Results 1 to 2 of 2

Thread: NEWS: This weeks bugs and patches

  1. #1
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123

    NEWS: This weeks bugs and patches

    Brought to you by our friends at the SANS Institute.



    The Linux OpenSSL 'slapper' is continuing to make its rounds,
    and new variants have been reported. Please keep in mind that
    while some variants of the worm check the HTTP server banner,
    other scanner tools can identify a server as vulnerable even
    if the HTTP server banner is modified/obfuscated to defeat the
    worm. For those of you hoping for a quick workaround, be forewarned.
    http://archives.neohapsis.com/archiv...2-09/0287.html

    Among this week's top vulnerabilities are multiple problems in the
    Trillian chat client (item {02.38.001} in the Windows category),
    a library loading vulnerability in setuid/setgid X applications
    (item {02.38.003} in the cross-platform category) and Microsoft
    Java VM vulnerabilities in all versions of Windows (item {02.38.019}
    in the Windows category).

    Until next week,
    --Security Alert Consensus Team

    ************************************************************************

    TABLE OF CONTENTS:

    {02.38.001} Win - Multiple Trillian vulnerabilities
    {02.38.005} Win - Dino's Web server Web root escaping
    {02.38.008} Win - MS02-051: RDP protocol information disclosure
    {02.38.010} Win - ISS Scanner HTTP response overflow
    {02.38.018} Win - IBM WebSphere large header DoS
    {02.38.019} Win - MS02-052: Multiple Java VM JDBC vulnerabilities
    {02.38.002} Linux - Update {02.37.007}: Cross - Konqueror subframe CSS
    and insecure cookie vulnerabilities
    {02.38.004} Linux - Update {02.22.001}: xchat DNS query command
    execution
    {02.38.007} Linux - Update {02.37.002}: Linux - Update {02.33.024}:
    Multiple Postgres function buffer overflows
    {02.38.011} Linux - Update {02.37.005}: Linux - Update {01.27.039}: PHP
    mail() command may bypass safe_mode
    {02.38.017} NApps - HP printer/print server/digital sender DNS
    vulnerability
    {02.38.003} Cross - xfree86 libX11.so LD_PRELOAD vulnerability
    {02.38.006} Cross - Squirrel mail CGI multiple CSS vulnerabilities
    {02.38.009} Cross - Apache 2.0.42 released, mod_dav DoS
    {02.38.012} Cross - Multiple Cisco VPN 5000 client vulnerabilities
    {02.38.013} Cross - Multiple Mozilla 1.0 vulnerabilities
    {02.38.014} Cross - DB4Web db4Web_c CGI file download
    {02.38.016} Cross - Lycos HTMLGear guestbook address CSS
    {02.38.020} Cross - Compaq WebES file access
    {02.38.021} Cross - JAWmail CGI multiple CSS vulnerabilities
    {02.38.022} Cross - phpWeb site CGI inc_prefix code execution
    {02.38.023} Cross - Null HTTP server content-length overflow
    {02.38.024} Cross - Xoops CGI img tag CSS
    {02.38.025} Cross - Tomcat JSP disclosure via DefaultServlet


    - --- Windows News
    -------------------------------------------------------

    *** {02.38.001} Win - Multiple Trillian vulnerabilities

    Trillian versions .74 and prior reportedly contain multiple
    vulnerabilities: a PRIVMSG nick buffer overflow; an embedded ident
    service buffer overflow; a JOIN channel topic buffer overflow; a
    'raw 221' packet buffer overflow; IRC raw message buffer overflows;
    and malformed HTML causes Trillian to crash. The buffer overflow may
    allow remote execution of arbitrary code.

    These vulnerabilities are not confirmed.

    Source: NTBugtraq, SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-q3/0140.html
    http://archives.neohapsis.com/archiv...2-q3/0139.html
    http://archives.neohapsis.com/archiv...2-09/0258.html
    http://archives.neohapsis.com/archiv...2-09/0266.html
    http://archives.neohapsis.com/archiv...2-09/0268.html
    http://archives.neohapsis.com/archiv...2-09/0282.html

    *** {02.38.005} Win - Dino's Web server Web root escaping

    Dino's Web server version 1.2 is vulnerable to an encoded directory
    traversal attack, thereby allowing remote attackers to access files
    outside the Web root.

    The advisory indicates confirmation by the vendor, which discontinued
    the software.

    Source: VulnWatch
    http://archives.neohapsis.com/archiv...2-q3/0127.html

    *** {02.38.008} Win - MS02-051: RDP protocol information disclosure

    Microsoft released MS02-051 ("RDP protocol information
    disclosure"). The patch addresses two remote desktop/terminal services
    bugs: improper encryption of packets in Windows XP and 2000 could
    allow an attacker to recover encrypted data and certain malformed
    RDP packets will crash the Windows XP remote desktop service.

    FAQ and patch:
    http://www.microsoft.com/technet/sec...n/MS02-051.asp

    Source: Microsoft
    http://archives.neohapsis.com/archiv...2-q3/0001.html

    *** {02.38.010} Win - ISS Scanner HTTP response overflow

    ISS Scanner version 6.2.1 contains a buffer overflow in the handling
    of a particular HTTP response. This potentially allows a malicious
    Web server to execute arbitrary code on the system running the scanner.

    The vendor confirmed this vulnerability and included a patch in
    X-Press update 6.17.

    Source: VulnWatch
    http://archives.neohapsis.com/archiv...2-q3/0119.html

    *** {02.38.018} Win - IBM WebSphere large header DoS

    IBM WebSphere version 4.0.3 reportedly crashes when a request for
    a .jsp file containing a large Host header is received. Whether
    this denial of service can lead to the execution of arbitrary code
    is uncertain.

    The advisory indicates confirmation by the vendor, which released
    a patch.

    Source: VulnWatch
    http://archives.neohapsis.com/archiv...2-q3/0123.html

    *** {02.38.019} Win - MS02-052: Multiple Java VM JDBC vulnerabilities

    Microsoft released MS02-052 ("Multiple Java VM JDBC
    vulnerabilities"). The Microsoft Java VM (virtual machine) shipped
    with virtually all versions of Windows and Internet Explorer contains
    three different vulnerabilities in the JDBC and other classes that
    potentially let a malicious e-mail or Web site execute arbitrary code
    on the user's system or crash the browser/VM.

    FAQ and patch:
    http://www.microsoft.com/technet/sec...n/MS02-052.asp

    Source: Microsoft
    http://archives.neohapsis.com/archiv...2-q3/0002.html


    - --- Linux News
    ---------------------------------------------------------

    *** {02.38.002} Linux - Update {02.37.007}: Cross - Konqueror subframe
    CSS and insecure cookie vulnerabilities

    Debian and Conectiva released updated kdelibs packages that fix the
    vulnerability discussed in {02.37.007} ("Cross - Konqueror subframe
    CSS and insecure cookie vulnerabilities").

    Updated Debian DEBs:
    http://archives.neohapsis.com/archiv...2-q3/0105.html

    Updated Conectiva RPMs:
    http://archives.neohapsis.com/archiv...2-q3/0022.html

    Source: Debian, Conectiva
    http://archives.neohapsis.com/archiv...2-q3/0105.html
    http://archives.neohapsis.com/archiv...2-q3/0022.html

    *** {02.38.004} Linux - Update {02.22.001}: xchat DNS query command
    execution

    Conectiva released updated xchat packages that fix the vulnerability
    discussed in {02.22.001} ("xchat DNS query command execution").

    Updated RPMs are listed at the reference URL below.

    Source: Conectiva
    http://archives.neohapsis.com/archiv...2-q3/0023.html

    *** {02.38.007} Linux - Update {02.37.002}: Linux - Update {02.33.024}:
    Multiple Postgres function buffer overflows

    Conectiva released updated postgresql packages that fix the
    vulnerability discussed in {02.37.002} ("Linux - Update {02.33.024}:
    Multiple Postgres function buffer overflows").

    Updated RPMs are listed at the reference URL below.

    Source: Conectiva
    http://archives.neohapsis.com/archiv...2-q3/0021.html

    *** {02.38.011} Linux - Update {02.37.005}: Linux - Update {01.27.039}:
    PHP mail() command may bypass safe_mode

    Debian released updated PHP packages that fix the vulnerability
    discussed in {02.37.005} ("Linux - Update {01.27.039}: PHP mail()
    command may bypass safe_mode").

    Updated DEBs are listed at the reference URL below.

    Source: Debian
    http://archives.neohapsis.com/archiv...2-q3/0163.html


    - --- Network Appliances News
    --------------------------------------------

    *** {02.38.017} NApps - HP printer/print server/digital sender DNS
    vulnerability

    An HP advisory indicates that various printer, print server and
    digital sender network devices are vulnerable to the DNS resolver
    library overflow previously reported in SAC.

    These vulnerabilities are confirmed. For a complete list of solutions,
    please see the reference URL below.

    Source: HP
    http://archives.neohapsis.com/archiv...2-q3/0087.html


    - --- Cross-Platform News
    ------------------------------------------------

    *** {02.38.003} Cross - xfree86 libX11.so LD_PRELOAD vulnerability

    The libX11 library included with xfree86 honors the LD_PRELOAD
    environment variable, thereby allowing a local attacker to potentially
    execute arbitrary code with elevated privileges via available
    setuid/setgid X-based applications.

    This vulnerability is confirmed. Updated SuSE RPMs are listed at:
    http://archives.neohapsis.com/archiv...2-q3/1116.html

    Source: SuSE
    http://archives.neohapsis.com/archiv...2-q3/1116.html

    *** {02.38.006} Cross - Squirrel mail CGI multiple CSS vulnerabilities

    Squirrel mail version 1.2.7 reportedly contains multiple cross-site
    scripting problems in the various PHP pages.

    The vendor confirmed these vulnerabilities and indicated they are
    fixed in version 1.2.8.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-09/0246.html
    http://archives.neohapsis.com/archiv...2-09/0248.html

    *** {02.38.009} Cross - Apache 2.0.42 released, mod_dav DoS

    Apache version 2.0.42 was released. In addition to the usual bug fixes,
    this version fixes a denial of service attack possible in mod_dav.

    The latest source code can be downloaded from:
    http://httpd.apache.org/

    Source: Apache
    http://archives.neohapsis.com/archiv...2002/0017.html

    *** {02.38.012} Cross - Multiple Cisco VPN 5000 client vulnerabilities

    A Cisco advisory indicates the VPN 5000 clients on MacOS, Solaris
    and Linux contain various security vulnerabilities: the MacOS client
    incorrectly saves the login password in plain text and the Solaris
    and Linux clients contain buffer overflows in various included setuid
    applications that let a local attacker gain root privileges.

    The vendor confirmed these vulnerabilities and released updates.

    Source: Cisco
    http://archives.neohapsis.com/archiv...2-q3/0009.html

    *** {02.38.013} Cross - Multiple Mozilla 1.0 vulnerabilities

    This is a general entry to point out that the various security bugs
    in Mozilla 1.0 were fixed in version 1.0.1. The vulnerabilities were a
    mix between local and remote, and some were previously reported. This
    item is really just to raise awareness of the various problems that
    exist in Mozilla 1.0.

    These vulnerabilities were fixed in Mozilla version 1.0.1.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-09/0228.html

    *** {02.38.014} Cross - DB4Web db4Web_c CGI file download

    The db4Web_c CGI included with the DB4Web server allows remote
    attackers to download arbitrary files outside the Web root by
    submitting a particular URL request. Another bug in DB4Web allows a
    remote attacker to proxy port scans through the db4Web_c CGI.

    The vendor confirmed this vulnerability and released a patch, which
    is available at:
    http://www.db4Web.de/DB4Web/home/DB4Web/hotfix_e.html

    Source: VulnWatch
    http://archives.neohapsis.com/archiv...2-q3/0124.html
    http://archives.neohapsis.com/archiv...2-q3/0125.html

    *** {02.38.016} Cross - Lycos HTMLGear guestbook address CSS

    The Lycos HTMLGear guestbook application contains a cross-site
    scripting vulnerability in the handling of the e-mail or Web addresses.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-09/0198.html

    *** {02.38.020} Cross - Compaq WebES file access

    An HP/Compaq advisory indicates that the WebES Compaq Analyze service
    suite on all platforms contains a vulnerability that allows local
    and remote attackers to access arbitrary files on the system.

    The vendor confirmed this vulnerability and is currently working on
    a patch.

    Source: HP/Compaq
    http://archives.neohapsis.com/archiv...2-q3/0013.html

    *** {02.38.021} Cross - JAWmail CGI multiple CSS vulnerabilities

    The JAWmail CGI suite version 1.0-rc1 reportedly contains multiple
    cross-site scripting errors in the displaying of various e-mail
    elements.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-09/0270.html

    *** {02.38.022} Cross - phpWeb site CGI inc_prefix code execution

    phpWeb site version 0.8.2 reportedly does not properly handle the
    inc_prefix URL parameter. This allows a remote attacker to trick the
    application into executing arbitrary PHP code located on a malicious
    Web server.

    The advisory indicates confirmation by the vendor, which released
    version 0.8.3.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-09/0275.html

    *** {02.38.023} Cross - Null HTTP server content-length overflow

    The Null HTTP Server version 0.5.0 incorrectly handles negative
    content-length HTTP header values. This causes a heap buffer overflow
    to occur and allows a remote attacker to execute arbitrary code.

    The vendor confirmed this vulnerability and released version 0.5.1,
    which is available at:
    http://prdownloads.sourceforge.net/n...d-0.5.1.tar.gz

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-09/0284.html

    *** {02.38.024} Cross - Xoops CGI img tag CSS

    The Xoops CGI suite version RC3.0.4 does not properly handle image
    tags, thereby leading to a cross-site scripting vulnerability.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-09/0286.html

    *** {02.38.025} Cross - Tomcat JSP disclosure via DefaultServlet

    Apache Tomcat versions 4.0.4 and 4.1.10 display the source code to JSP
    pages when invoked via the org.apache.catalina.servlets.DefaultServlet
    servlet included by default with Tomcat.

    The vendor confirmed this vulnerability and released versions 4.0.5
    and 4.1.12.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-09/0288.html

  2. #2
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    Celurean Studios has released patches for Trillian 0.74 and Trillian Pro 1, which adress some irc and aim problems. Not sure which though...

    From www.trillian.cc
    Today we've released security patches for .74 and Pro 1.0 - these patches address recent IRC/AIM vulnerabilities.
    Download .74 patch A
    Patch A for Trillian Pro 1.0 is available trough the Cerulean Studios' Member Area, here
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •