|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Alert Consensus #35
From: Network Computing and The SANS Institute (sans
sans.org)
Date: Thu Sep 04 2003 - 18:28:52 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 035 (03.35)
Thursday, September 4, 2003
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below you
should find information pertaining only to the categories you requested.
Information on how to manage your subscription can be found at the
bottom of the newsletter. If you have any problems or questions, please
e-mail us at <consensusnwc.com>.
************************* Begin Advertisement ************************
This issue is sponsored by Wily Technology.
Java-based application servers are critical for the delivery
of IT business services. See which one delivers application
availability, performance and control, and allows enterprise
IT staff to monitor, improve and manage production applications
and their entire operating environment.
http://www.techweb.com/cha03/appserverplaybook
************************** End Advertisement *************************
It's interesting how free resources can become almost critical resources
to various businesses. This week, we saw Osirusoft pull the plug on its
DNSBL spam blacklist service. What's interesting is that Osirusoft ended
by adding an open wildcard to the blacklist service, essentially causing
*every* system to appear to be in the blacklist and thus be prevented
from sending e-mail. Admins who used the Osirusoft DNSBL found their
machines refusing to pass e-mail, even to itself in some situations!
The moral to this story: Review your external dependencies and prepare
contingency plans should one of those dependant relationships
immediately be severed.
http://archives.neohapsis.com/archives/ntbugtraq/2003-q3/0202.html
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{03.35.004} Win - RealOne Player cross-domain script exec
{03.35.005} Win - SNMPc user password exposure
{03.35.007} Win - ZoneAlarm UDP flood DoS
{03.35.013} Win - TftpdNT file name overflow
{03.35.001} Linux - Updated patches for previous vulnerabilities
{03.35.009} HP-UX - Updated patches from previous vulnerabilities
{03.35.002} Cross - gkrellmd client data overflow
{03.35.003} Cross - (linux)node format string overflow
{03.35.006} Cross - SAP Internet Transaction Server multiple vulns
{03.35.008} Cross - Vulnerable PHP applications 09/02
{03.35.010} Cross - gtkftpd LIST command overflow
{03.35.011} Cross - SiteBuilder CGI arbitrary file reading
{03.35.012} Cross - Firewall-1 IP address exposure
{03.35.014} Cross - XFree86 font library integer overflows
{03.35.015} Cross - exim bad HELO command overflow
- --- Windows News -------------------------------------------------------
*** {03.35.004} Win - RealOne Player cross-domain script exec
The RealOne Player allows a malicious Web site to execute arbitrary
script in the local system domain via SMIL files, thereby bypassing
cross-domain restrictions.
The vendor confirmed this vulnerability and released a patch, available
at:
http://service.real.com/help/faq/security/securityupdate_august2003.html
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-08/0349.html
*** {03.35.005} Win - SNMPc user password exposure
SNMPc versions 5 and 6 implement a weak authentication scheme, which
has the server send the user's password to the client and then expects
the client to enforce the authentication. This leads to password
recovery as well as authentication bypass.
The advisory indicates confirmation by the vendor, which released
updates. Update information is available at the reference URL below.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-08/0340.html
*** {03.35.007} Win - ZoneAlarm UDP flood DoS
ZoneAlarm Pro version 4.0 reportedly is vulnerable to a denial of
service attack whereby a remote attacker sends a particular stream of
UDP packets to the target system, which causes elevated processing
loads.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-09/0021.html
*** {03.35.013} Win - TftpdNT file name overflow
TftpdNT prior to version 2.0 contains a buffer overflow in the handling
of large file names, which allows the remote execution of arbitrary
code.
This vulnerability is fixed in version 2.0. An exploit was published.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0091.html
- --- Linux News ---------------------------------------------------------
*** {03.35.001} Linux - Updated patches for previous vulnerabilities
The following is a list of Linux vendor patches for vulnerabilities
previously reported in Security Alert Consensus.
- --- Red Hat:
RHSA-2003:265-01: Sendmail
http://archives.neohapsis.com/archives/linux/redhat/2003-q3/0029.html
RHSA-2003:267-01: up2date
http://archives.neohapsis.com/archives/linux/redhat/2003-q3/0030.html
- --- Conectiva:
CLA-2003:727: sendmail
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0033.html
CLA-2003:729: gdm
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0034.html
- --- Mandrake:
MDKSA-2003:075-1: apache2
http://archives.neohapsis.com/archives/linux/mandrake/2003-q3/0116.html
Source: Red Hat, Conectiva, Mandrake
http://archives.neohapsis.com/archives/linux/redhat/2003-q3/0029.html
http://archives.neohapsis.com/archives/linux/redhat/2003-q3/0030.html
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0033.html
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0034.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q3/0116.html
- --- HP-UX News ---------------------------------------------------------
*** {03.35.009} HP-UX - Updated patches from previous vulnerabilities
The following is a list of HP-UX vendor patches for vulnerabilities
previously reported in Security Alert Consensus.
HPSBUX0308-274: OpenView DCE
http://archives.neohapsis.com/archives/hp/2003-q3/0042.html
HPSBUX0308-275: various shells
http://archives.neohapsis.com/archives/hp/2003-q3/0042.html
Source: HP
http://archives.neohapsis.com/archives/hp/2003-q3/0042.html
- --- Cross-Platform News ------------------------------------------------
*** {03.35.002} Cross - gkrellmd client data overflow
gkrellmd contains a buffer overflow when handling data submitted by
gkrellm clients. This allows for the remote execution of arbitrary code.
Mandrake confirmed this vulnerability and released updated RPMs, listed
at the reference URL below.
Source: Mandrake
http://archives.neohapsis.com/archives/linux/mandrake/2003-q3/0117.html
*** {03.35.003} Cross - (linux)node format string overflow
The (linux)node APRN package contains a remotely exploitable format
string buffer overflow that allows an attacker to execute arbitrary code
with root privileges.
Debian confirmed this vulnerability and released updated DEBs, listed
at the reference URL below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0391.html
*** {03.35.006} Cross - SAP Internet Transaction Server multiple vulns
SAP's Internet Transaction Server version 4620.2.0.323011 reportedly
contains multiple vulnerabilities: access to files outside the Web root;
configuration information disclosure; and cross-site scripting.
These vulnerabilities are not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html
*** {03.35.008} Cross - Vulnerable PHP applications 09/02
The following is a list of reported vulnerable third-party PHP CGI
applications. These vulnerabilities are not necessarily confirmed.
PY-Membres 4.2: admin authentication bypass, SQL tampering
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0089.html
AtillaPHP 3.0: authentication bypass
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0090.html
newsPHP 216: authentication bypass, file reading
http://archives.neohapsis.com/archives/bugtraq/2003-08/0345.html
Source: VulnWatch, SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0089.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0090.html
http://archives.neohapsis.com/archives/bugtraq/2003-08/0345.html
*** {03.35.010} Cross - gtkftpd LIST command overflow
gtkftpd version 1.04 reportedly contains a buffer overflow in the
handling of the LIST FTP command, which allows a remote attacker to
execute arbitrary code on the target system.
This vulnerability is not confirmed. An exploit was published.
Source: SecurityFocus Vuln-Dev
http://archives.neohapsis.com/archives/vuln-dev/2003-q3/0101.html
*** {03.35.011} Cross - SiteBuilder CGI arbitrary file reading
The SiteBuilder CGI suite version 1.4 reportedly allows a remote
attacker to read files outside the Web root by using parent directory
references in the 'selectedpage' URL parameter.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-09/0011.html
*** {03.35.012} Cross - Firewall-1 IP address exposure
Firewall-1 versions 4.0 and 4.1 prior to SP5 display the IP addresses
of all interfaces to attackers able to connect to ports 256 and 264 on
the firewall.
This vulnerability is confirmed and fixed in Firewall-1 NG and version
4.1 SP5.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-09/0018.html
*** {03.35.014} Cross - XFree86 font library integer overflows
XFree86 version 4.3.0 reportedly contains multiple integer overflows,
which allow a malicious font server to execute arbitrary code on the
local system.
These vulnerabilities are not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-08/0360.html
*** {03.35.015} Cross - exim bad HELO command overflow
Exim prior to version 4.21 has a heap overflow in the handling of bad
HELO commands. The bug is not believed to be exploitable, but if it
were, it would allow the remote execution of arbitrary code.
The vendor confirmed this vulnerability and released version 4.21, as
well as a patch, available at:
http://www.exim.org/pipermail/exim-announce/2003q3/000094.html
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-09/0003.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/V40p+LUG5KFpTkYRAi8VAKCQinSvJ1k6fFJZbz2jt692Kq/xCQCeIkBW
pmmC2gpzHCjshb7FR1m4fJ0=
=G9wc
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
************************* Begin Advertisement ************************
This issue is sponsored by Wily Technology.
Java-based application servers are critical for the delivery
of IT business services. See which one delivers application
availability, performance and control, and allows enterprise
IT staff to monitor, improve and manage production applications
and their entire operating environment.
http://www.techweb.com/cha03/appserverplaybook
************************** End Advertisement *************************
Become a Security Alert Consensus member! If this e-mail was passed to
you and you would like to begin receiving our security e-mail newsletter
on a weekly basis, we invite you to subscribe today.
http://portal.sans.org
We are signing the Consensus newsletter with PGP. The new SANS PGP key
is posted at:
http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
also be accessed from the SANS Web site (http://www.sans.org).
To unsubscribe from this newsletter, or to edit your subscription
information, please go to: http://portal.sans.org
Missed an issue? You can find back issues of Security Alert Consensus
(and other SANS newsletters) online. http://www.sans.org/newsletters
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2003 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]