[Fwd: Security Threat Watch 007]

Subject: [Fwd: Security Threat Watch 007]
From: Matthew Dunaway (fert@eagle.ptialaska.net)
Date: Mon Dec 08 2003 - 11:55:00 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Tim Johnson: "Re: building a new gentoo kernel...advice please"
• Previous message: Jan Zumwalt: "RE: For Sale"

-------- Original Message --------
Subject: Security Threat Watch 007
Date: Mon, 08 Dec 2003 14:25:11 -0500 (EST)
From: Security Threat Watch <stw@update.networkcomputing.com>
To: fert@eagle.ptialaska.net

Security Threat Watch
        Number 007
        Monday, December 8, 2003
        Created for you by Network Computing & Neohapsis

--- Security News ----------------------------------------------

The outcry to quash vulnerability reports and proof-of-concept exploits
has grown of late. The reasoning behind this is understandable.
Providing vulnerability details to the public inevitably provides
details to the attackers, thereby allowing them to create exploits and
compromise servers faster.

While everyone argues over the amount of time between vulnerability
publication and exploitation, they often forget that exploits can, and
indeed do, come before public announcement. The past few weeks are a
perfect example. A new, yet to be made public bug in rsync compromised
Debian and Gentoo distribution servers. Another bug in the Linux kernel
elevated privileges to root. The rsync bug was unknown and the Linux
kernel bug was disclosed only recently, which leads us to believe the
attacker already had had an exploit for a while. Both compromises
happened around November 21, and public disclosure of the
vulnerabilities--along with patches--didn't surface until December 4.
That is essentially two unknown exploits, one allowing a remote
compromise and another allowing a local privilege elevation, in the wild
and being used against selected targets long before any public
disclosure was made (at least two weeks).

Rather than spend significant resources trying to slow the dissemination
of vulnerability information, we should focus those resources on the two
areas that matter most: faster patch responses and preventing
vulnerabilities in the first place. Only then will we really stand a
chance of turning the tide of what increasingly has become a tiring
battle.

Until next week,
- The Neohapsis Security Threat Watch Team

--- Advertisement -----------------------------------------------------

This issue sponsored by VeriSign, inviting you to watch our demo
on how VeriSign's Intelligence and ControlSM Services let
you focus on business initiatives, like record up-time and global
VPNs, while VeriSign's experience helps you monitor and manage
your security infrastructure.
http://update.networkcomputing.com/cgi-bin4/DM/y/eeGM0FOrpb0FYk0CFsC0AE

--- New Vulnerabilities -----------------------------------------------

Below is a list of new vulnerabilities announced this week.
Vulnerabilities considered to be 'critical' involve highly-deployed
software, or carry a high-risk of system compromise. Note that
vulnerabilities not highlighted may still be of critical severity
to your environment.

**** Highlighted critical vulnerabilities ****

Linux 2.4.x kernel: do_brk() kernel memory reading
rsync 2.5.6: server daemon unspecified remote heap overflow

**** Newly announced vulnerabilities this week ****

____Windows____

IBM Directory Server 4.1: Web admin ldacgi.exe XSS vulnerability
http://archives.neohapsis.com/archives/bugtraq/2003-12/0015.html

Websense 5.1: blocked site URL XSS
http://archives.neohapsis.com/archives/bugtraq/2003-12/0031.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0099.html

Yahoo Instant Messenger 5.6.0.1347: YAUTO.DLL open() overflow
http://archives.neohapsis.com/archives/bugtraq/2003-12/0030.html

Yahoo Messenger 5.6: ymsgr handler arbitrary script injection
http://archives.neohapsis.com/archives/bugtraq/2003-12/0088.html

eZphotoshare: remote overflow in the handling of data to port 10101
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0057.html

____Linux____

Linux 2.4.x kernel: do_brk() kernel memory reading
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0054.html

____HP-UX____

shar: insecure temp file handling
http://archives.neohapsis.com/archives/hp/2003-q4/0060.html

____Tru64____

CDE libdthelp.so local privilege elevation and DoS (SSRT3657)
http://archives.neohapsis.com/archives/compaq/2003-q4/0012.html

____MacOS____

Appleshare IP FTP server 6.3.1: RMD command DoS
http://archives.neohapsis.com/archives/bugtraq/2003-12/0082.html

____Network Devices____

Cisco wireless APs: SNMP trap reveals WEP key
http://archives.neohapsis.com/archives/bugtraq/2003-12/0017.html

Linksys WRT54G: admin Web server blank request DoS
http://archives.neohapsis.com/archives/bugtraq/2003-12/0043.html

____CGI____

Alan Ward Acart: multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2003-12/0046.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0047.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0050.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0060.html

Cutenews 1.3: debug/phpinfo() information disclosure
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0053.html

Jason Maloney's Guestbook: various XSS vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2003-12/0085.html

Virtual Programming VP-ASP 5.0: SQL tampering and XSS vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2003-11/0353.html
http://archives.neohapsis.com/archives/bugtraq/2003-12/0080.html

Xoops 2.0.5: banners.php SQL tampering
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0061.html

____Cross-Platform____

GnuPG 1.2.3, 1.3.3: external HKP format string vulnerability
http://archives.neohapsis.com/archives/bugtraq/2003-12/0026.html

Mathopd 1.5b13: prepare_reply() remote overflow
http://archives.neohapsis.com/archives/bugtraq/2003-12/0076.html

PLDaniels Ebola: handle_PASS() remote overflow
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0059.html

Surfboard Web server 1.1.8: Web root escaping and DoS
http://archives.neohapsis.com/archives/bugtraq/2003-11/0351.html

XBoard <4.2.7: pxboard insecure local temp file handling
http://archives.neohapsis.com/archives/bugtraq/2003-12/0033.html

rsync 2.5.6: server daemon unspecified remote heap overflow
http://archives.neohapsis.com/archives/bugtraq/2003-12/0052.html

--- Patches and Updates -----------------------------------------------

The following contains a list of vendor patches and updates released
this week.

____Linux____

Conectiva > CLA-2003:796: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0090.html

Debian > DSA 404-1: rsync
http://archives.neohapsis.com/archives/vendor/2003-q4/0030.html

Debian > DSA-403-1: kernel
http://archives.neohapsis.com/archives/vendor/2003-q4/0026.html

EnGarde > ESA-20031204-032: rsync
http://archives.neohapsis.com/archives/linux/engarde/2003-q4/0005.html

Mandrake > MDKSA-2003:110: kernel
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0208.html

Mandrake > MDKSA-2003:111: rsync
http://archives.neohapsis.com/archives/linux/mandrake/2003-q4/0246.html

Red Hat > RHSA-2003:335-01: Net-SNMP
http://archives.neohapsis.com/archives/bugtraq/2003-12/0016.html

Red Hat > RHSA-2003:392-00: kernel
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0022.html

Red Hat > RHSA-2003:398-01: rsync
http://archives.neohapsis.com/archives/linux/redhat/2003-q4/0024.html

Slackware > SSA:2003-336-01: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0019.html

Slackware > SSA:2003-337-01: rsync
http://archives.neohapsis.com/archives/bugtraq/2003-12/0051.html

SuSE > SuSE-SA:2003:048: gpg
http://archives.neohapsis.com/archives/bugtraq/2003-12/0027.html

SuSE > SuSE-SA:2003:049: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0056.html

SuSE > SuSE-SA:2003:050: rsync
http://archives.neohapsis.com/archives/bugtraq/2003-12/0066.html

Trustix > TSLSA-2003-0046: kernel
http://archives.neohapsis.com/archives/bugtraq/2003-12/0006.html

Trustix > TSLSA-2003-0048: rsync
http://archives.neohapsis.com/archives/bugtraq/2003-12/0053.html

____BSD____

OpenBSD > rsync
http://archives.neohapsis.com/archives/openbsd/2003-12/0211.html

____IRIX____

OpenSSH/OpenSSL updates
http://archives.neohapsis.com/archives/bugtraq/2003-12/0041.html

____SCO____

CSSA-2003-SCO.33: bind
http://archives.neohapsis.com/archives/linux/caldera/2003-q4/0022.html

____Tru64____

SSRT3653: bind
http://archives.neohapsis.com/archives/compaq/2003-q4/0011.html

____MacOS____

Safari 1.1 (v100): cookie theft update
http://archives.neohapsis.com/archives/bugtraq/2003-12/0093.html

--- Advertisement -----------------------------------------------------

This issue sponsored by VeriSign, inviting you to watch our demo
on how VeriSign's Intelligence and ControlSM Services let
you focus on business initiatives, like record up-time and global
VPNs, while VeriSign's experience helps you monitor and manage
your security infrastructure.
http://update.networkcomputing.com/cgi-bin4/DM/y/eeGM0FOrpb0FYk0CFsC0AE

--- Sign Off ----------------------------------------------------------

If this e-mail was passed to you, and you would like to begin receiving
our free security e-mail newsletter on a weekly basis, we invite you to
subscribe today by forwarding this message to [sub_stw@update.networkcomputing.com].
Or you can subscribe directly here:
http://www.networkcomputing.com/go/stw.jhtml

To manage all aspects of your subscription and newsletter account,
simply use the URL below. You'll need your e-mail address and
password to log in. If you don't have your password, you can generate
a new one using the same URL. Once logged in, you can change your
e-mail address and password as well as select specific platforms for
which you'd like to receive information on patches and vulnerabilities.
If you have any questions regarding this system, please don't hesitate
to e-mail us at stw@nwc.com.
http://stwpref.update.networkcomputing.com/CMP/NWC/prefctr.asp

Missed an issue? You can find all back issues of Security Threat Watch
(as well as Security Alert Consensus and Security Express) online.
http://archives.neohapsis.com/

Note: To better serve you we use dynamic URLs within our advertisments,
which allow us to see how many readers click on a given ad. We do not
share this information, or your personal information, with any outside
party. Concerned about the privacy of your information relative to these
tracking URLs? Please refer to our privacy policy.
http://www.doubleclick.net/us/corporate/privacy

We'd like to know what you think about the newsletter and what
information you'd like to see in future editions. E-mail your comments
to (stw@nwc.com).

To unsubscribe from this newsletter, forward this message to
[unsub_stw@update.networkcomputing.com].

Copyright (c) 2003 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com). Powered by Neohapsis Inc., a
Chicago-based security assessment and integration services consulting
group (info@neohapsis.com | http://www.neohapsis.com/).

This message powered by DARTmail
http://www.doubleclick.net/us/corporate/privacy

.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Tim Johnson: "Re: building a new gentoo kernel...advice please"
• Previous message: Jan Zumwalt: "RE: For Sale"

This archive was generated by hypermail 2a23 : Mon Dec 08 2003 - 12:55:06 AKST