-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Wednesday, December 11, 2002 7:18 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 12/11/02 December 9, CERT/CC Vulnerability Note VU#780737 -- Pine MUA contains buffer overflow in addr_list_string(). Pine is a mail user agent (MUA) written and distributed by the University of Washington. Some versions contain a buffer overflow vulnerability in email address handling. Versions of Pine prior to 4.50 contain a remotely exploitable buffer overflow in the addr_list_string() function. Due to incorrect calculation of string length in est_size(), a message From: header that contains a long string of escaped characters can cause a buffer being used by the addr_list_string() function to overflow. It is important to note that the From: header is under full control of the remote user sending mail and as such can contain any characters that they supply. An attacker can construct a message with a crafted From: header that will cause Pine to crash with a segmentation fault and possibly dump core. Source. http://www.kb.cert.org/vuls/id/780737 December 9, CERT/CC Vulnerability Note VU#630355 -- Netscape and iPlanet Enterprise Servers fail to sanitize log files before they are displayed using the administration client. IPlanet Enterprise Server and Netscape Enterprise Server versions prior to 4.1. SP12 have a vulnerability involving the rendering of <SCRIPT> tags embedded in the web logs when viewed through the administration client. Requests made to web servers are routinely logged by the web server to a log file, even if these requests are invalid or malicious in some way. Normally, this presents no security problems, and in fact allows administrators to record possible attacks against their system. However, in iPlanet Enterprise Server and Netscape Enterprise server versions prior to 4.1. SP12, these malicious log entries are not correctly sanitized before being viewed through the browser based administration client. This allows a remote attacker to embed malicious <SCRIPT> tags in the URL of requests, which may be later executed by the administrator when reviewing the logs. When the malicious script embedded in the log files is viewed through the administration client, the administrator has already authenticated to the web server, and has additional privileges. Source. http://www.kb.cert.org/vuls/id/630355 Virus: #1 Virus in USA: PE FUNLOVE.4099 Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 1433(ms-sql-s); 21(ftp); 25(smtp); 4662; 8080(webcache); 445(microsoft-ds); 139(netbios-ssn); 27374(asp) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 21:51:55 PST