IBM Performance Tools
Vendor: IBM
A vulnerability was reported in IBM performance tools for the AIX operating system. A local user may be able to gain elevated privileges on the system.
Impact: Root access via local system
Alert: http://securitytracker.com/alerts/2002/Nov/1005716.html
Netscape Communicator
Vendor: Netscape
A buffer overflow vulnerability was reported in the Netscape (version 4) Java implementation. A remote user can execute arbitrary code on the target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2002/Nov/1005714.html
phpBB
Vendor: phpBB Group
An input validation vulnerability was reported in the phpBB2 forum software. A remote user can conduct cross-site scripting attacks against phpBB2 users when the server is configured
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2002/Nov/1005713.html
Xfs (X Font Server)
Vendor: Sun
A buffer overflow vulnerability was reported in the Sun Microsystems X Font Server (XFS). A remote user can execute arbitrary commands on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2002/Nov/1005707.html
SSH
Vendor: SSH Communications
A buffer overflow vulnerability was reported in the SSH Secure Shell Windows client from SSH Communications. A remote user (via an SSH session) could cause arbitrary code to be executed on the target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2002/Nov/1005704.html
SSH
Vendor: SSH Communications
A vulnerability was reported in SSH Secure Shell for UNIX/Linux from SSH Communications. A remote or local authenticated user could gain elevated privileges on the system.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2002/Nov/1005703.html
Netscape Communicator
Vendor: Netscape
A vulnerability was reported in Netscape Communicator's Java implementation. A remote user can gain access to the local file system and networking resources. On some target systems, the remote user can execute arbitrary code.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2002/Nov/1005702.html
Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer in the Java Virtual Machine (VM). A remote user can circumvent Java sandbox security controls and execute arbitrary code on the target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2002/Nov/1005699.html
Microsoft Virtual Machine (VM)
Vendor: Microsoft
A vulnerability was reported in Microsoft's Java Virtual Machine (VM). A remote user can circumvent Java sandbox security controls and execute arbitrary code on the target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2002/Nov/1005698.html
Netscape Communicator
Vendor: Netscape
A vulnerability was reported in the Symantec Java! JustInTime
(JIT) Compiler used in Netscape Communicator. A remote user can circumvent Java sandbox security controls and execute arbitrary code on the target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2002/Nov/1005697.html
AOL Instant Messenger
Vendor: America Online, Inc.
Infested Nexus reported a vulnerability in AOL Instant Messenger (AIM). A remote user can force a target user to silently download a file if file sharing is permitted, even if the target user does not accept the file.
Impact: Modification of user information
Alert: http://securitytracker.com/alerts/2002/Nov/1005695.html
PHP-Nuke
Vendor: Phpnuke.org
Input validation vulnerabilities were reported in several PHP-Nuke modules. A remote user can conduct cross-site scripting vulnerabilities to steal a user's authentication information.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2002/Nov/1005692.html
BIND
Vendor: ISC (Internet Software Consortium) A DNS spoofing vulnerability was reported in the Internet Software Consortium's (ISC) Berkeley Internet Name Domain (BIND) name server software. A remote user may be able to spoof DNS entries in certain cases.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2002/Nov/1005691.html
"Rilasciato Linux Kernel 2.4.20"
Il giovane brasiliano Marcelo Tosatti, Kernel Maintainer della serie 2.4.x, ha rilasciato in questi giorni una nuova versione del kernel di Linux.
http://www.ziobudda.net/news/see_comments.php?id_notizia=9435
"Kernel 2.5.50"
Giusto prima delle vacanze per il giorno del ringraziamento americano, Linus ha rilasciato la nuova versione di sviluppo del kernel.
http://www.ziobudda.net/news/see_comments.php?id_notizia=9429
"Apache 2.0: come fare?"
Open Network Architecture pubblica (con licenza FDL) un tutorial su come compilare, installare, rendere sicuro e ottimizzare l'ultima versione del server web Apache, versione 2.0.43
http://www.ziobudda.net/news/see_comments.php?id_notizia=9431
RITORNO DI FIAMMA PER I WEB BUG
NAI, il network pubblicitario che sostiene l'opt-out, ha rilasciato delle linee guida per la gestione di alcuni dei piu' infidi sistemi di raccolta dati. E parla di trasparenza
URL: http://punto-informatico.it/pi.asp?i=42373
** FALLA DI SICUREZZA ANCHE IN REAL PLAYER ** E' un classico buffer overrun che può portare all'esecuzione di codice e quindi potenzialmente molto pericoloso.
[Pubblicato su www.zeusnews.it il 03-12-2002] >> di Massimo Nespolo
http://www.zeusnews.it/news.php?cod=1736
Malware
Title: Beware, Winevar Virus Runs Rampant
Source: Extreme Tech
Date Written: November 29, 2002
Date Collected: December 2, 2002
The WINEVAR.A worm, also known as W32/Winevar.A, W32/Korvar, W32/Winevar@mm, I-Worm.Winevar, and the "Korean Worm," is circulating through unpatched Windows systems and carries a malicious payload. The worm arrives in e-mail messages with the subject line, "Re: AVAR (Association of Anti-Virus Asia Researchers)." The worm "takes advantage of the known IFRAME vulnerability in Microsoft's Internet Explorer Web browser and Microsoft mail clients such as Outlook and Outlook Express. That vulnerability allows attachments in HTML-format e-mail messages to be opened without user interaction." The malware "changes the ownership information in the computer's registry, kills antivirus programs, and infects the victim machine with the Funlove virus,"
and mails itself to e-mail addresses on the infected machine. When the infected machine is rebooted, the worm "the worm displays a dialogue titled 'Make a fool of oneself' with the message 'What a foolish thing you have done!' Clicking ! on an OK button on the dialogue deletes all files on the computer's hard drive that are not currently opened, according to the security advisories."
http://www.extremetech.com/article2/0,3973,735114,00.asp
Also - http://www.nwfusion.com/news/2002/1127winevar.html
Also - http://news.com.com/2100-1001-975569.html
Also - http://www.theregister.co.uk/content/55/28338.html
SECURE PROGRAMMING WITH .NET
This article provides an overview of .NET framework security features and practical tips on how to write secure code in the .NET framework.
>> http://www.net-security.org/news.php?id=1530
CRACKING OPENVMS PASSWORDS WITH JOHN THE RIPPER Jean-loup Gailly has written a patch for John the Ripper to allow cracking OpenVMS (Vax and Alpha) passwords.
>> http://www.net-security.org/article.php?id=283
"Bug nel kernel 2.4.20"
C'è un bug nel supporto al filesystem ext3 del kernel neonato, non dovrebbe essere troppo diffuso, ma è pur sempre un bug di filesystem corruption...
http://www.ziobudda.net/news/see_comments.php?id_notizia=9455
"BIND, Xinetd e Kernel"
Dopo quello su Apache 2.0, OpenNA presenta altri tre articoli della serie "How to Build, Install, Secure & Optimize"
http://www.ziobudda.net/news/see_comments.php?id_notizia=9451
"Cracker? Rendiamogli la vita difficile"
SNP presenta una lista di 10 azioni da effettuare per rendere più sicuri i propri sistemi contro le intrusioni.
http://www.ziobudda.net/news/see_comments.php?id_notizia=9450
Vulnerabilities
Title: ISS Goes Public With Vulnerability Disclosure Guidelines
Source: EWeek.com
Date Written: December 2, 2002
Date Collected: December 3, 2002
Internet Security Systems Inc. released vulnerability disclosure guidelines that their X-Force research team uses when they have identified flaws and are deciding to notify vendors and the public on December 2, 2002. These guidelines include a provision that "informs vendors that ISS customers who subscribe to the company's X-Force Threat Analysis Service will be told about any new vulnerabilities one business day after ISS notifies the affected vendor. Customers will also get information on any countermeasures that may be available." It is the policy of ISS to provide paying customers with advanced warning of flaws. Their policy also says that a discovered vulnerability could be disclosed 30 days (or sooner) after the vendor has been initially contacted, although paying subscribers will be notified one business day later. If a vendor is unresponsive or the vulnerability has been posted in a mailing list or news article, ISS will accelerate public notification. The debate about the best means to disclose a new vulnerability has been ongoing.
Many believe that the vendor should be given enough time to develop and test an adequate fix for the problem before the public is notified. Some believe that the public should be informed immediately to allow those affected by the problem to take steps to mitigate the risk. The Organization for Internet Safety, a group of software and security vendors working towards a common set of guidelines on responsible vulnerability disclosure, is still developing their guidelines.
http://www.eweek.com/article2/0,3959,741350,00.asp
Also - http://www.internetnews.com/dev-news/article.php/1550581
Also - http://zdnet.com.com/2100-1105-975785.html
Vulnerabilities
Title: Mozilla browser updated after hiccup
Source: IDG.net
Date Written: December 3, 2002
Date Collected: December 3, 2002
Mozilla 1.2 contains a bug that forced developers to stop downloads and
develop Mozilla 1.2.1. The flaw affects some "Web pages developed with
dynamic HTML (Hypertext Markup Language), or DHTML--an advanced programming
language that combines JavaScript, cascading style sheets, and the Document
Object Model (DOM), among other technologies, to create a page that can
change dynamically after it has loaded onto a browser." The open-source Web
browser was released November 26, 2002, and Mozilla 1.2.1 is available and
addresses the flaw, according to developers.
http://www.idg.net/ic_968574_1794_9-10000.html
Also - http://news.com.com/2100-1023-975724.html
"Rilasciato TightVNC 1.2.7: il VNC con SSH"
TightVNC è una distribuzione di VNC con molte features e miglioramenti
rispetto a VNC. E' ottimizzata per connessioni lente, stile modem e dispone
di un automatico SSH tunneling nella versione Unix. Sia il server che il
viewer sono compatibili con la piattaforma VNC originale.
http://www.ziobudda.net/news/see_comments.php?id_notizia=9485
"Linux 2.4.20, il file system ext3 può corrompere i dati"
Secondo quanto dichiarato da Andrew Morton, un'ottimizzazione del file
system ext3, introdotta inizialmente nella versione 2.4.20-pre5, potrebbe
provocare la corruzione dei dati.
http://www.ziobudda.net/news/see_comments.php?id_notizia=9481
Vulnerabilities
Title: RealPlayer Still Vulnerable to Attack
Source: EWeek.com
Date Written: December 3, 2002
Date Collected: December 4, 2002
Real Networks Inc. has not released a working patch to address three
security vulnerabilities in RealPlayer and RealOne software discovered
during November 2002. Additionally, a researcher found five additional
vulnerabilities; they are "buffer overruns and can be exploited remotely via
code embedded in e-mail messages." The researcher, Mark Litchfield of Next
Generation Security Software Ltd., discovered the original flaws and is
working with Real Networks to develop patches. "Litchfield has notified
Real of some of the flaws and is currently in the process of writing
proof-of-concept exploit code for the others before sending them to [Real
Networks]." Real Networks released patch for the original three flaws, but
Litchfield discovered it does not entirely fix the flaws.
http://www.eweek.com/article2/0,3959,743317,00.asp
Vulnerabilities
Title: Sybase patches three security holes
Source: Network World Fusion
Date Written: December 3, 2002
Date Collected: December 4, 2002
Three security flaws in Sybase Adaptive Server database, versions 12.0 and
12.5, software could allow an attacker to gain control of a Sybase server
and run arbitrary code. While Sybase describes the vulnerabilities as
"predominantly hypothetical," a patch was released to address the problems.
The flaw affects both Unix and Windows platforms, and can be used to create
a buffer overflow. Sybase and Application Security, whose researchers
discovered the problem, disagree on the seriousness of the flaws. Sybase
believes that only "trusted users" can log into the system and exploit the
vulnerabilities, but Application Security representatives believe a
non-privileged user can exploit the flaws.
http://www.nwfusion.com/news/2002/1203sybasepatch.html
MEGAPATCH DI IE CORREGGE VECCHI E NUOVI BACHI
Microsoft ha messo a disposizione per gli utenti di Internet Explorer una
nuova patch cumulativa che sistema varie cose, compreso un recente
problemino
URL: http://punto-informatico.it/pi.asp?i=42412
Also - http://www.microsoft.com/security/security_bulletins/MS02-068.asp
Also - http://www.microsoft.com/security/security_bulletins/ms02-067.asp
Also - http://news.com.com/2100-1001-976206.html
Also - http://www.securiteam.com/windowsntfocus/6V0011F6AY.html
"PHP: compilare, installare e ottimizzare"
OpenNA continua la pubblicazione di articoli della serie "How to build,
install, secure & optimize". Questa volta tocca al PHP, il più utilizzato
motore di scripting per pagine web.
http://www.ziobudda.net/news/see_comments.php?id_notizia=9493
Malware
Title: Lagel worm wipes files
Source: ZDNet
Date Written: December 5, 2002
Date Collected: December 5, 2002
A new worm known as W32/SfxDeth.A-MM or W32/Lagel.A has been detected. The
worm arrives in an e-mail with a subject line "Fwd: Crazy Illegal Sex," and
an attachment called IlleGal.exe. The e-mail's body warns, "If u have a
weak heart I warn u DON'T see dis Clip." If the attachment is opened, four
new files are created and graphics are run that imply the e-mail was a joke.
"The files created are MPLAYER.EXE, which is run every time windows is
started up, ILLEGAL.EXE, which contains the worm's code, MMAILS.DLL, which
stores the e-mail addresses the worm obtains from the system, and SMTP.OCX,
an application used to mail messages." Additionally, users are warned that
the worm could delete all files in drives labeled D, E, F, and G. The worm
affects machines running the Windows operating system and the payload is a
Visual Basic script.
http://news.zdnet.co.uk/story/0,,t269-s2127044,00.html
Also - http://www.smh.com.au/articles/2002/12/05/1038950131642.html
Vulnerabilities
Title: Vulnerability Note VU#740169: Cyrus IMAP Server contains a buffer overflow vulnerability
Source: CERT
Date Written: December 3, 2002
Date Collected: December 5, 2002
The CERT Coordination Center of Carnegie Mellon University has issued a
vulnerability note warning that a "buffer overflow vulnerability exists in
versions of Cyrus IMAP Server up to and including 2.1.10." An attacker
could exploit the flaw, and with privileges of the Cyrus IMAP Server, run
arbitrary code on the mail server. Updated versions are available to
address the flaw.
http://www.kb.cert.org/vuls/id/740169
Vulnerabilities
Title: Vulnerability Note VU#140977: SSH Secure Shell for Workstations contains buffer overflow in URL handling feature
Source: CERT
Date Written: December 4, 2002
Date Collected: December 5, 2002
The CERT Coordination Center of Carnegie Mellon University issued an updated
vulnerability note warning that "Windows version of SSH Secure Shell for
Workstations contains a buffer overflow vulnerability that may allow an
attacker to execute arbitrary code." Versions 3.1 to 3.2.0 are affected by
the vulnerability, but a patch is available to address the flaw.
http://www.kb.cert.org/vuls/id/140977
"Soluzione per RPM si pianta su RedHat 8.0"
Ecco la soluzione per risolvere i problemi di RPM che si pianta su Red Hat
8.0.
http://www.ziobudda.net/news/see_comments.php?id_notizia=9522
Vulnerabilities
Title: Security Expert Takes Issue With Rating of New IE Flaw
Source: EWeek.com
Date Written: December 5, 2002
Date Collected: December 6, 2002
Security researcher Thor Larholm posted concerns about the vulnerability
rating Microsoft gave a newly discovered security flaw in Microsoft Internet
Explorer versions 5.5 and 6.0. Microsoft has issued a patch to address the
vulnerability. The flaw "is in the browser's cross-domain security model.
The software performs incomplete security checks when certain object caching
techniques are used in Web pages. An attacker could exploit the flaw by
either sending the malicious code to the user in an HTML mail message or
luring the user to a Web page containing the code." Microsoft said that
exploitation of the flaw "could allow a Web site to access information on
users' machines." Larholm believes the flaw is more serious, as attackers
can not only read the information, but also "modify files on the local
machine, place arbitrary files on it and run any executable found on the
machine with or without parameters." Larholm believes Microsoft is
deliberately downplaying the seriousness of the flaw, and notes that there
are currently 18 unpatched flaws in IE.
http://www.eweek.com/article2/0,3959,748736,00.asp
Also - http://www.pcworld.com/news/article/0,aid,107699,00.asp
Vulnerabilities
Title: Vulnerability Note VU#683673
Source: CERT
Date Written: December 6, 2002
Date Collected: December 6, 2002
The CERT Coordination Center of Carnegie Mellon University issued an undated
vulnerability notice that warns users that "The Sun Solaris priocntl(2)
function does not adequately validate a memory structure that specifies the
name of a kernel module. As a result, a local attacker could execute
arbitrary code with superuser privileges on a vulnerable system." A
workaround has been developed by Sun.
http://www.kb.cert.org/vuls/id/683673
*******SPOT*******
Stai cercando un nuovo sfondo da mettere sul tuo Desktop? Cosa aspetti vai subito in http://wallpapers.gnomixland.com , ne trovi più di 1400 suddivisi in 22 gallerie, ovviamente tutto FREE
*******/SPOT*******
g00d reading! 'n' bye
Security News MainTainer:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it >
(AreaSessantuno Member) / (SpiPPolatori Collaborator)
(HackerAlliance Member) / (Daily DisInfo CreaTor & MainTainer)
