-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Friday, December 13, 2002 7:32 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 12/13/02 December 11, CERT/CC Advisory CA-2002-35 Vulnerability in RaQ 4 Servers. A remotely exploitable vulnerability has been discovered in Sun Cobalt RaQ 4 Server Appliances running Sun's Security Hardening Package (SHP). Exploitation of this vulnerability may allow remote attackers to execute arbitrary code with superuser privileges. Cobalt RaQ 4 is a Sun Server Appliance. Sun provides a Security Hardening Package (SHP) for Cobalt RaQ 4. Although the SHP is not installed by default, many users choose to install it on their RaQ 4 servers. A vulnerability in the SHP may allow a remote attacker to execute arbitrary code on a Cobalt RaQ 4 Server Appliance. The vulnerability occurs in a cgi script that does not properly filter input. Specifically, overflow.cgi does not adequately filter input destined for the email variable. Source. http://www.cert.org/advisories/CA-2002-35.html December 11, Microsoft Microsoft Security Bulletin MS02-069: Flaw in Microsoft VM Could Enable System Compromise (Critical). A new version of the Microsoft VM is available, which includes all previously released fixes for the VM, as well as fixes for eight newly reported security issues. All of the vulnerabilities share a pair of common mitigating factors: The web-based attack vector would be blocked if the user had disabled Java applets in the Internet Explorer security zone in which the attacker's web site rendered. The email vector would be blocked if the user were running any of several mail clients. Specifically, Outlook Express 6 and Outlook 2002 (which ships as part of Office XP) disable Java by default, and Outlook 98 and 2000 disable it if the Outlook Email Security Update has been installed. Please see the bulletin for details on all eight vulnerabilities. Source. http://www.microsoft.com/technet/security/bulletin/MS02-069.asp December 11, Microsoft Microsoft Security Bulletin MS02-070: Flaw in SMB Signing Could Enable Group Policy to be Modified (Moderate). A flaw in the implementation of SMB Signing in Windows 2000 and Windows XP could enable an attacker to silently downgrade the SMB Signing settings on an affected system. To do this, the attacker would need access to the session negotiation data as it was exchanged between a client and server, and would need to modify the data in a way that exploits the flaw. This would cause either or both systems to send unsigned data regardless of the signing policy the administrator had set. After having downgraded the signing setting, the attacker could continue to monitor the session and change data within it; the lack of signing would prevent the communicants from detecting the changes. Source. http://www.microsoft.com/technet/security/bulletin/MS02-070.asp December 11, Microsoft Microsoft Security Bulletin MS02-071: Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (Important). By default, several of the processes running in the interactive desktop do so with LocalSystem privileges. As a result, an attacker who had the ability to log onto a system interactively could potentially run a program that would levy a WM_TIMER request upon such a process, causing it to take any action the attacker specified. This would give the attacker complete control over the system. In addition to addressing this vulnerability, the patch also makes changes to several processes that run on the interactive desktop with high privileges. Although none of these would, in the absence of the TM_TIMER vulnerability, enable an attacker to gain privileges on the system, we have included them in the patch to make the services more robust. Source. http://www.microsoft.com/technet/security/bulletin/MS02-071.asp _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Fri Dec 13 2002 - 14:55:19 PST