|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Alert Consensus #39
From: Network Computing and The SANS Institute (sans
sans.org)
Date: Thu Oct 02 2003 - 16:04:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 039 (03.39)
Thursday, October 2, 2003
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below you
should find information pertaining only to the categories you requested.
Information on how to manage your subscription can be found at the
bottom of the newsletter. If you have any problems or questions, please
e-mail us at <consensusnwc.com>.
************************* Begin Advertisement ************************
This issue is sponsored by The Software Spectrum-Intraware Alliance.
Download & evaluate the latest Sun(TM) ONE Directory Server 5.2
and receive two Java(TM) BluePrints papers -- yours to keep. Find
out about the most widely deployed LDAP-based server.
(Now available only in the U.S. through Dec. 31, 2003)
http://www.allmediainc.com/intraware/sacone.php
************************** End Advertisement *************************
A paper, "The Cost of Monopoly: How the Dominance of Microsoft's
Products Poses a Risk to Security," written by some of the big thinkers
in our industry hit the cyber airwaves this week and continues to cause
a stir. While much of the controversy surrounding the report is the
result of one of its authors (Dr. Dan Geer) being fired by his employer,
we found the paper's discussion of computing monocultures very timely.
The practicality of OS diversification within single organizations
certainly can be debated, but global diversification across all
organizations should raise a larger concern. The paper asks a really
hard question: If the vast majority of the world's computing systems
are the same and, in turn, have the same vulnerabilities, are we setting
ourselves up for the potential for catastrophic failure?
You can find the paper here:
http://www.ccianet.org/papers/cyberinsecurity.pdf
Finally, we're performing a quick survey of Security Alert Consensus
readers to help guide SAC's future. The survey is about the newsletter,
is less than 10 questions and should take no more than two minutes to
complete. We would greatly appreciate your feedback if you have a
moment. http://www.surveymonkey.com/s.asp?u=50814284794
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{03.39.005} Win - MondoSearch MsmSetup.exe CGI arbitrary file creation
{03.39.006} Win - ArgoSoft FTP server XCWD overflow
{03.39.014} Win - LanSuite 2003 multiple vulns
{03.39.015} Win - Re-Boot Design ASP Forum CGI SQL tampering
{03.39.001} Linux - Updated patches for previous vulnerabilities
{03.39.002} Linux - Update {03.38.014}: Xitami SHTML handler large
header DoS
{03.39.008} Linux - Various game vulnerabilities
{03.39.016} Linux - EnGarde WebTool logs SSH passphrase
{03.39.018} Linux - MPlayer ASF stream overflows
{03.39.003} BSD - FreeBSD ARP flood DoS
{03.39.007} HP-UX - Local users can crash system via socket use
{03.39.010} SGI - Updated patches for previous vulnerabilities
{03.39.021} SCO - Updated patches for previous vulnerabilities
{03.39.004} Cross - OpenSSL ASN.1 parsing vulns
{03.39.009} Cross - TCLHttpd arbitrary directory browsing
{03.39.011} Cross - Gauntlet SQL-gateway invalid data DoS
{03.39.012} Cross - Apache mod_cgi STDERR write() DoS
{03.39.013} Cross - Webfs HTTP server Web root escaping
{03.39.017} Cross - myServer HTTP server Web root escaping
{03.39.019} Cross - Vulnerable PHP applications, 09/30
{03.39.020} Cross - Cfengine cfservd BusyWithConnection() overflow
- --- Windows News -------------------------------------------------------
*** {03.39.005} Win - MondoSearch MsmSetup.exe CGI arbitrary file
creation
MondoSoft's MondoSearch versions 5.1 and prior contain a vulnerability
in the MsmSetup.exe CGI that allows a remote attacker to create an
arbitrary file.
The advisory indicates confirmation by the vendor, which released an
update.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-09/0378.html
*** {03.39.006} Win - ArgoSoft FTP server XCWD overflow
ArgoSoft FTP server version 1.4.1.1 contains a buffer overflow in the
handling of the XCWD command that allows a remote attacker to
potentially execute arbitrary code.
The advisory indicates confirmation by the vendor, which released
version 1.4.1.2.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/vuln-dev/2003-q3/0169.html
*** {03.39.014} Win - LanSuite 2003 multiple vulns
LanSuite 2003 build 2003.0.3.0828 contains two vulnerabilities:
sensitive data files are stored in the Web root and thus are remotely
retrievable and arbitrary files viewable by remote users who possess a
valid login.
The advisory indicates confirmation by the vendor, which released an
update available at:
http://download3.software602.com/ls2003.exe
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-09/0424.html
*** {03.39.015} Win - Re-Boot Design ASP Forum CGI SQL tampering
Re-Boot Design ASP Forum version 1.01 contains a SQL tampering
vulnerability in the handling of user login data.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-09/0406.html
- --- Linux News ---------------------------------------------------------
*** {03.39.001} Linux - Updated patches for previous vulnerabilities
The following is a list of Linux vendor patches for vulnerabilities
previously reported in Security Alert Consensus.
- --- Mandrake:
MDKSA-2003:095: proftpd
http://archives.neohapsis.com/archives/linux/mandrake/2003-q3/0205.html
- --- Conectiva:
CLA-2003:750: proftpd
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0049.html
CLA-2003:749: php4
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0048.html
- --- Slackware:
SSA:2003-259-02: proftpd
http://archives.neohapsis.com/archives/bugtraq/2003-09/0370.html
SSA:2003-259-03: wu-ftpd
http://archives.neohapsis.com/archives/bugtraq/2003-09/0372.html
SSA:2003-266-01: OpenSSH
http://archives.neohapsis.com/archives/bugtraq/2003-09/0371.html
- --- Trustix:
TSLSA-2003-0037: proftpd
http://archives.neohapsis.com/archives/bugtraq/2003-09/0515.html
Source: Mandrake, Conectiva, Slackware, Trustix (SF Bugtraq)
http://archives.neohapsis.com/archives/linux/mandrake/2003-q3/0205.html
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0049.html
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0048.html
http://archives.neohapsis.com/archives/bugtraq/2003-09/0370.html
http://archives.neohapsis.com/archives/bugtraq/2003-09/0372.html
http://archives.neohapsis.com/archives/bugtraq/2003-09/0371.html
http://archives.neohapsis.com/archives/bugtraq/2003-09/0515.html
*** {03.39.002} Linux - Update {03.38.014}: Xitami SHTML handler large
header DoS
iMatix released updated versions of Xitami Web server, which fix the
vulnerability discussed in {03.38.014} ("Xitami SHTML handler large
header DoS").
Versions 2.4d10 and 2.5b are now available for download from the
vendor's site.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-09/0440.html
*** {03.39.008} Linux - Various game vulnerabilities
The following are a list of various games containing buffer overflows
that allow a local attacker to execute arbitrary code with gid 'games'
privileges.
Silly Poker v0.25.5: HOME environment variable overflow
http://archives.neohapsis.com/archives/bugtraq/2003-09/0539.html
Freesweep: environment variable overflows
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0822.html
Marbles: HOME environment variable overflow
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0774.html
Source: SecurityFocus Bugtraq, Debian
http://archives.neohapsis.com/archives/bugtraq/2003-09/0539.html
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0822.html
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0774.html
*** {03.39.016} Linux - EnGarde WebTool logs SSH passphrase
EnGarde's WebTool configuration utility logs SSH passphrases in
/var/log/userpass.log, potentially allowing recovery/compromise of a
user's private SSH key.
EnGarde confirmed this vulnerability and released updated RPMs.
Source: EnGarde
http://archives.neohapsis.com/archives/linux/engarde/2003-q3/0009.html
*** {03.39.018} Linux - MPlayer ASF stream overflows
MPlayer contains multiple buffer overflows in the handling of ASF
streams that allow a remote server to execute arbitrary code on the
user's system.
Mandrake confirmed this vulnerability and released updated RPMs, listed
at the reference URL below.
Source: Mandrake
http://archives.neohapsis.com/archives/linux/mandrake/2003-q3/0234.html
- --- BSD News -----------------------------------------------------------
*** {03.39.003} BSD - FreeBSD ARP flood DoS
FreeBSD released an advisory indicating the possibility of a remote
attacker flooding the system with various types of ARP requests,
resulting in a resource starvation and potentially causing a kernel
panic.
This vulnerability is confirmed and fixed in CVS as of Sept. 25, 2003.
Source: FreeBSD
http://archives.neohapsis.com/archives/freebsd/2003-09/0230.html
- --- HP-UX News ---------------------------------------------------------
*** {03.39.007} HP-UX - Local users can crash system via socket use
HP released a vague advisory indicating that local users can cause HP-UX
11.00 systems to crash because of a bug in the network socket
implementation.
This vulnerability is confirmed and fixed in patch PHNE_24715.
Source: HP
http://archives.neohapsis.com/archives/hp/2003-q3/0066.html
- --- SGI News -----------------------------------------------------------
*** {03.39.010} SGI - Updated patches for previous vulnerabilities
The following is a list of IRIX vendor patches for vulnerabilities
previously reported in Security Alert Consensus.
20030901-01-P: nfs
http://archives.neohapsis.com/archives/vendor/2003-q3/0080.html
20030902-01-P: DCE
http://archives.neohapsis.com/archives/bugtraq/2003-09/0479.html
20030903-01-P: Sendmail
http://archives.neohapsis.com/archives/bugtraq/2003-09/0525.html
20030904-01-P: OpenSSH
http://archives.neohapsis.com/archives/bugtraq/2003-09/0536.html
Source: SGI (SF Bugtraq)
http://archives.neohapsis.com/archives/vendor/2003-q3/0080.html
http://archives.neohapsis.com/archives/bugtraq/2003-09/0479.html
http://archives.neohapsis.com/archives/bugtraq/2003-09/0525.html
http://archives.neohapsis.com/archives/bugtraq/2003-09/0536.html
- --- SCO News -----------------------------------------------------------
*** {03.39.021} SCO - Updated patches for previous vulnerabilities
The following is a list of SCO vendor patches for vulnerabilities
previously reported in Security Alert Consensus.
CSSA-2003-SCO.20: wu-ftpd
http://archives.neohapsis.com/archives/linux/caldera/2003-q3/0015.html
CSSA-2003-SCO.21: network drivers
http://archives.neohapsis.com/archives/bugtraq/2003-09/0503.html
CSSA-2003-SCO.23: Sendmail
http://archives.neohapsis.com/archives/bugtraq/2003-09/0507.html
CSSA-2003-SCO.22: OpenSSH
http://archives.neohapsis.com/archives/bugtraq/2003-09/0509.html
Source: SCO (SF Bugtraq)
http://archives.neohapsis.com/archives/linux/caldera/2003-q3/0015.html
http://archives.neohapsis.com/archives/bugtraq/2003-09/0503.html
http://archives.neohapsis.com/archives/bugtraq/2003-09/0507.html
http://archives.neohapsis.com/archives/bugtraq/2003-09/0509.html
- --- Cross-Platform News ------------------------------------------------
*** {03.39.004} Cross - OpenSSL ASN.1 parsing vulns
OpenSSL versions 0.9.6j and 0.9.7b (as well as prior) contain multiple
bugs in the parsing of ASN.1 data, leading to denials of services. The
execution of arbitrary code is not yet confirmed, but it has not been
ruled out.
OpenSSL versions 0.9.6k and 0.9.7c were released.
Updated Red Hat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2003-q3/0045.html
http://archives.neohapsis.com/archives/linux/redhat/2003-q3/0046.html
Updated Immunix RPMs:
http://archives.neohapsis.com/archives/linux/immunix/2003-q3/0038.html
Updated EnGarde RPMs:
http://archives.neohapsis.com/archives/linux/engarde/2003-q3/0010.html
Updated Conectiva RPMs:
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0050.html
Source: VulnWatch, Red Hat, Immunix, EnGarde, Conectiva
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0121.html
http://archives.neohapsis.com/archives/linux/redhat/2003-q3/0045.html
http://archives.neohapsis.com/archives/linux/redhat/2003-q3/0046.html
http://archives.neohapsis.com/archives/linux/immunix/2003-q3/0038.html
http://archives.neohapsis.com/archives/linux/engarde/2003-q3/0010.html
http://archives.neohapsis.com/archives/linux/conectiva/2003-q3/0050.html
*** {03.39.009} Cross - TCLHttpd arbitrary directory browsing
TCLHttpd version 3.4.2 allows a remote attacker to browse arbitrary
directories on the system by specifying absolute path names in the
'pattern' URL parameter.
A third party patch is available at:
http://archives.neohapsis.com/archives/bugtraq/2003-09/0416.html
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-09/0382.html
*** {03.39.011} Cross - Gauntlet SQL-gateway invalid data DoS
Gauntlet firewall version 6 contains a bug in the SQL-gateway, whereby
a remote attacker can send particularly malformed data that causes the
SQL-gateway service to crash and prevent any more SQL transactions.
The advisory indicates vendor confirmation.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-09/0396.html
*** {03.39.012} Cross - Apache mod_cgi STDERR write() DoS
Apache versions 2.0.47 and prior hang when a CGI prints more than 4096
bytes to STDERR. This eventually can lead to a denial of service.
Mandrake confirmed this vulnerability and released updated RPMs.
Source: Mandrake
http://archives.neohapsis.com/archives/linux/mandrake/2003-q3/0206.html
*** {03.39.013} Cross - Webfs HTTP server Web root escaping
The Webfs HTTP server allows remote attackers to access documents
outside the Web root by including parent directory references in the
Host HTTP header.
Debian confirmed this vulnerability and released updated DEBs, at the
URL referenced below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q3/0836.html
*** {03.39.017} Cross - myServer HTTP server Web root escaping
myServer HTTP server version 0.4.3 allows remote attackers to access
files outside the Web root by using a particular URL request involving
parent directory references.
The advisory indicates confirmation by the vendor, which released
version 0.5.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-09/0447.html
*** {03.39.019} Cross - Vulnerable PHP applications, 09/30
The following is a list of reported vulnerable third-party PHP CGI
applications. These vulnerabilities are not necessarily confirmed.
McNews 1.3: arbitrary file viewing
http://archives.neohapsis.com/archives/bugtraq/2003-09/0478.html
GuppY 2.4p1: cross-site scripting
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0120.html
Geeklog 2.x: SQL tampering, cross-site scripting
http://archives.neohapsis.com/archives/bugtraq/2003-09/0519.html
Source: SecurityFocus Bugtraq, VulnWatch
http://archives.neohapsis.com/archives/bugtraq/2003-09/0478.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0120.html
http://archives.neohapsis.com/archives/bugtraq/2003-09/0519.html
*** {03.39.020} Cross - Cfengine cfservd BusyWithConnection() overflow
Cfengine versions 2.x up to 2.1.0a9 contain a buffer overflow in the
BusyWithConnection() function that could allow a remote attacker to
execute arbitrary code on the target system.
The advisory indicates confirmation by the vendor, which released
version 2.0.8p1.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-09/0435.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/fHVb+LUG5KFpTkYRAkdXAJ47D/fDqU8iFyxoks6FiM3ZcJuYUgCfaBpZ
qd5NJf/huP35jaFdkL0Y/m4=
=4QDq
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
************************* Begin Advertisement ************************
This issue is sponsored by The Software Spectrum-Intraware Alliance.
Download & evaluate the latest Sun(TM) ONE Directory Server 5.2
and receive two Java(TM) BluePrints papers -- yours to keep. Find
out about the most widely deployed LDAP-based server.
(Now available only in the U.S. through Dec. 31, 2003)
http://www.allmediainc.com/intraware/sacone.php
************************** End Advertisement *************************
Become a Security Alert Consensus member! If this e-mail was passed to
you and you would like to begin receiving our security e-mail newsletter
on a weekly basis, we invite you to subscribe today.
http://portal.sans.org
We are signing the Consensus newsletter with PGP. The new SANS PGP key
is posted at:
http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
also be accessed from the SANS Web site (http://www.sans.org).
To unsubscribe from this newsletter, or to edit your subscription
information, please go to: http://portal.sans.org
Missed an issue? You can find back issues of Security Alert Consensus
(and other SANS newsletters) online. http://www.sans.org/newsletters
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2003 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]