NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Security Threat Watch> 2005

Security Threat Watch 099

From: Security Threat Watch Newsletter (NetworkComputingupdate.networkcomputing.com)
Date: Mon Sep 26 2005 - 13:02:00 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Security Threat Watch
    Number 099
    Monday, September 26, 2005
    Created for you by Network Computing & Neohapsis

Kenneth Belva released an interesting paper last week entitled "How
It's Difficult to Ruin a Good Name: An Analysis of Reputational Risk."
In it, he looks at the short- and long-term effects on several U.S.
companies that had publicized security breaches. The paper
announcement can be found at:
http://archives.neohapsis.com/archives/bugtraq/2005-09/0250.html

The most notable vulnerability this week involves a bug in webmin and
usermin that allows a remote attacker to bypass PAM system
authentication and/or execute arbitrary remote commands. You can read
more in this issue under the Cross-Platform category.

Until next issue,
- The Neohapsis Security Threat Watch Team

--- Advertisement
-----------------------------------------------------

Join InformationWeek for a FREE, live Editorial Perspectives TechWebCast:
The Strategic Advantage of a Holistic Approach to Enterprise Governance
Join industry experts to learn where and how business and IT governance,
security, risk management and compliance intersect and how to leverage
this knowledge to increase efficiency. We'll examine how to reduce costs
while expanding and improving governance initiatives and how to extract
the maximum business value from a holistic view of IT and business governance .
Register today! Monday, October 19, 2005
- 11:00 AM -12:00 PM PT / 2:00-3:00 PM ET

--- Security Pipeline
-----------------------------------------------

The Payoff: Law Firm Enforces OS Patching
By automating patch management, Chicago's Sonnenschein Nath and Rosenthal
ensured user compliance and started saving $60K a year in labor costs.
http://nwc.securitypipeline.com/169400389

--- New Vulnerabilities
-----------------------------------------------

Below is a list of new vulnerabilities announced this week.
Vulnerabilities considered to be 'critical' involve highly-deployed
software, or carry a high-risk of system compromise. Note that
vulnerabilities not highlighted may still be of critical severity
to your environment.

**** Highlighted critical vulnerabilities ****

Webmin/Usermin: PAM authentication bypass, remote command execution

**** Newly announced vulnerabilities this week ****

____Windows____

7-Zip 4.23: malicious ARJ archive overflow
http://archives.neohapsis.com/archives/bugtraq/2005-09/0280.html

Acer Travelmate Platinum Secure: smartcard authentication bypass
http://archives.neohapsis.com/archives/bugtraq/2005-09/0268.html

Antigen for Exchange 8.0sr2: attachment filter bypass
http://archives.neohapsis.com/archives/bugtraq/2005-09/0215.html

PowerArchiver: malicious ACE/ARJ archive overflow
http://archives.neohapsis.com/archives/bugtraq/2005-09/0276.html

____CGI____

Alstrasoft Epay Pro 2.0: remote file reading
http://archives.neohapsis.com/archives/bugtraq/2005-09/0219.html

CuteNews 1.4.0: remote script execution
http://archives.neohapsis.com/archives/bugtraq/2005-09/0212.html

Hesk 0.93: admin authentication bypass
http://archives.neohapsis.com/archives/bugtraq/2005-09/0243.html

Mantis 0.19.2: XSS, SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2005-09/0293.html

My Little Forum 1.5: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2005-09/0271.html

PhpMyFAQ 1.5.1: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2005-09/0282.html

jPortal 2.3.1: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2005-09/0277.html

vBulletin 3.0.8: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html

____Cross-Platform____

Bacula 1.36.3: insecure temp file handling
http://archives.neohapsis.com/archives/bugtraq/2005-09/0240.html

MailGust 1.9: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2005-09/0285.html

Mailutils imap4d: remote format string overflow
http://archives.neohapsis.com/archives/bugtraq/2005-09/0211.html

Opera Mail Client 8.0.2: malicious attachment script execution
http://archives.neohapsis.com/archives/bugtraq/2005-09/0242.html

Py2Play: remote script execution
http://archives.neohapsis.com/archives/bugtraq/2005-09/0229.html

Webmin/Usermin: PAM authentication bypass, remote command execution
http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html

--- Patches and Updates
-----------------------------------------------

The following contains a list of vendor patches and updates released
this week.

____Linux____

Debian > DSA 816-1: XFree86
http://archives.neohapsis.com/archives/vendor/2005-q3/0115.html

Debian > DSA 817-1: python2.2
http://archives.neohapsis.com/archives/vendor/2005-q3/0114.html

Debian > DSA 818-1: kdeedu
http://archives.neohapsis.com/archives/vendor/2005-q3/0116.html

Debian > DSA 819-1: python2.1
http://archives.neohapsis.com/archives/vendor/2005-q3/0117.html

Debian > DSA 820-1: courier
http://archives.neohapsis.com/archives/vendor/2005-q3/0118.html

Mandriva > MDKSA-2005:138-1: cups
http://archives.neohapsis.com/archives/linux/mandrake/2005-q3/0165.html

Mandriva > MDKSA-2005:165: cups
http://archives.neohapsis.com/archives/linux/mandrake/2005-q3/0166.html

Mandriva > MDKSA-2005:166: clamv
http://archives.neohapsis.com/archives/linux/mandrake/2005-q3/0167.html

Mandriva > MDKSA-2005:167: util-linux
http://archives.neohapsis.com/archives/linux/mandrake/2005-q3/0168.html

Mandriva > MDKSA-2005:168: masqmail
http://archives.neohapsis.com/archives/linux/mandrake/2005-q3/0169.html

Trustix > TSLSA-2005-0051: clamav
http://archives.neohapsis.com/archives/bugtraq/2005-09/0278.html

____SCO____

SCOSA-2005.34 > LibTIFF
http://archives.neohapsis.com/archives/bugtraq/2005-09/0259.html

SCOSA-2005.38 > ICMP DoS
http://archives.neohapsis.com/archives/bugtraq/2005-09/0265.html

____Tru64____

SSRT5971 > ftpd
http://archives.neohapsis.com/archives/bugtraq/2005-09/0237.html

SSRT5988 > libXpm
http://archives.neohapsis.com/archives/bugtraq/2005-09/0262.html

____Other Platforms____

OpenVMS > SSRT5999: Mozilla
http://archives.neohapsis.com/archives/bugtraq/2005-09/0236.html

--- Advertisement
-----------------------------------------------------

--- Sign Off
----------------------------------------------------------

If this e-mail was passed to you, and you would like to begin receiving
our free security e-mail newsletter on a weekly basis, we invite you to
subscribe today by forwarding this message to [subscribe_stwupdate.networkcomputing.com].
Or you can subscribe directly here:
http://www.networkcomputing.com/go/stw.jhtml

To manage all aspects of your subscription and newsletter account,
simply use the URL below. You'll need your e-mail address and
password to log in. If you don't have your password, you can generate
a new one using the same URL. Once logged in, you can change your
e-mail address and password as well as select specific platforms for
which you'd like to receive information on patches and vulnerabilities.
If you have any questions regarding this system, please don't hesitate
to e-mail us at stwnwc.com.
http://stwpref.update.networkcomputing.com/CMP/NWC/prefctr.asp

Put Us On Your White List
Don't let an over-eager e-mail filter bounce the Network Computing
Security Threat Watch newsletter! Our address:

NetworkComputingupdate.networkcomputing.com

needs to be in your address book or on your anti-spam white list. Ask your
admin or ISP how to do this, or check your anti-spam utility documentation.

Important subscription contacts:
CMP Media LLC
600 Community Drive
Manhasset, NY 11030

Unsubscribe to Network Computing's newsletters.
http://www.networkcomputing.com/newsletters/unsubscribe.html

Subscribe to Network Computing's newsletters.
http://www.networkcomputing.com/newsletters/subscriptions.html

Still not receiving your own FREE subscription to Network Computing
magazine?
http://networkcomputingsubscriptions.com/customerservice/

ADDITIONAL SUBSCRIPTION CONTACT:
Please send an e-mail message to mailto:newsletterscmp.com if you need
assistance changing your e-mail address, unsubscribing from this
newsletter, or require additional assistance with your subscription.
Please be sure to include the name of this newsletter in your message.

Missed an issue? You can find all back issues of Security Threat Watch
(as well as Security Alert Consensus and Security Express) online.
http://archives.neohapsis.com/

Note: To better serve you we use dynamic URLs within our advertisments,
which allow us to see how many readers click on a given ad. We do not
share this information, or your personal information, with any outside
party. Concerned about the privacy of your information relative to these
tracking URLs? Please refer to our privacy policy.
http://www.doubleclick.net/us/corporate/privacy

We'd like to know what you think about the newsletter and what
information you'd like to see in future editions. E-mail your comments
to (stwnwc.com).

To unsubscribe from this newsletter, forward this message to
[unsubscribe_stwupdate.networkcomputing.com].

Copyright (c) 2005 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com). Powered by Neohapsis Inc., a
Chicago-based security assessment and integration services consulting
group (infoneohapsis.com | http://www.neohapsis.com/).

This message powered by DARTmail
http://www.doubleclick.net/us/corporate/privacy

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]