Lo Stack di Windows 2003
Sulla mailing list SiKurezza.OrG è stato segnalato un interessantissimo paper sullo stack di Windows 2003. Se interessa a qualcuno, potete scaricarlo da qui:
http://www.nextgenss.com/papers/defeating-w2k3-stack-protection.pdf
PACCO IN VISTA PER WINDOWS XP
Una email di Microsoft ai beta tester sembra suggerire l'intenzione di colmare la lunga attesa che separa gli utenti di Windows XP dal Service Pack
2 con il rilascio di una collezione di fix recenti
URL: http://punto-informatico.it/pi.asp?i=45218
Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer (IE). A remote user can create HTML that, when loaded by the target user, will cause arbitrary code to be executed.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007689.html
Microsoft Internet Explorer (IE)
Vendor: Microsoft
Several cross-domain scripting vulnerabilities were reported in Microsoft Internet Explorer (IE). A remote user can cause arbitrary scripting to be executed in an arbitrary security domain.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2003/Sep/1007687.html
Man
Vendor: Brouwer, Andries et al
A buffer overflow was reported in 'man'. A local user may be able to obtain elevated privileges in certain cases.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2003/Sep/1007685.html
MySQL
Vendor: MySQL.com
A buffer overflow vulnerability was reported in MySQL in the processing of user passwords. An authenticated administrator can execute arbitrary code on the system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007673.html
Rpc
Vendor: Microsoft
Several buffer overflow vulnerabilities were reported in several Microsoft operating systems in the RPCSS service related to Distributed Component Object Model (DCOM) messages. A remote user can execute arbitrary code with Local System privileges or cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007670.html
** CORSO DI FORMAZIONE PER AMMINISTRATORE LINUX ** A Milano un corso per amministratori di sistemi basati su Linux rivolto a disoccupati e studenti.
[Pubblicato su www.zeusnews.it il 15-09-2003] >> di Pier Luigi Tolardo
http://www.zeusnews.it/news.php?cod=2366
Nmap 3.45: Version detection!
I haven't released a public Nmap version since 3.30 in June, but I haven't been slacking. Instead I decided to write a powerful and efficient version detection implementation. This means that instead of using a simple nmap-services table lookup to determine a port's likely purpose, Nmap 3.45 will (if asked) interrogate that TCP or UDP port to determine what service is really listening. In many cases it can determine the application name and version number as well. Since I don't have room here to fully describe the motivations behind version detection, how it works, and how you can contribute your own service fingerprints, I wrote a paper on this topic: http://www.insecure.org/nmap/versionscan.html
As usual, the latest warez are available from http://www.insecure.org/nmap/nmap_download.html
MANDRAKE LINUX ADVISORY: XFREE86
"Several vulnerabilities were discovered by blexim(at)hush.com in the font libraries of XFree86 version 4.3.0 and earlier..."
http://linuxtoday.com/security/2003091201526SCMDSW
DEBIAN GNU/LINUX ADVISORY: XFREE86
"Four vulnerabilities have been discovered in XFree86..."
http://linuxtoday.com/security/2003091201626SCDBSW
"Nuovo grosso buco in SSH: accesso root da remoto"
È stata annunciata l'esistenza di un grosso problema di sicurezza che riguarda l'ultima versione del demone SSH presente in molte distribuzioni Linux. L'importanza del problema deriva dalla possibilità per un attaccante di ottenere un shell di root da remoto, al momento sono disponibili pochi altri dettagli.
http://www.ziobudda.net/Admin/redir_news.php?id=13654
"La Microsoft ti mette le mani nella XBOX da remoto"
Tramite il servizio Xbox Live vengono patchati da remoto gli exploit software che consentono alla console di far girare codice non approvato dal colosso di Redmond (es. linux). Non essere registrati al servizio non mette comunque al riparo gli utenti: basta accedere alla parte di un gioco che si appoggia ad Xbox Live per vedersi installate le patch "d'ufficio". In USA dove la console rimane comunque di proprieta' di Microsoft, tutto cio' e'
previsto dalla Eula, ma in europa?
http://www.ziobudda.net/Admin/redir_news.php?id=13643
QUANDO OFFICE E' A RISCHIO
Brutto periodo per Office: varie patch sono state rilasciate per una serie di vulnerabilità nelle applicazioni della suite. La prima (scoperta da eEye,
http://www.eeye.com/html/Research/Advisories/AD20030903-2.html) colpisce Visual Basic for Applications, e consentirebbe di eseguire codice arbitrario. Il bollettino, all'URL http://www.microsoft.com/security/security_bulletins/ms03-037.asp, elenca le applicazioni vulnerabili (le versioni 97/2000/2002 di Access, Excel, PowerPoint, Word, le versioni 2000 e 2002 di Project e Visio, Publisher 2002, Works Suite 2001/2002/2003, e alcune applicazioni della serie Microsoft Business Solutions). Il processo di patching non è dei più semplici, in quanto per ogni applicazione vi sono varie patch disponibili a seconda delle versioni. Word è afflitto da altri due pericolosi bug. Il primo potrebbe consentire l'esecuzione automatica delle macro a prescindere dai livelli di sicurezza impostati dall'utente. Sono vulnerabili Word
97/98(J)/2000/2002 e Works Suite 2001/2002/2003; il bollettino con la patch è disponibile all'URL http://www.microsoft.com/technet/security/bulletin/MS03-035.asp . Il secondo (sempre scoperto da eEye,
http://www.eeye.com/html/Research/Advisories/AD20030903-1.html) è un buffer Overrun nel convertitore WordPerfect che può causare esecuzione arbitraria di codice. Sono vulnerabili Office 97/2000/XP, Word 98(J), FrontPage 2002, Publisher 2000 e Works Suite 2001/2002/2003. Il bollettino si trova all'URL http://www.microsoft.com/technet/security/bulletin/MS03-035.asp
Anche Access ha un ulteriore problema con un buffer overflow, seppure meno grave. Sono vulnerabili le versioni 97/2002/2002, il bollettino si trova all'URL http://www.microsoft.com/security/security_bulletins/ms03-038.asp
IL DNS APRE LA PORTA ALLO SPAM
Secondo un recente documento informativo
(http://lists.insecure.org/lists/bugtraq/2003/Sep/0155.html) la configurazione di default di molti server DNS può consentire a uno spammer di usare i server per i suoi fini. Il suggerimento è di riconfigurarli in modo da non consentire l'uso ricorsivo se non per la rete interna, ma il paper descrive dettagliatamente tutti i problemi e analizza varie soluzioni.
Un altro testo molto informativo sulla configurazione sicura di BIND si trova all'URL http://www.cymru.com/Documents/secure-bind-template.html
Vulnerabilities
Title: Microsoft's New Security Road Map
Source: NewsFactor
Date Written: September 15, 2003
Date Collected: September 16, 2003
After the Blaster and SoBig worm attacks of August 2003, security researchers are watching changes in Microsoft's security planning closely.
Microsoft has created a Security Business Unit to train developers in secure code, though Richard Stiennon of the Gartner research group notes that older systems still operate on code written before the security initiative.
Microsoft has instituted new practices to protect users, such as disabling more than twenty services in its default installation of Windows Server 2003. Microsoft has also begun to develop security products, though Mr.
Stiennon recommends they focus on building more secure versions of their current applications, such as Excel and Word. Microsoft will also streamline its patching process.
http://www.newsfactor.com/perl/story/22289.html
** FIRMA DIGITALE E SICUREZZA **
Il 25 settembre a Milano si terrà la seconda edizione del seminario sulle problematiche legate a firma digitale e sicurezza.
[Pubblicato su www.zeusnews.it il 18-09-2003] >> di Pier Luigi Tolardo
http://www.zeusnews.it/news.php?cod=2369
Paper sulla nuova vulnerabilità DCOM
Luigi D'Amato ( Admin di www.securitywireless.info ) segnala un link ad un interessantissimo paper sulla nuova vulnerabilità DCOM.
http://www.immunitysec.com/papers/msrpcheap.pdf
"CryptoGram September 2003"
Crypto-Gram is a free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. This month, Schneier talks about Accidents and Security Incidents, Licensing Computer Users, Security Notes from All Over: Hats in Banks, feedback from his book Beyond Fear, California's Security-Breach Disclosure Law, and more.
http://www.ziobudda.net/Admin/redir_news.php?id=13669
Malware
Title: Hackers distributing new Windows exploit
Source: Security Focus (AP)
Date Written: September 16, 2003
Date Collected: September 17, 2003
Researchers at iDefense have found a Chinese website distributing software to exploit recently publicized Windows flaws. iDefense says the tool is "relatively polished," giving attackers access to a targeted computer by creating a new user account, with options for two version of Windows 2000.
The tool does not include options for Windows XP or Server 2003, but such modifications are possible. The flaws, announced by Microsoft September 10 2003, are similar to the flaws exploited by the Blaster worm in August.
Homeland Security warns that another Blaster-like attack could have a "significant impact" on the Internet, and iDefense expects such an attack within days.
http://www.securityfocus.com/news/6975
Also - http://www.eweek.com/article2/0,4149,1271347,00.asp
Also - http://news.com.com/2100-1002-5077666.html
Also - http://www.infoconomy.com/pages/news-and-gossip/group85073.adp
Also - http://www.banktech.com/story/techwire/TWB20030917S0006
Technology
Title: PGP's 'bump in the wire' automates email security
Source: ZDNet UK
Date Written: September 15, 2003
Date Collected: September 17, 2003
Pretty Good Privacy (PGP) unveiled PGP Universal at the Gartner Security Conference in London to provide e-mail security and encryption without client-side software. Getting users to comply with security policies and manually sign and encrypt their e-mails is often ineffective, since users can be lazy or forgetful of such policies. PGP Universal shifts the burden from users to the network. PGP Universal runs on a dedicated x86 server with a "hardened" version of Red Hat Linux 7.3. The box then sits on the network, either between the client and the mail server for internal mode, or in the demilitarized zone (DMZ) between the outward facing mail gateway and the Internet. Universal then applies a security policy to all e-mail running through it, encrypting, decrypting, signing, and checking signatures as needed.
http://news.zdnet.co.uk/internet/security/0,39020375,39116351,00.htm
Vulnerabilities
Title: SSH security glitch exposes networks
Source: ZDNet
Date Written: September 17, 2003
Date Collected: September 17, 2003
Security researchers have announced a buffer management flaw in the popular Secure Shell (SSH) encrypted remote management tool for Unix, Linux, and BSD, which would allow an attacker to gain access to a system. Chief hacking officer for eEye Digital Security calls the flaw "pretty close to a skeleton key." All versions of OpenSSH running on all distributions of Linux and BSD are affected. Many rumors are going around about how the exploit allegedly works, and to what extent it opens a system. The Computer Emergency Response Team advises users to install the OpenSSH 3.7.1 upgrade. A version 3.7 upgrade was released soon after news of the flaw, but it looks like there are two bugs in the system, necessitating version 3.7.1.
http://zdnet.com.com/2100-1105_2-5077796.html
MANDRAKE LINUX ADVISORY: KDEBASE
"A vulnerability was discovered in all versions of KDE 2.2.0 up to and including 3.1.3..."
http://linuxtoday.com/security/2003091702126SCKEMD
Mandrake update for sendmail
Mandrake has issued updated packages for sendmail. These fixes two vulnerabilities which possibly could allow malicious people to gain system access.
http://www.secunia.com/advisories/9765/
BUCHI IN SENDMAIL, OPENSSH E DB2 LINUX
In questi giorni sono emerse gravi vulnerabilita' di sicurezza che interessano due noti software open source, Sendmail e OpenSSH, e la versione per Linux del database DB2 di IBM. Corsa alle patch
URL: http://punto-informatico.it/pi.asp?i=45277
VIRUS/ GIRA FALSA EMAIL MICROSOFT
Si tratta di un worm, Gibe-F, che sta facendo rapidamente il giro della rete. Si diffonde via email, via IRC e via P2P
URL: http://punto-informatico.it/pi.asp?i=45281
"Advanced Bash Scripting Guide v. 2.1 (14/09/2003)"
Nuova versione della bibbia della Bash :-).
http://www.ziobudda.net/Admin/redir_news.php?id=13701
"Linux Filesystem Hierarchy v. 0.61 (14/09/2003)"
This document outlines the set of requirements and guidelines for file and directory placement under the Linux operating system according to those of the FSSTND v2.2 final (May 23, 2001) and also its actual implementation on an arbitrary system.
http://www.ziobudda.net/Admin/redir_news.php?id=13700
"Distribuito su Internet software per attacchi informatici"
E' stata rilevata dalla Cina la diffusione di tool software per violare Windows 2000 in alcune versioni per la clientela Corporate.
http://www.ziobudda.net/Admin/redir_news.php?id=13698
MANUAL SOFTWARE CONFIGURATION LEAVES SYSTEMS OPEN TO ATTACK Enterprise software manufacturers should ship products with the maximum security set as default, according to Mary Ann Davidson, chief security officer at Oracle.
http://www.net-security.org/news.php?id=3535
MICROSOFT STANDS BY IE SECURITY PATCH
Microsoft has responded to claims that a recent patch for Internet Explorer fails to fix the security vulnerability.
http://www.net-security.org/news.php?id=3539
PROTECTING DATABASES
Securing your databases involves not only establishing a strong policy, but also establishing adequate access controls. In this paper, we will cover various ways databases are attacked, and how to prevent them from being "hacked".
http://www.net-security.org/article.php?id=555
RAINBOWCRACK 1.01
RainbowCrack is an instant windows password cracker based on Philippe Oechslin's faster time-memory trade-off technique.
http://www.net-security.org/software.php?id=515
"Worm 'Swen' si spaccia come una security Patch!!"
Le compagnie Antivirus sono state avvisate del nuovo Worm che ha la potenzialita' di diffondersi velocemente in quanto appare sotto forma di un legale Update di sicurezza da Microsoft!
http://www.ziobudda.net/Admin/redir_news.php?id=13733
Also - http://www.techweb.com/wire/story/TWB20030919S0005
Also - http://news.zdnet.co.uk/business/0,39020645,39116520,00.htm
Also - http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci928518,00.html
Also - http://www.newsfactor.com/perl/story/22328.html
"Debian chiude delle falle in Sendmail"
In un Security Advisor, Debian ha annunciato di aver risolto due problemi di buffer overflow in Sendmail.
http://www.ziobudda.net/Admin/redir_news.php?id=13727
Cybercrime-Hacking
Title: Have DoS Attacks Gone Out of Style?
Source: NewsFactor
Date Written: September 18, 2003
Date Collected: September 19, 2003
In 2000, a teenage hacker launched a series of denial of service (DoS) attacks against some of the Internet's most high-profile websites, including CNN, Yahoo, eBay and Amazon. Since then, DoS attacks, which block legitimate users from accessing online resources by bombarding them with masses of traffic, have gone somewhat out of style, to be replaced by more exciting forms of attacks, such as viruses and worms. This trend is reflected in heightened corporate attention to "applications-related security", rather than efforts to protect systems against DoS strikes. However, DoS attacks remain a "very common and very credible threat," especially as they become integrated with other attacks, for instance as part of worm or virus payloads.
http://www.newsfactor.com/perl/story/22316.html
Vulnerabilities
Title: IBM posts fix for DB2 Linux security flaw
Source: C-Net News
Date Written: September 17, 2003
Date Collected: September 19, 2003
Security company Core Security Technologies has discovered two new buffer overflow vulnerabilities in IBM's DB2 database software (version 7) for Linux, one of the most popular enterprise databases, particularly for e-business applications. The flaws could allow a local attacker to gain root access to vulnerable servers and the information they contain. A patch fixing the problem (FixPak 10a) is available from IBM's website. There is a possibility that the flaws could also affect DB2 implementations on other Unix-based systems.
http://news.com.com/2100-1002_3-5078155.html
Also - http://www.eweek.com/article2/0,4149,1273013,00.asp
Vulnerabilities
Title: Solaris Flaw Leaves Machines Open to Attacks
Source: EWeek.com
Date Written: September 16, 2003
Date Collected: September 19, 2003
A security advisory published by iDefense Inc. on September 16, 2003 warns of a serious security flaw in Sun Microsystems Inc.'s Solaris (versions 7, 8 and 9) and Trusted Solaris (versions 7 and 8) operating systems running on both the Sparc and x86 platforms. The vulnerability, which is linked to authentication for the sadmind daemon used by the Solstice AdminSuite in Solaris and Trusted Solaris, could allow "virtually any remote or local user to gain root privileges on a vulnerable machine." Sun does not plan to issue a patch for the flaw, but has published a workaround to protect systems.
http://www.eweek.com/article2/0,4149,1269800,00.asp
g00d reading! 'n' bye
Security News MainTainer:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it > (AreaSessantuno Member) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Daily DisInfo CreaTor & MainTainer) (Socio fondatore e Membro del CapitanLUG.iT)
