Fetchmail
Vendor: Raymond, Eric S.
A buffer overflow vulnerability was reported in Fetchmail. A remote user could execute arbitrary code on the system.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2002/Dec/1005807.html

ColdFusion
Vendor: Macromedia
A denial of service vulnerability was reported in Macromedia's ColdFusion server. A remote user can cause the server to consume all available CPU resources.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2002/Dec/1005806.html

JRun
Vendor: Macromedia
A denial of service vulnerability was reported in Macromedia's JRun server. A remote user can cause the server to consume all available CPU resources.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2002/Dec/1005805.html

Flash
Vendor: Macromedia
A buffer overflow vulnerability was reported in the Macromedia Flash player. A remote user could execute arbitrary code on the target user's computer.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2002/Dec/1005804.html

MySQL
Vendor: MySQL.com
Several vulnerabilities were reported in MySQL. A remote user could potentially execute arbitrary code on the system. A remote user with a valid database account could gain access to other accounts on the database.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2002/Dec/1005800.html

Windows DLL (Any)
Vendor: Microsoft
A vulnerability was reported in the Microsoft Windows operating system in the processing of WM_TIMER messages. In certain cases, a local user can execute code with elevated privileges (e.g., Local System).
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2002/Dec/1005799.html

Microsoft Network Share Provider (SMB)
Vendor: Microsoft
A vulnerability was reported in the Server Message Block (SMB) protocol implementation in Microsoft Windows 2000 and XP. A remote user with access to the SMB packet stream between a network client and server could gain access to the client.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2002/Dec/1005796.html

FTP (Generic)
Vendor: OpenBSD
An input validation vulnerability was reported in several FTP client implementations, including those from Sun Microsystems, OpenBSD, SGI and other vendors. A remote FTP server may be able to write files to arbitrary locations when the wget client retrieves files from the FTP server.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2002/Dec/1005794.html

wget
Vendor: GNU [multiple authors]
An input validation vulnerability was reported in wget's ftp client functionality. A remote FTP server may be able to write files to arbitrary locations when the wget client retrieves files from the FTP server.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2002/Dec/1005793.html

RealOne (RealPlayer)
Vendor: RealNetworks
RealNetworks reported that there are multiple, unspecified buffer overflows in the RealOne Player. A remote user may be able to execute arbitrary code on the player.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2002/Dec/1005790.html

Cisco IOS
Vendor: Cisco
A denial of service vulnerability was reported in Cisco IOS when specifically used with Optical Service Module (OSM) Line Cards installed in a Catalyst 6500 or Cisco 7600 chassis. A remote user on the local network could cause the line card to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2002/Dec/1005789.html

PC-cillin
Vendor: Trend Micro
A buffer overflow vulnerability was reported in Trend Micro's PC-cillin e-mail scanner. A local user could execute arbitrary code, possibly to gain elevated privileges.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2002/Dec/1005781.html

"Kernel 2.5.52"
Nuova versione del kernel di sviluppo con un bel po' di fix
http://www.ziobudda.net/news/see_comments.php?id_notizia=9677

MICROSOFT, WEB SERVICE SICURI CON UN TOOL Il big di Redmond rilascia un nuovo tool di sviluppo gratuito che funziona con Visual Studio.NET e supporta gli ultimi standard sulla sicurezza e il routing dei Web service
URL: http://punto-informatico.it/pi.asp?i=42526

REAL INCARTA LA MEGAPATCH DI NATALE
Il 25 dicembre la cyber-slitta portera' ai milioni di utenti dei player Real una megapatch che correggera' tutte le vulnerabilita' di sicurezza scoperte fino ad oggi. Inclusa una patch della patch
URL: http://punto-informatico.it/pi.asp?i=42521

Vulnerabilities
Title: MySQL security flaws uncovered
Source: ZDNet
Date Written: December 16, 2002
Date Collected: December 16, 2002
Security vulnerabilities were discovered in the MySQL database system that could create a denial of service problem or allow an attacker to "bypass the MySQL password check or to execute arbitrary code." The vulnerabilities are rated "Medium to Critical," and other vulnerabilities were discovered in the MySQL client libraries. The flaws affect all versions of the database prior to 3.23.53a and 4.0.5a. The company that discovered the vulnerabilities will not publish the exploit. The MySQL database system is "commonly used in Linux environments but which runs also on Microsoft platforms, HP-Unix, Mac OS and more." An updated "version 3" (3.23.54) has been released and is immune to the flaws.
http://zdnet.com.com/2100-1104-977958.html

SECURITY BY NUMBERS?
An Aberdeen Group report claims that open source is less secure than Windows. And how did they come to this profound conclusion?
>> http://www.net-security.org/news.php?id=1610

THE DANGERS OF DO-IT-YOURSELF SECURITY
Beware the misuse of vulnerability-testing software.
>> http://www.net-security.org/news.php?id=1614

SECURING OUTLOOK, PART ONE: INITIAL CONFIGURATION This article is the first of a two-part article that will examine ways that Outlook users can secure their email client.
>> http://www.net-security.org/news.php?id=1620

PROTECT YOUR MACINTOSH WITH MACSCAN
SecureMac.com announced the release of their first security application to protect the Macintosh from spyware and applications that could offer remote access when improperly configured.
>> http://www.net-security.org/article.php?id=307

"Nuova patch di sicurezza per PHP-Nuke"
Alcune vulnerabilità del famoso content management sono state corrette
http://www.ziobudda.net/news/see_comments.php?id_notizia=9705

SSH, VORAGINI IN CERTE IMPLEMENTAZIONI
Il CERT avvisa della presenza in diverse implementazioni del protocollo di sicurezza SSH di una serie di gravi vulnerabilita' che potrebbero consentire ad un aggressore di prendere il controllo di un computer. Immune OpenSSH
URL: http://punto-informatico.it/pi.asp?i=42537
Also - http://www.eweek.com/article2/0,3959,768388,00.asp

Nmap 3.10ALPHA7 Released
This version restores support for the One True OS for paranoid security guys (OpenBSD). Incidentally, I also fixed Windows compilation and put up Windows (zip format) binaries.
http://download.insecure.org/nmap/dist/nmap-3.10ALPHA7-1.i386.rpm

Seminario ONLINE FREE sulla sicurezza
The "How to Secure and Manage your Wireless LAN" seminar is a valuable resource for CTO's, senior IT professionals, product developers, and network administrators of both large and small enterprise organizations.
http://www.securitywireless.info/link.asp?TOPIC_ID=114

MEGAFALLA IN FLASH, A RISCHIO MILIONI DI UTENTI Il diffusissimo player Flash distribuito da Macromedia come plug-in per i browser contiene una grave falla che potrebbe mettere in pericolo la sicurezza di un grandissimo numero di utenti del Web. Patch super raccomandata
URL: http://punto-informatico.it/pi.asp?i=42555
Also - http://www.pcworld.com/news/article/0,aid,108033,00.asp
Also - http://news.zdnet.co.uk/story/0,,t269-s2127715,00.html
Also - http://www.internetwk.com/breakingNews/INW20021217S0010

Malware
Title: New 'Iraq Oil' Network Worm Found
Source: InfoWorld
Date Written: December 18, 2002
Date Collected: December 18, 2002
A new worm was detected called W32/Lioten (Net-Oil backwards), or the names Iraq_oil, Datrix, W32.Lioten, or I-Worm.Lioten and affects Windows 2000 and Windows XP machines that share folders with others and do not have firewall protection. "Lioten scans the Internet for vulnerable Windows machines that are sharing folders with other users on a home or business network. The worm finds new hosts to infect by randomly generating and attempting to connect to IP (Internet Protocol) addresses on the Internet. The worm listens for responses on port 445 from machines using Windows Server Message Block (SMB), a file and resource sharing protocol used in Windows environments." The Internet Storm Center noted an increase in port 445 scans. If the worm receives a response from the server, it will launch a brute force attack. "The worm first obtains a list of user accounts on the machine and then attempts to log in to each of those accounts by supplying values from its own list of li kely passwords such as 'admin,' 'root,' '1234' and 'asdf'." The worm will install a copy of itself, iraq_oil.exe, in the System32 directory if it is successful in logging in. Leading anti-virus vendors have given the worm a low rating because the worm has not spread widely.
http://www.infoworld.com/articles/hn/xml/02/12/17/021217hniraqoil.xml
Also - http://news.zdnet.co.uk/story/0,,t269-s2127738,00.html
Also - http://www.smh.com.au/articles/2002/12/18/1040174283521.html
Also - http://www.net-security.org/virus_news.php?id=144

Vulnerabilities
Title: CERT® Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations
Source: CERT
Date Written: December 16, 2002
Date Collected: December 18, 2002
The CERT Coordination Center of Carnegie Mellon University issued an advisory warning that "Multiple vendors' implementations of the secure shell (SSH) transport layer protocol contain vulnerabilities that could allow a remote attacker to execute arbitrary code with the privileges of the SSH process or cause a denial of service. The vulnerabilities affect SSH clients and servers, and they occur before user authentication takes place." Exploitation of this vulnerability could allow an attacker to execute arbitrary code or cause a denial of service. The vulnerabilities affect "Secure shell (SSH) protocol implementations in SSH clients and servers from multiple vendors," users should upgrade or apply a patch, according to their specific vendor. OpenSSH is not vulnerable.
http://www.cert.org/advisories/CA-2002-36.html
Also - http://www.nwfusion.com/news/2002/1217certwarns.html
Also - http://www.zdnet.com.au/newstech/security/story/0,2000024985,20270730,00.htm
Also - http://www.internetwk.com/breakingNews/INW20021217S0002
Also - http://www.internetnews.com/dev-news/article.php/1558101

WINXP E WINAMP BUCABILI VIA... AUDIO
Sia Windows XP che WinAMP contengono alcune vulnerabilita' di sicurezza relative alla gestione degli attributi dei file audio sfruttabili da un malintenzionato attraverso file confezionati ad hoc. Cracking a tempo di musica
URL: http://punto-informatico.it/pi.asp?i=42572
Also - http://news.com.com/2100-1001-978403.html
Also - http://www.msnbc.com/news/849418.asp
Also - http://www.infoworld.com/articles/hn/xml/02/12/19/021219hnmsvulnerable.xml
Also - http://www.wired.com/news/technology/0,1282,56924,00.html

Vulnerabilities
Title: 'Flash!' Aaargghh... Here to Hack Every One of Us
Source: The Register
Date Written: December 19, 2002
Date Collected: December 19, 2002
Security firm eEye Digital Security is reporting a flaw "in Macromedia's animation software [that] leaves web surfers vulnerable to attack when they visit an internet site or, even open an email." With a hand-edited Macromedia Flash, or SWF, file, an attacker "can compromise a PC or Macintosh if its user views the file with the Shockwave Flash Player plug-in for Internet Explorer, Netscape or other browsers." Macromedia reports that more than 90 percent of Web browsers have installed Flash software. Users are urged to upgrade immediately.
http://www.theregister.co.uk/content/55/28645.html

Malware
Title: E-card virus warning for Christmas
Source: CNN
Date Written: December 19, 2002
Date Collected: December 20, 2002
Beware the Christmas e-card! Sophisticated computer viruses might be hiding behind some of the holiday e-cards this season, analysts warn. While many e-cards sites are legitimate, some online Christmas cards are "smoke screens" for viruses and worms. "First they will remove your anti-virus program so that you do not know they are there, then they do all sorts of nasty things like mailing out your address book so that your friends will be affected," says Alex Shipp of Message Labs. The fakes look legitimate, so it is especially important to be vigilant.
http://europe.cnn.com/2002/TECH/12/17/ecard.virus/index.html
Also - http://www.pcworld.com/news/article/0,aid,108091,00.asp

Vulnerabilities
Title: Security flaw threatens Cisco Web site
Source: ZDNet
Date Written: December 29, 2002
Date Collected: December 20, 2002
Securiteam, an online security portal, have found a "session theft" vulnerability on the Cisco Web site. The vulnerability would allow attackers to "cause users to view third-party malicious JavaScript or HTML code as if it were the legitimate content offered by Cisco," the advisory said. XSS vulnerabilities have become quite "in vogue" lately, with many security researchers focusing their efforts in detection and elimination of the security problem. The recently held hacking competition, OpenHack IV, dished out US$500 to a single entrant, Jeremy Poteet, who found XSS vulnerabilities in the application being tested, which was engineered by Oracle.
http://www.zdnet.com.au/newstech/security/story/0,2000024985,20270791,00.htm

*******Comunicazione*******
Sono stati risolti TUTTI i disservizi avvenuti fra la giornata del 20 dicembre e la mattina del 21 dicembre.
*******/Comunicazione*******

g00d reading! 'n' bye
Security News MainTainer:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it > (AreaSessantuno Member) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Daily DisInfo CreaTor & MainTainer)