NEWS: This weeks bugs and patches
Results 1 to 2 of 2

Thread: NEWS: This weeks bugs and patches

  1. #1
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123

    NEWS: This weeks bugs and patches

    Brought to you by our friends at the SANS Institute.


    Microsoft released patches for a bulk of MS SQL Server vulnerabilities
    this week (items {02.28.006} and {02.28.007} in the Windows
    category). The CDE-equipped Unix camps need to worry about the latest
    rpc.ttdbserver vulnerability (item {02.28.011} in the Cross-Platform
    category). Historically, other CDE ttdb bugs have been exploited to
    a large degree, so affected shops should consider upgrading sooner
    rather than later.

    Until next week,
    --Security Alert Consensus Team

    ************************************************************************

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    TABLE OF CONTENTS:

    {02.28.003} Win - Carello CGI arbitrary app execution
    {02.28.005} Win - PGP Outlook plugin decryption overflow
    {02.28.006} Win - MS02-034: Cumulative Patch for SQL Server
    {02.28.007} Win - MS02-035: SQL Server setup.iss log file exposes
    passwords
    {02.28.015} Win - RealONE/RealJukebox RJS skin.ini overflow
    {02.28.023} Win - Adobe Library eBook DoS vulnerabilities
    {02.28.026} Win - Lil'HTTP pbcgi CGI e-mail parameter CSS vulnerability
    {02.28.027} Win - Popcorn e-mail client multiple vulnerabilities
    {02.28.029} Win - BadBlue Web server multiple vulnerabilities
    {02.28.032} Win - Norton Personal Internet Firewall HTTP proxy overflow
    {02.28.034} Win - Oddsock Playlist Generator CGI multiple DoS


    - --- Windows News
    -------------------------------------------------------

    *** {02.28.003} Win - Carello CGI arbitrary app execution

    The Carello shopping cart CGI suite version 1.3 allows a remote
    attacker to execute arbitrary programs on the system by submitting
    a particular VBEXE URL parameter.

    The advisory indicates confirmation by the vendor, which fixed the
    problem in the next available version.

    Source: VulnWatch
    http://archives.neohapsis.com/archiv...2-q3/0015.html

    *** {02.28.005} Win - PGP Outlook plugin decryption overflow

    The PGP Outlook plugin included with PGP Desktop, Personal and Freeware
    versions 7.0.4 and prior contains a buffer overflow in the decryption
    of malformed e-mail messages. This allows a remote attacker to execute
    arbitrary code on users' systems as soon as they view the malformed
    e-mail. It is said that PGP Corporate Desktop users are not vulnerable.

    The vendor confirmed this vulnerability and
    released a patch, which is available at:
    http://www.nai.com/naicommon/downloa...-pgphotfix.asp

    Source: VulnWatch
    http://archives.neohapsis.com/archiv...2-q3/0016.html

    *** {02.28.006} Win - MS02-034: Cumulative Patch for SQL Server

    Microsoft released MS02-034 ("Cumulative Patch for SQL Server"). MS
    SQL Server and MSDE installations have three new vulnerabilities:
    a buffer overflow in the bulk insert procedure; a buffer overflow in
    the password encryption procedure; and insecure permissions on the
    SQL service account registry key. The buffer overflows allow attackers
    capable of running arbitrary SQL statements to elevate their SQL user
    privileges and potentially execute arbitrary code.

    FAQ and patch:
    http://www.microsoft.com/technet/sec...n/MS02-034.asp

    Source: Microsoft (NTBugtraq)
    http://archives.neohapsis.com/archiv...2-q3/0012.html

    *** {02.28.007} Win - MS02-035: SQL Server setup.iss log file exposes
    passwords

    Microsoft released MS02-035 ("SQL Server setup.iss log file
    exposes passwords"). It's possible to create a precomputed
    set-up file (setup.iss) in MS SQL Server to use for unattended
    installations. However, installations that use the setup.iss
    file produce installation log files afterwards, which include any
    SQL-server-related passwords in plain text.

    FAQ and patch:
    http://www.microsoft.com/technet/sec...n/MS02-035.asp

    Source: Microsoft (NTBugtraq)
    http://archives.neohapsis.com/archiv...2-q3/0009.html

    *** {02.28.015} Win - RealONE/RealJukebox RJS skin.ini overflow

    The RealONE and RealJukebox clients contain a buffer overflow in the
    parsing of custom skin files, potentially allowing a malformed skin
    file to execute arbitrary code on the user's system. In addition, it
    may be possible for a malicious Web site to force the download of a
    skin file. Skin files also can potentially contain active scripting,
    which is executed in the Local System zone.

    The vendor confirmed this problem; updates are listed at:
    http://service.real.com/help/faq/sec...n07092002.html

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-07/0127.html
    http://archives.neohapsis.com/archiv...2-07/0130.html

    *** {02.28.023} Win - Adobe Library eBook DoS vulnerabilities

    The Adobe Library eBook virtual library suite contains multiple denial
    of service attacks that could allow a malicious attacker to check out
    all available books for large periods of time, regardless of settings.

    These vulnerabilities are not confirmed.

    Source: VulnWatch
    http://archives.neohapsis.com/archiv...2-q3/0020.html

    *** {02.28.026} Win - Lil'HTTP pbcgi CGI e-mail parameter CSS
    vulnerability

    The pbcgi CGI included with Lil'HTTP contains a cross-site scripting
    vulnerability in the handling of the e-mail URL parameter.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-07/0112.html

    *** {02.28.027} Win - Popcorn e-mail client multiple vulnerabilities

    The popcorn e-mail client versions 1.20 and prior contain multiple
    vulnerabilities: a buffer overflow in the Subject e-mail header and
    two denial of service attacks that lead to resource consumption or
    application crashing.

    These vulnerabilities are not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-07/0117.html

    *** {02.28.029} Win - BadBlue Web server multiple vulnerabilities

    The BadBlue Web server reportedly contains three vulnerabilities:
    a denial of service attack when submitting a malformed HTTP request;
    disclosure of source code and other file contents regardless of
    settings; and weak storage of the administrative password.

    These vulnerabilities are not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-07/0143.html

    *** {02.28.032} Win - Norton Personal Internet Firewall HTTP proxy
    overflow

    Norton Personal Internet Firewall version 3.0.4.91 (version 2001)
    contains a buffer overflow in the handling of large HTTP proxy
    requests. As a result, an internal/local attacker can execute arbitrary
    code on the system.

    The vendor confirmed this vulnerability and released a patch.

    Source: VulnWatch
    http://archives.neohapsis.com/archiv...2-q3/0026.html
    http://archives.neohapsis.com/archiv...2-q3/0027.html

    *** {02.28.034} Win - Oddsock Playlist Generator CGI multiple DoS

    The Oddsock Playlist Generator CGI contains multiple overflows that
    lead to denial of service situations. A remote attacker can trigger
    these vulnerabilities.

    These vulnerabilities are not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-07/0175.html

    ************************************************************************

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    884
    w0rd, I didn't see a couple of those this week (although I made a post on the one about RealONE, ). Thanks for posting.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •