[nycbug-talk] [Fwd: Security Threat Watch 028]

Pete Wright pete
Tue May 11 12:24:31 EDT 2004


Mikel King wrote:

> Has anyone encountered this MAC bug?


i have heard of it, altho i don't think there is a virus or worm loose 
yet.  the good news is that it's AFP that has the vuln, which i think 
most OSX shops have moved away from by now...i hope ;^)


-pete

>
> -------- Original Message --------
>
> Security Threat Watch
>     Number 028
>     Monday, May 10, 2004
>     Created for you by Network Computing & Neohapsis
>
> --- Security News ----------------------------------------------
>
> The largest vulnerability this week involves a remote buffer overflow in
> the Apple File Server for various flavors of Mac OS. The advisory
> indicates that remote exploitation is relatively easy.
> http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0023.html
>
> In other news, it seems a potential suspect who may have been
> responsible for (partial) creation of the Sasser worm has been found.
> This capture seems to be the first payout from Microsoft's $5 million
> antivirus author reward fund.
> http://news.com.com/2100-7349_3-5208762.html
>
> Until next week,
> - The Neohapsis Security Threat Watch Team
>
> --- Advertisement -----------------------------------------------------
>
> Join InformationWeek for a FREE, on-demand TechWebCast on Enterprise 
> Grid Computing.  It is better at balancing
> workloads, is more fault-tolerant, and is more scalable.
> We'll discuss three basic steps to move your business to
> Grid Computing.  Register and view now:
> http://update.networkcomputing.com/cgi-bin4/DM/y/egxP0GPnp20G5l0CTZF0Aa
>
>
> --- New Vulnerabilities -----------------------------------------------
>
> Below is a list of new vulnerabilities announced this week.
> Vulnerabilities considered to be 'critical' involve highly-deployed
> software, or carry a high-risk of system compromise.  Note that
> vulnerabilities not highlighted may still be of critical severity
> to your environment.
>
>
> **** Highlighted critical vulnerabilities ****
>
> AppleFileServer: LoginExt packet PathName remote overflow
>
>
> **** Newly announced vulnerabilities this week ****
>
> ____Windows____
>
> Aldos HTTP server 1.5: Web root escaping, information disclosure
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0013.html
>
> Eudora 6.1: embedded file URL buffer overflow
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0057.html
>
> Serv-U 5.0.0.5: large LIST command parameter DoS
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0012.html
>
> Titan FTP Server 3.01: aborted LIST command remote DoS
> http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0025.html
>
>
> ____Linux____
>
> KDE kolab: potential local configuration/password exposure
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0040.html
>
> PaX Linux 2.6 patch: local DoS
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0004.html
>
> SuSE Live CD 9.1: insecure listening services (SuSE-SA:2004:011)
> http://archives.neohapsis.com/archives/vendor/2004-q2/0051.html
>
>
> ____MacOS____
>
> AppleFileServer: LoginExt packet PathName remote overflow
> http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0023.html
>
>
> ____CGI____
>
> Coppermine Photo Gallery 1.2.2: multiple vulnerabilities
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0009.html
>
> Crystal Reports Web interface: remote file retrieval, deletion/DoS
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0007.html
>
> Fuse Talk: multiple vulnerabilities
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0039.html
>
> NukeJokes 1.7: multiple vulnerabilities
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0067.html
>
> P4DB 2.01: remote command execution, XSS
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0046.html
>
> PHP-Nuke 6.x, 7.x: multiple vulnerabilities
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0042.html
>
> PHPX 3.26: multiple vulnerabilities
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0033.html
>
> SMF 1.0: SIZE tag XSS
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0034.html
>
> Verity Ultraseek 5.2.1: system path disclosure
> http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0024.html
>
> YaBB forum 1.2: incorrect Subject field filtering
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0014.html
>
> omail 0.98.5: remote command execution
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0032.html
>
>
> ____Cross-Platform____
>
> DeleGate 8.9.2: SSL certificate remote overflow
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0049.html
>
> HP WEBM agents: remote OpenSSL DoS (SSRT4717)
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0064.html
>
> Heimdal kadmind: preauth remote heap overflow
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0048.html
>
>
>
> --- Patches and Updates -----------------------------------------------
>
> The following contains a list of vendor patches and updates released
> this week.
>
> ____Linux____
>
> Debian > DSA 499-1: rsync
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0003.html
>
> Debian > DSA 500-1: flim
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0001.html
>
> Debian > DSA 501-1: exim
> http://archives.neohapsis.com/archives/vendor/2004-q2/0052.html
>
> Fedora > FLSA-2004:1395: OpenSSL
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0065.html
>
> Slackware > SSA:2004-124-01: rsync
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0019.html
>
> Slackware > SSA:2004-124-02: sysklogd
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0016.html
>
> Slackware > SSA:2004-124-04: libpng
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0017.html
>
> Slackware > SSA:2004-125-01: lha
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0037.html
>
> Slackware> SSA:2004-124-03: xine-lib
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0018.html
>
> SuSE > SuSE-SA:2004:010: kernel
> http://archives.neohapsis.com/archives/vendor/2004-q2/0048.html
>
>
> ____BSD____
>
> FreeBSD > FreeBSD-SA-04:08: heimdal
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0045.html
>
> FreeBSD > FreeBSD-SA-04:09: kadmind
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0043.html
>
> OpenBSD > CVS
> http://archives.neohapsis.com/archives/openbsd/2004-05/0282.html
>
>
> ____SCO____
>
> SCOSA-2004.6: apache
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0035.html
>
>
> ____MacOS____
>
> APPLE-SA-2004-05-03: multiple security updates
> http://archives.neohapsis.com/archives/bugtraq/2004-05/0023.html
>
>
>
> --- Advertisement -----------------------------------------------------
>
> Join Transform Magazine for a FREE, on-demand TechWebCast: Out Of 
> Regulatory Necessity Comes Enterprise Invention.
> HP and Doculabs discuss how to align processes and
> technologies with business requirements.  Learn how
> organizations move toward compliance and reap the benefits.
> Register and view now:
> http://update.networkcomputing.com/cgi-bin4/DM/y/egxP0GPnp20G5l0CS6y0Ao
> --- Sign Off ----------------------------------------------------------
>
>
> If this e-mail was passed to you, and you would like to begin receiving
> our free security e-mail newsletter on a weekly basis, we invite you to
> subscribe today by forwarding this message to 
> [subscribe_stw at update.networkcomputing.com].
> Or you can subscribe directly here: 
> http://www.networkcomputing.com/go/stw.jhtml
>
> To manage all aspects of your subscription and newsletter account,
> simply use the URL below. You'll need your e-mail address and
> password to log in. If you don't have your password, you can generate
> a new one using the same URL. Once logged in, you can change your
> e-mail address and password as well as select specific platforms for
> which you'd like to receive information on patches and vulnerabilities.
> If you have any questions regarding this system, please don't hesitate
> to e-mail us at stw at nwc.com.
> http://stwpref.update.networkcomputing.com/CMP/NWC/prefctr.asp
>
> Important subscription contacts:
> CMP Media LLC
> 600 Community Drive
> Manhasset, NY 11030
>
> Missed an issue? You can find all back issues of Security Threat Watch
> (as well as Security Alert Consensus and Security Express) online.
> http://archives.neohapsis.com/
>
> Note: To better serve you we use dynamic URLs within our advertisments,
> which allow us to see how many readers click on a given ad. We do not
> share this information, or your personal information, with any outside
> party. Concerned about the privacy of your information relative to these
> tracking URLs? Please refer to our privacy policy.
> http://www.doubleclick.net/us/corporate/privacy
>
> We'd like to know what you think about the newsletter and what
> information you'd like to see in future editions. E-mail your comments
> to (stw at nwc.com).
>
> To unsubscribe from this newsletter, forward this message to
> [unsubscribe_stw at update.networkcomputing.com].
> Copyright (c) 2004 Network Computing, a CMP Media LLC publication. All
> Rights Reserved. Distributed by Network Computing
> (http://www.networkcomputing.com). Powered by Neohapsis Inc., a
> Chicago-based security assessment and integration services consulting
> group (info at neohapsis.com | http://www.neohapsis.com/).
>
> This message powered by DARTmail
> http://www.doubleclick.net/us/corporate/privacy
>
>


-- 
~~~oO00Oo~~~
Pete Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete





More information about the talk mailing list