|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Alert Consensus #42
From: Network Computing and The SANS Institute (sans
sans.org)
Date: Thu Oct 23 2003 - 20:02:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 042 (03.42)
Thursday, October 23, 2003
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below you
should find information pertaining only to the categories you requested.
Information on how to manage your subscription can be found at the
bottom of the newsletter. If you have any problems or questions, please
e-mail us at <consensusnwc.com>.
************************* Begin Advertisement ************************
This issue is sponsored by Cisco Systems, Inc.
Visit the IP Communications Pavilion to download the Cisco
Migration Guide, to learn about converging existing voice and
Data networks, and to read case studies on organizations
who have deployed a Cisco IP Communication Systems.
http://www.techweb.com/ipc
************************** End Advertisement *************************
Many folks are still reeling from last week's onslaught of Microsoft
updates. Fortunately, this week did not bring any enterprise-critical
vulnerabilities beyond a bug in certain configurations of HP OpenView
Operations for Windows.
We've received a few inquires about last week's announcement regarding
the upcoming newsletter changes. This newsletter will mark the last
joint delivery of Security Alert Consensus (SAC) by Network Computing
and the SANS Institute. As a reminder, if you subscribe to SAC as a SANS
member, you should receive notice shortly regarding the SANS Institute's
forthcoming, enhanced version of its existing CVA newsletter. If you do
not, you can subscribe to it and other free SANS newsletters at
portal.sans.org.
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{03.42.003} Win - mIRC irc protocol handler overflow
{03.42.004} Win - OpenView OW unauthorized remote action
{03.42.015} Win - AIM getfile operation screen name overflow
{03.42.001} Linux - Updated patches for previous vulnerabilities
{03.42.011} HP-UX - Servicecontrol Manager unauthorized local access
{03.42.012} SCO - System scripts insecure temp file handling
{03.42.002} NetDev - Origo ASR-8100 ADSL router admin menu DoS
{03.42.014} NetDev - Nokia FW IP-cluster DoS
{03.42.005} Cross - Fetchmail multiple vulns
{03.42.006} Cross - Opera escaped HREF link overflow
{03.42.007} Cross - MyClassifieds CGI SQL tampering
{03.42.008} Cross - Tomcat connector non-HTTP request DoS
{03.42.009} Cross - OpenView NMM multiple DoS vulns
{03.42.010} Cross - Vulnerable PHP applications, 10/21
{03.42.013} Cross - Gast Arbeiter file writing
- --- Windows News -------------------------------------------------------
*** {03.42.003} Win - mIRC irc protocol handler overflow
mIRC version 6.1 contains a buffer overflow in the 'irc://' handler that
allows a malicious Web site to execute arbitrary code on the user's
system.
The advisory indicates confirmation by the vendor, which released
version 6.11.
Source: NTBugtraq
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0060.html
*** {03.42.004} Win - OpenView OW unauthorized remote action
OpenView Operations for Windows (OVOW) allows a local administrator to
perform remote actions on other OpenView managed nodes, even if the
appropriate registry configuration option to prevent this is enabled.
HP confirmed this vulnerability. Update information is available at the
reference URL below.
Source: HP
http://archives.neohapsis.com/archives/hp/2003-q4/0009.html
*** {03.42.015} Win - AIM getfile operation screen name overflow
AOL Instant Messenger version 5.2.3292 reportedly contains a buffer
overflow in the handling of the screen name parameter passed to the
getfile operation, thereby allowing a malicious Web site to potentially
execute arbitrary code on the user's system.
The advisory indicates confirmation vendor, which released version
5.5.3415.
Source: NTBugtraq
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0059.html
- --- Linux News ---------------------------------------------------------
*** {03.42.001} Linux - Updated patches for previous vulnerabilities
The following is a list of Linux vendor patches for vulnerabilities
previously reported in Security Alert Consensus.
- --- Mandrake:
MDKSA-2003:100: gdm
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0049.html
- --- Conectiva:
CLA-2003:762: glibc
http://archives.neohapsis.com/archives/linux/conectiva/2003-q4/0006.html
CLA-2003:765: ircd
http://archives.neohapsis.com/archives/linux/conectiva/2003-q4/0007.html
CLA-2003:766: gdm
http://archives.neohapsis.com/archives/linux/conectiva/2003-q4/0008.html
Source: Mandrake, Conectiva
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0049.html
http://archives.neohapsis.com/archives/linux/conectiva/2003-q4/0006.html
http://archives.neohapsis.com/archives/linux/conectiva/2003-q4/0007.html
http://archives.neohapsis.com/archives/linux/conectiva/2003-q4/0008.html
- --- HP-UX News ---------------------------------------------------------
*** {03.42.011} HP-UX - Servicecontrol Manager unauthorized local access
Servicecontrol Manager version 3.0 contains a vulnerability that allows
unauthorized local attackers to access the Servicecontrol Manager.
HP confirmed this vulnerability and released SCM version B.03.00.04.
Source: HP
http://archives.neohapsis.com/archives/hp/2003-q4/0020.html
- --- SCO News -----------------------------------------------------------
*** {03.42.012} SCO - System scripts insecure temp file handling
SCO released an advisory indicating that various system scripts included
with OpenServer 5.0.5 do not properly handle temporary files, thereby
allowing a local attacker to perform a symlink attack.
The vendor confirmed this vulnerability. Update information is available
at the reference URL below.
Source: SCO
http://archives.neohapsis.com/archives/linux/caldera/2003-q4/0006.html
- --- Network Devices News -----------------------------------------------
*** {03.42.002} NetDev - Origo ASR-8100 ADSL router admin menu DoS
The Origo ASR-8100 ADSL router exposes an administration menu to the
WAN network. The menu does not require authentication, so a remote
attacker can cause a denial of service by reconfiguring the device.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-10/0193.html
*** {03.42.014} NetDev - Nokia FW IP-cluster DoS
Nokia released an advisory indicating that IPSO version 3.7 prior to
build 29 is vulnerable to a denial of service attack when used in an
IP-cluster configuration.
This vulnerability is confirmed; a fix is available at:
https://support.nokia.com/security_platforms/index.jsp
Source: Nokia
https://support.nokia.com/security_platforms/index.jsp
- --- Cross-Platform News ------------------------------------------------
*** {03.42.005} Cross - Fetchmail multiple vulns
Fetchmail contains multiple vulnerabilities that could potentially allow
a malicious e-mail to execute arbitrary code or cause a denial of
service situation.
These vulnerabilities are confirmed.
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0050.html
Updated Immunix RPMs:
http://archives.neohapsis.com/archives/linux/immunix/2003-q4/0003.html
Source: Mandrake, Immunix
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0050.html
http://archives.neohapsis.com/archives/linux/immunix/2003-q4/0003.html
*** {03.42.006} Cross - Opera escaped HREF link overflow
Opera Web browser versions 7.20 and prior contain a buffer overflow in
the handling of certain escaped HREF strings that allows a malicious
Web site or e-mail to execute arbitrary code on the user's system.
The vendor confirmed this vulnerability. Version 7.21 was released.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0016.html
*** {03.42.007} Cross - MyClassifieds CGI SQL tampering
Fuzzymonkey.com's MyClassifieds CGI suite is vulnerable to SQL
tampering, which allows a remote attacker to manipulate the backend
database.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-10/0211.html
*** {03.42.008} Cross - Tomcat connector non-HTTP request DoS
Tomcat version 4.0.x contains a denial of service vulnerability that is
caused by an attacker submitting many non-HTTP requests to the HTTP
connector.
This vulnerability is confirmed.
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q4/0084.html
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q4/0084.html
*** {03.42.009} Cross - OpenView NMM multiple DoS vulns
OpenView NMM for HP-UX, Solaris and Windows contains two denial of
service vulnerabilities whereby a remote attacker can send a malformed
packet and cause memory leaks and excessive CPU usage.
These vulnerabilities are confirmed; update information is available at
the reference URL below.
Source: HP
http://archives.neohapsis.com/archives/hp/2003-q4/0019.html
*** {03.42.010} Cross - Vulnerable PHP applications, 10/21
The following is a list of reported vulnerable third-party PHP CGI
applications. These vulnerabilities are not necessarily confirmed.
Wrensoft Zoom Search: XSS
http://archives.neohapsis.com/archives/bugtraq/2003-10/0173.html
cpCommerce 0.05f: remote file include/code execution
http://archives.neohapsis.com/archives/bugtraq/2003-10/0198.html
ByteHoard 0.7: arbitrary file reading
http://archives.neohapsis.com/archives/bugtraq/2003-10/0200.html
DeskPRO 1.1.0: SQL tampering
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0017.html
Goldlink 3.0: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2003-10/0204.html
Source: SecurityFocus Bugtraq, VulnWatch
http://archives.neohapsis.com/archives/bugtraq/2003-10/0173.html
http://archives.neohapsis.com/archives/bugtraq/2003-10/0198.html
http://archives.neohapsis.com/archives/bugtraq/2003-10/0200.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0017.html
http://archives.neohapsis.com/archives/bugtraq/2003-10/0204.html
*** {03.42.013} Cross - Gast Arbeiter file writing
The Gast Arbeiter application version 1.3 does not filter the req_file
parameter, thereby allowing a remote attacker to use parent directory
references to overwrite arbitrary files on the system.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-10/0208.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/mGMK+LUG5KFpTkYRAvgkAJ96fItxb2u5NrF4V0NCTmIWffqBqQCfUsbJ
ucFQDLE6ZRY1rsktppqcNNw=
=3leL
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
************************* Begin Advertisement ************************
This issue is sponsored by Cisco Systems, Inc.
Visit the IP Communications Pavilion to download the Cisco
Migration Guide, to learn about converging existing voice and
Data networks, and to read case studies on organizations
who have deployed a Cisco IP Communication Systems.
http://www.techweb.com/ipc
************************** End Advertisement *************************
Become a Security Alert Consensus member! If this e-mail was passed to
you and you would like to begin receiving our security e-mail newsletter
on a weekly basis, we invite you to subscribe today.
http://www.portal.sans.org
We are signing the Consensus newsletter with PGP. The new SANS PGP key
is posted at:
http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
also be accessed from the SANS Web site (http://www.sans.org).
To unsubscribe from this newsletter, or to edit your subscription
information, please go to: http://portal.sans.org/
Missed an issue? You can find back issues of Security Alert Consensus
(and other SANS newsletters) online. http://www.sans.org/newsletters
Copyright (c) 2003 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]