CRIME FW: [Cyber_threats] Daily News 12/06/02

• Previous message: Seth Arnold: "Re: CRIME Fwd: [Fwd: Eugene says "NO!" to USA PATRIOT act]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: NIPC Watch [mailto:nipcwatch@private] 
Sent: Friday, December 06, 2002 7:13 AM
To: Cyber Threats
Subject: [Cyber_threats] Daily News 12/06/02

December 4, CERT/CC
Vulnerability Note VU#683673: Sun Solaris priocntl(2) does not adequately
validate path to kernel modules that implement lightweight process (LWP)
scheduling policy. The Sun Solaris priocntl(2) function does not adequately
validate a memory structure that specifies the name of a kernel module. As a
result, a local attacker could execute arbitrary code with superuser
privileges on a vulnerable system. Sun states that "a final resolution is
pending completion." Source. http://www.kb.cert.org/vuls/id/683673


December 4, Microsoft
Microsoft Security Bulletin MS02-067: E-mail header processing flaw could
cause Outlook 2002 to fail (Moderate). Microsoft Outlook provides users with
the ability to work with e-mail, contacts, tasks, and appointments. A
vulnerability exists in Outlook 2002 in its processing of e-mail header
information. An attacker who successfully exploited the vulnerability could
send a specially malformed e-mail to a user of Outlook 2002 that would cause
the Outlook client to fail under certain circumstances. The Outlook 2002
client would continue to fail so long as the specially malformed e-mail
message remained on the e-mail server. Microsoft recommends that customers
consider installing the patch available on Microsoft's web site. The patch
addresses the vulnerability by correcting the flaw and causing Outlook 2002
to correctly process e-mails that contain the invalid header information
described above. Source.
http://www.microsoft.com/technet/security/bulletin/MS02-067.asp

Virus: #1 Virus in USA: PE_ELKERN.D
Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
United States]

Top 10 Target Ports
137(netbios-ns); 80(http); 1433(ms-sql-s); 21(ftp); 25(smtp);
445(microsoft-ds); 139(netbios-ssn); 53(domain); 4665(edonkey); 4662
Source: http://isc.incidents.org/top10.html; Internet Storm Center





_______________________________________________
Cyber_Threats mailing list
Cyber_Threats@listserv
http://listserv.infragard.org/mailman/listinfo/cyber_threats

• Next message: Lyle Leavitt: "CRIME [Fwd: [Information_technology] Daily News 12/06/02]"
• Previous message: Seth Arnold: "Re: CRIME Fwd: [Fwd: Eugene says "NO!" to USA PATRIOT act]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 06 2002 - 11:48:10 PST