Results 1 to 3 of 3

Thread: Heads up

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050

    Heads up

    Hello people

    this doesent apply to me but it's a heads up for people using Windows 2000,98, NT.4.0,Millennium
    edition XP isnt affected by this exploit
    full story here

    http://www.siliconvalley.com/mld/sil...ws/4567646.htm

    REDMOND, Wash. - Microsoft Corp. on Wednesday disclosed a security flaw of "critical" severity in most versions of its popular Windows operating system.

    In its 65th security bulletin of the year, Microsoft urged users of Windows 2000, Millennium, 98 and NT 4.0 to download a software patch from the company's security Web site. Microsoft's newest version, Windows XP, does not have the problem.

    Attackers could exploit a vulnerability in the software that underlies many database functions and take over the user's computer.

    The security bulletin is the first to be issued in a simpler format, which Microsoft adopted due to complaints that its bulletins were overly detailed and confusing. The technically detailed bulletins were geared more for developers or system administrators, rather than everyday users, Steve Lipner, Microsoft's security assurance director, wrote in an e-mail to customers.

    Microsoft will continue to issue more technical versions for those who want them, Lipner wrote.

    The company also added a new category of "important" to how it rates the severity of the security flaws. The most urgent flaws are termed "critical;" the second-most urgent are "important;" the next level is "moderate" and the last is "low."

    ON THE NET

    http://www.microsoft.com/security
    so get patching people i will edit this post if i come across any more links


    http://www.cw360.com/bin/bladerunner...HAN=13&CFLAV=1
    Microsoft's security bulletin
    http://www.microsoft.com/technet/tre...n/MS02-065.asp

    The patch is at http://www.microsoft.com/downloads/R...eleaseID=44733

    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Could either be:

    http://www.microsoft.com/technet/tre...n/MS02-065.asp

    or maybe

    http://www.microsoft.com/technet/tre...n/MS02-066.asp

    /nebulus

    Doh you edited your message while i was posting it Oh well, getting slow in my old age I guess...

    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Just to add to this heads up, here's another one issued by CERT.

    CERT Advisory CA-2002-32 Backdoor in Alcatel OmniSwitch AOS

    Original release date: November 21, 2002
    Last revised: --
    Source: CERT/CC, Alcatel

    A complete revision history can be found at the end of this file.

    Systems Affected

    * Alcatel OmniSwitch 7700/7800 switches running Alcatel Operating
    System (AOS) version 5.1.1

    Overview

    Alcatel has recently discovered a serious vulnerability in AOS version
    5.1.1. Exploitation of this vulnerability can lead to full
    administrative control of the device running AOS.

    I. Description

    AOS typically runs on network infrastructure devices, such as the
    Alcatel OmniSwitch 7000 series switch. According to Alcatel:

    During an NMAP audit of the AOS 5.1.1 code that runs on the Alcatel
    OmniSwitch 7700/7800 LAN switches, it was determined a telnet
    server was listening on TCP port number 6778. This was used during
    development to access the Wind River Vx-Works operating system. Due
    to an oversight, this access was not removed prior to product
    release.

    Further information about this vulnerability may be found in
    VU#181721. This issue is also being referenced as CAN-2002-1272:

    http://cve.mitre.org/cgi-bin/cvename...=CAN-2002-1272

    II. Impact

    An attacker can gain full access to any device running AOS version
    5.1.1, which can result in, but is not limited to, unauthorized
    access, unauthorized monitoring, information leakage, or denial of
    service.

    III. Solution

    Upgrade to AOS 5.1.1.R02 or AOS 5.1.1.R03

    Contact Alcatel's customer support for the updated AOS.

    Workarounds

    Block access to port 6778/TCP at your network perimeter.

    Appendix A. - Vendor Information

    VU#181721 was written by Alcatel. As new vendor information is
    reported to the CERT/CC, we will update VU#181721 and note the changes
    in our revision history.

    Appendix B. - References

    1. VU#181721: Alcatel OmniSwitch 7700/7800 does not require a
    password for accessing the telnet server -
    http://www.kb.cert.org/vuls/id/181721

    2. OmniSwitch_7000_brief -
    http://www.ind.alcatel.com/nextgen/O...7000_brief.pdf

    3. CAN-2002-1272 -
    http://cve.mitre.org/cgi-bin/cvename...=CAN-2002-1272
    _________________________________________________________________

    We thank Olivier Paridaens and Jeff Hayes of Alcatel for reporting
    this issue.
    _________________________________________________________________

    Author: Ian A. Finlay.
    Cheers:
    DjM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •