LISTPROC MAILING LIST ULISTPROC_UMASK Overflow ListProc is a UNIX based automated information distribution and retrieval system for electronic mailing lists and file archives. ListProc is intended to be easy to maintain, support, and use. A local buffer overflow in the product allows local attackers to gain elevated privileges.
http://www.securiteam.com/unixfocus/5AP012KA0K.html

WEEKLY VIRUS REPORT - Sory, Kickin, Winur Worms and AOL.Aim Trojan This week's report looks at four malicious code: the worms, Sory (W32/Sory), Kickin (W32/Kickin) and Winur (W32/P2P.Winur.C), and the Trojan AOL.Aim (Trj/PSW.AOL.Aim).
http://net-security.org/virus_news.php?id=227

NetBus
Vendor: Neikter, Carl-Fredrik
A vulnerability was reported in NetBus. A remote user can connect to the server without authenticating.
Impact: User access via network
Alert: http://securitytracker.com/alerts/2003/May/1006736.html

Passport
Vendor: Microsoft
A vulnerability was reported in Microsoft .NET Passport, also affecting Hotmail accounts. A remote user can change an arbitrary target user's password to an arbitrary value and then access the target user's account.
Impact: Modification of authentication information
Alert: http://securitytracker.com/alerts/2003/May/1006728.html

TCP/IP Stack Implementation
Vendor: Santa Cruz Operations
A vulnerability was reported in SCO (Caldera) OpenLinux. The TCP stack does not discard TCP SYN packets that also have the FIN bit set.
Impact: Host/resource access via network
Alert: http://securitytracker.com/alerts/2003/May/1006724.html

Cisco VPN 3000 Concentrator
Vendor: Cisco
Several vulnerabilities were reported in the Cisco VPN 3000 series VPN concentrators, also affecting the Cisco VPN 3002 Hardware Client.
Unauthorized traffic may traverse the VPN to the private network. A remote user can also cause the device to reload.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/May/1006719.html

Windows Media Player
Vendor: Microsoft
A vulnerability was reported in Windows Media Player in the processing of skin files (*.wmz files). A remote user can cause an arbitrary file to be written to an arbitrary location on the target user's computer. This can lead to arbitrary code execution.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/May/1006718.html

Acrobat
Vendor: Adobe Systems Incorporated
A vulnerability was reported in the full version of Adobe Acrobat. A remote user can create malicious PDF files that will execute arbitrary code on the target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/May/1006715.html

Ethereal
Vendor: Ethereal.com
Some off-by-one buffer overflows and integer overflow vulnerabilities were reported in the Ethereal network sniffer. A remote user could cause Ethereal to crash or to execute arbitrary code.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/May/1006712.html

Apache mod_survey
Vendor: Palmius, Joel
An input validation vulnerability was reported in the Apache mod_survey module. A remote user can cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/May/1006709.html

ICQ
Vendor: ICQ Inc.
Several vulnerabilities were reported in ICQ Pro 2003a. A remote user may be able to execute arbitrary code on the client. A remote user can cause the client to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/May/1006706.html

Microsoft IIS Authentication Manager
Vendor: Microsoft
An information disclosure vulnerability was reported in the Microsoft Internet Information Server (IIS) Authentication Manager, a tool used for changing a user's password on the system via a web interface. A remote user can determine if specified user names are valid or not.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2003/May/1006704.html

BFi12-dev-05 is out!
title: GRUB fallback patch
author: ORK < orkmail@katamail.com >
rel-date: 03/05/2003
url: http://www.s0ftpj.org/bfi/dev/BFi12-dev-05.tar.gz
http://bfi.freaknet.org/dev/BFi12-dev-05.tar.gz
lang: it

USA, IMPORTANTE DECISIONE SUI FORUM
Un tribunale californiano ha deciso che un commento diffamante apparso sul forum di vendita di eBay non puo' essere ascritto alla stessa eBay ma solo a chi lo ha formulato
URL: http://punto-informatico.it/pi.asp?i=44062

Malware
Title: Fizzer stealth worm spreads via KaZaA
Source: The Register
Date Written: May 12, 2003
Date Collected: May 12, 2003
A new Internet worm has been found spreading through both email and the KaZaA P2P file-sharing network. The worm, named Fizzer, is more dangerous than most because it contains both key logging and Trojan horse functionality. Fizzer also attempts to shut down any anti-virus software running on the infected client. However, Kaspersky Labs, the Russian anti-virus firm that discovered Fizzer, claims early indications are that it is spreading quite slowly, and therefore only a modest risk.
http://www.theregister.co.uk/content/56/30659.html

Vulnerabilities
Title: The never-ending OS update
Source: MSNBC (AP)
Date Written: May 9, 2003
Date Collected: May 12, 2003
The Associated Press author writes about his difficulties keeping his Microsoft Windows XP machine up to date. Windows informed the author of 6 critical and 8 recommended updates to Windows XP. The download and installation, even with a high speed Internet connection, took 40 minutes.
The author checked his update history, and found that since September 19, 2000, he has downloaded 113 updates, 30 of which failed. Some updates fixed problems created by other updates, while others created problems that did not previously exist, forcing use of the 'system restore' feature.
http://www.msnbc.com/news/910772.asp

AUDITING WEB SITE AUTHENTICATION, PART TWO This is the second part of a two-part series discussing a standard audit procedure consisting of a list of questions to test Web site authentication schemes.
http://www.net-security.org/news.php?id=2566

THE OPENBSD PACKET FILTER FAQ
Aimed at users of OpenBSD 3.3, The OpenBSD Packet Filter FAQ is meant to provide a supplement to the PF man pages.
http://www.net-security.org/news.php?id=2567

WHAT'S NEW IN WINDOWS SERVER 2003
In this article, the author counts down the top ten features that you should know about.
http://www.net-security.org/news.php?id=2577

PRACTICAL EXAMPLES FOR ESTABLISHING WEB SERVICE SECURITY IN .NET Instead of abstract theories, here are some examples to provide an easy and quick way to accomplish a rather complex task.
http://www.net-security.org/news.php?id=2580

FORMATTING AND REINSTALLING AFTER A SECURITY INCIDENT This article will examine the process of starting over, and more specifically, reinstalling after a security incident.
http://www.net-security.org/news.php?id=2592

Niente panico, è solo un Bill-ennium Bug!
di Paolo Attivissimo
Due incredibili falle di sicurezza rischiano di relegare le ambizioni di "trustworthy computing" di Microsoft fra gli scarti della storia dell'informatica, sepolti dal ridicolo
http://www.apogeonline.com/webzine/2003/05/14/01/200305140101

"Le falle di sicurezza su PHP Nuke sembrano non finire mai"
Scoperti diversi SQL injection su PHP-Nuke 6.5: uno dei maggiori Content Management System utilizzati in rete
http://www.ziobudda.net/Admin/redir_news.php?id=11826

"Linux 2.4.21-rc2-ac1"
Come al solito non potevano mancare le correzioni di A.Cox :) http://www.ziobudda.net/Admin/redir_news.php?id=11820

IN ITANIUM 2 SI CELA UN BUG
Intel ammette l'esistenza di un bug nel suo giovane processore hi-end Itanium 2 che, in particolari circostanze, potrebbe causare il crash di un sistema. Seppur piccolo, il problema rischia di frenare l'avanza di Itanium
URL: http://punto-informatico.it/pi.asp?i=44071

Technology
Title: Denial of service defenses outlined
Source: C-Net News
Date Written: May 13, 2003
Date Collected: May 13, 2003
Two graduate students from Carnegie Mellon University have presented papers at the Institute of Electrical and Electronics Engineers (IEEE) Symposium on Security and Privacy to combat denial of service (DoS) attacks. Abraham Yaar proposes fingerprinting data packets based on the route the information takes through the network, storing the fingerprint in the largely unused 16-bit internet protocol (IP) identification field. This method is especially effective against spoofed IP addresses, though it may cause problems for digital subscriber line (DSL), which makes more use of the IP identification field than other connections. XiaoFeng Wang proposes servers send a "puzzle," a computation that takes a certain amount of processor time, to computers that wish to connect to the server. This method would slow down distributed DoS attacks, as well as spammers. An auction system would allow legitimate users to "outbid" attackers for connections.
http://rss.com.com/2100-1009_3-1001200.html?tag=fd_top

"Firma digitale: un attacco simulato rileva alcune debolezze"
Il Laboratorio di Sicurezza e Reti del Dipartimento di informatica e comunicazione dell'Universita' degli Studi di Milano ha condotto la prima realizzazione pratica a livello mondiale di attacco riuscito a un dispositivo di firma digitale.
http://www.ziobudda.net/Admin/redir_news.php?id=11841

"IPTables"
Un documento lungo piu' di 20 pagine e dedicate ad IPTables.
http://www.ziobudda.net/Admin/redir_news.php?id=11835

"Red Hat alert"
Red Hat ha aggiornato il pacchetto xinted dopo la scoperta di una vulnerabilità molto grave (DoS)
http://www.ziobudda.net/Admin/redir_news.php?id=11834

Technology
Title: Setting a Standard for Wireless Security
Source: PCWorld
Date Written: May 13, 2003
Date Collected: May 14, 2003
The PAM Forum, a consortium working on presence and availability (P&M) standards for wireless, will join the Parlay Group of industry vendors. The two organizations had worked together previously on wireless security standards, and believe that the merger will reduce confusion among vendors, and lead to "stronger evolution of development." Parlay specifications have already used PAM Forum's specs and been accepted by the Third Generation Partnership Project (3GPP) and 3GPP2, the worldwide groups developing technical specifications for a third-generation mobile system. The parlay Group also has a working relationship with the Open Mobile Alliance.
http://www.pcworld.com/resource/printable/article/0,aid,110714,00.asp

"Rilasciato il gcc 3.3"
Ecco la nuova versione del più potente compilatore in ambiente Unix.
http://www.ziobudda.net/Admin/redir_news.php?id=11875

SCO TAGLIA I PONTI CON LINUX
SCO Group ha annunciato di aver sospeso la vendita della propria distribuzione Linux in attesa di chiarimenti sui problemi legati alla proprieta' intellettuale e avverte i clienti: Attenti! Linux e' un derivato non autorizzato di Unix
URL: http://punto-informatico.it/pi.asp?i=44109
Also - http://www.infoworld.com/article/03/05/15/HNscowarns_1.html
Also - http://www.nandotimes.com/technology/story/888799p-6192870c.html

WORM FIZZER, IRC REAGISCE
Sono ancora al lavoro i gestori di IRC che hanno messo in piedi il sito IRC Unity per collaborare sul fronte della sicurezza e rispondere all'emergenza causata dal worm Fizzer
URL: http://punto-informatico.it/pi.asp?i=44117
Also - http://news.com.com/2100-1002_3-1001601.html?tag=fd_top

LICENZE FREE E LICENZE PROPRIETARIE
di Manuel M. Buccarella - Pubblichiamo un approfondimento giuridico su free software e software proprietario tenuto nel corso del recente convegno
milanese: Condividi la conoscenza
URL: http://punto-informatico.it/pi.asp?i=44113

"Nuova versione (1.8) de 'Advanced Bash-Scripting Guide'"
This document is both a tutorial and a reference on shell scripting with Bash. It assumes no previous knowledge of scripting or programming, but progresses rapidly toward an intermediate/advanced level of instruction. The exercises and heavily-commented examples invite active reader participation.
Still, it is a work in progress. The intention is to add much supplementary material in future updates to this document, as it evolves into a comprehensive book that matches or surpasses any of the shell scripting manuals in print.
http://www.ziobudda.net/Admin/redir_news.php?id=11878

Malware
Title: New Internet bug attacks administrator/password logins
Source: Government Computer News
Date Written: May 14, 2003
Date Collected: May 16, 2003
Government Computer News warns of a new virus called 'Nick' that targets systems with login settings established as Administrator and passwords set as 'Password'. Once a machine has been infected, 'Nick' apparently "establishes a File Transfer Protocol site for spam relay and storage."
Users are infected when they close a spam box that randomly opens on their computer. Sensible password policies will protect against the new virus.
http://www.gcn.com/vol1_no1/daily-updates/22063-1.html

Vulnerabilities
Title: DoS Hole Found in Linux Kernel
Source: Internet News
Date Written: May 15, 2003
Date Collected: May 16, 2003
U.K.-based security firm Secunia issued an advisory on May 15, 2003 warning of a "moderately critical" vulnerability in the Linux Kernel 2.4 branch. The flaw, which relates to the way the Linux Kernel handles caching of routing information, could be exploited to cause a denial of service (DoS) attack "with a rate of only 400 packets per second by using carefully chosen source addresses that causes hash collisions in the table." The vulnerability affects a variety of products from Red Hat, SuSE, Mandrake, Slackware, Gentoo, Debian and Conectiva. Red Hat has issued updated kernel packages to patch all Red Hat Linux versions from 7.1 to 9. A temporary workaround could also be employed to protect against the flaw.
http://boston.internet.com/news/article.php/2207021

****Spot****
Vuoi accedere ai migliori newsgroup direttamente ma non hai un client adatto sul tuo Pc? Allora che aspetti! vai subito su http://newsgroup.gnomixland.com ! Il primo client newsgroup via WEB
************

g00d reading! 'n' bye
Security News MainTainer:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it > (AreaSessantuno Member) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Daily DisInfo CreaTor & MainTainer) (Socio fondatore e Membro del CapitanLUG.iT)