CRIME FW: [Cyber_threats] Daily News 12/11/02

From: George Heuston (GeorgeH@private)
Date: Wed Dec 11 2002 - 21:02:41 PST

  • Next message: Zot O'Connor: "CRIME Several Crime Members mentioned on OPB Oregon Considered."

    -----Original Message-----
    From: NIPC Watch [mailto:nipcwatch@private] 
    Sent: Wednesday, December 11, 2002 7:18 AM
    To: Cyber Threats
    Subject: [Cyber_threats] Daily News 12/11/02
    
    December 9, CERT/CC
    Vulnerability Note VU#780737 -- Pine MUA contains buffer overflow in
    addr_list_string(). Pine is a mail user agent (MUA) written and distributed
    by the University of Washington. Some versions contain a buffer overflow
    vulnerability in email address handling. Versions of Pine prior to 4.50
    contain a remotely exploitable buffer overflow in the addr_list_string()
    function. Due to incorrect calculation of string length in est_size(), a
    message From: header that contains a long string of escaped characters can
    cause a buffer being used by the addr_list_string() function to overflow. It
    is important to note that the From: header is under full control of the
    remote user sending mail and as such can contain any characters that they
    supply. An attacker can construct a message with a crafted From: header that
    will cause Pine to crash with a segmentation fault and possibly dump core.
    Source. http://www.kb.cert.org/vuls/id/780737
    
    December 9, CERT/CC
    Vulnerability Note VU#630355 -- Netscape and iPlanet Enterprise Servers fail
    to sanitize log files before they are displayed using the administration
    client. IPlanet Enterprise Server and Netscape Enterprise Server versions
    prior to 4.1. SP12 have a vulnerability involving the rendering of <SCRIPT>
    tags embedded in the web logs when viewed through the administration client.
    Requests made to web servers are routinely logged by the web server to a log
    file, even if these requests are invalid or malicious in some way. Normally,
    this presents no security problems, and in fact allows administrators to
    record possible attacks against their system. However, in iPlanet Enterprise
    Server and Netscape Enterprise server versions prior to 4.1. SP12, these
    malicious log entries are not correctly sanitized before being viewed
    through the browser based administration client. This allows a remote
    attacker to embed malicious <SCRIPT> tags in the URL of requests, which may
    be later executed by the administrator when reviewing the logs. When the
    malicious script embedded in the log files is viewed through the
    administration client, the administrator has already authenticated to the
    web server, and has additional privileges.
    Source. http://www.kb.cert.org/vuls/id/630355
    
    
    Virus: #1 Virus in USA: PE FUNLOVE.4099
    Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
    Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
    United States]
    
    Top 10 Target Ports
    137(netbios-ns); 80(http); 1433(ms-sql-s); 21(ftp); 25(smtp); 4662;
    8080(webcache); 445(microsoft-ds); 139(netbios-ssn); 27374(asp)
    Source: http://isc.incidents.org/top10.html; Internet Storm Center
    
    
    _______________________________________________
    Cyber_Threats mailing list
    Cyber_Threats@listserv
    http://listserv.infragard.org/mailman/listinfo/cyber_threats
    



    This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 21:51:55 PST