|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Threat Watch 123
From: Security Threat Watch Newsletter (NetworkComputing
update.networkcomputing.com)
Date: Mon Mar 20 2006 - 13:01:25 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Security Threat Watch
Number 123
Monday, March 20, 2006
Created for you by Network Computing & Neohapsis
This week brought an interesting turn of events with the release of
multiple vulnerabilities within Microsoft Office, each of which is
from a separate, independent security research source. This major,
vendor-coordinated mass release allowed for a timely patch covering
all identified vulnerabilities. However, it may leave many users
concerned with the overall security posture of MS Office. With the
discovery and publication of so many remotely exploitable
vulnerabilities from so many separate sources, it is certainly
reasonable to question Office's status from a security standpoint.
Not to mention, this is not MS Office's first step into the security
spotlight; it has a long history of known vulnerabilities, from buffer
overflows to document-embedded macro-code.
This brings up the age-old security question: Is this application's
functionality worth the risk of potential vulnerabilities? When put
into the context of such a widely deployed piece of software,
considered by many companies to be the standard for office publishing,
this becomes a complicated problem. It is important to remember that,
ultimately, any piece of software has the potential to be vulnerable
and a certain level of risk is assumed with its use. It is when
companies are unaware of this inherent risk, and unprepared to deal
with the potential consequences, that it puts them in jeopardy.
Until next issue,
- The Neohapsis Security Threat Watch Team
--- Advertisement
-----------------------------------------------------
ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step!"
- White Paper The newest web app vulnerability...Blind SQL Injection!
Even if your web application does not return error messages, it may still be
open to a Blind SQL Injection Attack. Blind SQL Injection can deliver total
control of your server to a hacker giving them the ability to read, write and
manipulate all data stored in your backend systems!
Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
--- Network Computing Survey: Datacenter Trends
-----------------------------------------------
We need your help in identifying and quantifying today's datacenter
trends. Your perspective on this topic is important to Network Computing
readers and can influence vendors to provide better products. Please take
five to seven minutes of your valuable time to answer the following questions.
We will keep your answers anonymous and confidential. Thank you for your
participation.
http://www.surveymonkey.com/s.asp?u=954601898383
--- New Vulnerabilities
-----------------------------------------------
Below is a list of new vulnerabilities announced this week.
Vulnerabilities considered to be 'critical' involve highly-deployed
software, or carry a high-risk of system compromise. Note that
vulnerabilities not highlighted may still be of critical severity
to your environment.
**** Highlighted critical vulnerabilities ****
Microsoft Office: multiple remote overflows (MS06-012/905413)
Adobe Macromedia Flash Player 8.022: multiple remote vulnerabilities
**** Newly announced vulnerabilities this week ****
____Windows____
AntiVir Personal Edition Classic 7: local privilege escalation
http://archives.neohapsis.com/archives/bugtraq/2006-02/0778.html
Internet Explorer 6.0.29: remote DoS
http://archives.neohapsis.com/archives/vulnwatch/2006-q1/0082.html
Ipswitch Collaboration Suite 2006.02: remote overflow
http://archives.neohapsis.com/archives/bugtraq/2006-02/0798.html
Microsoft Office: multiple remote overflows (MS06-012/905413)
http://archives.neohapsis.com/archives/microsoft/2006-q1/0005.html
http://archives.neohapsis.com/archives/vulnwatch/2006-q1/0080.html
http://archives.neohapsis.com/archives/bugtraq/2006-02/0815.html
http://archives.neohapsis.com/archives/bugtraq/2006-02/0812.html
http://archives.neohapsis.com/archives/bugtraq/2006-02/0817.html
http://archives.neohapsis.com/archives/bugtraq/2006-02/0820.html
SafeDisc: local privilege escalation
http://archives.neohapsis.com/archives/bugtraq/2006-02/0777.html
Windows XP/2003: local privilege elevation (MS06-011/914798)
http://archives.neohapsis.com/archives/microsoft/2006-q1/0005.html
____Linux____
Dwarf HTTP Server 1.3.2: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-02/0793.html
Firebird DB 1.5.3: multiple local vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-02/0795.html
Linux 2.6.15 kernel: IP zero ID vulnerability
http://archives.neohapsis.com/archives/bugtraq/2006-02/0810.html
____Mac OS____
OS X 10.4.5 Mail.app: remote overflow
http://archives.neohapsis.com/archives/bugtraq/2006-02/0807.html
____CGI____
ASPPortal.net 3.00: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-02/0822.html
BetaParticle Blog 6.0: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2006-02/0901.html
Contrexx 1.0.8: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-02/0899.html
CyBoards PHP Lite 1.25: SQL tampering vulnerability
http://archives.neohapsis.com/archives/bugtraq/2006-02/0811.html
Drupal 4.6.6/4.5.8: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-02/0801.html
http://archives.neohapsis.com/archives/bugtraq/2006-02/0802.html
http://archives.neohapsis.com/archives/bugtraq/2006-02/0803.html
http://archives.neohapsis.com/archives/bugtraq/2006-02/0806.html
Horde 3.09: remote file reading
http://archives.neohapsis.com/archives/bugtraq/2006-02/0824.html
Invision Power Board 2.0.4: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-02/0875.html
Jupiter CMS 1.1.5: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-02/0775.html
Milkeyway 0.1.1: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-02/0850.html
MyBB 1.0.3: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-02/0829.html
MyBB 1.0.4: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-02/0830.html
http://archives.neohapsis.com/archives/bugtraq/2006-02/0831.html
MyBB 1.10: path disclosure
http://archives.neohapsis.com/archives/bugtraq/2006-02/0898.html
NMDeluxe 1.0.0: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-02/0893.html
Oxynews: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2006-02/0892.html
Vegas Forum 1.0: SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2006-02/0788.html
WMNews: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-02/0794.html
Wbb 2.3.4: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-02/0900.html
vCard 2.x: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-02/0773.html
zeroboard 4.1pl7: XSS
http://archives.neohapsis.com/archives/bugtraq/2006-02/0796.html
____Cross-Platform____
Adobe Document and Graphics Server: remote file writing
http://archives.neohapsis.com/archives/vendor/2006-q1/0106.html
http://archives.neohapsis.com/archives/bugtraq/2006-02/0826.html
Adobe Macromedia Flash Player 8.022: multiple remote vulnerabilities
http://archives.neohapsis.com/archives/cc/2006-q1/0011.html
http://archives.neohapsis.com/archives/vendor/2006-q1/0106.html
Backup Exec: remote DoS
http://archives.neohapsis.com/archives/bugtraq/2006-02/0876.html
ENet library: multiple remote vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2006-02/0785.html
unalz 0.53: malicious ALZ file local directory traversal
http://archives.neohapsis.com/archives/bugtraq/2006-02/0792.html
--- Patches and Updates
-----------------------------------------------
The following contains a list of vendor patches and updates released
this week.
____Linux____
Debian > DSA 1000-1: Perl Apache2::Request
http://archives.neohapsis.com/archives/vendor/2006-q1/0103.html
Debian > DSA 1001-1: crossfire
http://archives.neohapsis.com/archives/bugtraq/2006-02/0809.html
Debian > DSA 1002-1: webcalendar
http://archives.neohapsis.com/archives/bugtraq/2006-02/0823.html
Debian > DSA 1003-1: xpvm
http://archives.neohapsis.com/archives/bugtraq/2006-02/0845.html
Debian > DSA 1004-1: vlc
http://archives.neohapsis.com/archives/vendor/2006-q1/0109.html
Debian > DSA 1005-1: xine-lib
http://archives.neohapsis.com/archives/vendor/2006-q1/0110.html
Debian > DSA 1006-1: wzdftpd
http://archives.neohapsis.com/archives/bugtraq/2006-02/0884.html
Debian > DSA 1007-1: drupal
http://archives.neohapsis.com/archives/bugtraq/2006-02/0889.html
Debian > DSA 1008-1: kpdf
http://archives.neohapsis.com/archives/bugtraq/2006-02/0886.html
Debian > DSA 993-2: GnuPG
http://archives.neohapsis.com/archives/vendor/2006-q1/0099.html
Debian > DSA 994-1: freeciv
http://archives.neohapsis.com/archives/vendor/2006-q1/0096.html
Debian > DSA 995-1: metamail
http://archives.neohapsis.com/archives/vendor/2006-q1/0097.html
Debian > DSA 996-1: Perl Crypt::CBC
http://archives.neohapsis.com/archives/vendor/2006-q1/0098.html
Debian > DSA 997-1: bomberclone
http://archives.neohapsis.com/archives/vendor/2006-q1/0100.html
Debian > DSA 998-1: libextractor
http://archives.neohapsis.com/archives/vendor/2006-q1/0101.html
Debian > DSA 999-1: lurker
http://archives.neohapsis.com/archives/vendor/2006-q1/0102.html
Fedora > FLSA-2006:157459-4: kernel
http://archives.neohapsis.com/archives/bugtraq/2006-02/0864.html
Fedora > FLSA-2006:173274: gdk-pixbuf
http://archives.neohapsis.com/archives/bugtraq/2006-02/0890.html
Fedora > FLSA-2006:174479: libungif
http://archives.neohapsis.com/archives/bugtraq/2006-02/0895.html
Fedora > FLSA-2006:175404: xpdf
http://archives.neohapsis.com/archives/bugtraq/2006-02/0868.html
Fedora > FLSA-2006:178606: kdelibs
http://archives.neohapsis.com/archives/bugtraq/2006-02/0859.html
Gentoo > GLSA200603-09: SquirrelMail
http://archives.neohapsis.com/archives/bugtraq/2006-02/0779.html
Gentoo > GLSA200603-10: Cube
http://archives.neohapsis.com/archives/bugtraq/2006-02/0780.html
Gentoo > GLSA200603-11: Freeciv
http://archives.neohapsis.com/archives/bugtraq/2006-02/0843.html
Gentoo > GLSA200603-12: zoo
http://archives.neohapsis.com/archives/bugtraq/2006-02/0844.html
Gentoo > GLSA200603-13: PEAR-Auth
http://archives.neohapsis.com/archives/bugtraq/2006-02/0867.html
Gentoo > GLSA200603-14: Heimdal
http://archives.neohapsis.com/archives/bugtraq/2006-02/0865.html
Gentoo > GLSA200603-15: Perl Crypt::CBC
http://archives.neohapsis.com/archives/bugtraq/2006-02/0871.html
Gentoo > GLSA200603-16: Metamail
http://archives.neohapsis.com/archives/bugtraq/2006-02/0879.html
Mandriva > MDKSA-2006:055: gnupg
http://archives.neohapsis.com/archives/linux/mandrake/2006-q1/0090.html
Ubuntu > USN-262-1: installer
http://archives.neohapsis.com/archives/bugtraq/2006-02/0781.html
Ubuntu > USN-263-1: kernel
http://archives.neohapsis.com/archives/bugtraq/2006-02/0782.html
Ubuntu > USN-264-1: gnupg
http://archives.neohapsis.com/archives/bugtraq/2006-02/0783.html
____HP-UX____
SSRT051128: Apache 1.3.x
http://archives.neohapsis.com/archives/hp/2006-q1/0058.html
--- Advertisement
-----------------------------------------------------
ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step!"
- White Paper The newest web app vulnerability...Blind SQL Injection!
Even if your web application does not return error messages, it may still be
open to a Blind SQL Injection Attack. Blind SQL Injection can deliver total
control of your server to a hacker giving them the ability to read, write and
manipulate all data stored in your backend systems!
Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
--- Sign Off
----------------------------------------------------------
If this e-mail was passed to you, and you would like to begin receiving
our free security e-mail newsletter on a weekly basis, we invite you to
subscribe today by forwarding this message to [subscribe_stwupdate.networkcomputing.com].
Or you can subscribe directly here:
http://www.networkcomputing.com/go/stw.jhtml
To manage all aspects of your subscription and newsletter account,
simply use the URL below. You'll need your e-mail address and
password to log in. If you don't have your password, you can generate
a new one using the same URL. Once logged in, you can change your
e-mail address and password as well as select specific platforms for
which you'd like to receive information on patches and vulnerabilities.
If you have any questions regarding this system, please don't hesitate
to e-mail us at stwnwc.com.
http://stwpref.update.networkcomputing.com/CMP/NWC/prefctr.asp
Put Us On Your White List
Don't let an over-eager e-mail filter bounce the Network Computing
Security Threat Watch newsletter! Our address:
NetworkComputingupdate.networkcomputing.com
needs to be in your address book or on your anti-spam white list. Ask your
admin or ISP how to do this, or check your anti-spam utility documentation.
Important subscription contacts:
CMP Media LLC
600 Community Drive
Manhasset, NY 11030
Unsubscribe to Network Computing's newsletters.
http://www.networkcomputing.com/newsletters/unsubscribe.html
Sign up for your own issue of this newsletter.
http://www.networkcomputing.com/newsletters/subscriptions.html
Subscribe to Network Computing's newsletters.
http://www.networkcomputing.com/newsletters/subscriptions.html
Still not receiving your own FREE subscription to Network Computing
magazine?
http://networkcomputingsubscriptions.com/customerservice/
ADDITIONAL SUBSCRIPTION CONTACT:
Please send an e-mail message to mailto:newsletterscmp.com if you need
assistance changing your e-mail address, unsubscribing from this
newsletter, or require additional assistance with your subscription.
Please be sure to include the name of this newsletter in your message.
Missed an issue? You can find all back issues of Security Threat Watch
(as well as Security Alert Consensus and Security Express) online.
http://archives.neohapsis.com/
Note: To better serve you we use dynamic URLs within our advertisments,
which allow us to see how many readers click on a given ad. We do not
share this information, or your personal information, with any outside
party. Concerned about the privacy of your information relative to these
tracking URLs? Please refer to our privacy policy.
http://www.doubleclick.net/us/corporate/privacy
We'd like to know what you think about the newsletter and what
information you'd like to see in future editions. E-mail your comments
to (stwnwc.com).
To unsubscribe from this newsletter, forward this message to
[unsubscribe_stwupdate.networkcomputing.com].
Copyright (c) 2006 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com). Powered by Neohapsis Inc., a
Chicago-based security assessment and integration services consulting
group (infoneohapsis.com | http://www.neohapsis.com/).
This message powered by DARTmail
http://www.doubleclick.net/us/corporate/privacy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]