|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Alert Consensus #41
From: Network Computing and The SANS Institute (sans
sans.org)
Date: Thu Oct 16 2003 - 19:10:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 041 (03.41)
Thursday, October 16, 2003
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below you
should find information pertaining only to the categories you requested.
Information on how to manage your subscription can be found at the
bottom of the newsletter. If you have any problems or questions, please
e-mail us at <consensusnwc.com>.
************************* Begin Advertisement ************************
This issue is sponsored by Cisco Systems, Inc.
Visit the IP Communications Pavilion to download the Cisco
Migration Guide, to learn about converging existing voice and
Data networks, and to read case studies on organizations
who have deployed a Cisco IP Communication Systems.
http://www.techweb.com/ipc
************************** End Advertisement *************************
This week, *many* Microsoft vulnerabilities were announced, including
seven security bulletins from Microsoft itself. If you are a Microsoft
shop, it is likely that something reported in this issue affects you.
All the items appear in the 'Windows' category.
After four successful years, SANS and Network Computing are parting ways
in the joint production of the Security Alert Consensus (SAC)
newsletter. SANS intends to launch an enhanced version of its existing
CVA newsletter shortly.
If you are a current SANS Portal member, you are likely to receive the
new SANS CVA newsletter. If you'd like to subscribe, at no cost, go to
portal.sans.org, where you may also request subscriptions to any of
SANS' other free newsletters.
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{03.41.004} Win - MS03-043: Messenger RPC service overflow
{03.41.005} Win - MSMQ MQLocateBegin restriction overflow
{03.41.006} Win - MS03-041: Authenticode verification bypass
{03.41.008} Win - MS03-046: Exchange SMTP extended verb overflow
{03.41.009} Win - Yet another Microsoft RPC vuln
{03.41.010} Win - MS03-042: Windows TroubleShooter ActiveX overflow
{03.41.013} Win - MS03-044: Help and Support Center function overflow
{03.41.017} Win - MS03-045: ListBox/ComboBox ActiveX control overflows
{03.41.018} Win - MS03-047: Outlook Web Access XSS vuln
{03.41.001} Linux - Updated patches for previous vulnerabilities
{03.41.016} BSD - Updated patches for previous vulnerabilities
{03.41.002} HP-UX - Updated patches for previous vulnerabilities
{03.41.003} HP-UX - dtprintinfo DISPLAY env var overflow
{03.41.011} Cross - procmail rnmbogus() local format string vuln
{03.41.012} Cross - PeopleSoft info disclosure and large data upload DoS
{03.41.014} Cross - Vulnerable PHP applications, 10/14
{03.41.015} Cross - IRCnet IRCD local join overflow
{03.41.007} Tru64 - dtmailpr remote vuln
- --- Windows News -------------------------------------------------------
*** {03.41.004} Win - MS03-043: Messenger RPC service overflow
Microsoft released MS03-043 ("Messenger RPC service overflow"). Windows
NT, 2000, XP and 2003 contain a buffer overflow in the Messenger RPC
service that allows a remote attacker to execute arbitrary code with
local system privileges.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS03-043.asp
Source: Microsoft
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0054.html
*** {03.41.005} Win - MSMQ MQLocateBegin restriction overflow
The MQLocateBegin function of MSMQ reportedly contains a heap-based
overflow in the handling of the MQRESTRICTION string that allows a
remote attacker to execute arbitrary code on the system.
This vulnerability is not confirmed. An exploit has been published.
Source: SecurityFocus Vuln-Dev
http://archives.neohapsis.com/archives/vuln-dev/2003-q4/0007.html
http://archives.neohapsis.com/archives/vuln-dev/2003-q4/0010.html
*** {03.41.006} Win - MS03-041: Authenticode verification bypass
Microsoft released MS03-041 ("Authenticode verification bypass"). A
malicious Web site or e-mail could potentially bypass the ActiveX
authenticode verification mechanism, thereby allowing the execution of
arbitrary code on the user's system.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS03-041.asp
Source: Microsoft
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0052.html
*** {03.41.008} Win - MS03-046: Exchange SMTP extended verb overflow
Microsoft released MS03-046 ("Exchange SMTP extended verb overflow").
Exchange Server 5.5 and 2000 contain a vulnerability in the handling of
an extended SMTP command that could allow a remote attacker to cause a
denial of service. Exchange 2000 servers also are vulnerable to an
overflow that could lead to the execution of arbitrary code.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS03-046.asp
Source: Microsoft
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0057.html
*** {03.41.009} Win - Yet another Microsoft RPC vuln
Many reports indicate that another vulnerability still lingers in the
Microsoft RPC service, even after application of the latest patches.
Rumors say an exploit already exists in the wild.
No official patches have been released yet.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-10/0137.html
*** {03.41.010} Win - MS03-042: Windows TroubleShooter ActiveX overflow
Microsoft released MS03-042 ("Windows TroubleShooter ActiveX overflow").
The Microsoft Local Troubleshooter ActiveX control, included with
Windows 2000 SP2-4, contains a buffer overflow that allows a malicious
Web site or e-mail to execute arbitrary code on the user's system.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS03-042.asp
Source: Microsoft
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0053.html
*** {03.41.013} Win - MS03-044: Help and Support Center function
overflow
Microsoft released MS03-044 ("Help and Support Center function
overflow"). The Help and Support Center feature contains a buffer
overflow that could allow a malicious Web site or e-mail to execute
arbitrary code on the system.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS03-044.asp
Source: Microsoft
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0055.html
*** {03.41.017} Win - MS03-045: ListBox/ComboBox ActiveX control
overflows
Microsoft released MS03-045 ("ListBox/ComboBox ActiveX control
overflows"). The ListBox and ComboBox controls contain buffer overflows
in the handling of certain Windows messages that allow a local attacker
(who has logged in interactively) to possibly exploit a running
application to execute arbitrary code with elevated privileges.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS03-045.asp
Source: Microsoft
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0056.html
*** {03.41.018} Win - MS03-047: Outlook Web Access XSS vuln
Microsoft released MS03-047 ("Outlook Web Access XSS vuln"). Outlook
Web Access for Exchange 5.5 contains a cross-site scripting
vulnerability that could possibly allow a remote attacker to gain OWA
access via a malicious e-mail sent to an unsuspecting user.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS03-047.asp
Source: Microsoft
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0058.html
- --- Linux News ---------------------------------------------------------
*** {03.41.001} Linux - Updated patches for previous vulnerabilities
The following is a list of Linux vendor patches for vulnerabilities
previously reported in Security Alert Consensus.
- --- Red Hat:
RHSA-2003:281-01: MySQL
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0003.html
- --- Debian:
DSA 394-1: openssl095
http://archives.neohapsis.com/archives/linux/debian/2003-q4/0054.html
- --- Mandrake:
MDKSA-2003:099: sane
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0036.html
Source: Red Hat, Debian, Mandrake
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0003.html
http://archives.neohapsis.com/archives/linux/debian/2003-q4/0054.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0036.html
- --- BSD News -----------------------------------------------------------
*** {03.41.016} BSD - Updated patches for previous vulnerabilities
The following is a list of BSD vendor patches for vulnerabilities
previously reported in Security Alert Consensus.
- --- NetBSD:
2003-015: xfree86
http://archives.neohapsis.com/archives/netbsd/2003-q4/0014.html
2003-016: Sendmail
http://archives.neohapsis.com/archives/netbsd/2003-q4/0013.html
2003-017: OpenSSL
http://archives.neohapsis.com/archives/netbsd/2003-q4/0015.html
Source: NetBSD
http://archives.neohapsis.com/archives/netbsd/2003-q4/0014.html
http://archives.neohapsis.com/archives/netbsd/2003-q4/0013.html
http://archives.neohapsis.com/archives/netbsd/2003-q4/0015.html
- --- HP-UX News ---------------------------------------------------------
*** {03.41.002} HP-UX - Updated patches for previous vulnerabilities
The following is a list of HP-UX vendor patches for vulnerabilities
previously reported in Security Alert Consensus.
SSRT3622: OpenSSL (including affected software)
http://archives.neohapsis.com/archives/hp/2003-q4/0007.html
http://archives.neohapsis.com/archives/hp/2003-q4/0008.html
SSRT3645: MySQL
http://archives.neohapsis.com/archives/hp/2003-q4/0007.html
SSRT3642: Apache
http://archives.neohapsis.com/archives/hp/2003-q4/0007.html
Source: HP
http://archives.neohapsis.com/archives/hp/2003-q4/0007.html
http://archives.neohapsis.com/archives/hp/2003-q4/0008.html
*** {03.41.003} HP-UX - dtprintinfo DISPLAY env var overflow
The dtprintinfo utility included with HP-UX 11.x contains a buffer
overflow in the handling of a large DISPLAY environment variable that
allows a local attacker to execute arbitrary code with root privileges.
HP confirmed this vulnerability and released a fix. Update information
is available at:
http://archives.neohapsis.com/archives/hp/2003-q4/0008.html
Source: SecurityFocus Bugtraq, HP
http://archives.neohapsis.com/archives/bugtraq/2003-10/0105.html
http://archives.neohapsis.com/archives/hp/2003-q4/0008.html
- --- Cross-Platform News ------------------------------------------------
*** {03.41.011} Cross - procmail rnmbogus() local format string vuln
A posted advisory indicates that a potential format string vulnerability
in the rnmbogus() function of procmail would allow a local attacker to
execute arbitrary code with elevated privileges if procmail is
setuid/setgid.
This vulnerability is not confirmed.
Source: SecurityFocus Vuln-Dev
http://archives.neohapsis.com/archives/vuln-dev/2003-q4/0022.html
*** {03.41.012} Cross - PeopleSoft info disclosure and large data
upload DoS
PeopleSoft People Tools version 8.42 reportedly contains two
vulnerabilities: a mild information disclosure, which shows users
version and patch information; and a vulnerability stemming from the
fact that the LONGCHAR and VARCHAR field types allow large amounts of
data to be submitted whereby an attacker could potentially upload an
endless stream of data in an attempt to cause a denial of service.
The advisories indicate vendor confirmation on both vulnerabilities.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-10/0108.html
http://archives.neohapsis.com/archives/bugtraq/2003-10/0109.html
*** {03.41.014} Cross - Vulnerable PHP applications, 10/14
The following is a list of reported vulnerable third-party PHP CGI
applications. These vulnerabilities are not necessarily confirmed.
PayPal Store Front 3.0: file include remote script execution
http://archives.neohapsis.com/archives/bugtraq/2003-10/0103.html
Gallery 1.4: file include remote script execution
http://archives.neohapsis.com/archives/bugtraq/2003-10/0140.html
myPHPCalendar: file include remote script execution
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0011.html
Source: SecurityFocus Bugtraq, VulnWatch
http://archives.neohapsis.com/archives/bugtraq/2003-10/0103.html
http://archives.neohapsis.com/archives/bugtraq/2003-10/0140.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0011.html
*** {03.41.015} Cross - IRCnet IRCD local join overflow
IRCnet's IRCD versions 2.10.x prior to 2.10.3p3 contain a buffer
overflow that could allow an attacker to crash the service.
The vendor confirmed this vulnerability and released an update,
available at:
http://akson.sgh.waw.pl/~chopin/ircd/patches/m_join.diff
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-10/0147.html
- --- Tru64 News ---------------------------------------------------------
*** {03.41.007} Tru64 - dtmailpr remote vuln
A Compaq/HP advisory indicates that the dtmailpr application contains
an unspecified vulnerability that allows a remote attacker to execute
arbitrary code on the system with elevated privileges.
Update information is included at the reference URL below.
Source: Compaq/HP
http://archives.neohapsis.com/archives/tru64/2003-q4/0002.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/jxzD+LUG5KFpTkYRAivpAKCgxVMk+ifMshd12Yi8oOhIZBaHdgCZAWCy
H7Oatu26KRMrxPTBLL1K2Fc=
=YSZL
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
************************* Begin Advertisement ************************
This issue is sponsored by Cisco Systems, Inc.
Visit the IP Communications Pavilion to download the Cisco
Migration Guide, to learn about converging existing voice and
Data networks, and to read case studies on organizations
who have deployed a Cisco IP Communication Systems.
http://www.techweb.com/ipc
************************** End Advertisement *************************
Become a Security Alert Consensus member! If this e-mail was passed to
you and you would like to begin receiving our security e-mail newsletter
on a weekly basis, we invite you to subscribe today.
http://portal.sans.org
We are signing the Consensus newsletter with PGP. The new SANS PGP key
is posted at:
http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
also be accessed from the SANS Web site (http://www.sans.org).
To unsubscribe from this newsletter, or to edit your subscription
information, please go to: http://portal.sans.org
Missed an issue? You can find back issues of Security Alert Consensus
(and other SANS newsletters) online. http://www.sans.org/newsletters
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2003 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]