Subject: [Fwd: Security Threat Watch 007]
From: Matthew Dunaway (fert@eagle.ptialaska.net)
Date: Mon Dec 08 2003 - 11:55:00 AKST
-------- Original Message --------
Subject: Security Threat Watch 007
Date: Mon, 08 Dec 2003 14:25:11 -0500 (EST)
From: Security Threat Watch <stw@update.networkcomputing.com>
To: fert@eagle.ptialaska.net
Security Threat Watch
Number 007
Monday, December 8, 2003
Created for you by Network Computing & Neohapsis
--- Security News ----------------------------------------------
The outcry to quash vulnerability reports and proof-of-concept exploits
has grown of late. The reasoning behind this is understandable.
Providing vulnerability details to the public inevitably provides
details to the attackers, thereby allowing them to create exploits and
compromise servers faster.
While everyone argues over the amount of time between vulnerability
publication and exploitation, they often forget that exploits can, and
indeed do, come before public announcement. The past few weeks are a
perfect example. A new, yet to be made public bug in rsync compromised
Debian and Gentoo distribution servers. Another bug in the Linux kernel
elevated privileges to root. The rsync bug was unknown and the Linux
kernel bug was disclosed only recently, which leads us to believe the
attacker already had had an exploit for a while. Both compromises
happened around November 21, and public disclosure of the
vulnerabilities--along with patches--didn't surface until December 4.
That is essentially two unknown exploits, one allowing a remote
compromise and another allowing a local privilege elevation, in the wild
and being used against selected targets long before any public
disclosure was made (at least two weeks).
Rather than spend significant resources trying to slow the dissemination
of vulnerability information, we should focus those resources on the two
areas that matter most: faster patch responses and preventing
vulnerabilities in the first place. Only then will we really stand a
chance of turning the tide of what increasingly has become a tiring
battle.
Until next week,
- The Neohapsis Security Threat Watch Team
--- Advertisement -----------------------------------------------------
This issue sponsored by VeriSign, inviting you to watch our demo
on how VeriSign's Intelligence and ControlSM Services let
you focus on business initiatives, like record up-time and global
VPNs, while VeriSign's experience helps you monitor and manage
your security infrastructure.
http://update.networkcomputing.com/cgi-bin4/DM/y/eeGM0FOrpb0FYk0CFsC0AE
--- New Vulnerabilities -----------------------------------------------
Below is a list of new vulnerabilities announced this week.
Vulnerabilities considered to be 'critical' involve highly-deployed
software, or carry a high-risk of system compromise. Note that
vulnerabilities not highlighted may still be of critical severity
to your environment.
**** Highlighted critical vulnerabilities ****
Linux 2.4.x kernel: do_brk() kernel memory reading
rsync 2.5.6: server daemon unspecified remote heap overflow
**** Newly announced vulnerabilities this week ****
____Windows____
IBM Directory Server 4.1: Web admin ldacgi.exe XSS vulnerability
http://archives.neohapsis.com/archives/bugtraq/2003-12/0015.html
Websense 5.1: blocked site URL XSS
http://archives.neohapsis.com/archives/bugtraq/2003-12/0031.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0099.html
Yahoo Instant Messenger 5.6.0.1347: YAUTO.DLL open() overflow
http://archives.neohapsis.com/archives/bugtraq/2003-12/0030.html
Yahoo Messenger 5.6: ymsgr handler arbitrary script injection
http://archives.neohapsis.com/archives/bugtraq/2003-12/0088.html
eZphotoshare: remote overflow in the handling of data to port 10101
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0057.html
____Linux____
Linux 2.4.x kernel: do_brk() kernel memory reading
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0054.html
____HP-UX____
shar: insecure temp file handling
http://archives.neohapsis.com/archives/hp/2003-q4/0060.html
____Tru64____
CDE libdthelp.so local privilege elevation and DoS (SSRT3657)
http://archives.neohapsis.com/archives/compaq/2003-q4/0012.html
____MacOS____
Appleshare IP FTP server 6.3.1: RMD command DoS
http://archives.neohapsis.com/archives/bugtraq/2003-12/0082.html
____Network Devices____
Cisco wireless APs: SNMP trap reveals WEP key
http://archives.neohapsis.com/archives/bugtraq/2003-12/0017.html
Linksys WRT54G: admin Web server blank request DoS
http://archives.neohapsis.com/archives/bugtraq/2003-12/0043.html
____CGI____
Alan Ward Acart: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2003-12/0046.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0047.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0050.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0060.html
Cutenews 1.3: debug/phpinfo() information disclosure
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0053.html
Jason Maloney's Guestbook: various XSS vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2003-12/0085.html
Virtual Programming VP-ASP 5.0: SQL tampering and XSS vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2003-11/0353.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0080.html
Xoops 2.0.5: banners.php SQL tampering
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0061.html
____Cross-Platform____
GnuPG 1.2.3, 1.3.3: external HKP format string vulnerability
http://archives.neohapsis.com/archives/bugtraq/2003-12/0026.html
Mathopd 1.5b13: prepare_reply() remote overflow
http://archives.neohapsis.com/archives/bugtraq/2003-12/0076.html
PLDaniels Ebola: handle_PASS() remote overflow
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0059.html
Surfboard Web server 1.1.8: Web root escaping and DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0351.html
XBoard <4.2.7: pxboard insecure local temp file handling
http://archives.neohapsis.com/archives/bugtraq/2003-12/0033.html
rsync 2.5.6: server daemon unspecified remote heap overflow
http://archives.neohapsis.com/archives/bugtraq/2003-12/0052.html
--- Patches and Updates -----------------------------------------------
The following contains a list of vendor patches and updates released
this week.
____Linux____
Conectiva > CLA-2003:796: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0090.html
Debian > DSA 404-1: rsync
http://archives.neohapsis.com/archives/vendor/2003-q4/0030.html
Debian > DSA-403-1: kernel
http://archives.neohapsis.com/archives/vendor/2003-q4/0026.html
EnGarde > ESA-20031204-032: rsync
http://archives.neohapsis.com/archives/linux/engarde/2003-q4/0005.html
Mandrake > MDKSA-2003:110: kernel
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0208.html
Mandrake > MDKSA-2003:111: rsync
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0246.html
Red Hat > RHSA-2003:335-01: Net-SNMP
http://archives.neohapsis.com/archives/bugtraq/2003-12/0016.html
Red Hat > RHSA-2003:392-00: kernel
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0022.html
Red Hat > RHSA-2003:398-01: rsync
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0024.html
Slackware > SSA:2003-336-01: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0019.html
Slackware > SSA:2003-337-01: rsync
http://archives.neohapsis.com/archives/bugtraq/2003-12/0051.html
SuSE > SuSE-SA:2003:048: gpg
http://archives.neohapsis.com/archives/bugtraq/2003-12/0027.html
SuSE > SuSE-SA:2003:049: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0056.html
SuSE > SuSE-SA:2003:050: rsync
http://archives.neohapsis.com/archives/bugtraq/2003-12/0066.html
Trustix > TSLSA-2003-0046: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0006.html
Trustix > TSLSA-2003-0048: rsync
http://archives.neohapsis.com/archives/bugtraq/2003-12/0053.html
____BSD____
OpenBSD > rsync
http://archives.neohapsis.com/archives/openbsd/2003-12/0211.html
____IRIX____
OpenSSH/OpenSSL updates
http://archives.neohapsis.com/archives/bugtraq/2003-12/0041.html
____SCO____
CSSA-2003-SCO.33: bind
http://archives.neohapsis.com/archives/linux/caldera/2003-q4/0022.html
____Tru64____
SSRT3653: bind
http://archives.neohapsis.com/archives/compaq/2003-q4/0011.html
____MacOS____
Safari 1.1 (v100): cookie theft update
http://archives.neohapsis.com/archives/bugtraq/2003-12/0093.html
--- Advertisement -----------------------------------------------------
This issue sponsored by VeriSign, inviting you to watch our demo
on how VeriSign's Intelligence and ControlSM Services let
you focus on business initiatives, like record up-time and global
VPNs, while VeriSign's experience helps you monitor and manage
your security infrastructure.
http://update.networkcomputing.com/cgi-bin4/DM/y/eeGM0FOrpb0FYk0CFsC0AE
--- Sign Off ----------------------------------------------------------
If this e-mail was passed to you, and you would like to begin receiving
our free security e-mail newsletter on a weekly basis, we invite you to
subscribe today by forwarding this message to [sub_stw@update.networkcomputing.com].
Or you can subscribe directly here:
http://www.networkcomputing.com/go/stw.jhtml
To manage all aspects of your subscription and newsletter account,
simply use the URL below. You'll need your e-mail address and
password to log in. If you don't have your password, you can generate
a new one using the same URL. Once logged in, you can change your
e-mail address and password as well as select specific platforms for
which you'd like to receive information on patches and vulnerabilities.
If you have any questions regarding this system, please don't hesitate
to e-mail us at stw@nwc.com.
http://stwpref.update.networkcomputing.com/CMP/NWC/prefctr.asp
Missed an issue? You can find all back issues of Security Threat Watch
(as well as Security Alert Consensus and Security Express) online.
http://archives.neohapsis.com/
Note: To better serve you we use dynamic URLs within our advertisments,
which allow us to see how many readers click on a given ad. We do not
share this information, or your personal information, with any outside
party. Concerned about the privacy of your information relative to these
tracking URLs? Please refer to our privacy policy.
http://www.doubleclick.net/us/corporate/privacy
We'd like to know what you think about the newsletter and what
information you'd like to see in future editions. E-mail your comments
to (stw@nwc.com).
To unsubscribe from this newsletter, forward this message to
[unsub_stw@update.networkcomputing.com].
Copyright (c) 2003 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com). Powered by Neohapsis Inc., a
Chicago-based security assessment and integration services consulting
group (info@neohapsis.com | http://www.neohapsis.com/).
This message powered by DARTmail
http://www.doubleclick.net/us/corporate/privacy
.
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Mon Dec 08 2003 - 12:55:06 AKST