflows
{03.31.005} Linux - Updated patches for previous vulnerabilities
{03.31.006} Linux - xtokkaetama multiple overflows
{03.31.013} Linux - Netfilter NAT and connection tracking DoS
{03.31.017} Linux - mindi insecure temp file handling
{03.31.020} Linux - Kernel NFSv3 XDR signed vuln
{03.31.022} Linux - cdrtools arbitrary file creation
{03.31.002} BSD - libc realpath() off-by-one overflow
{03.31.014} BSD - NetBSD OSI kernel panic
{03.31.018} HP-UX - Network streams/libxti DoS
{03.31.019} HP-UX - PHNE_26413/PHNE_27128 DoS
{03.31.023} HPUX - rpc.mountd information leak
{03.31.008} NetDev - Update {03.30.020}: NetScreen large window size DoS
{03.31.009} NetDev - Cisco IOS echo service data disclosure
{03.31.001} Cross - wu-ftpd fb_realpath() overflow
{03.31.003} Cross - Postfix bad envelope address DoS and bounce scan
{03.31.011} Cross - GroupWise WebAccess wireless info logging
{03.31.012} Cross - atari800 emulator multiple overflows
{03.31.016} Cross - IBM DB2 db2job file creation
- --- Windows News -------------------------------------------------------
*** {03.31.007} Win - McAfee ePolicy Orchestrator multiple vulns
The McAfee Security ePolicy Orchestrator contains multiple
vulnerabilities: disclosure/recovery of database authentication
information; a server agent format string vulnerability; a client agent
heap overflow; and insecure default database server configuration.
These vulnerabilities are confirmed. An update is available at:
http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0066.html
*** {03.31.010} Win - IISShield HTTP request DoS
IISShield prior to version 1.0.2 contains a denial of service
vulnerability that is triggered by a malformed HTTP request.
This vulnerability is confirmed and fixed in version 1.0.2.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-08/0001.html
*** {03.31.015} Win - ZoneAlarm local device driver privileged code exec
A released report indicates the ZoneAlarm device driver allows a local
attacker to execute arbitrary code with local system privileges.
This vulnerability is not confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0070.html
*** {03.31.021} Win - GameSpy Arcade APK file writing
The GameSpy Arcade suite modifies Internet Explorer to handle APK files,
which are automatically unzipped. A malicious Web site can create a
particular malformed APK file that would, when unzipped, write arbitrary
files on the system.
The advisory indicates vendor confirmation.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0064.html
- --- Linux News ---------------------------------------------------------
*** {03.31.004} Linux - man-db multiple overflows
man-db prior to version 2.4.2 contains multiple buffer overflows that
could allow a local attacker to execute arbitrary code with elevated
privileges.
This vulnerability is confirmed and fixed in version 2.4.2.
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0205.html
Source: SecurityFocus Bugtraq, Debian
http://archives.neohapsis.com/archives/bugtraq/2003-07/0380.html
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0205.html
*** {03.31.005} Linux - Updated patches for previous vulnerabilities
The following is a list of Linux vendor patches for vulnerabilities
previously reported in Security Alert Consensus.
- --- Conectiva:
CLA-2003:716: wget
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0028.html
- --- Mandrake:
MDKSA-2003:082: php
http://archives.neohapsis.com/archives/bugtraq/2003-08/0028.html
MDKSA-2003:079: kdelibs
http://archives.neohapsis.com/archives/linux/mandrake/2003-q3/0074.html
- --- Debian:
DSA-354-1: xconq
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0168.html
DSA-355-1: gallery
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0175.html
DSA-358-3: kernel
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0206.html
DSA-360-1: xfstt
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0196.html
DSA-361-1: kdelibs
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0201.html
- --- Slackware:
SSA:2003-213-01: kdelibs
http://archives.neohapsis.com/archives/bugtraq/2003-08/0017.html
Source: Conectiva, Mandrake, Debian
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0028.html
http://archives.neohapsis.com/archives/bugtraq/2003-08/0028.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q3/0074.html
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0168.html
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0175.html
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0206.html
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0196.html
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0201.html
http://archives.neohapsis.com/archives/bugtraq/2003-08/0017.html
*** {03.31.006} Linux - xtokkaetama multiple overflows
The xtokkaetama game contains two vulnerabilities: a buffer overflow in
the handling of the -display command-line parameter and a buffer
overflow in the handling of the XTOKKAETAMADIR environment variable.
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0176.html
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0176.html
*** {03.31.013} Linux - Netfilter NAT and connection tracking DoS
Netfilter (iptables) included with Linux kernel 2.4.20 contains two
denial of service vulnerabilities in the connection tracking and NAT
code that allow a remote attacker to crash the system or cause it to
stop passing packets.
The vendor confirmed these vulnerabilities.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-08/0015.html
http://archives.neohapsis.com/archives/bugtraq/2003-08/0016.html
*** {03.31.017} Linux - mindi insecure temp file handling
The mindi utility does not properly handle temporary files, thereby
allowing a local attacker to perform a symlink attack.
This vulnerability is confirmed. Updated Debian DEBs are listed at the
reference URL below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0202.html
*** {03.31.020} Linux - Kernel NFSv3 XDR signed vuln
Linux kernels prior to 2.4.21 reportedly contain a signed integer
vulnerability in the handling of NFSv3. This may allow a remote attacker
to execute arbitrary code on the system.
The advisory indicates kernel version 2.4.21 contains the fix.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-07/0379.html
*** {03.31.022} Linux - cdrtools arbitrary file creation
The rscsi utility included with the cdrtools suite version 2.x allows
a local attacker to create arbitrary root-owned files containing some
specified content. This can lead to a local root compromise.
This vulnerability is not confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0068.html
- --- BSD News -----------------------------------------------------------
*** {03.31.002} BSD - libc realpath() off-by-one overflow
The BSD libc library realpath() function contains an off-by-one buffer
overflow that could introduce an exploitable condition into any programs
using that function.
OpenBSD update information:
http://archives.neohapsis.com/archives/openbsd/2003-08/0147.html
NetBSD update information:
http://archives.neohapsis.com/archives/netbsd/2003-q3/0019.html
FreeBSD update information:
http://archives.neohapsis.com/archives/freebsd/2003-08/0045.html
Source: OpenBSD, NetBSD, FreeBSD
http://archives.neohapsis.com/archives/openbsd/2003-08/0147.html
http://archives.neohapsis.com/archives/netbsd/2003-q3/0019.html
http://archives.neohapsis.com/archives/freebsd/2003-08/0045.html
*** {03.31.014} BSD - NetBSD OSI kernel panic
The NetBSD OSI networking kernel crashes when it receives a particular
packet.
This vulnerability is confirmed. Update information is available at the
reference URL below.
Source: NetBSD
http://archives.neohapsis.com/archives/netbsd/2003-q3/0018.html
- --- HP-UX News ---------------------------------------------------------
*** {03.31.018} HP-UX - Network streams/libxti DoS
Programs that use the network streams libxti library (which includes
nfsd) included with HP-UX 11.x crash/fail when receiving a certain
malformed packet.
This vulnerability is confirmed. Update information is available at the
reference URL below.
Source: HP
http://archives.neohapsis.com/archives/hp/2003-q3/0020.html
*** {03.31.019} HP-UX - PHNE_26413/PHNE_27128 DoS
An HP advisory indicates that the installation of PHNE_26413 or
PHNE_27128 will lead to a local denial of service situation. The
official solution is to remove those patches.
Source: HP
http://archives.neohapsis.com/archives/hp/2003-q3/0020.html
*** {03.31.023} HPUX - rpc.mountd information leak
An HP advisory indicates that the rpc.mountd service can be used
remotely to determine if files exist on the system.
Update information is included at the reference URL below.
Source: HP
http://archives.neohapsis.com/archives/hp/2003-q3/0025.html
- --- Network Devices News -----------------------------------------------
*** {03.31.008} NetDev - Update {03.30.020}: NetScreen large window
size DoS
NetScreen released updates that fix the vulnerability discussed in
{03.30.020} ("NetScreen large window size DoS").
Update and workaround information is available at:
http://www.netscreen.com/services/security/alerts/advisory-57739.txt
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-07/0428.html
*** {03.31.009} NetDev - Cisco IOS echo service data disclosure
Cisco IOS versions 12.x disclose small pieces of memory when a malformed
echo service packet is received.
Cisco confirmed this vulnerability.
Source: Cisco
http://archives.neohapsis.com/archives/cisco/2003-q3/0005.html
- --- Cross-Platform News ------------------------------------------------
*** {03.31.001} Cross - wu-ftpd fb_realpath() overflow
wu-ftpd versions 2.6.2 and prior contain an off-by-one buffer overflow
in the fb_realpath() function, which could allow a remote attacker to
execute arbitrary code on certain platforms.
This vulnerability is confirmed.
Updated Red Hat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2003-q3/0016.html
Updated SuSE RPMs:
http://archives.neohapsis.com/archives/linux/suse/2003-q3/0344.html
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/linux/mandrake/2003-q3/0075.html
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0184.html
Updated Conectiva RPMs:
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0027.html
Source: Red Hat, SuSE, Mandrake, Debian, Conectiva
http://archives.neohapsis.com/archives/linux/redhat/2003-q3/0016.html
http://archives.neohapsis.com/archives/linux/suse/2003-q3/0344.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q3/0075.html
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0184.html
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0027.html
*** {03.31.003} Cross - Postfix bad envelope address DoS and bounce scan
Postfix versions 1.1.12 and prior contain a bug that allows an e-mail
with a bad envelope address to halt mail processing, which leads to a
denial of service attack. There is also a parsing vulnerability that
could potentially be used to bounce port scan network hosts.
This vulnerability is confirmed. Version 1.1.13 was released.
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0204.html
Updated SuSE RPMs:
http://archives.neohapsis.com/archives/linux/suse/2003-q3/0363.html
Updated Red Hat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2003-q3/0017.html
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/bugtraq/2003-08/0022.html
Updated EnGarde RPMs:
http://archives.neohapsis.com/archives/linux/engarde/2003-q3/0002.html
Updated Conectiva RPMs:
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0029.html
Source: Postfix, Debian, SuSE, Red Hat, Mandrake, EnGarde, Conectiva
http://archives.neohapsis.com/archives/postfix/2003-08/0417.html
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0204.html
http://archives.neohapsis.com/archives/linux/suse/2003-q3/0363.html
http://archives.neohapsis.com/archives/linux/redhat/2003-q3/0017.html
http://archives.neohapsis.com/archives/bugtraq/2003-08/0022.html
http://archives.neohapsis.com/archives/linux/engarde/2003-q3/0002.html
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0029.html
*** {03.31.011} Cross - GroupWise WebAccess wireless info logging
GroupWise Wireless WebAccess version 6.5 logs user names and passwords
into the Web server request logs in plain text. This could lead to
recovery of user authentication information.
This vulnerability is confirmed. Update information is available at the
reference URL below.
Source: Novell
http://archives.neohapsis.com/archives/novell/2003-q3/0003.html
*** {03.31.012} Cross - atari800 emulator multiple overflows
The atari800 emulator application contains multiple buffer overflows
that could allow a local attacker to execute arbitrary code with root
privileges.
This vulnerability is confirmed. Updated Debian DEBs are listed at the
reference URL below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0186.html
*** {03.31.016} Cross - IBM DB2 db2job file creation
The IBM DB2 db2job utility allows a local attacker to create or
overwrite arbitrary root-owned files.
This vulnerability is not confirmed.
Source: Full Disclosure
http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/1479.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (BSD/OS)
Comment: For info see http://www.gnupg.org
iD8DBQE/Mstt+LUG5KFpTkYRAiWTAJ4sdqBUaA5CHUPlsWX6F8KbjJNaawCdE1M/
9c0BwY1iuuIhGDD9ls+upaw=
=w+Fd
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
This issue is sponsored by CMP Media LLC and Microsoft Corporation.
What are the top considerations when determining the best of
breed servers for your needs? Our server resource center houses
industry news articles and reviews, spotlighting the latest and
most reputable servers and server-related news in today's market.
http://www.techweb.com/cha/serverresources
----------------------------------------------------------------------
Become a Security Alert Consensus member! If this e-mail was passed to
you and you would like to begin receiving our security e-mail newsletter
on a weekly basis, we invite you to subscribe today.
http://portal.sans.org
We are signing the Consensus newsletter with PGP. The new SANS PGP key
is posted at:
http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
also be accessed from the SANS Web site (http://www.sans.org).
To unsubscribe from this newsletter, or to edit your subscription
information, please go to: http://portal.sans.org
Missed an issue? You can find back issues of Security Alert Consensus
(and other SANS newsletters) online. http://www.sans.org/newsletters
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2003 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]