Microsoft Internet Security and Acceleration Server
Vendor: Microsoft
Hugo Vazquez Carames and Toni Cortes Martinez of INFOHACKING reported an input validation vulnerability in the Microsoft Internet Security and Acceleration (ISA) Server. A remote user can conduct cross-site scripting attacks against users on networks that have implemented the ISA Server.
Attacks can be executed against arbitrary domains.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2003/May/1006789.html

Tcpdump
Vendor: Tcpdump.org
A denial of service vulnerability was reported in tcpdump. A remote user can cause the software to enter an infinite loop.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/May/1006784.html

Linux Kernel
Vendor: [Multiple Authors/Vendors]
A vulnerability was reported in the Linux 2.4 operating system kernel in the 'ioperm' system call. A local user can gain access to I/O ports on the system.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2003/May/1006778.html

Linux Kernel
Vendor: [Multiple Authors/Vendors]
A vulnerability was reported in the Linux 2.4 operating system kernel route cache hash table. A remote user can send specially crafted packets to cause excessive CPU utilization and denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/May/1006775.html

Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer (IE). A remote user can create HTML that may cause the browser to execute arbitrary code.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/May/1006774.html

Eudora
Vendor: Qualcomm
A vulnerability was reported in the Eudora IMAP client software. A remote IMAP server can cause the client to crash or possibly execute arbitrary code.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/May/1006773.html

Microsoft Outlook Express
Vendor: Microsoft
A vulnerability was reported in the Microsoft Outlook Express IMAP client software. A remote IMAP server can cause the client to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/May/1006771.html

Mozilla E mail Client
Vendor: Mozilla.org
A vulnerability was reported in the Mozilla IMAP client software. A remote IMAP server can cause the client to crash or execute arbitrary code.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/May/1006767.html

Pine
Vendor: University of Washington
A vulnerability was reported in the Pine IMAP e-mail client software. A remote IMAP server can cause the client to crash or execute arbitrary code.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/May/1006762.html

Microsoft Outlook Express
Vendor: Microsoft
Microsoft's PSS Security Response Team issued an alert regarding a new worm referred to as 'W32.Fizzer.A@mm'. According to the report, the worm is a mass-mailing worm that affects Microsoft Outlook Express [Outlook is also affected].
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/May/1006748.html

"Version 4 of the 2.6 must fix list"
Andrew Morton spiega cosa c'è da mettere a posto prima che il kernel 2.5 possa evolvere nella sua nuova veste 2.6. (E' la quarta versione corretta).
http://www.ziobudda.net/Admin/redir_news.php?id=11913

QUANDO IL DIALER ARRIVA IN TV
Pubblichiamo un intervento di Simonetta Zandiri apparso su Strategie Digitali che traccia un profilo della complessa questione dei dialer
URL: http://punto-informatico.it/pi.asp?i=44150

UN PROBLEMA PER XINETD
Molti sistemi UNIX utilizzano un super-daemon, inetd, o una sua variante, per controllare i demoni che offrono vari servizi e attivarli solo quando necessario. Una delle varianti più famose, Xinetd, è vulnerabile a un attacco di denial-of-service causato da una gestione inefficiente della memoria. Il problema (http://www.securityfocus.com/bid/7382) è sfruttabile da remoto e può causare l'esaurimento della memoria disponibile e il blocco di xinetd. Il servizio è vulnerabile fino alla versione 2.3.11.

Malware
Title: 'Microsoft' worm has 13 day timebomb
Source: vnunet.com
Date Written: May 19, 2003
Date Collected: May 19, 2003
The Palyh worm (pronounced Pale-H) pretends to be an email from support@microsoft.com, and is set to go inactive on May 31, 2003. Until then, the worm, once it infects a PC, can update itself from a remote web server, and download spyware. It also scans TXT, EML, HTML, HTM, DBX, WAB files and emails itself to any address it finds. It can also spread over corporate networks. The United Kingdom, Australia, and New Zealand have been heavily hit by the worm, though it is a low level threat; Network Associates has an anti-virus update available, and do not believe it should cause a problem for anyone with a strong anti-virus policy.
http://www.vnunet.com/News/1140996
Also - http://www.eweek.com/article2/0,3959,1094219,00.asp
Also - http://news.zdnet.co.uk/story/0,,t269-s2134877,00.html
Also - http://www.computerworld.com.au/index.php?taxid=620938001&id=1656263331
Also - http://news.bbc.co.uk/1/hi/technology/3040247.stm

CHECK POINT STOPS ATTACKS AT APP LEVEL
Check Point Software Technologies Ltd. is making a major move into the application security and intrusion prevention markets with a new set of capabilities for its widely deployed FireWall-1 and VPN-1 boxes.
http://www.net-security.org/news.php?id=2621

A FIREWALL FOR ALL OCCASIONS
Packet filters, proxies, stateful inspection--which type of firewall is right for you?
http://www.net-security.org/news.php?id=2623

SECURING APACHE: STEP BY STEP
This article shows in a step-by-step fashion, how to install and configure the Apache 1.3.x Web server in order to mitigate or avoid successful break-in when new vulnerabilities in this software are found.
http://www.net-security.org/news.php?id=2653

ADMINISTER LINUX ON THE FLY
The /proc filesystem is one of Linux's great features, and this article gives you a thorough grounding in some of its most useful aspects.
http://www.net-security.org/news.php?id=2655

"Condividere le stampanti"
Un piccolo testo, in inglese, che spiega come condividere la stampante per piu' computer. [Cercasi traduttore].
http://www.ziobudda.net/Admin/redir_news.php?id=11937

Malware
Title: IRC group decrypts Fizzer commands
Source: C-Net News
Date Written: May 19, 2003
Date Collected: May 20, 2003
On May 19, 2003, John McGarrigle, chairman of the IRC/Unity security group, announced that the group has figured out how the Fizzer virus can be controlled via Internet relay chat (IRC). By decompiling Fizzer's code, members of the IRC/Unity group found that machines infected with the virus are programmed to connect to one of several hundred IRC networks, create a chat channel, and listen to updates from a specific username that changes daily based on a pre-determined algorithm. IRC operators are using this information to contact machines infected with Fizzer to uninstall the virus.
http://news.com.com/2100-1009_3-1007743.html

Vulnerabilities
Title: Windows Server 2003 Backup Problem Discovered
Source: Internet Week
Date Written: May 20, 2003
Date Collected: May 20, 2003
Terabyte Computers has discovered a data backup problem in Windows Server 2003. Windows Server 2003 uses a block size of 64 kilobytes on tape media, which Windows XP and Windows 2000 does not recognize; if a Windows 2003 server crashes, an XP or 2000 box will not be able to read the data backup tapes. Terabyte Computers recommends businesses delay deployment of Windows Server 2003 until Microsoft addresses the incompatibility. Brian Bergen, president of Terabyte Computers, has been pleased with the server product so far, and expects Microsoft will either update the backup programs in Windows 2000 and XP, or add a compatibility option to Windows 2003.
http://www.internetwk.com/security02/showArticle.jhtml?articleID=10000338

"Corazzare Apache: una guida"
Security Focus pubblica un'interessante guida sull'installazione e la configurazione sicura di Apache 1.3.x Web Server.
http://www.ziobudda.net/Admin/redir_news.php?id=11961

Malware
Title: Why spammers lurve the 'Microsoft support' worm
Source: The Register
Date Written: May 21, 2003
Date Collected: May 21, 2003
The Palyh worm, which poses as a message from support@microsoft.com, could be used by spammers to set up proxy servers on infected machines. The worm has been found to be a variant of Sobig-A, which many spammers used for the same purpose, and anti-virus vendors are renaming it Sobig-B. It acts as the primary attack, gaining a foothold on computers, then downloads Trojan code later. Geocities is shutting down sites where such code may be hosted, but other variants that do not rely on Geocities may follow. This is one of several examples of spammers cracking PCs or insecure wireless networks to send untraceable spam, leaving the innocent victim - such as a Vermont prep school - to take the blame.
http://www.theregister.co.uk/content/56/30808.html

Malware
Title: How Can We Stop the Spread of Worms?
Source: PC World
Date Written: May 21, 2003
Date Collected: May 21, 2003
The recent W32/Palyh-A worm spread as a mass-mailer with social engineering.
Victims received a message claiming to be from support@microsoft.com, with a .pif executable file. When users click the file, it copies itself to the Windows folder and sends itself to all e-mail addresses on the hard drive of the infected machine. Paul Ducklin, Sophos' head of technology for the Asia-Pacific region, recommends using e-mail scanning software to prevent executable files, such as .pif, .exe, and .vbs, from getting onto company networks; distributing such files over e-mail poses more risks than benefits. Six of the top ten viruses reported to Sophos in April 2003 were Windows e-mail viruses. One reason many companies do not block such files is the popularity of 'amusement programs', such as 'frog-in-a-blender', among employees.
http://www.pcworld.com/news/article/0,aid,110827,00.asp

Vulnerabilities
Title: Application security - the next frontier?
Source: IT-Director.com
Date Written: May 21, 2003
Date Collected: May 21, 2003
Security vendor Checkpoint will branch out into new areas, including application security. Security often focuses on protecting the perimeter of a network, but as web services gain market space, networks and applications will interact much more. Applications, however, are coded for enablement rather than security, with many common coding mistakes. The Open Web Application Security Project (OWASP) claims that "major software development projects are still making these mistakes and jeopardizing not only their customers' security, but also the security of the entire Internet".
http://www.it-director.com/article.php?articleid=10859

Vulnerabilities
Title: How Secure Is Windows Server 2003?
Source: NewsFactor
Date Written: May 21, 2003
Date Collected: May 21, 2003
Microsoft's Windows Server 2003 incorporates many new security features, and security experts are beginning to analyze its strengths. The IIS web server and 34 other features are turned off in the default configuration, decreasing the chances of a web-based attack - Gartner Research found that 65% of threats against Windows 2000 targeted default features. The operating system has better support for the Kerberos security standard and public key infrastructure (PKI). However, Microsoft has focused on its own Passport service for identity management, but not Security Assertions Markup Languages (SAML), based on XML, making connections with non-Passport systems tricky. Microsoft also provides two guides to protecting Windows 2003
systems: "Windows 2003 Security Guide" and "Threats and Countermeasures."
Analysts believe it will take 12 to 18 months to adequately assess Microsoft's new security efforts.
http://www.newsfactor.com/perl/story/21559.html

"Vulnerabilità in molti client IMAP"
E' stata riscontrata una pericolosa vulnerabilità in molti dei client IMAP maggiormente utilizzati.
Nello specifico le vulnerabilità sono due, e su alcuni sistemi potrebbero essere sfruttate per ottenerne il controllo. I programmi affetti sono:
Eudora 5.x, Microsoft Outlook Express 6, Ximian Evolution 1.2.x, Pine 4.x, Mutt 1.x, Mozilla 1.3, Mozilla 1.4, Sylpheed 0.x, Sylpheed-Claws 0.x, c-client / UW-imapd 2002.
http://www.ziobudda.net/Admin/redir_news.php?id=11981

KASPERSKY, PATCH URGENTE PER IE 5
Kaspersky ha sollecitato Microsoft a rilasciare quanto prima una patch che tappi una falla di Internet Explorer 5 sfruttata da un nuovo worm russo. Il produttore di antivirus avverte: l'epidemia potrebbe superare quella di Klez
URL: http://punto-informatico.it/pi.asp?i=44200
Also - http://196.37.50.65/sections/internet/2003/0305221102.asp

Technology
Title: Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring
Source: Security Focus
Date Written: May 21, 2003
Date Collected: May 22, 2003
The article is an introduction to intrusion detection systems and passive network monitoring - readers should have an intermediate understanding of internet protocol (IP) and basic familiarity with network sniffers. Common tools such as tcpdump, Snoop and Ethereal can be used to look at TCP headers and gain knowledge of network topology and offered services. Operating systems (OS) can even be identified from IP packets, since each OS has a slightly different implementation of the IP specification. The article also covers the use of ngrep to analyze packet payloads. Understanding the abilities and uses of raw sockets can help determine the legitimacy of data packets.
http://www.securityfocus.com/infocus/1696

Vulnerabilities
Title: Which Is Buggier: Windows or Linux?
Source: NewsFactor
Date Written: May 23, 2003
Date Collected: May 23, 2003
Although public perception would probably finger the Windows family of operating systems as being more flawed than Linux systems, a recent side-by-side comparison indicates that Linux has issued many times more security bulletins than Windows (158 for Red Hat 7.2 vs. 27 for XP Pro since November 2001). However, such a quantitative comparison is risky at best, since the two operating systems involve such disparate development environments. Windows software, being proprietary, has attracted a rather aggressive community trying to find bugs in order to denigrate Microsoft, according to IDC analyst Chris Christiansen. Whereas, there's a community within Unix-Linux that has grown to increase its stability, where finding the bugs is considered a positive thing. Mr. Christiansen went so far as to say the question of which OS is more bug-prone is irrelevant. "It's difficult to make that judgment unless you're making it in the context of a specific environment, a specific set of appl!
ications and a specific user base," he said. However, "the lack of logic has never stopped people from making the comparison."
http://www.newsfactor.com/perl/story/21583.html

g00d reading! 'n' bye
Security News MainTainer:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it > (AreaSessantuno Member) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Daily DisInfo CreaTor & MainTainer) (Socio fondatore e Membro del CapitanLUG.iT)