----- Original Message ----- From: "Network Computing and The SANS Institute" <[EMAIL PROTECTED]> To: "Scott Fosseen (SD381534)" <[EMAIL PROTECTED]> Sent: Thursday, December 20, 2001 8:02 PM Subject: Security Alert Consensus #128
| To: Scott Fosseen (SD381534) | Re: Your personalized newsletter | | -- Security Alert Consensus -- | Number 128 (01.51) | Thursday, December 20, 2001 | Created for you by | Network Computing and the SANS Institute | Powered by Neohapsis | | ---------------------------------------------------------------------- | | Welcome to SANS' distribution of the Security Alert Consensus. | | ---------------------------------------------------------------------- | | This issue is brought to you by ... | Nokia Internet Communications - a division of Nokia. NOKIA TEAMS UP WITH | LEADING PUBLISHERS, Offering the most reliable, up-to-date SECURITY- | focused information on the Web including: News & Assessment tools, | Reviews & Analyst Reports For more information, visit our Security | Resource Center: | http://www.nokia.com/internet/na | | ---------------------------------------------------------------------- | | Seasons Greetings from the Security Alert Consensus Team! We wish to | extend our sincerest wishes for a very happy holiday season to all | of you and your families. | | This week produced a few notable vulnerabilities. Admins of the | various commercial Unixes (Solaris, HP-UX and so on) should look at | the SystemV-derived login buffer overflow (reported as {01.51.009} | under the Cross-Platform category). Linux users may want to update | their glibc libraries to prevent possible overflows in the glob() | function (reported as {01.51.024} in the Linux category). And, finally, | so Windows users don't feel left out, Microsoft Corp. released an | Internet Explorer mega-patch (reported as {01.51.010} in the Windows | category). This patch fixes all nasty problems to date, including the | one that automatically downloads and executes applications without | warning the user. | | Special note: Microsoft today issued a critical recommendation | regarding Windows, Windows XP, or ME machines that share internet | connections with Windows 98/98SE clients. You can read more on and | download this significant patch here: | http://www.microsoft.com/technet/treeview/default.asp?url= | /technet/security/bulletin/ms01-059.asp | | Until next time, | --Security Alert Consensus Team | | ************************************************************************ | | -----BEGIN PGP SIGNED MESSAGE----- | Hash: SHA1 | | TABLE OF CONTENTS: | | {01.51.001} Win - IIS large, content-length header DoS | {01.51.004} Win - IKE UDP flood DoS | {01.51.010} Win - MS01-058: Cumulative IE patch | {01.51.018} Win - Citrix auto-launch of .ICA files | {01.51.025} Win - EFTP directory listing vulnerability | {01.51.026} Win - CentraOne log file info disclosure | | | - --- Windows News ------------------------------------------------------- | | *** {01.51.001} Win - IIS large, content-length header DoS | | Various people are reporting a potential denial of service found in | IIS 5.0 (and possibly other versions), whereby a remote attacker sends | a content-length header with an extremely large value. As a result, | the server waits for the indicated amount of data to be sent, with | no apparent timeouts. | | This vulnerability has not been confirmed. An exploit has been | published. | | Source: SecurityFocus Bugtraq | http://archives.neohapsis.com/archives/bugtraq/2001-12/0098.html | | *** {01.51.004} Win - IKE UDP flood DoS | | Various discussions in the past week have touched on the possibility | of a denial of service attack against the IKE IPSEC service listening | on UDP port 500. An ongoing flood can result in abnormally high CPU | use while the packets are processed. | | This vulnerability has not been confirmed. | | Source: SecurityFocus Bugtraq | http://archives.neohapsis.com/archives/bugtraq/2001-12/0108.html | | *** {01.51.010} Win - MS01-058: Cumulative IE patch | | Microsoft has released MS01-058 ("Cumulative IE patch"). This patch | fixes all known security problems in Internet Explorer to date, | including three new problems: the ability for a malicious Web site | to execute arbitrary applications in IE 6; the ability to read files | from the user's system; and a bug that could allow a Web site to | trick the user into seeing a different file name in the download box. | | FAQ and patch: | http://www.microsoft.com/technet/security/bulletin/MS01-058.asp | | Source: Microsoft | http://archives.neohapsis.com/archives/vendor/2001-q4/0053.html | | *** {01.51.018} Win - Citrix auto-launch of .ICA files | | An advisory was released indicating that IE will automatically | download and launch any .ICA file presented by a malicious Web site | or e-mail. The .ICA file could cause a connection to a trojaned | server, thereby allowing the server to copy files from or to the | client's machine. Apparently, only the Windows version of the client | is affected. | | The advisory indicates vendor confirmation. A list of workarounds is | available at: | http://archives.neohapsis.com/archives/bugtraq/2001-12/0133.html | | Source: SecurityFocus Bugtraq | http://archives.neohapsis.com/archives/bugtraq/2001-12/0133.html | | *** {01.51.025} Win - EFTP directory listing vulnerability | | EFTP version 2.0.8.346 contains a bug that allows a remote attacker to | gain directory listings outside the FTP root by sending a particular | pattern of CWD commands. | | This vulnerability has not been confirmed. | | Source: SecurityFocus Bugtraq | http://archives.neohapsis.com/archives/bugtraq/2001-12/0134.html | | *** {01.51.026} Win - CentraOne log file info disclosure | | The CentraOne collaboration and learning application has been found | to create world-readable logs that contain large amounts of sensitive | user information, including user name and password. | | This vulnerability has not been confirmed. | | Source: VulnWatch | http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0072.html | | ************************************************************************ | | -----BEGIN PGP SIGNATURE----- | Version: GnuPG v1.0.6 (BSD/OS) | Comment: For info see http://www.gnupg.org | | iD8DBQE8InZr+LUG5KFpTkYRAtg0AJ4oRUpS3jiXQgnqoHiKNzvjeJrdjgCfc+3J | 3VPkRtIHdjho7bSFjCXX3vk= | =KMB6 | -----END PGP SIGNATURE----- | ------------------------------------------------------------------------ | | This issue is brought to you by ... | Nokia Internet Communications - a division of Nokia. NOKIA TEAMS UP WITH | LEADING PUBLISHERS, Offering the most reliable, up-to-date SECURITY- | focused information on the Web including: News & Assessment tools, | Reviews & Analyst Reports For more information, visit our Security | Resource Center: | http://www.nokia.com/internet/na | | ---------------------------------------------------------------------- | | Become a Security Alert Consensus member! If this e-mail was passed | to you and you would like to begin receiving our security e-mail | newsletter on a weekly basis, we invite you to subscribe today. | http://www.sans.org/sansnews/ | | We are signing the Consensus newsletter | with PGP. The new SANS PGP key is posted at: | http://certserver.pgp.com:11371/pks/lookup?op=get&search=0xA1694E46 | and can be accessed from the SANS Web site (http://www.sans.org). | | Special Note: To better secure your confidential information, | we will no longer include personal URLs in our Consensus | newsletter mailings. Instead, we have created a new form | (http://www.sans.org/sansurl). On this form you can enter the SD | number located near your name at the top of the newsletter. When you | submit this form, an e-mail containing a URL will be sent to you at | the e-mail address on record. With this URL you can make changes to | your account (edit the content of your Consensus mailing, for example) | without endangering the security of your personal URL. If you'd like | to change your e-mail address or other information, or unsubscribe | to this newsletter, please visit your new URL as described above. If | you have any problems or questions, e-mail us at <[EMAIL PROTECTED]>. | | Missed an issue? You can find all back issues of | Security Alert Consensus (and Security Express) online. | http://archives.neohapsis.com/ | | Your opinion counts. We'd like to hear your thoughts on Security Alert | Consensus. E-mail any questions or comments to <[EMAIL PROTECTED]>. | | Copyright (c) 2001 Network Computing, a CMP Media LLC | publication. All Rights Reserved. Distributed by Network | Computing (http://www.networkcomputing.com) and The SANS Institute | (http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based | security assessment and integration services consulting group | ([EMAIL PROTECTED] | http://www.neohapsis.com/). | | | | --------------------------------------------------------- Archived messages from this list can be found at: http://www.mail-archive.com/tech-cord@aea5.k12.ia.us/ ---------------------------------------------------------
