[Fwd: Security Threat Watch 006]

Subject: [Fwd: Security Threat Watch 006]
From: Matthew Dunaway (fert@eagle.ptialaska.net)
Date: Mon Dec 01 2003 - 15:35:46 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Greg Madden: "[Fwd: Local Linux training?]"
• Previous message: Steve Stich: "Local Linux training?"

Security Threat Watch
        Number 006
        Monday, December 1, 2003
        Created for you by Network Computing & Neohapsis

--- Security News ----------------------------------------------

An avid security researcher released a large number of Internet Explorer
vulnerabilities and exploits this past week. None of the vulnerabilities
currently has a suitable patch, except to entirely disable active
scripting. This rash of new IE vulnerabilities has led to many
discussions about the consistent liability IE poses and the use of
alternative Web browsers (Netscape, Opera, Mozilla, etc). One of the
largest roadblocks preventing browser migration is the proliferation of
"IE-only" Web sites, which require the use of Internet Explorer because
their designers--for whatever reason--didn't embrace the concept of a
cross-platform and universally accessible Web site. The overabundance of
JavaScript-required Web sites also makes the task of establishing
security zones largely moot; many sites require the enabling of JavaScript
for even basic functionality. What's the point of offering the capability
of different security zones if everyone inevitably needs
active scripting enabled? Obviously, we've got some challenges ahead of
us; the current state of affairs is clearly getting worse.

Until next week,
- The Neohapsis Security Threat Watch Team

--- Advertisement -----------------------------------------------------

This issue sponsored by VeriSign, inviting you to read our paper
on how VeriSign's Security Intelligence and Control(SM) Services let
you focus on business initiatives, like record up-time and global
VPNs, while VeriSign's experience helps you monitor and manage
your security infrastructure.
http://update.networkcomputing.com/cgi-bin4/DM/y/ed7w0FOrpb0FYk0CCSz0Ax

--- New Vulnerabilities -----------------------------------------------

Below is a list of new vulnerabilities announced this week.
Vulnerabilities considered to be 'critical' involve highly-deployed
software, or carry a high-risk of system compromise. Note that
vulnerabilities not highlighted may still be of critical severity
to your environment.

**** Highlighted critical vulnerabilities ****

Applied Watch IDS <1.4.5: admin authentication not required to add users/rules
BIND 8.3.7, 8.4.3: negative cache poision fix
OpenCA 0.9.1.3: incorrect signature verification
Stunnel: file descriptor leak allows local service hijacking

**** Newly announced vulnerabilities this week ****

____Windows____

Eudora 6.0.1: bypass of LaunchProtect/auto-execution of e-mail attachments
http://archives.neohapsis.com/archives/bugtraq/2003-11/0296.html

IE 6.x: MHTML download/auto-execution
http://archives.neohapsis.com/archives/bugtraq/2003-11/0307.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0315.html

IE 6.x: cache location can be divulged/recovered
http://archives.neohapsis.com/archives/bugtraq/2003-11/0298.html

IE 6.x: cross-frame JavaScripting via subframe
http://archives.neohapsis.com/archives/bugtraq/2003-11/0297.html

IE 6.x: invalid content-type header JavaScript cache execution
http://archives.neohapsis.com/archives/bugtraq/2003-11/0309.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0302.html

IE 6.x: window.moveBy JavaScript attack
http://archives.neohapsis.com/archives/bugtraq/2003-11/0305.html

MSN messenger 6.0.0602: file transfer may leak user's IP address
http://archives.neohapsis.com/archives/bugtraq/2003-11/0250.html

____BSD____

OpenBSD kernel: uvm_vslock() and semop() local DoS
http://archives.neohapsis.com/archives/openbsd/2003-11/1645.html

____IRIX____

rpc.mountd: DoS, connections from unprivileged ports
http://archives.neohapsis.com/archives/vendor/2003-q4/0022.html

____Network Devices____

ProCurve 5300 series: RPC worms cause DoS (SSRT3647)
http://archives.neohapsis.com/archives/hp/2003-q4/0053.html

Speedtouch 510: network scan/probe causes reboot
http://archives.neohapsis.com/archives/bugtraq/2003-11/0310.html

Thomnson TCM315 cable modem: large HTTP request DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0265.html

____CGI____

CommerceSQL: remote file reading via page URL parameter
http://archives.neohapsis.com/archives/bugtraq/2003-11/0263.html

My_eGallery 3.1.1: arbitrary command execution
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0050.html

PieterPost 0.10.6: arbitrary account access
http://archives.neohapsis.com/archives/bugtraq/2003-11/0345.html

RNN's Guestbook 1.2: admin authentication bypass
http://archives.neohapsis.com/archives/bugtraq/2003-11/0324.html

phpBB 2.06: search.php SQL tampering
http://archives.neohapsis.com/archives/bugtraq/2003-11/0327.html

vbPortal 2.0: friend.php anonymous e-mail/spamming
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0048.html

____Cross-Platform____

Applied Watch IDS <1.4.5: admin auth not required to add users/rules
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0052.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0335.html

BIND 8.3.7, 8.4.3: negative cache poision fix
http://archives.neohapsis.com/archives/bind/2003/0026.html
http://archives.neohapsis.com/archives/bind/2003/0027.html

FreeRADIUS 0.9.2: tunnel password attribute DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0251.html

FreeRADIUS 0.9.3: rlm_smb module user-password attribute overflow
http://archives.neohapsis.com/archives/bugtraq/2003-11/0314.html

GnuPG: ElGamal signing keys recoverable
http://archives.neohapsis.com/archives/bugtraq/2003-11/0323.html

Monit 4.1: long method overflow and DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0267.html

OpenCA 0.9.1.3: incorrect signature verification
http://archives.neohapsis.com/archives/bugtraq/2003-11/0332.html

PrimeBase SQL server 4.2: DB admin password local recovery
http://archives.neohapsis.com/archives/bugtraq/2003-11/0252.html

Stunnel: file descriptor leak allows local service hijacking
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0197.html

mod_python: malformed query string DoS
http://archives.neohapsis.com/archives/apache/2003/0009.html

screen: w_NumArgs signed integer overflow allows local code execution
http://archives.neohapsis.com/archives/bugtraq/2003-11/0322.html

--- Patches and Updates -----------------------------------------------

The following contains a list of vendor patches and updates released
this week.

____Windows____

Follow up to Exchange 2003 OWA authentication bypass
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0228.html

____Linux____

EnGarde > ESA-20031126-031: bind
http://archives.neohapsis.com/archives/linux/engarde/2003-q4/0004.html

Immunix > IMNX-2003-7+-024-01: bind
http://archives.neohapsis.com/archives/bugtraq/2003-11/0321.html

Mandrake > MDKSA-2003:108: stunnel
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0197.html

Mandrake > MDKSA-2003:109: gnupg
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0206.html

Red Hat > RHSA-2003:286-01: XFree86
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0020.html

Red Hat > RHSA-2003:287-01: XFree86
http://archives.neohapsis.com/archives/bugtraq/2003-11/0299.html

Red Hat > RHSA-2003:296-01: stunnel
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0018.html

Red Hat > RHSA-2003:311-01: Pan
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0019.html

Red Hat > RHSA-2003:316-01: iproute
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0017.html

Red Hat > RHSA-2003:342-01: EPIC
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0016.html

SGI > ProPack v2.3 security update
http://archives.neohapsis.com/archives/vendor/2003-q4/0024.html

SuSE > SuSE-SA:2003:047: bind
http://archives.neohapsis.com/archives/vendor/2003-q4/0025.html

Trustix > TSLSA-2003-0044: bind
http://archives.neohapsis.com/archives/bugtraq/2003-11/0341.html

Trustix > TSLSA-2003-0045: stunnel
http://archives.neohapsis.com/archives/bugtraq/2003-11/0338.html

____BSD____

FreeBSD > FreeBSD-SA-03:19: bind
http://archives.neohapsis.com/archives/bugtraq/2003-11/0344.html

____HP-UX____

SSRT3670: OpenSSH
http://archives.neohapsis.com/archives/hp/2003-q4/0052.html

--- Advertisement -----------------------------------------------------

This issue sponsored by VeriSign, inviting you to read our paper
on how VeriSign's Security Intelligence and Control(SM) Services let
you focus on business initiatives, like record up-time and global
VPNs, while VeriSign's experience helps you monitor and manage
your security infrastructure.
http://update.networkcomputing.com/cgi-bin4/DM/y/ed7w0FOrpb0FYk0CCSz0Ax

--- Sign Off ----------------------------------------------------------

If this e-mail was passed to you, and you would like to begin receiving
our free security e-mail newsletter on a weekly basis, we invite you to
subscribe today by forwarding this message to [sub_stw@update.networkcomputing.com].
Or you can subscribe directly here:
http://www.networkcomputing.com/go/stw.jhtml

To manage all aspects of your subscription and newsletter account,
simply use the URL below. You'll need your e-mail address and
password to log in. If you don't have your password, you can generate
a new one using the same URL. Once logged in, you can change your
e-mail address and password as well as select specific platforms for
which you'd like to receive information on patches and vulnerabilities.
If you have any questions regarding this system, please don't hesitate
to e-mail us at stw@nwc.com.
http://stwpref.update.networkcomputing.com/CMP/NWC/prefctr.asp

Missed an issue? You can find all back issues of Security Threat Watch
(as well as Security Alert Consensus and Security Express) online.
http://archives.neohapsis.com/

Note: To better serve you we use dynamic URLs within our advertisments,
which allow us to see how many readers click on a given ad. We do not
share this information, or your personal information, with any outside
party. Concerned about the privacy of your information relative to these
tracking URLs? Please refer to our privacy policy.
http://www.doubleclick.net/us/corporate/privacy

We'd like to know what you think about the newsletter and what
information you'd like to see in future editions. E-mail your comments
to (stw@nwc.com).

To unsubscribe from this newsletter, forward this message to
[unsub_stw@update.networkcomputing.com].

Copyright (c) 2003 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com). Powered by Neohapsis Inc., a
Chicago-based security assessment and integration services consulting
group (info@neohapsis.com | http://www.neohapsis.com/).

This message powered by DARTmail
http://www.doubleclick.net/us/corporate/privacy

.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Greg Madden: "[Fwd: Local Linux training?]"
• Previous message: Steve Stich: "Local Linux training?"

This archive was generated by hypermail 2a23 : Mon Dec 01 2003 - 16:34:24 AKST