-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Thursday, January 23, 2003 7:28 AM To: Information Technology Subject: [Information_technology] Daily News 01/23/03 January 22, CERT/CC Vulnerability Note VU#650937: CVS server improperly deallocates memory. Concurrent Versions System (CVS) is a version control and collaboration system that is widely used by open-source software development projects. CVS is commonly configured to allow public, anonymous, read-only access via the Internet. There is a significant secondary impact in that source code maintained in CVS repositories could be modified to include trojan horses, backdoors, or other malicious code. The CVS server component contains a "double-free" vulnerability that can be triggered by a set of specially crafted directory requests. While processing these requests, an error-checking routine may attempt to free() the same memory reference more than once. Deallocating the already freed memory leads to heap corruption, which an attacker could leverage to execute arbitrary code, alter the logical operation of the CVS server program, or read sensitive information stored in memory. This vulnerability is resolved in CVS 1.11.5. CERT recommends the application of a vendor specified patch or upgrade as specified by vendor. Until patches are available and can be applied, consider disabling the CVS server and anonymous access to the CVS server. Source: http://www.kb.cert.org/vuls/id/650937 January 22, Microsoft Microsoft Security Bulletin MS03-003: flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates. There is a flaw in the way Outlook 2002 handles a V1 Exchange Server Security certificate when using it to encrypt HTML e-mail. As a result, Outlook fails to encrypt the mail correctly and the message will be sent in plain text. This could cause the information in the e-mail to be exposed when the user believed it to be protected through encryption. S/MIME encryption, which is the most widely used form of e-mail encryption used by Outlook, is not affected. Microsoft has assigned a risk rating of "Moderate" to this vulnerability. A patch is available at the Microsoft website. Source: http://www.microsoft.com/security/security_bulletins/MS03-003.asp January 22, Microsoft Microsoft Security Bulletin MS03-001: unchecked buffer in Locator service could lead to code execution. The Microsoft Locator service is a name service that maps logical names to network-specific names. It ships with Windows NT 4.0, Windows 2000, and Windows XP. A security vulnerability results from an unchecked buffer in the Locator service. By sending a specially-malformed request to the Locator service, an attacker could cause the Locator service to fail, or to run code of the attacker's choice on the system. The Locator service is not enabled by default on any affected versions of Windows, with the exception of Windows 2000 domain controllers and Windows NT 4.0 domain controllers. Microsoft has assigned a risk rating of "Critical" for the latter two versions. A properly-configured firewall would block the calls to the Locator service, which would protect an affected machine from an Internet-based attack. A patch is available at the Microsoft website. Source: http://www.microsoft.com/technet/security/bulletin/ms03-001.asp January 22, Microsoft Microsoft Security Bulletin MS03-002: Cross-Site Scripting flaw in Microsoft Content Management Server 2001. Microsoft Content Management Server (MCMS) 2001 is an Enterprise Server product that simplifies developing and managing E-Commerce web sites. A Cross-Site Scripting flaw exists in one of these ASP pages that could allow an attacker to insert script into the data being sent to a MCMS server. Because the server generates a web page in response to a user request made using this page, it is possible that the script could be embedded within the page that CMS generates and returns to the user, this script would then run when processed by the user's browser. This could result in an attacker being able to access information the user shared with the legitimate site. An attacker might attempt to exploit this flaw by crafting a malicious link to a valid site that the user intended to visit. If the attacker were able to get a user to click the link-most likely by sending the link in an email-then the attacker could alter the data that appeared to be contained on the web pages presented by the legitimate site, monitor the user's session with the legitimate site and copy personal data from the legitimate site to a site under the attacker's control, or access the legitimate site's cookies. Microsoft has assigned a risk rating of "Moderate" to this flaw. A patch is available at the Microsoft website. Source: http://www.microsoft.com/technet/security/bulletin/ms03-002.asp Virus: #1 Virus in USA: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137 (netbios-ns), 80 (http), 1433 (ms-sql-s), 445 (microsoft-ds), 4662 (???), 139 (netbios-ssn), 53 (domain), 8714 (???), 23 (telnet), 21 (ftp) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv http://listserv.infragard.org/mailman/listinfo/information_technology
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 09:04:30 PST