CRIME FW: [Information_technology] Daily News 3/02/04

From: George Heuston (GeorgeH@private)
Date: Tue Mar 02 2004 - 09:30:41 PST

  • Next message: George Heuston: "CRIME Meeting 9 March @ Oregon Zoo, 10-Noon"

    -----Original Message-----
    From: information_technology-admin@private
    [mailto:information_technology-admin@private] On Behalf
    Of InfraGard
    Sent: Tuesday, March 02, 2004 6:51 AM
    To: Information Technology
    Subject: [Information_technology] Daily News 3/02/04
    
    February 27, Techworld - Critical security hole in Dell OpenManage. A
    security hole in Dell OpenManage server could leave the product open to
    attack by an unauthorized user. The problem has been identified as high
    risk
    by security consultancy Secunia. The vulnerability is caused due to a
    boundary error in the Web server when handling certain HTTP POST
    requests.
    POST is an extremely common HTML method of processing forms but can be
    exploited by sending a message with a hidden but extremely long variable
    to
    cause a heap overflow. The vulnerability can be side-stepped by
    restricting
    access to Port 1311/TCP and only allowing trusted IP addresses to
    connect.
    However, without that in place, a denial of service or system access are
    readily achievable. Additional information is available on the Secunia
    Website: http://secunia.com/advisories/10994/ Source:
    http://www.techworld.com/news/index.cfm?fuseaction=displaynews&NewsID=11
    15
    
    February 27, eWEEK - Vulnerability in WinZip could compromise security.
    Security analysts on Friday, February 27, reported that versions of the
    popular ZIP file management program WinZip have a serious security flaw.
    According to iDefense Inc., an error in the parameter parsing code in
    these
    versions "allows remote attackers to execute arbitrary code." The
    attacker
    would have to construct a specially designed MIME archive (with one of
    .mim,
    .uue, .uu, .b64, .bhx, .hqx and .xxe extensions) and distribute the file
    to
    users. Once opened, the attack would trick WinZip into executing code
    contained in the attacking file. iDefense said it had a functioning
    proof-of-concept attack demonstrating the problem. The malicious file
    could
    be distributed by e-mail, on a Web page, or through peer-to-peer
    networks.
    According to iDefense, versions 7 and 8, as well as the latest beta of
    WinZip 9 are vulnerable to this attack. However, the released Version 9
    of
    WinZip is not vulnerable. In addition to upgrading, users can prevent an
    attack by turning off automatic handling of these file types by WinZip
    in
    Windows Explorer. Source:
    http://www.eweek.com/article2/0,4149,1540280,00.asp
    
    February 27, eWEEK - File sharing vulnerability discovered in Mac OS X.
    A
    security issue that could result in stolen passwords and data on Friday,
    February 27, was revealed for Apple Computer Inc.'s Apple Filing
    Protocol
    (AFP), a component of Mac OS X 10.3.2. In a posting to the SecurityFocus
    BUGTRAQ list, Chris Adams, a system administrator, noted that while
    users
    could request secure connections, the system will not issue any alert or
    indication if an SSH connection is unavailable and then defaults to a
    non-secure connection. The only indication was a negative one--users
    must be
    aware that an alert "Opening Secure Connection" did not appear. This
    could
    result in users sending unencrypted passwords over an insecure
    connection.
    Adams said that any such activity would only come as the result of an
    active
    attack. "OS X does warn you before using unencrypted passwords and AFP
    does
    prevent passive password collection by encrypting the log-in process to
    protect the password on its way to the server. This problem allows you
    to
    trick it into sending the unencrypted password to you instead of the
    intended server," he said. Though his BUGTRAQ warning provided
    workarounds,
    such as manually configuring a SSH tunnel or using SFTP instead, Adams
    suggested that SSH should be enabled by default for both client and
    server
    and the user interface modified to clearly warn when the system is
    unable to
    establish an SSH tunnel. Additional information is available on the
    SecruityFocus Website: http://www.securityfocus.com/bid/9763/discussion/
    Source: http://www.eweek.com/article2/0,1759,1540556,00.asp
    
    
    Internet Alert Dashboard
    Current Alert Levels
    AlertCon: 1 out of 4
    https://gtoc.iss.net
    
    Security Focus
    ThreatCon: 1 out of 4
    http://analyzer.securityfocus.com/
    
    Current Virus and Port Attacks
    Virus: #1 Virus in the United States: WORM_NETSKY.C
    Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
    Tracking Center
    [Infected Computers, North America, Past 24 hours, #1 in United States]
    
    Top 10 Target Ports
    3127 (mydoom), 80 (www), 445 (microsoft?ds), 135 (epmap), 3128
    (squid?http),
    1080 (socks), 137 (netbios?ns), 1434 (ms?sql?m), 389 (ldap), 10080
    (amanda)
    Source: http://isc.incidents.org/top10.html; Internet Storm Center
    
    
    _______________________________________________
    Information_technology mailing list
    Information_technology@listserv
    



    This archive was generated by hypermail 2b30 : Tue Mar 02 2004 - 10:21:59 PST