*** {02.20.027} Win - IMail LDAP service 'bind DN' overflow IpSwitch IMail versions 7.1 and prior reportedly contain a buffer overflow in the handling of the 'bind DN' parameter passed to the internal LDAP service, thereby allowing a remote attacker to execute arbitrary code with local system privileges.
This vulnerability is confirmed; a vendor patch is available at: http://www.ipswitch.com/Support/IMail/patch-upgrades.html Source: SecurityFocus Bugtraq http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html ____________________________________________________________ \ / Scott Fosseen - Systems Engineer - Arrowhead AEA 5 \ www.aea5.k12.ia.us/aeaphone.nsf/Web/FosseenScott /____________________________________________________________ ----- Original Message ----- From: "Network Computing and The SANS Institute" <[EMAIL PROTECTED]> To: "Scott Fosseen (SD381534)" <[EMAIL PROTECTED]> Sent: Thursday, May 23, 2002 10:29 PM Subject: Security Alert Consensus #020 > To: Scott Fosseen (SD381534) > Re: Your personalized newsletter > > -- Security Alert Consensus -- > Number 020 (02.20) > Thursday, May 23, 2002 > Created for you by > Network Computing and the SANS Institute > Powered by Neohapsis > > ---------------------------------------------------------------------- > > Welcome to SANS' distribution of the Security Alert Consensus. > > ---------------------------------------------------------------------- > > Sponsored by VeriSign - The Value of Trust > > Secure all your Web servers now - with a proven 5-part strategy. > > The FREE Server Security Guide shows you how: > > - DEPLOY THE LATEST ENCRYPTION and authentication techniques > - DELIVER TRANSPARENT PROTECTION with the strongest security without > disrupting users. > > And more. Get your FREE Guide now: > http://www.verisign.com/cgi-bin/go.cgi?a=n06120091000057000 > > ---------------------------------------------------------------------- > > First off, last week we incorrectly identified item {02.19.012} as a > buffer overflow pertaining to wu-imapd, when in fact it was uw-imapd, > also known as just plain 'imapd.' Thanks to Michael Vincenc for > pointing out our mistake. > > Next, there has been some interesting discussion on the Security Focus > Vuln-Dev list concerning Xeros DocuTech printers, which ship with and > support Windows and Sun systems. Basically, the included Windows/Sun > boxes are default installs, right down to the passwords. Have > you thought about securing your printer installation? Oh, and the > catch is that in order to maintain a support contract with Xerox, > you really can't change things around. Feel free to read over the > "Xerox DocuTech problems" thread at: > http://archives.neohapsis.com/archives/vuln-dev/2002-q2/thread.html > > Lastly, you may have heard about it via other outlets, but we figured > we should include a quick blurb here anyway: A Microsoft SQL worm is > running around and preying on installations that haven't installed an > 'sa' account password. If you have an Internet-accessible Microsoft > SQL Server with no password on the sa account, then you need to change > it immediately (we hoped this would be common sense). > > Until next week, > --Security Alert Consensus Team > > ************************************************************************ > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > TABLE OF CONTENTS: > > {02.20.003} Win - Update {02.19.012}: (uw-)imapd BODY command overflow > {02.20.013} Win - MS02-023: May 2002 Cumulative Patch for Internet > Explorer > {02.20.014} Win - PGP interacts with Windows EFS to expose files > {02.20.026} Win - Hosting Controller CGI file manipulation and browsing > {02.20.027} Win - IMail LDAP service 'bind DN' overflow > > > - --- Windows News ------------------------------------------------------- > > *** {02.20.003} Win - Update {02.19.012}: (uw-)imapd BODY command > overflow > > Caldera released updated imapd packages, which fix the vulnerability > discussed in {02.19.012} ("uw-imapd BODY command overflow"). > > Updated RPMs are listed at: > http://archives.neohapsis.com/archives/linux/caldera/2002-q2/0013.html > > Source: Caldera > http://archives.neohapsis.com/archives/linux/caldera/2002-q2/0013.html > > *** {02.20.013} Win - MS02-023: May 2002 Cumulative Patch for Internet > Explorer > > Microsoft released MS02-023 ("May 2002 Cumulative Patch for > Internet Explorer"). This cumulative patch fixes six new security > vulnerabilities in Internet Explorer, including the ability to > execute arbitrary applications, local file reading, cookie reading > and a local cross-site scripting vulnerability. > > FAQ and patch: > http://www.microsoft.com/technet/security/bulletin/MS02-023.asp > > Source: Microsoft > http://archives.neohapsis.com/archives/vendor/2002-q2/0033.html > > *** {02.20.014} Win - PGP interacts with Windows EFS to expose files > > PGP version 7.0.3 includes an option to "wipe deleted files." If > enabled, this option interacts with Windows EFS (Encrypted File System) > in a manner that could leave unencrypted copies of EFS-protected > files laying around. > > NAI confirmed this vulnerability and released a hot fix, which is > available at: > http://www.nai.com/naicommon/download/upgrade/upgrades-patch.asp > > Source: SecurityFocus Bugtraq > http://archives.neohapsis.com/archives/bugtraq/2002-05/0052.html > > *** {02.20.026} Win - Hosting Controller CGI file manipulation and > browsing > > The Hosting Controller ASP CGI suite contains bugs that allow users of > the hosting controller software to view and overtake files on the local > system by submitting various malformed URL requests to the CGI pages. > > These vulnerabilities are not confirmed. > > Source: SecurityFocus Bugtraq > http://archives.neohapsis.com/archives/bugtraq/2002-05/0142.html > http://archives.neohapsis.com/archives/bugtraq/2002-05/0168.html > > *** {02.20.027} Win - IMail LDAP service 'bind DN' overflow > > IpSwitch IMail versions 7.1 and prior reportedly contain a buffer > overflow in the handling of the 'bind DN' parameter passed to the > internal LDAP service, thereby allowing a remote attacker to execute > arbitrary code with local system privileges. > > This vulnerability is confirmed; a vendor patch is available at: > http://www.ipswitch.com/Support/IMail/patch-upgrades.html > > Source: SecurityFocus Bugtraq > http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html > > ************************************************************************ > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (BSD/OS) > Comment: For info see http://www.gnupg.org > > iD8DBQE87Y8h+LUG5KFpTkYRAkW9AJ9F2WJ/nGBzINskPdHVkPgkr/VcKQCePiG/ > 3AlncZcBK8Pk4vBRJ8Y9R8U= > =xW0b > -----END PGP SIGNATURE----- > ------------------------------------------------------------------------ > > Sponsored by VeriSign - The Value of Trust > > Secure all your Web servers now - with a proven 5-part strategy. > > The FREE Server Security Guide shows you how: > > - DEPLOY THE LATEST ENCRYPTION and authentication techniques > - DELIVER TRANSPARENT PROTECTION with the strongest security without > disrupting users. > > And more. Get your FREE Guide now: > http://www.verisign.com/cgi-bin/go.cgi?a=n06120091000057000 > > ---------------------------------------------------------------------- > > Become a Security Alert Consensus member! If this e-mail was passed > to you and you would like to begin receiving our security e-mail > newsletter on a weekly basis, we invite you to subscribe today. > http://www.sans.org/sansnews/ > > We are signing the Consensus newsletter > with PGP. The new SANS PGP key is posted at: > http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can > also be accessed from the SANS Web site (http://www.sans.org). > > Special Note: To better secure your confidential information, > we will no longer include personal URLs in our Consensus > newsletter mailings. Instead, we have created a new form > (http://www.sans.org/sansurl). On this form you can enter the SD > number located near your name at the top of the newsletter. When you > submit this form, an e-mail containing a URL will be sent to you at > the e-mail address on record. With this URL you can make changes to > your account (edit the content of your Consensus mailing, for example) > without endangering the security of your personal URL. If you'd like > to change your e-mail address or other information, please visit your > new URL as described above. If you have any problems or questions, > e-mail us at <[EMAIL PROTECTED]>. > > If you would like to unsubscribe from this newsletter, grab your SD > number (next to your name at the top of this message) and visit the > URL below. You will be sent a personal URL via E-mail, from which > you can unsubscribe. http://www.sans.org/sansurl > > Missed an issue? You can find all back issues of > Security Alert Consensus (and Security Express) online. > http://archives.neohapsis.com/ > > Your opinion counts. We'd like to hear your thoughts on Security Alert > Consensus. E-mail any questions or comments to <[EMAIL PROTECTED]>. > > Copyright (c) 2002 Network Computing, a CMP Media LLC > publication. All Rights Reserved. Distributed by Network > Computing (http://www.networkcomputing.com) and The SANS Institute > (http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based > security assessment and integration services consulting group > ([EMAIL PROTECTED] | http://www.neohapsis.com/). > > > > --- > [This E-mail scanned for viruses by Declude Virus] > >
smime.p7s
Description: application/pkcs7-signature