Subject: [Fwd: Security Threat Watch 006]
From: Matthew Dunaway (fert@eagle.ptialaska.net)
Date: Mon Dec 01 2003 - 15:35:46 AKST
Security Threat Watch
Number 006
Monday, December 1, 2003
Created for you by Network Computing & Neohapsis
--- Security News ----------------------------------------------
An avid security researcher released a large number of Internet Explorer
vulnerabilities and exploits this past week. None of the vulnerabilities
currently has a suitable patch, except to entirely disable active
scripting. This rash of new IE vulnerabilities has led to many
discussions about the consistent liability IE poses and the use of
alternative Web browsers (Netscape, Opera, Mozilla, etc). One of the
largest roadblocks preventing browser migration is the proliferation of
"IE-only" Web sites, which require the use of Internet Explorer because
their designers--for whatever reason--didn't embrace the concept of a
cross-platform and universally accessible Web site. The overabundance of
JavaScript-required Web sites also makes the task of establishing
security zones largely moot; many sites require the enabling of JavaScript
for even basic functionality. What's the point of offering the capability
of different security zones if everyone inevitably needs
active scripting enabled? Obviously, we've got some challenges ahead of
us; the current state of affairs is clearly getting worse.
Until next week,
- The Neohapsis Security Threat Watch Team
--- Advertisement -----------------------------------------------------
This issue sponsored by VeriSign, inviting you to read our paper
on how VeriSign's Security Intelligence and Control(SM) Services let
you focus on business initiatives, like record up-time and global
VPNs, while VeriSign's experience helps you monitor and manage
your security infrastructure.
http://update.networkcomputing.com/cgi-bin4/DM/y/ed7w0FOrpb0FYk0CCSz0Ax
--- New Vulnerabilities -----------------------------------------------
Below is a list of new vulnerabilities announced this week.
Vulnerabilities considered to be 'critical' involve highly-deployed
software, or carry a high-risk of system compromise. Note that
vulnerabilities not highlighted may still be of critical severity
to your environment.
**** Highlighted critical vulnerabilities ****
Applied Watch IDS <1.4.5: admin authentication not required to add users/rules
BIND 8.3.7, 8.4.3: negative cache poision fix
OpenCA 0.9.1.3: incorrect signature verification
Stunnel: file descriptor leak allows local service hijacking
**** Newly announced vulnerabilities this week ****
____Windows____
Eudora 6.0.1: bypass of LaunchProtect/auto-execution of e-mail attachments
http://archives.neohapsis.com/archives/bugtraq/2003-11/0296.html
IE 6.x: MHTML download/auto-execution
http://archives.neohapsis.com/archives/bugtraq/2003-11/0307.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0315.html
IE 6.x: cache location can be divulged/recovered
http://archives.neohapsis.com/archives/bugtraq/2003-11/0298.html
IE 6.x: cross-frame JavaScripting via subframe
http://archives.neohapsis.com/archives/bugtraq/2003-11/0297.html
IE 6.x: invalid content-type header JavaScript cache execution
http://archives.neohapsis.com/archives/bugtraq/2003-11/0309.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0302.html
IE 6.x: window.moveBy JavaScript attack
http://archives.neohapsis.com/archives/bugtraq/2003-11/0305.html
MSN messenger 6.0.0602: file transfer may leak user's IP address
http://archives.neohapsis.com/archives/bugtraq/2003-11/0250.html
____BSD____
OpenBSD kernel: uvm_vslock() and semop() local DoS
http://archives.neohapsis.com/archives/openbsd/2003-11/1645.html
____IRIX____
rpc.mountd: DoS, connections from unprivileged ports
http://archives.neohapsis.com/archives/vendor/2003-q4/0022.html
____Network Devices____
ProCurve 5300 series: RPC worms cause DoS (SSRT3647)
http://archives.neohapsis.com/archives/hp/2003-q4/0053.html
Speedtouch 510: network scan/probe causes reboot
http://archives.neohapsis.com/archives/bugtraq/2003-11/0310.html
Thomnson TCM315 cable modem: large HTTP request DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0265.html
____CGI____
CommerceSQL: remote file reading via page URL parameter
http://archives.neohapsis.com/archives/bugtraq/2003-11/0263.html
My_eGallery 3.1.1: arbitrary command execution
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0050.html
PieterPost 0.10.6: arbitrary account access
http://archives.neohapsis.com/archives/bugtraq/2003-11/0345.html
RNN's Guestbook 1.2: admin authentication bypass
http://archives.neohapsis.com/archives/bugtraq/2003-11/0324.html
phpBB 2.06: search.php SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2003-11/0327.html
vbPortal 2.0: friend.php anonymous e-mail/spamming
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0048.html
____Cross-Platform____
Applied Watch IDS <1.4.5: admin auth not required to add users/rules
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0052.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0335.html
BIND 8.3.7, 8.4.3: negative cache poision fix
http://archives.neohapsis.com/archives/bind/2003/0026.html
http://archives.neohapsis.com/archives/bind/2003/0027.html
FreeRADIUS 0.9.2: tunnel password attribute DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0251.html
FreeRADIUS 0.9.3: rlm_smb module user-password attribute overflow
http://archives.neohapsis.com/archives/bugtraq/2003-11/0314.html
GnuPG: ElGamal signing keys recoverable
http://archives.neohapsis.com/archives/bugtraq/2003-11/0323.html
Monit 4.1: long method overflow and DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0267.html
OpenCA 0.9.1.3: incorrect signature verification
http://archives.neohapsis.com/archives/bugtraq/2003-11/0332.html
PrimeBase SQL server 4.2: DB admin password local recovery
http://archives.neohapsis.com/archives/bugtraq/2003-11/0252.html
Stunnel: file descriptor leak allows local service hijacking
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0197.html
mod_python: malformed query string DoS
http://archives.neohapsis.com/archives/apache/2003/0009.html
screen: w_NumArgs signed integer overflow allows local code execution
http://archives.neohapsis.com/archives/bugtraq/2003-11/0322.html
--- Patches and Updates -----------------------------------------------
The following contains a list of vendor patches and updates released
this week.
____Windows____
Follow up to Exchange 2003 OWA authentication bypass
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0228.html
____Linux____
EnGarde > ESA-20031126-031: bind
http://archives.neohapsis.com/archives/linux/engarde/2003-q4/0004.html
Immunix > IMNX-2003-7+-024-01: bind
http://archives.neohapsis.com/archives/bugtraq/2003-11/0321.html
Mandrake > MDKSA-2003:108: stunnel
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0197.html
Mandrake > MDKSA-2003:109: gnupg
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0206.html
Red Hat > RHSA-2003:286-01: XFree86
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0020.html
Red Hat > RHSA-2003:287-01: XFree86
http://archives.neohapsis.com/archives/bugtraq/2003-11/0299.html
Red Hat > RHSA-2003:296-01: stunnel
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0018.html
Red Hat > RHSA-2003:311-01: Pan
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0019.html
Red Hat > RHSA-2003:316-01: iproute
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0017.html
Red Hat > RHSA-2003:342-01: EPIC
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0016.html
SGI > ProPack v2.3 security update
http://archives.neohapsis.com/archives/vendor/2003-q4/0024.html
SuSE > SuSE-SA:2003:047: bind
http://archives.neohapsis.com/archives/vendor/2003-q4/0025.html
Trustix > TSLSA-2003-0044: bind
http://archives.neohapsis.com/archives/bugtraq/2003-11/0341.html
Trustix > TSLSA-2003-0045: stunnel
http://archives.neohapsis.com/archives/bugtraq/2003-11/0338.html
____BSD____
FreeBSD > FreeBSD-SA-03:19: bind
http://archives.neohapsis.com/archives/bugtraq/2003-11/0344.html
____HP-UX____
SSRT3670: OpenSSH
http://archives.neohapsis.com/archives/hp/2003-q4/0052.html
--- Advertisement -----------------------------------------------------
This issue sponsored by VeriSign, inviting you to read our paper
on how VeriSign's Security Intelligence and Control(SM) Services let
you focus on business initiatives, like record up-time and global
VPNs, while VeriSign's experience helps you monitor and manage
your security infrastructure.
http://update.networkcomputing.com/cgi-bin4/DM/y/ed7w0FOrpb0FYk0CCSz0Ax
--- Sign Off ----------------------------------------------------------
If this e-mail was passed to you, and you would like to begin receiving
our free security e-mail newsletter on a weekly basis, we invite you to
subscribe today by forwarding this message to [sub_stw@update.networkcomputing.com].
Or you can subscribe directly here:
http://www.networkcomputing.com/go/stw.jhtml
To manage all aspects of your subscription and newsletter account,
simply use the URL below. You'll need your e-mail address and
password to log in. If you don't have your password, you can generate
a new one using the same URL. Once logged in, you can change your
e-mail address and password as well as select specific platforms for
which you'd like to receive information on patches and vulnerabilities.
If you have any questions regarding this system, please don't hesitate
to e-mail us at stw@nwc.com.
http://stwpref.update.networkcomputing.com/CMP/NWC/prefctr.asp
Missed an issue? You can find all back issues of Security Threat Watch
(as well as Security Alert Consensus and Security Express) online.
http://archives.neohapsis.com/
Note: To better serve you we use dynamic URLs within our advertisments,
which allow us to see how many readers click on a given ad. We do not
share this information, or your personal information, with any outside
party. Concerned about the privacy of your information relative to these
tracking URLs? Please refer to our privacy policy.
http://www.doubleclick.net/us/corporate/privacy
We'd like to know what you think about the newsletter and what
information you'd like to see in future editions. E-mail your comments
to (stw@nwc.com).
To unsubscribe from this newsletter, forward this message to
[unsub_stw@update.networkcomputing.com].
Copyright (c) 2003 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com). Powered by Neohapsis Inc., a
Chicago-based security assessment and integration services consulting
group (info@neohapsis.com | http://www.neohapsis.com/).
This message powered by DARTmail
http://www.doubleclick.net/us/corporate/privacy
.
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Mon Dec 01 2003 - 16:34:24 AKST