-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Monday, December 16, 2002 8:48 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 12/16/02 December 13, CERT/CC Vulnerability Note VU#958321 -- Samba contains a remotely exploitable stack buffer overflow. Versions 2.2.2 through 2.2.6 of Samba contain a remotely exploitable stack buffer overflow. The Samba Team describes Samba as follows: The Samba software suite is a collection of programs that implements the Server Message Block (commonly abbreviated as SMB) protocol for UNIX systems. This protocol is sometimes also referred to as the Common Internet File System (CIFS), LanManager or NetBIOS protocol. The Samba Team describes the vulnerability as follows: There was a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password could be used as a buffer overrun attack on the stack of smbd. The attach would have to be crafted such that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. The solution involves the application of a vendor provided patch. Source. http://www.kb.cert.org/vuls/id/958321 December 12, CERT/CC Vulnerability Note VU#162097 -- Microsoft Internet Explorer does not adequately validate references to cached objects and methods. Microsoft Internet Explorer features the ability to process scripts contained in HTML documents. This feature is known as Active scripting, and Internet Explorer supports several scripting languages, including VBScript and JScript. JScript is similar to Netscape's JavaScript and both languages played some part in the development of ECMAScript (ECMA-262). For security reasons, a script loaded from one site should not be able to access resources on another site, including the local client. In JavaScript, the Same Origin Policy protects clients by ensuring that "when loading a document from one origin, a script loaded from a different origin cannot get or set specific properties of specific browser and HTML objects in a window or frame." Internet Explorer implements a similar policy, adding the restriction that scripts are not allowed to access properties or objects across security zones. As reported by GreyMagic Software, Internet Explorer does not adequately validate references to certain cached objects and methods across different domains and security zones. A script from a potentially malicious site executing in one domain and security zone is able to access resources in another domain and zone, including the Local Computer zone, via the Document Object Model (DOM) interface. Source. http://www.kb.cert.org/vuls/id/162097 Virus: #1 Virus in USA: PE_FUNLOVE.4099 Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 1433(ms-sql-s); 21(ftp); 23(telnet); 4899(radmin); 4662; 445(microsoft-ds); 25(smtp);53(domain) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 17:49:50 PST