|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Threat Watch 052
From: Security Threat Watch (NetworkComputing
update.networkcomputing.com)
Date: Mon Oct 25 2004 - 13:31:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Security Threat Watch
Number 052
Monday, October 25, 2004
Created for you by Network Computing & Neohapsis
--- Security News ----------------------------------------------
An interesting article was released concerning some possible security
impacts of the use of malicious Firewire (IEEE 1394) devices.
Essentially, the Firewire specification allows for the devices to
directly access the host OS's memory. Unfortunately, there generally are
no restrictions to this access, thus allowing Firewire devices to
potentially access sensitive kernel memory. One solution/workaround is
to avoid plugging in unknown Firewire devices and to disable Firewire
ports on critical systems that do not use them. Physical security should
still be considered a significant investment.
http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0012.html
Until next week,
- The Neohapsis Security Threat Watch Team
--- Security Pipeline -----------------------------------------------------
Watch Out For Security Freeware Gotchas
Before you install security freeware, ask some simple questions to avoid
getting stung.
http://securitypipeline.com/50500797
Subscribe to the free, weekly Security Pipeline newsletter for the latest
news, reviews, features, and technology how-tos. Keep your network safe
from groovy ghoulies. Sign up today!
http://securitypipeline.com/newsletter.jhtml
--- Advertisement -----------------------------------------------------
DO YOU WANT TO LEARN HOW TO STRENGTHEN & SIMPLIFY SECURITY?!
•Do you know who is accessing your facilities and networks?
•Do you have a well-thought-out strategy for Access Management?
Download Datakey's White Paper, Strengthen and Simplify Security
See how we can help create your strategy for stronger security:
--- New Vulnerabilities -----------------------------------------------
Below is a list of new vulnerabilities announced this week.
Vulnerabilities considered to be 'critical' involve highly-deployed
software, or carry a high-risk of system compromise. Note that
vulnerabilities not highlighted may still be of critical severity
to your environment.
**** Highlighted critical vulnerabilities ****
Multiple browsers: malformed HTML remote DoS
**** Newly announced vulnerabilities this week ****
____Windows____
Ability FTP Server 2.34: STOR command remote overflow
http://archives.neohapsis.com/archives/bugtraq/2004-10/0244.html
Abyss Web Server X1: DOS device name request DoS
http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0014.html
Age of Sail II 1.04.151: nickname overflow
http://archives.neohapsis.com/archives/bugtraq/2004-10/0200.html
Altiris Carbon Copy: local tray application privilege elevation
http://archives.neohapsis.com/archives/bugtraq/2004-10/0232.html
Altiris Deployment Server: server impersonation allows client compromise
http://archives.neohapsis.com/archives/bugtraq/2004-10/0211.html
http://archives.neohapsis.com/archives/bugtraq/2004-10/0221.html
LANDesk 8: malformed connection remote DoS
http://archives.neohapsis.com/archives/vuln-dev/2004-q4/0013.html
Multiple vendor antivirus: DOS name scanning bypass
http://archives.neohapsis.com/archives/bugtraq/2004-10/0185.html
Multiple vendor antivirus: malformed .ZIP file scanning bypass
http://archives.neohapsis.com/archives/bugtraq/2004-10/0169.html
Vypress Tonecast 1.3: malformed music stream remote DoS
http://archives.neohapsis.com/archives/bugtraq/2004-10/0197.html
Windows: malformed WAV file DoS
http://archives.neohapsis.com/archives/bugtraq/2004-10/0229.html
____Linux____
Linux kernel <2.6.9: multiple DoS
http://archives.neohapsis.com/archives/bugtraq/2004-10/0212.html
____HP-UX____
stmkfont: local privilege elevation
http://archives.neohapsis.com/archives/bugtraq/2004-10/0214.html
http://archives.neohapsis.com/archives/bugtraq/2004-10/0230.html
____CGI____
CoolPHP 1.0: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2004-10/0158.html
Powie's PSCRIPT 1.26: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2004-10/0178.html
Sage Saleslogix: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2004-10/0168.html
Serendipity 0.7-beta4: HTTP response splitting
http://archives.neohapsis.com/archives/bugtraq/2004-10/0219.html
UBB.threads 3.4.x: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2004-10/0216.html
apexec.pl: remote file reading
http://archives.neohapsis.com/archives/bugtraq/2004-10/0186.html
cPanel 9.4.1: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2004-10/0165.html
http://archives.neohapsis.com/archives/bugtraq/2004-10/0166.html
http://archives.neohapsis.com/archives/bugtraq/2004-10/0167.html
dwc_articles 1.6: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2004-10/0245.html
____Cross-Platform____
IBM Lotus Notes/Domino: malformed encoding allows XSS
http://archives.neohapsis.com/archives/bugtraq/2004-10/0175.html
Libtiff: JPEG support overflow
http://archives.neohapsis.com/archives/bugtraq/2004-10/0237.html
Multiple browsers: malformed HTML remote DoS
http://archives.neohapsis.com/archives/bugtraq/2004-10/0163.html
http://archives.neohapsis.com/archives/bugtraq/2004-10/0247.html
Multiple browsers: tabbed window alert dialog misdirection
http://archives.neohapsis.com/archives/ntbugtraq/2004-q4/0075.html
Sun J2ME platform: KVM sandbox escaping
http://archives.neohapsis.com/archives/bugtraq/2004-10/0231.html
kpdf: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2004-10/0228.html
mpg123: getauthfromurl() overflow
http://archives.neohapsis.com/archives/bugtraq/2004-10/0208.html
rssh < 2.2.2: logging format string vulnerability
http://archives.neohapsis.com/archives/bugtraq/2004-10/0246.html
--- Patches and Updates -----------------------------------------------
The following contains a list of vendor patches and updates released
this week.
____Linux____
Debian > DSA 556-2: netkit-telnet
http://archives.neohapsis.com/archives/bugtraq/2004-10/0180.html
Debian > DSA 568-1: cyrus-sasl-mit
http://archives.neohapsis.com/archives/bugtraq/2004-10/0179.html
Debian > DSA 569-1: netkit-telnet-ssl
http://archives.neohapsis.com/archives/bugtraq/2004-10/0174.html
Debian > DSA 570-1: libpng
http://archives.neohapsis.com/archives/vendor/2004-q4/0028.html
Debian > DSA 571-1: libpng3
http://archives.neohapsis.com/archives/vendor/2004-q4/0029.html
Debian > DSA 572-1: ecartis
http://archives.neohapsis.com/archives/vendor/2004-q4/0031.html
Debian > DSA 573-1: cupsys
http://archives.neohapsis.com/archives/vendor/2004-q4/0033.html
Fedora > FLSA-2004:1237: gaim
http://archives.neohapsis.com/archives/bugtraq/2004-10/0177.html
Fedora > FLSA-2004:1804: kernel
http://archives.neohapsis.com/archives/bugtraq/2004-10/0191.html
Fedora > FLSA-2004:2072: cups
http://archives.neohapsis.com/archives/bugtraq/2004-10/0176.html
Mandrake > MDKSA-2004:107: mozilla
http://archives.neohapsis.com/archives/linux/mandrake/2004-q4/0012.html
Mandrake > MDKSA-2004:107: mozilla
http://archives.neohapsis.com/archives/bugtraq/2004-10/0209.html
Mandrake > MDKSA-2004:108: cvs
http://archives.neohapsis.com/archives/bugtraq/2004-10/0207.html
Mandrake > MDKSA-2004:108: cvs
http://archives.neohapsis.com/archives/linux/mandrake/2004-q4/0014.html
Mandrake > MDKSA-2004:109: libtiff
http://archives.neohapsis.com/archives/linux/mandrake/2004-q4/0013.html
Mandrake > MDKSA-2004:109: libtiff
http://archives.neohapsis.com/archives/bugtraq/2004-10/0199.html
Mandrake > MDKSA-2004:110: gaim
http://archives.neohapsis.com/archives/linux/mandrake/2004-q4/0015.html
Mandrake > MDKSA-2004:110: gaim
http://archives.neohapsis.com/archives/bugtraq/2004-10/0218.html
Mandrake > MDKSA-2004:111: wxGTK2
http://archives.neohapsis.com/archives/bugtraq/2004-10/0217.html
Mandrake > MDKSA-2004:111: wxGTK2
http://archives.neohapsis.com/archives/linux/mandrake/2004-q4/0017.html
Mandrake > MDKSA-2004:112: squid
http://archives.neohapsis.com/archives/linux/mandrake/2004-q4/0016.html
Mandrake > MDKSA-2004:113: xpdf
http://archives.neohapsis.com/archives/linux/mandrake/2004-q4/0018.html
Mandrake > MDKSA-2004:114: gpdf
http://archives.neohapsis.com/archives/linux/mandrake/2004-q4/0019.html
Mandrake > MDKSA-2004:115: kdegraphics
http://archives.neohapsis.com/archives/linux/mandrake/2004-q4/0021.html
Mandrake > MDKSA-2004:116: cups
http://archives.neohapsis.com/archives/linux/mandrake/2004-q4/0020.html
SuSE > SUSE-SA:2004:037: kernel
http://archives.neohapsis.com/archives/bugtraq/2004-10/0213.html
SuSE > SUSE-SA:2004:038: libtiff
http://archives.neohapsis.com/archives/bugtraq/2004-10/0233.html
____SCO____
UnixWare > SCOSA-2004.17: zlib
http://archives.neohapsis.com/archives/bugtraq/2004-10/0192.html
--- Advertisement -----------------------------------------------------
DO YOU WANT TO LEARN HOW TO STRENGTHEN & SIMPLIFY SECURITY?!
•Do you know who is accessing your facilities and networks?
•Do you have a well-thought-out strategy for Access Management?
Download Datakey's White Paper, Strengthen and Simplify Security
See how we can help create your strategy for stronger security:
--- Sign Off ----------------------------------------------------------
If this e-mail was passed to you, and you would like to begin receiving
our free security e-mail newsletter on a weekly basis, we invite you to
subscribe today by forwarding this message to [subscribe_stwupdate.networkcomputing.com].
Or you can subscribe directly here:
http://www.networkcomputing.com/go/stw.jhtml
To manage all aspects of your subscription and newsletter account,
simply use the URL below. You'll need your e-mail address and
password to log in. If you don't have your password, you can generate
a new one using the same URL. Once logged in, you can change your
e-mail address and password as well as select specific platforms for
which you'd like to receive information on patches and vulnerabilities.
If you have any questions regarding this system, please don't hesitate
to e-mail us at stwnwc.com.
http://stwpref.update.networkcomputing.com/CMP/NWC/prefctr.asp
Put Us On Your White List
Don't let an over-eager e-mail filter bounce the Network Computing
Security Threat Watch newsletter! Our address
<NetworkComputingupdate.networkcomputing.com>
needs to be in your address book or on your anti-spam white list. Ask your
admin or ISP how to do this, or check your anti-spam utility documentation.
Important subscription contacts:
CMP Media LLC
600 Community Drive
Manhasset, NY 11030
Missed an issue? You can find all back issues of Security Threat Watch
(as well as Security Alert Consensus and Security Express) online.
http://archives.neohapsis.com/
Note: To better serve you we use dynamic URLs within our advertisments,
which allow us to see how many readers click on a given ad. We do not
share this information, or your personal information, with any outside
party. Concerned about the privacy of your information relative to these
tracking URLs? Please refer to our privacy policy.
http://www.doubleclick.net/us/corporate/privacy
We'd like to know what you think about the newsletter and what
information you'd like to see in future editions. E-mail your comments
to (stwnwc.com).
To unsubscribe from this newsletter, forward this message to
[unsubscribe_stwupdate.networkcomputing.com].
Copyright (c) 2004 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com). Powered by Neohapsis Inc., a
Chicago-based security assessment and integration services consulting
group (infoneohapsis.com | http://www.neohapsis.com/).
This message powered by DARTmail
http://www.doubleclick.net/us/corporate/privacy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]