Malware
   Source:   vnunet.com
   Date Written:  March 15, 2002
   Date Collected: March 15, 2002
   Title: Definitive guide to writing a Linux virus A student from Austria has published a White Paper that provides the framework for constructing malicious code to infect ELF (Executable and Linking Format) executables on Linux/i386.  The student claims that the paper provides source code, but no actual virus.
http://www.vnunet.com/News/1130150

Vulnerabilities
   Source:   CERT
   Date Written:  March 14, 2002
   Date Collected: March 15, 2002
   Title: Multiple Vulnerabilities in Oracle Servers CERT has issued an advisory on multiple vulnerabilities discovered in Oracle Application Servers.  Details are provided on vulnerabilities, which include buffer overflows, insecure default configurations, failure to enforce access controls, and failure to validate input.  Exploitation of these vulnerabilities could lead to execution of arbitrary commands or code, denial of service attacks, and unauthorized access to a system.  Patches have been provided by Oracle that address the vulnerabilities.
http://www.cert.org/advisories/CA-2002-08.html

"Linux Advisory Watch - March 15th 2002"
http://www.ziobudda.net/news/see_comments.php?id_notizia=6137

EXPLOITING THE ZLIB BUG IN OPENSSH
OpenSSH uses the zlib library to compress data when the -C option is passed to it. With version 2 of the protocol, it is possible to send compressed/encrypted messages to the remote daemon before having to authenticate (just after key exchange)...
Link: http://archives.neohapsis.com/archives/bugtraq/2002-03/0121.html

CHECKPOINT FW1 SECUREMOTE "RE-AUTHENTICATION"
Checkpoint Firewall-1 SecuRemote/SecureClient "authentication timeout" defined in FW1's security policy can be trivially bypassed at the client side. Probably more "tweaks" can be done.
Link: http://www.net-security.org/text/bugs/1015876941,79136,.shtml

GNU FILEUTILS RACE CONDITION
Race condition in various utilities from fileutils GNU package may cause root user to delete the whole filesystem.
Link: http://www.net-security.org/text/bugs/1015937490,2085,.shtml

NON-STACK BASED EXPLOITATION OF BUFFER OVERRUN VULNERABILITIES ON WINDOWS NT/2000/XP Most buffer overflow exploits for Windows have relied on getting code on the stack and somehow jumping process execution to there, but as more products arrive in the market to prevent such attacks from succeeding the non-stack based overflow exploit will become more and more common. This document will describe what they are and how to write one. As will be seen they are easy to write, more so than traditional stack based overflows and as they only require only an understanding of how functions are called at a low level. The non-stack based buffer overflow exploit writer doesn't even need to know assembly language.
Read the PDF:
< http://www.net-security.org/text/articles/dl/non-stack-bo-windows.pdf >

"Upgrade in italiano"
Pubblicata su Tecnoteca l'edizione italiana di UPGRADE, la rivista europea per i professionisti delle Tecnologie dell'Informazione.
UPGRADE, è un bimestrale tecnico, indipendente, non commerciale ed è distribuito elettronicamente senza alcun costo.
La versione italiana di UPGRADE è il risultato di una collaborazione fra Tecnoteca e l'ALSI, l'Associazione nazionale dei Laureati in Scienze dell'informazione ed Informatica, uno dei membri italiani del CEPIS.
http://www.ziobudda.net/news/see_comments.php?id_notizia=6165

"Scoperto il "Back Orifice for Unix"?"
I ricercatori della security firm ProCheckUp hanno scoperto una pericolosa vulnerabilità che affliggerebbe i sistemi Unix.
Secondo quanto affermato dai tecnici della ProCheckUp, un cracker, utilizzando opportunamente una connessione XDMCP, potrebbe ottenere una console remota virtualmente identica alla local X-Windows session mediante alcuni semplici comandi presenti nella maggior parte delle workstation Unix.
http://www.ziobudda.net/news/see_comments.php?id_notizia=6162
Also - http://www.theregister.co.uk/content/55/24447.html

"Corsi su Linux non gratuiti ma a donazione"
ICanProgram.com ha deciso di non chiedere soldi (a chi si volesse iscrivere ai suoi corsi) ma bensi' una donazione per la ricerca sul cancro. Iniziativa lodevole.
http://www.ziobudda.net/news/see_comments.php?id_notizia=6149

Malware
   Source:   ZDNet
   Date Written:  March 18, 2002
   Date Collected: March 18, 2002
   Title: Security expert warns of MP3 danger An Australian anti-virus software company is warning of possible new trends in malware.  As software and programs become more complex and perform more functions, they are more likely to contain malicious code.  The group also warns of virus writers using gateway jumpers that would allow a hacker to get inside a network and work their way out from there.  Additionally, there is a threat of infection to other devices, such as wireless technologies.
http://zdnet.com.com/2100-1105-861995.html

I am happy to announce that Nmap 2.54BETA31 is now available.  It contains a number of important fixes and updates which I have been sitting on for far too long :).  I also snuck in some new features.
http://download.insecure.org/nmap/dist/nmap-2.54BETA30-1.i386.rpm

"Microsoft  'apre' CIFS e SMB"
....dopo anni di reverse engineering ed un SaMBa più performante di Windows.... capirai che sforzo!
http://www.ziobudda.net/news/see_comments.php?id_notizia=6183

"SecurityFocus Newsletter #136"
http://www.ziobudda.net/news/see_comments.php?id_notizia=6179

"SecurityFocus Linux Newsletter #72"
http://www.ziobudda.net/news/see_comments.php?id_notizia=6178

"Linux Security Week - March 18th 2002"
http://www.ziobudda.net/news/see_comments.php?id_notizia=6168

Vulnerabilities
   Source:   vnunet.com
   Date Written:  March 19, 2002
   Date Collected: March 19, 2002
   Title: Firms fall through Unix security flaw A vulnerability has been discovered in the default configuration of the X Display Manager Control Protocol (XDMCP) on Unix systems running Solaris and MandrakeSoft's Linux distro.  The vulnerability could allow a hacker to gain access to the system if the XDMCP in enabled.  Security experts discovered a freely available scanner that searches for the hole.
http://www.vnunet.com/News/1130238

"Usare ssh"
SSH è l'acronimo di Secure Shell. Tutto quello che passa via SSH viene criptato. Meglio allora saperlo utilizzare.
http://www.ziobudda.net/news/see_comments.php?id_notizia=6200

 QUELLO STRANO FILE (SPIONE) DI MORPHEUS Un lettore spiega come abbia scoperto, in Morpheus, un programma spione, lo stesso che in questi giorni sta facendo parlare di se' tutta la comunita'
degli utenti. Ecco perche'
URL: http://punto-informatico.it/pi.asp?i=39510
Also - http://www.vnunet.com/News/1130284

Cybercrime-Hacking
   Source:   CERT
   Date Written:  March 19, 2002
   Date Collected: March 20, 2002
   Title: Social Engineering Attacks via IRC and Instant Messaging The CERT Coordination Center has issued an incident report stating that social engineering attacks are taking place over instant messenger services.
Systems running Internet Relay Chat (IRC) or Instant Messaging (IM) clients are affected.  Attackers are tricking users into downloading and executing malicious software that could allow hackers to launch distributed denial-of-service (DDoS) attacks from these affected machines.  It appears that thousands of users have been duped into downloading the malware.  One example of the message, sent through automated tools, informs a user that they have been infected with a virus and need to download a program to clean the machine.  There are spelling and grammar errors in the message.
http://www.cert.org/incident_notes/IN-2002-03.html
Also - http://www.vnunet.com/News/1130264
Also - http://zdnet.com.com/2100-1105-864508.html
Also - http://punto-informatico.it/pi.asp?i=39526

Vulnerabilities
   Source:   MSNBC
   Date Written:  March 19, 2002
   Date Collected: March 20, 2002
   Title: 2nd Java security hole in Windows Microsoft Corp. released an advisory on March 19, 2002 about a second vulnerability in the software that enables Windows users to run Java language programs.  If exploited, the vulnerability could allow a "malicious Java program to run outside a restricted area on a user's computer."  This flaw only affects those using a proxy server to access Web sites.  An update is available from Microsoft to address the vulnerability.
http://www.msnbc.com/news/726722.asp

Vulnerabilities
   Source:   ZDNet
   Date Written:  March 20, 2002
   Date Collected: March 20, 2002
   Title: SGI warns of Apache-IRIX vulnerability Vulnerabilities were discovered in Apache programs that, if exploited could lead to unauthorized access to the location of sensitive files, or even full access to the system.  The vulnerability affects Silicon Graphics (SGI) machines running Apache Web server on SGI's IRIX operating system.  One vulnerability exists in Apache's split-logfile program, and another in Apache's Multiviews facility.
http://zdnet.com.com/2100-1105-864599.html
Also - http://www.ziobudda.net/news/see_comments.php?id_notizia=6230

Vulnerabilities
   Source:   vnunet.com
   Date Written:  March 21, 2002
   Date Collected: March 21, 2002
   Title: Excite in web mail hijack drama A vulnerability has been discovered in the Excite's web mail service that would allow a cyberattacker to hijack a user's account.  If a user opens an HTML e-mail from an attacker, the attacker can get the unique URL used to authenticate the user's session.  Pasting the unique URL into a web browser allows the attacker to enter into the victim's mailbox.  Excite has been informed of the vulnerability.
http://www.vnunet.com/News/1130317

g00d reading!  'n' bye
Security  News  Staff:
The Jackal < -jackal-@libero.it >