Security
On the Microsoft FTP server leak. Oh dear, oh dear http://www.theregister.co.uk/content/55/28252.html
Samba CIFS
Vendor: Samba.org
A buffer overflow vulnerability was reported in the Samba SMB protocol implementation. A remote or local user may be able to exploit the overflow to execute arbitrary code on the system.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2002/Nov/1005677.html
Microsoft Internet Explorer (IE)
Vendor: Microsoft
A buffer overflow vulnerability was reported in Microsoft Internet Explorer (IE). A remote user can cause the target user's IE browser or IE-based application to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2002/Nov/1005674.html
RealOne (RealPlayer)
Vendor: RealNetworks
Several vulnerabilities were reported in the RealOne Player. A remote user may be able to cause arbitrary code to be executed on the target user's computer.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2002/Nov/1005673.html
Microsoft Internet Explorer (IE)
Vendor: Microsoft
A buffer overflow vulnerability was reported in the Microsoft Data Access Components (MDAC) software (which is distributed as part of Internet Explorer) in the Remote Data Services (RDS) implementation. A remote user can cause arbitrary code to be executed on the system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2002/Nov/1005672.html
Alcatel OmniSwitch
Vendor: Alcatel
An authentication vulnerability was reported in the Alcatel OmniSwitch 7700/7800. A remote user can gain access to the switch's operating system without having to authenticate.
Impact: Root access via network
Alert: http://securitytracker.com/alerts/2002/Nov/1005670.html
Cisco PIX Firewall
Vendor: Cisco
Two separate vulnerabilties were reported in the Cisco PIX Firewall. A remote user with access to the encrypted stream may be able to establish an unauthorized VPN session in certain situations. A remote user may be able to cause the firewall to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2002/Nov/1005669.html
Netscape Communicator
Vendor: Netscape
A vulnerability was reported in the Netscape Communicator web browser. A remote user could obtain the contents of a target user's Netscape preferences file, under certain situations.
Impact: Disclosure of user information
Alert: http://securitytracker.com/alerts/2002/Nov/1005666.html
Eudora
Vendor: Qualcomm
A vulnerability was reported in the Eudora e-mail client software. A remote user may be able to cause arbitrary scripting code to be executed on the target user's computer in the Local Computer security zone.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2002/Nov/1005664.html
BIND Resolver Libraries
Vendor: ISC (Internet Software Consortium) A buffer overflow vulnerability was reported in the BIND 4.9.2 through 4.9.10 resolver libraries (but not in the name server). A remote user may be able to execute arbitrary code, possibly with root privileges.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2002/Nov/1005663.html
REAL TAPPA TRE FALLE NEI SUOI PLAYER
Real ha rilasciato una patch che va a correggere tre serie vulnerabilita' di sicurezza che interessano i suoi noti player multimediali, quelli che competono con le creature Microsoft
URL: http://punto-informatico.it/pi.asp?i=42281
Also - http://www.nwfusion.com/news/2002/1125realflaw.html
Also - http://www.zdnet.com.au/newstech/security/story/0,2000024985,20270157,00.htm
Also - http://www.eweek.com/article2/0,3959,720314,00.asp
"Linux 2.5.49"
Disponibile l'ultima versione del kernel linux ramo sviluppo (2.5.x). Molte le novità.
http://www.ziobudda.net/news/see_comments.php?id_notizia=9320
"E' uscito CRYPTO-GRAM di Novembre"
E' disponibile il nuovo numero di Crypto-gram, la newsletter che fornisce riassunti, analisi, approfondimenti, e commenti sulla sicurezza e sulla crittografia. L'autore è Bruce Schneier e la versione italiana è tradotta da Communication Valley SpA.
http://www.ziobudda.net/news/see_comments.php?id_notizia=9319
Vulnerabilities
Title: Doubts raised over Microsoft patches
Source: vnunet.com
Date Written: November 25, 2002
Date Collected: November 25, 2002
Danish security firm Secunia claims that the patches Microsoft Corp.
released to address vulnerabilities in their security alerts 65 and 66 are flawed. Both patches do not address all of the vulnerabilities in Internet Explorer and the patch for 66 does not eliminate the possibility "for a website to run an executable that is stored on a system. This could allow an outsider to view the contents of a previously identified file and view the clipboard." Secunia provides details of how to address the problem.
http://www.vnunet.com/News/1137085
Vulnerabilities
Title: Denial of Service Problems with Linksys Products
Source: Help Net Security
Date Written: November 25, 2002
Date Collected: November 25, 2002
A denial of service problem was detected in Linksys' "BEFW11S4, Wireless Access Point Router with 4-Port Switch - Version 2; BEFSR11, EtherFast Cable/DSL Router; BEFSR41, EtherFast Cable/DSL Router with 4-Port Switch; and BEFSRU31, EtherFast Cable/DSL Router with USB and 3-Port Switch." A malicious user can use several thousand characters in the "password field of the device's web management interface. Exploitation simply requires the use of a web browser that can send long Basic Authentication fields to the affected router's interface." An update is available for this flaw.
http://www.net-security.org/article.php?id=280
TRISENTRY, A UNIX INTRUSION DETECTION SYSTEM Network administrators have a wide range of sophisticated tools to improve auditing, and to report and block intrusion. The TriSentry suite is one such free tool.
>> http://www.net-security.org/news.php?id=1463
THE SSH CRYPTOSYSTEM
This article shows how the SSH cryptosystem provides privacy protection, integrity, and authenticity of data as it traverses a network.
>> http://www.net-security.org/news.php?id=1464
MASK YOUR WEB SERVER FOR ENHANCED SECURITY Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version.
>> http://www.net-security.org/news.php?id=1490
PARANOIA IPTABLES FIREWALL 1.53 (Linux)
Paranoia Iptables Firewall is a firewall designed specifically for standalone computers in insecure networks such as campus LANs and co-location facilities.
>> http://www.net-security.org/software.php?id=367
"RAV AntiVirus for Samba"
La GeCAD Software, casa produttrice del prodotto "RAV AntiVirus", ha annunciato la piena integrazione del proprio prodotto con SAMBA.
http://www.ziobudda.net/news/see_comments.php?id_notizia=9333
"Che ne dice Linus Torvalds del prossimo Kernel 2.6?"
Linus Torvalds in un'intervista pubblicata da EWeek.com parla del prossimo Kernel 2.6, atteso salvo imprevisti per la prima metà del prossimo anno.
http://www.ziobudda.net/news/see_comments.php?id_notizia=9331
SOLARIS, FONT COL BRIVIDO E NUOVA VERSIONE X86 Sun corregge una vulnerabilita' che affligge tutte le versioni di Solaris e rilascia una versione d'anteprima del porting di Solaris 9 per la piattaforma Intel
URL: http://punto-informatico.it/pi.asp?i=42295
Security
RealPlayer security fix is faulty. Yikes!
http://www.theregister.co.uk/content/55/28308.html
Vulnerabilities
Title: CERT® Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service
Source: CERT
Date Written: November 25, 2002
Date Collected: November 26, 2002
CERT researchers are warning that "the Solaris X Window Font Service (XFS) daemon (fs.auto) contains a remotely exploitable buffer overflow vulnerability that could allow an attacker to execute arbitrary code or cause a denial of service." Machines running Sun Microsystems operating system are vulnerable, including versions Solaris 2.5.1 (Sparc/Intel), 2.6 (Sparc/Intel), 7 (Sparc/Intel), 8 (Sparc/Intel), and 9 (Sparc). An attacker could formulate an XFS query that would allow the attacker to exploit the system. Exploitation of the vulnerability could allow a "attacker can execute arbitrary code with the privileges of the fs.auto daemon (typically
nobody) or cause a denial of service by crashing the service." Patches are available to address this flaw.
http://www.cert.org/advisories/CA-2002-34.html
Also - http://www.infoworld.com/articles/hn/xml/02/11/26/021126hnsolarishole.xml
Also - http://www.securiteam.com/unixfocus/6P00L1P60G.html
Vulnerabilities
Title: RealPlayer/RealOne Mulitple Buffer Overflow Conditions
Source: Help Net Security
Date Written: November 26, 2002
Date Collected: November 26, 2002
RealOne/RealPlayer is vulnerable to multiple buffer overruns. The "three remotely exploitable overruns, two being heap based overflows and the other being a stack based overflow. On exploitation of these overruns any supplied code would execute in the security context of the logged on user." A patch was released to address these flaws.
http://www.net-security.org/vuln.php?id=2251
"Linux vulnerabile ai virus per windows?"
Qualche giorno fa ho letto su un portale dedicato alla sicurezza su sistemi linux (linuxsecurity.com) che la possibilità di essere infettati da virus per windows era possibile benchè si stesse utilizzando un sistema linux: per questo motivo ho deciso di approfondire l'argomento, dato che ritengo che la questione sarà di massima importanza in futuro per la sicurezza di sistemi linux (in particolare desktop)
http://www.ziobudda.net/news/see_comments.php?id_notizia=9353
Malware
Title: Winevar worm on the loose
Source: ZDNet
Date Written: November 27, 2002
Date Collected: November 27, 2002
The WORM_WINEVAR worm is spreading quickly through France and Spain. The worm was first detected on November 22, 2002, and 300 copies of the worm were found in the last day by MessageLabs. The worm targets Microsoft Windows platforms and uses a Simple Mail Transfer Protocol (SMPT) engine to send itself to all addresses gathered from HTML files on the infected machine. The worm exploits a known vulnerability in Microsoft products that causes an "attachment to automatically execute when the message is viewed or previewed on Internet Explorer-based email clients, such as Microsoft Outlook and Outlook Express." The payload of the worm is malicious, as it is "capable of terminating certain monitoring programs and antivirus products from memory." Additionally, the worm will "deletes all deletable files in all folders" if a user presses the "OK" button that appears when an infected machine is restarted and the message "Make a fool of oneself: What a foolish thing you've done!"!
is displayed.
http://news.zdnet.co.uk/story/0,,t269-s2126648,00.html
Also - http://www.ananova.com/news/story/sm_717289.html
Vulnerabilities
Title: RealNetworks pulls media player patch
Source: ZDNet
Date Written: November 27, 2002
Date Collected: November 27, 2002
RealNetworks has removed the security patch for its RealOne Player and Real Player from its website after NGSSoftware engineer Mark Litchfield, who initially discovered the flaws in the media players, on November 26, 2002, stated that he could easily defeat the fixes by making relatively minor changes to his attacks techniques. The patch was issued on November 20, 2002. The buffer overflow vulnerabilities could allow a malicious attacker to take over a machine running one of RealNetworks' media players. As many as 115 million users of the software could be affected by the flaw. Work is underway to develop an effective patch, although RealNetworks calls the problem "theoretical" at this point.
http://news.zdnet.co.uk/story/0,,t269-s2126595,00.html
Also - http://www.infoworld.com/articles/hn/xml/02/11/27/021127hnrealpatch.xml
"Nuova falla di sicurezza in Phpbb"
Uno dei più apprezzati forum Open Source soffre di una delicata vulnerabilità
http://www.ziobudda.net/news/see_comments.php?id_notizia=9381
"Kernel 2.5.50"
Non poteva mancare neppure questa settimana l'uscita di una nuova release del kernel linux ramo sviluppo.
http://www.ziobudda.net/news/see_comments.php?id_notizia=9405
"Privacy nei servizi di localizzazione wireless"
Il Network Developer di IBM pubblica un interessante articolo sulle specifiche di sicurezza dei servizi localizzati per i dispositivi wireless.
http://www.ziobudda.net/news/see_comments.php?id_notizia=9404
"Kernel 2.4.20 OUT"
E' uscita la nuova release del kernel
http://www.ziobudda.net/news/see_comments.php?id_notizia=9401
Vulnerabilità Netscape Communicator Java Una vulnerabilità è stata riscontrata in Netscape Communicator Java.
Un remote user potrebbe avere accesso in local al sistema ed alle risorse del network....
http://www2.securityinfos.com/news2.asp?id=986
g00d reading! 'n' bye
Security News MainTainer:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it > (AreaSessantuno Member) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Daily DisInfo CreaTor & MainTainer)
