|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Threat Watch 049
From: Security Threat Watch (NetworkComputing
update.networkcomputing.com)
Date: Mon Oct 04 2004 - 13:03:44 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Security Threat Watch
Number 049
Monday, October 4, 2004
Created for you by Network Computing & Neohapsis
--- Security News ----------------------------------------------
Two topics dominated the security mailing lists last week: Microsoft GDI
patching problems and electronic voting issues. The Microsoft GDI
vulnerability (involving malicious JPEG files) has proven to be an
extremely intricate vulnerability to fix because of the proliferation of
GDI components in third-party software. Popular opinion is that the
Microsoft update tools fall extremely short of getting the job done.
Many third parties have gone so far as to release their own GDI scanning
utilities, and there are many reports of manual DLL swapping to replace
vulnerable DLL versions of third-party applications. Those of you
interested in following the discussion can read the archives at:
http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/
Electronic voting has caused significant discussion ever since Diebold
voting machine insecurities started to be posted to the public mailing
lists. The discussion delves into areas including verifiable (paper)
audit trails, use of open-source software, accountability of commercial
entities supplying the components and the use of cryptography (and
possible shortcomings). Those of you interested in reading along can
view the "Diebold Global Election Management Systems (GEMS)..." thread
at:
http://archives.neohapsis.com/archives/bugtraq/2004-09/thread.html
Until next week,
- The Neohapsis Security Threat Watch Team
--- Advertisement -----------------------------------------------------
This issue sponsored by Radware.
Radware DefensePro, 3Gbps intrusion prevention switch,
protects against worms, viruses, malicious intrusions,
Denial of Service attacks and Trojans - securing all networked applications.
Delivering maximum throughput and advanced security intelligence,
DefensePro isolates, blocks and prevents attacks in real-time.
Download DefensePro Whitepaper at:
--- New Vulnerabilities -----------------------------------------------
Below is a list of new vulnerabilities announced this week.
Vulnerabilities considered to be 'critical' involve highly-deployed
software, or carry a high-risk of system compromise. Note that
vulnerabilities not highlighted may still be of critical severity
to your environment.
**** Highlighted critical vulnerabilities ****
Samba 3.05: SMB root escaping
**** Newly announced vulnerabilities this week ****
____Windows____
Alpha Black Zero 1.04: multiple connections remote DoS
http://archives.neohapsis.com/archives/bugtraq/2004-09/0423.html
Chatman 1.5.1 RC1: malformed broadcast traffic DoS
http://archives.neohapsis.com/archives/bugtraq/2004-09/0349.html
HP StorageWorks Command View XP: access restriction bypass
http://archives.neohapsis.com/archives/bugtraq/2004-09/0398.html
Judge Dredd vs. Death 1.01: server remote format string vulnerability
http://archives.neohapsis.com/archives/bugtraq/2004-10/0016.html
Microsoft .NET: potential Forms authentication bypass
http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html
Microsoft SQL Server 7.0: remote DoS
http://archives.neohapsis.com/archives/bugtraq/2004-09/0420.html
MyWebServer 1.0.3: admin access, remote DoS
http://archives.neohapsis.com/archives/bugtraq/2004-09/0410.html
Vypress Messenger 3.5.1: malformed message remote overflow
http://archives.neohapsis.com/archives/bugtraq/2004-10/0001.html
dbPowerAmp: multiple local overflows and DoS
http://archives.neohapsis.com/archives/bugtraq/2004-10/0011.html
____AIX____
RSCT ctstrtcasd: local file corruption/overwriting
http://archives.neohapsis.com/archives/bugtraq/2004-09/0350.html
____IRIX____
SGI kernel: bsd.a kernel networking vulnerabilities
http://archives.neohapsis.com/archives/vendor/2004-q3/0058.html
____CGI____
AJ-Fork 167: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2004-09/0460.html
Alex Guestbook: PHP remote file include code execution
http://archives.neohapsis.com/archives/bugtraq/2004-09/0362.html
BroadBoard Instant ASP Message Board: multiple SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2004-09/0339.html
Silent Storm Portal 2.2: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2004-09/0440.html
W-agora Forum 4.1.6a: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2004-09/0437.html
Wordpress 1.2: multiple XSS
http://archives.neohapsis.com/archives/bugtraq/2004-09/0382.html
bBlog 0.7.3: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2004-09/0461.html
____Cross-Platform____
Apache HTTP Server <2.0.52: Satisfy directive restriction bypass
http://archives.neohapsis.com/archives/apache/2004/0008.html
Icecast 2.0.1: multiple HTTP headers remote overflow
http://archives.neohapsis.com/archives/bugtraq/2004-09/0366.html
ParaChat Server 5.5: Webroot escaping
http://archives.neohapsis.com/archives/bugtraq/2004-09/0394.html
RealPlayer: pnen3260.dll remote heap overflow
http://archives.neohapsis.com/archives/bugtraq/2004-09/0462.html
Samba 3.05: SMB root escaping
http://archives.neohapsis.com/archives/bugtraq/2004-09/0443.html
http://archives.neohapsis.com/archives/bugtraq/2004-09/0453.html
Vignette Application Portal: remote info disclosure
http://archives.neohapsis.com/archives/bugtraq/2004-09/0373.html
Xerces-C++ 2.5.0: malformed XML document DoS
http://archives.neohapsis.com/archives/bugtraq/2004-10/0013.html
YahooPOPS: multiple remote overflows
http://archives.neohapsis.com/archives/bugtraq/2004-09/0338.html
--- Patches and Updates -----------------------------------------------
The following contains a list of vendor patches and updates released
this week.
____Linux____
Debian > DSA 553-1: getmail
http://archives.neohapsis.com/archives/bugtraq/2004-09/0456.html
Debian > DSA 553-1: getmail
http://archives.neohapsis.com/archives/vendor/2004-q3/0056.html
Debian > DSA 554-1: sendmail
http://archives.neohapsis.com/archives/bugtraq/2004-09/0347.html
Debian > DSA 555-1: frenet6
http://archives.neohapsis.com/archives/bugtraq/2004-09/0438.html
Debian > DSA 556-1: netkit-telnet
http://archives.neohapsis.com/archives/vendor/2004-q4/0001.html
Fedora > FLSA-2004:1468: tcpdump
http://archives.neohapsis.com/archives/bugtraq/2004-09/0431.html
Fedora > FLSA-2004:1552: cadaver
http://archives.neohapsis.com/archives/bugtraq/2004-09/0412.html
Fedora > FLSA-2004:1733: squirrelmail
http://archives.neohapsis.com/archives/bugtraq/2004-10/0014.html
Mandrake > MDKSA-2004:011-1: NetPBM
http://archives.neohapsis.com/archives/bugtraq/2004-09/0383.html
Mandrake > MDKSA-2004:103: OpenOffice.org
http://archives.neohapsis.com/archives/bugtraq/2004-09/0376.html
Mandrake > MDKSA-2004:104: samba
http://archives.neohapsis.com/archives/bugtraq/2004-10/0005.html
Trustix > TSL-2004-0050: multi
http://archives.neohapsis.com/archives/bugtraq/2004-09/0439.html
Trustix > TSLSA-2004-0051: samba
http://archives.neohapsis.com/archives/bugtraq/2004-09/0459.html
--- Advertisement -----------------------------------------------------
This issue sponsored by Radware.
Radware DefensePro, 3Gbps intrusion prevention switch,
protects against worms, viruses, malicious intrusions,
Denial of Service attacks and Trojans - securing all networked applications.
Delivering maximum throughput and advanced security intelligence,
DefensePro isolates, blocks and prevents attacks in real-time.
Download DefensePro Whitepaper at:
--- Sign Off ----------------------------------------------------------
If this e-mail was passed to you, and you would like to begin receiving
our free security e-mail newsletter on a weekly basis, we invite you to
subscribe today by forwarding this message to [subscribe_stwupdate.networkcomputing.com].
Or you can subscribe directly here:
http://www.networkcomputing.com/go/stw.jhtml
To manage all aspects of your subscription and newsletter account,
simply use the URL below. You'll need your e-mail address and
password to log in. If you don't have your password, you can generate
a new one using the same URL. Once logged in, you can change your
e-mail address and password as well as select specific platforms for
which you'd like to receive information on patches and vulnerabilities.
If you have any questions regarding this system, please don't hesitate
to e-mail us at stwnwc.com.
http://stwpref.update.networkcomputing.com/CMP/NWC/prefctr.asp
Put Us On Your White List
Don't let an over-eager e-mail filter bounce the Network Computing
Security Threat Watch newsletter! Our address <NetworkComputingupdate.networkcomputing.com>
needs to be in your address book or on your anti-spam white list. Ask your
admin or ISP how to do this, or check your anti-spam utility documentation.
Important subscription contacts:
CMP Media LLC
600 Community Drive
Manhasset, NY 11030
Missed an issue? You can find all back issues of Security Threat Watch
(as well as Security Alert Consensus and Security Express) online.
http://archives.neohapsis.com/
Note: To better serve you we use dynamic URLs within our advertisments,
which allow us to see how many readers click on a given ad. We do not
share this information, or your personal information, with any outside
party. Concerned about the privacy of your information relative to these
tracking URLs? Please refer to our privacy policy.
http://www.doubleclick.net/us/corporate/privacy
We'd like to know what you think about the newsletter and what
information you'd like to see in future editions. E-mail your comments
to (stwnwc.com).
To unsubscribe from this newsletter, forward this message to
[unsubscribe_stwupdate.networkcomputing.com].
Copyright (c) 2004 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com). Powered by Neohapsis Inc., a
Chicago-based security assessment and integration services consulting
group (infoneohapsis.com | http://www.neohapsis.com/).
This message powered by DARTmail
http://www.doubleclick.net/us/corporate/privacy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]