-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Friday, January 17, 2003 6:52 AM To: Information Technology; Cyber Threats Subject: [Cyber_threats] Daily News 01/17/03 January 17, CERT Coordination Center ISC has discovered several buffer overflow vulnerabilities in their implementation of DHCP (ISC DHCPD). These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. There are multiple remote buffer overflow vulnerabilities in the ISC implementation of DHCP. As described in RFC 2131, "the Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network." In addition to supplying hosts with network configuration data, ISC DHCPD allows the DHCP server to dynamically update a DNS server, obviating the need for manual updates to the name server configuration. Support for dynamic DNS updates is provided by the NSUPDATE feature. During an internal source code audit, developers from the ISC discovered several vulnerabilities in the error handling routines of the minires library, which is used by NSUPDATE to resolve hostnames. These vulnerabilities are stack-based buffer overflows that may be exploitable by sending a DHCP message containing a large hostname value. Note: Although the minires library is derived from the BIND 8 resolver library, these vulnerabilities do not affect any current versions of BIND. A solution is posted at the source site. Source: http://www.kb.cert.org/vuls/id/284857#systems January 16, New York Times Wireless services bill introduced. Senators George Allen (R-VA) and Barbara Boxer (D-CA), have introduced legislation to promote wireless broadband deployment. The bill,the Jumpstart Broadband Act, calls for the Federal Communications Commission to allocate at least 255 megahertz of spectrum in the 5-gigahertz band for unlicensed use by wireless broadband services. The measure seeks to support the expansion of wireless technology known as WiFi, which allows users of personal and hand-held computers to connect to the Internet at high speed without cables. Allen said the legislation would create an environment that embraces innovation and encourages the adoption of next-generation wireless broadband Internet devices. In addition, he said, such action would build confidence among consumers, investors and those in the telecommunications and technology industries. Source: http://www.nytimes.com/2003/01/16/technology/16TBRF3.html January 16, Government Computer News FedCIRC prepares to launch new security patch service. The Federal Computer Incident Response Center introduced systems and security administrators to its new patch distribution service today. Mark Forman, associate director for IT and e-government at the Office of Management and Budget, said the Patch Authentication and Dissemination Capability could help agencies meet requirements of the Federal Information Security Management Act. The General Services Administration's FedCIRC is offering PADC as a free service to civilian agencies. SecureInfo Corp. of San Antonio and Veridian Corp. of Arlington, Va., developed it under a $10.8 million, five-year task order. It is expected go online next week. Agencies with accounts will enter hardware and software profiles of their systems and be told what security vulnerabilities they face and what patches or other fixes they will need to correct them. Users also will be alerted to new vulnerabilities that could affect their systems. Patches will be validated and tested by Veridian, then digitally signed and stored on a secure server by SecureInfo. The goal is to simplify patch management by providing administrators only with information relevant to their IT systems and ensuring that patches are genuine and effective. Source: http://www.gcn.com/vol1_no1/daily-updates/20885-1.html January 16, International Data Group Security flaw found in Microsoft's Windows Powered Smartphone software. Microsoft and mobile phone operator Orange are working to patch a security bug that affects the first mobile phone to use Microsoft's Windows Powered Smartphone software, Orange said Thursday. The SPV phone can run downloadable applications. It was designed to only run certified applications, in order to protect customers against rogue code. However, details on how to disable this security feature have become public, allowing the installation of applications that have not been certified. Microsoft and Orange have investigated the issue and will provide a security update as soon as possible to solve it, Orange said. Users will be able to download this update through the Orange Update application on their SPV. Because changes have to be made directly on the phone to be able to bypass the security, Orange said it does not see the issue "as posing any risk to the security" of SPV users. Source: http://www.pcworld.com/news/article/0,aid,108834,00.asp Virus: #1 Virus in USA: PE_FUNLOVE.4099 Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 137 (netbios-ns), 80 (http), 1433 (ms-sql-s), 21 (ftp), 53 (domain), 4662 (???), 139 (netbios-ssn), 135 (???), 27374 (asp), 443 (https) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Fri Jan 17 2003 - 09:40:19 PST