|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Threat Watch 067
From: Security Threat Watch (NetworkComputing
update.networkcomputing.com)
Date: Mon Feb 14 2005 - 13:00:54 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Security Threat Watch
Number 067
Monday, February 14, 2005
Created for you by Network Computing & Neohapsis
--- Security News ----------------------------------------------
We reported a preliminary summary of upcoming Microsoft patches in the
last issue. The patches have since been released, and many of them are
critical enough to be included in this issue's Highlighted
Vulnerabilities section. Also included in this section is a UPX decoding
bug in Symantec content-inspection products.
An interesting thread formed on the discussion lists regarding IDNs
(International Domain Names). It seems IDNs can be used to trick users
into believing they are at a particular trusted site, when in fact they
are not. The problem is exacerbated by the fact that the fraudulent
sites can get legitimate SSL certificates for the IDN version of a
domain name. Thus, no indicator is given to the user that they are not
at the actual correct site. More information can be found by reading the
various 'IDN' threads at:
http://archives.neohapsis.com/archives/bugtraq/2005-02/
Until next issue,
- The Neohapsis Security Threat Watch Team
--- Security Pipeline -----------------------------------------------------
How To Shop For A VPN
Get clued in on what to look for including the ins and outs of software
vs. appliances, SSL, and IPsec.
http://nwc.securitypipeline.com/60400281
Subscribe to the free weekly Security Pipeline newsletter for the latest
news, reviews and in-depth how-tos on protecting your network against
spam, phishing, spyware, hackers and other Fearsome Beestes.
http://securitypipeline.com/newsletter.jhtml
--- Advertisement -----------------------------------------------------
Web Application Worms utilize a known exploit, applies worm
methodology and then leverages the power of the search engines to
accelerate its effectiveness. These attacks mark the beginning
of a new generation of worms targeted at web applications. Are
your web apps vulnerable? Test your app immediately with our
FREE WebInspect 15 day download trial!
--- New Vulnerabilities -----------------------------------------------
Below is a list of new vulnerabilities announced this week.
Vulnerabilities considered to be 'critical' involve highly-deployed
software, or carry a high-risk of system compromise. Note that
vulnerabilities not highlighted may still be of critical severity
to your environment.
**** Highlighted critical vulnerabilities ****
Internet Explorer: cumulative update (MS05-014/867282)
Microsoft Office XP: remote overflow (MS05-005/873352)
Microsoft Windows/IE: DHTML control remote vulnerabilities
(MS05-013/891781)
Microsoft Windows/IE: hyperlink object library overflow
(MS05-015/888113)
Microsoft Windows: COM/OLE vulnerabilities (MS05-012/873333)
Microsoft Windows: SMB remote overflow (MS05-011/885250)
Microsoft Windows: license service remote overflow (MS05-010/885834)
Symantec products: UPX handling overflow
Windows Media Player, Windows Messenger: PNG file overflow
(MS05-009/890261)
**** Newly announced vulnerabilities this week ****
____Windows____
602LAN SUITE: Webmail arbitrary file uploading
http://archives.neohapsis.com/archives/bugtraq/2005-02/0044.html
ArGoSoft Mail Server: Webmail multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2005-02/0053.html
Internet Explorer: cumulative update (MS05-014/867282)
http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0068.html
Microsoft Office XP: remote overflow (MS05-005/873352)
http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0059.html
Microsoft Sharepoint Services: XSS (MS05-006/887981)
http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0060.html
Microsoft Windows/IE: DHTML control remote vulnerabilities
(MS05-013/891781)
http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0067.html
Microsoft Windows/IE: hyperlink object library overflow
(MS05-015/888113)
http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0069.html
Microsoft Windows: COM/OLE vulnerabilities (MS05-012/873333)
http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0066.html
Microsoft Windows: SMB remote overflow (MS05-011/885250)
http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0065.html
Microsoft Windows: license service remote overflow (MS05-010/885834)
http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0064.html
Microsoft Windows: local drag-and-drop vulnerability (MS05-008/890047)
http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0062.html
Microsoft Windows: name pipe user name disclosure (MS05-007/999302)
http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0061.html
RealArcade 1.2.0.994: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2005-02/0043.html
SafeNet SoftRemote VPN Client: key disclosure
http://archives.neohapsis.com/archives/bugtraq/2005-02/0041.html
Symantec products: UPX handling overflow
http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0079.html
http://archives.neohapsis.com/archives/bugtraq/2005-02/0127.html
Windows .NET: path validation vulnerability (MS05-004/887219)
http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0058.html
Windows Media Player, Windows Messenger: PNG file overflow
(MS05-009/890261)
http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0063.html
ZoneAlarm: local IPC DoS
http://archives.neohapsis.com/archives/bugtraq/2005-02/0128.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0067.html
____AIX____
AIX utilities: multiple local overflows
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0050.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0052.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0058.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0059.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0060.html
____MacOS____
Mac OSX: Finder .DS_Store local file overwriting
http://archives.neohapsis.com/archives/bugtraq/2005-02/0006.html
Max OSX: AppleFileServer FPLoginExt packet remote DoS
http://archives.neohapsis.com/archives/bugtraq/2005-02/0032.html
____Network Devices____
Barracuda Spam Firewall 3.1.10: whitelisted domains open mail relay
http://archives.neohapsis.com/archives/bugtraq/2005-02/0080.html
____CGI____
ASPjar guestbook: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2005-02/0097.html
CMS Core: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2005-02/0069.html
Chipmunk forums: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2005-02/0067.html
Mercuryboard 1.1.1: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2005-02/0055.html
PerlDesk 1.x: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2005-02/0022.html
SquirrelMail S/MIME Plugin 0.5: remote command execution
http://archives.neohapsis.com/archives/bugtraq/2005-02/0015.html
myPHP Forum 1.0: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2005-02/0056.html
php-fusion 4.x: forum restriction bypass
http://archives.neohapsis.com/archives/bugtraq/2005-02/0029.html
____Cross-Platform____
Armagetron Advanced game 0.2.7.0: multiple remote DoS
http://archives.neohapsis.com/archives/bugtraq/2005-02/0101.html
CA BrightStor ARCserve: multiple vulnerabilities
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0057.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0064.html
Firefox 1.0: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2005-02/0019.html
http://archives.neohapsis.com/archives/bugtraq/2005-02/0020.html
http://archives.neohapsis.com/archives/bugtraq/2005-02/0021.html
IBM DB2 UDB 8.1: unspecified buffer overflow
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0056.html
KDELibs 3.3.2: dcopidlng insecure temp file handling
http://archives.neohapsis.com/archives/bugtraq/2005-02/0113.html
Mod_python: publisher handler information disclosure
http://archives.neohapsis.com/archives/apache/2005/0002.html
Multiple browsers: IDN domain name spoofing
http://archives.neohapsis.com/archives/bugtraq/2005-02/0025.html
Quake 3 engine: large query remote DoS
http://archives.neohapsis.com/archives/bugtraq/2005-02/0139.html
--- Patches and Updates -----------------------------------------------
The following contains a list of vendor patches and updates released
this week.
____Linux____
Debian > DSA 669-1: php3
http://archives.neohapsis.com/archives/vendor/2005-q1/0058.html
Debian > DSA 670-1: emacs20
http://archives.neohapsis.com/archives/bugtraq/2005-02/0037.html
Debian > DSA 671-1: xemacs21
http://archives.neohapsis.com/archives/bugtraq/2005-02/0038.html
Debian > DSA 672-1: xview
http://archives.neohapsis.com/archives/vendor/2005-q1/0061.html
Debian > DSA 673-1: evolution
http://archives.neohapsis.com/archives/bugtraq/2005-02/0079.html
Debian > DSA 674-2: mailman
http://archives.neohapsis.com/archives/vendor/2005-q1/0066.html
Debian > DSA 675-1: hztty
http://archives.neohapsis.com/archives/vendor/2005-q1/0065.html
Debian > DSA 676-1: xpcd
http://archives.neohapsis.com/archives/vendor/2005-q1/0067.html
Debian > DSA 677-1: sympa
http://archives.neohapsis.com/archives/vendor/2005-q1/0068.html
Debian > DSA 678-1: netkit-rwho
http://archives.neohapsis.com/archives/vendor/2005-q1/0070.html
Fedora > FLSA-2005:1906: abiword
http://archives.neohapsis.com/archives/bugtraq/2005-02/0087.html
Fedora > FLSA-2005:1943: libpng
http://archives.neohapsis.com/archives/bugtraq/2005-02/0085.html
Fedora > FLSA-2005:2188: gaim
http://archives.neohapsis.com/archives/bugtraq/2005-02/0117.html
Fedora > FLSA-2005:2252: iptables
http://archives.neohapsis.com/archives/bugtraq/2005-02/0121.html
Fedora > FLSA-2005:2352: xpdf
http://archives.neohapsis.com/archives/bugtraq/2005-02/0120.html
Fedora > FLSA-2005:2353: gpdf
http://archives.neohapsis.com/archives/bugtraq/2005-02/0122.html
Mandrake > MDKSA-2005:030: Perl-DBI
http://archives.neohapsis.com/archives/linux/mandrake/2005-q1/0072.html
Mandrake > MDKSA-2005:031: Perl
http://archives.neohapsis.com/archives/bugtraq/2005-02/0052.html
Mandrake > MDKSA-2005:032-1: cpio
http://archives.neohapsis.com/archives/bugtraq/2005-02/0134.html
Mandrake > MDKSA-2005:033: enscript
http://archives.neohapsis.com/archives/bugtraq/2005-02/0107.html
Mandrake > MDKSA-2005:034: squid
http://archives.neohapsis.com/archives/bugtraq/2005-02/0108.html
Mandrake > MDKSA-2005:035: python
http://archives.neohapsis.com/archives/bugtraq/2005-02/0109.html
Mandrake > MDKSA-2005:036: MySQL
http://archives.neohapsis.com/archives/bugtraq/2005-02/0110.html
SCOSA-2005.9: kernel
http://archives.neohapsis.com/archives/bugtraq/2005-02/0018.html
SuSE > SUSE-SA:2005:006: squid
http://archives.neohapsis.com/archives/vendor/2005-q1/0064.html
Trustix > TSLSA-2005-0003: multiple packages
http://archives.neohapsis.com/archives/bugtraq/2005-02/0104.html
____HP-UX____
SSRT4861: bind
http://archives.neohapsis.com/archives/bugtraq/2005-02/0071.html
SSRT4883: ftpd
http://archives.neohapsis.com/archives/bugtraq/2005-02/0054.html
____SCO____
SCOSA-2005.10: racoon
http://archives.neohapsis.com/archives/bugtraq/2005-02/0024.html
SCOSA-2005.12: foomatic
http://archives.neohapsis.com/archives/bugtraq/2005-02/0031.html
SCOSA-2005.13: disable utility
http://archives.neohapsis.com/archives/bugtraq/2005-02/0035.html
SCOSA-2005.14: kernel
http://archives.neohapsis.com/archives/bugtraq/2005-02/0027.html
____Tru64____
SSRT5895: Mozilla
http://archives.neohapsis.com/archives/bugtraq/2005-02/0016.html
--- Advertisement -----------------------------------------------------
Web Application Worms utilize a known exploit, applies worm
methodology and then leverages the power of the search engines to
accelerate its effectiveness. These attacks mark the beginning
of a new generation of worms targeted at web applications. Are
your web apps vulnerable? Test your app immediately with our
FREE WebInspect 15 day download trial!
--- Sign Off ----------------------------------------------------------
If this e-mail was passed to you, and you would like to begin receiving
our free security e-mail newsletter on a weekly basis, we invite you to
subscribe today by forwarding this message to [subscribe_stwupdate.networkcomputing.com].
Or you can subscribe directly here:
http://www.networkcomputing.com/go/stw.jhtml
To manage all aspects of your subscription and newsletter account,
simply use the URL below. You'll need your e-mail address and
password to log in. If you don't have your password, you can generate
a new one using the same URL. Once logged in, you can change your
e-mail address and password as well as select specific platforms for
which you'd like to receive information on patches and vulnerabilities.
If you have any questions regarding this system, please don't hesitate
to e-mail us at stwnwc.com.
http://stwpref.update.networkcomputing.com/CMP/NWC/prefctr.asp
Put Us On Your White List
Don't let an over-eager e-mail filter bounce the Network Computing
Security Threat Watch newsletter! Our address:
NetworkComputingupdate.networkcomputing.com
needs to be in your address book or on your anti-spam white list. Ask your
admin or ISP how to do this, or check your anti-spam utility documentation.
Important subscription contacts:
CMP Media LLC
600 Community Drive
Manhasset, NY 11030
Missed an issue? You can find all back issues of Security Threat Watch
(as well as Security Alert Consensus and Security Express) online.
http://archives.neohapsis.com/
Note: To better serve you we use dynamic URLs within our advertisments,
which allow us to see how many readers click on a given ad. We do not
share this information, or your personal information, with any outside
party. Concerned about the privacy of your information relative to these
tracking URLs? Please refer to our privacy policy.
http://www.doubleclick.net/us/corporate/privacy
We'd like to know what you think about the newsletter and what
information you'd like to see in future editions. E-mail your comments
to (stwnwc.com).
To unsubscribe from this newsletter, forward this message to
[unsubscribe_stwupdate.networkcomputing.com].
Copyright (c) 2005 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com). Powered by Neohapsis Inc., a
Chicago-based security assessment and integration services consulting
group (infoneohapsis.com | http://www.neohapsis.com/).
This message powered by DARTmail
http://www.doubleclick.net/us/corporate/privacy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]