From daniela em ccuec.unicamp.br Mon Apr 1 12:07:44 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Mon, 1 Apr 2002 12:07:44 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca (fev/02) Message-ID: <20020401150744.GA10130@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 23/02/2002: ----------- SuSE Security Announcement (SuSE-SA:2002:005) Assunto: vulnerabilidade de seguranca no package "cups". http://www.security.unicamp.br/docs/bugs/2002/02/v66.txt 25/02/2002: ----------- CERT Advisory CA-2002-04 Assunto: Buffer Overflow in Microsoft Internet Explorer http://www.security.unicamp.br/docs/bugs/2002/02/v67.txt 27/02/2002: ----------- CAIS-Alerta: Buffer Overflow no Microsoft Internet Explorer http://www.security.unicamp.br/docs/bugs/2002/02/v68.txt Red Hat, Inc. Red Hat Security Advisory (RHSA-2002:028-13) Assunto: Updated 2.4 kernel available. http://www.security.unicamp.br/docs/bugs/2002/02/v69.txt Microsoft Security Bulletin (MS02-012) Assunto: Malformed Data Transfer Request can Cause Windows SMTP Service to Fail. http://www.security.unicamp.br/docs/bugs/2002/02/v70.txt Microsoft Security Bulletin (MS02-011) Assunto: Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service. http://www.security.unicamp.br/docs/bugs/2002/02/v71.txt 28/02/2002: ----------- CAIS-Alerta: Multiplas Vulnerabilidades no PHP http://www.security.unicamp.br/docs/bugs/2002/02/v72.txt CERT Summary CS-2002-01 http://www.security.unicamp.br/docs/bugs/2002/02/v73.txt CAIS-Alerta: CERT Summary CS-2002-01 http://www.security.unicamp.br/docs/bugs/2002/02/v74.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Mon Apr 1 15:03:29 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Mon, 1 Apr 2002 15:03:29 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca (1a. quinzena de marco) Message-ID: <20020401180329.GA10466@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 01/03/2002: ----------- CAIS-ALERTA: Vulnerabilidade em Cisco IOS com suporte a CEF http://www.security.unicamp.br/docs/bugs/2002/03/v59.txt 02/03/2002: ----------- Slackware-security: mod_php update fixes security problems. http://www.security.unicamp.br/docs/bugs/2002/03/v60.txt 04/03/2002: ----------- Microsoft Security Bulletin (MS02-013) Assunto: Java Applet Can Redirect Browser Traffic. http://www.security.unicamp.br/docs/bugs/2002/03/v61.txt 05/03/2002: ----------- CAIS-Alerta: Vulnerabilidades no RADIUS http://www.security.unicamp.br/docs/bugs/2002/03/v62.txt CAIS-Alerta: Vulnerabilidade no Microsoft Virtual Machine (Microsoft VM) http://www.security.unicamp.br/docs/bugs/2002/03/v63.txt CAIS-Alerta: Falha de autenticacao no SMTP da Microsoft http://www.security.unicamp.br/docs/bugs/2002/03/v64.txt CAIS-Alerta: Denial of Service no Microsoft Windows SMTP http://www.security.unicamp.br/docs/bugs/2002/03/v65.txt 06/03/2002: ----------- Microsoft Security Bulletin (MS02-006: version 3.0) Assunto: Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run. http://www.security.unicamp.br/docs/bugs/2002/03/v66.txt 07/03/2002: ----------- Slackware-security: OpenSSH security problem fixed. http://www.security.unicamp.br/docs/bugs/2002/03/v67.txt Microsoft Security Bulletin (MS02-014) Assunto: Unchecked Buffer in Windows Shell Coulda Lead to Code Execution. http://www.security.unicamp.br/docs/bugs/2002/03/v69.txt 08/03/2002: ----------- CAIS-Alerta: Vulnerabilidade local no OpenSSH. http://www.security.unicamp.br/docs/bugs/2002/03/v68.txt 11/03/2002: ----------- CAIS-Alerta: Vulnerabilidade no Windows Shell http://www.security.unicamp.br/docs/bugs/2002/03/v70.txt Slackware-security: zlib upgrade fixes vulnerability. http://www.security.unicamp.br/docs/bugs/2002/03/v72.txt Slackware-security: rsync update fixes security problems. http://www.security.unicamp.br/docs/bugs/2002/03/v73.txt Microsoft Security Bulletin (MS02-006: version 4.0) Assunto: Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run. http://www.security.unicamp.br/docs/bugs/2002/03/v74.txt Slackware-security: cvs recompiled against updated zlib + /tmp fix. http://www.security.unicamp.br/docs/bugs/2002/03/v75.txt 12/03/2002: ----------- CAIS-Alerta: Vulnerabilidade na biblioteca Zlib http://www.security.unicamp.br/docs/bugs/2002/03/v76.txt 14/03/2002: ----------- CAIS-Alerta: Multiplas vulnerabilidades em Servidores Oracle. http://www.security.unicamp.br/docs/bugs/2002/03/v77.txt Microsoft Security Bulletin (MS02-006: version 5.0) Assunto: Unchecked Buffer in SNMP Service Coulds Enable Arbitrary Code to be Run. http://www.security.unicamp.br/docs/bugs/2002/03/v78.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Mon Apr 1 16:20:20 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Mon, 1 Apr 2002 16:20:20 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca (2a. quinzena de marco) Message-ID: <20020401192020.GA10567@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 18/03/2002: ----------- FreeBSD, Inc. Security Advisory (FreeBSD-SA-02:18) Assunto: vulnerabilidade de seguranca na biblioteca "zlib". http://www.security.unicamp.br/docs/bugs/2002/03/v79.txt Trustix Secure Linux Security Advisory #2002-0040 Assunto: vulnerabilidade de seguranca na biblioteca "zlib". http://www.security.unicamp.br/docs/bugs/2002/03/v80.txt Sun Microsystems, Inc. Security Bulletin #00217 Assunto: vulnerabilidade de seguranca no Java(TM) Web Start. http://www.security.unicamp.br/docs/bugs/2002/03/v81.txt Sun Microsystems, Inc. Security Bulletin #00218 Assunto: vulnerabilidade de seguranca no Bytecode Verifier. http://www.security.unicamp.br/docs/bugs/2002/03/v82.txt Microsoft Security Bulletin (MS02-013: version 2.0) Assunto: Cumulative VM Update. http://www.security.unicamp.br/docs/bugs/2002/03/v83.txt 20/03/2002: ----------- CAIS-Alerta: Vulnerabilidade no SUN Bytecode Verifier. http://www.security.unicamp.br/docs/bugs/2002/03/v84.txt Caldera International, Inc. Security Advisory (CSSA-2002-SCO.12) Assunto: Open UNIX, UnixWare 7: rpc.cmsd can be remotely exploited. http://www.security.unicamp.br/docs/bugs/2002/03/v85.txt Mandrake Linux Security Update Advisory (MDKSA-2002:025) Assunto: vulnerabilidade de seguranca no kdm. http://www.security.unicamp.br/docs/bugs/2002/03/v86.txt Red Hat, Inc. Red Hat Security Advisory (RHSA-2002:048-06) Assunto: vulnerabilidade de seguranca no package "imlib". http://www.security.unicamp.br/docs/bugs/2002/03/v87.txt 21/03/2002: ----------- Red Hat, Inc. Red Hat Security Advisory (RHSA-2002:035-18) Assunto: vulnerabilidade de seguranca no php. http://www.security.unicamp.br/docs/bugs/2002/03/v88.txt Red Hat, Inc. Red Hat Security Advisory (RHSA-2002:026-43) Assunto: vulnerabilidade de seguranca na bilbioteca zlib. http://www.security.unicamp.br/docs/bugs/2002/03/v89.txt CAIS-Alerta: Ataques por Engenharia Social via IRC e Instant Messaging Programs. http://www.security.unicamp.br/docs/bugs/2002/03/v90.txt 26/03/2002: ----------- FreeBSD, Inc. Security Advisory (FreeBSD-SA-02:19) Assunto: squid heap buffer overflow in DNS handling. http://www.security.unicamp.br/docs/bugs/2002/03/v91.txt 28/03/2002: ----------- Anúncio de segurança do Conectiva Linux (CLA-2002:470) Assunto: vulnerabilidades no pacote imlib. http://www.security.unicamp.br/docs/bugs/2002/03/v92.txt Microsoft Security Bulletin (MS02-015) Assunto: Cumulative Patch for Internet Explorer. http://www.security.unicamp.br/docs/bugs/2002/03/v93.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Tue Apr 2 11:24:30 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Tue, 2 Apr 2002 11:24:30 -0300 Subject: [SECURITY-L] MS security patch fails to work Message-ID: <20020402142429.GA12035@ccuec.unicamp.br> Uma mensagem embutida foi limpa... De: Nelson Murilo Assunto: [S] MS security patch fails to work Data: Tue, 2 Apr 2002 09:41:42 -0300 Tamanho: 2728 URL: From daniela em ccuec.unicamp.br Tue Apr 2 11:28:05 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Tue, 2 Apr 2002 11:28:05 -0300 Subject: [SECURITY-L] Novas vulnerabilidades no IE e lancamento do Patch Acumulativo Message-ID: <20020402142804.GA12088@ccuec.unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Novas vulnerabilidades no IE e lancamento do Patch Acumulativo To: , Date: Tue, 2 Apr 2002 08:59:53 -0300 (EST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, "Microsoft Security Bulletin MS02-015", que trata da identificacao de duas novas vulnerabilidades no navegador Internet Explorer e da disponibilizacao do patch acumulativo. A primeira vulnerabilidade esta' relacionada `a elevacao de privilegios. Um atacante que consiga explorar tal vulnerabilidade sera' capaz de executar remotamente scripts HTML de um site web como se eles fossem executados localmente, no sistema do usuario. Os scripts podem fazer com que sejam executadas acoes arbitrarias no sistema. Obviamente, estas acoes estarao limitadas aos privilegios associados a tal usuario. A segunda vulnerabilidade esta' relacionada `a execucao remota de programas residentes na maquina de um usuario. Em ambos os casos, o atacante pode se valer de tecnicas de engenharia social para que usuarios desavisados naveguem por paginas intencionalmente mal-formadas que permitam a exploracao de tais vulnerabilidades, ou ainda este conteudo HTML malicioso pode ser enviado via e-mail. Ressalta-se que o patch divulgado e' acumulativo, ou seja, uma vez instalado, elimina todas as vulnerabilidades divulgadas anteriormente e que afetam o IE 5.01, 5.5 e 6, alem das duas novas tratadas neste alerta. Sistemas Afetados: . Microsoft Internet Explorer 5.01 . Microsoft Internet Explorer 5.5 . Microsoft Internet Explorer 6.0 Correcoes disponiveis: http://www.microsoft.com/windows/ie/downloads/critical/Q319182/default.asp Maiores informacoes: http://www.microsoft.com/technet/security/bulletin/ms02-015.asp Identificadores do CVE (http://cve.mitre.org): . CAN-2002-0077 e CAN-2002-0078 O CAIS recomenda fortemente aos administradores de sistemas Windows que mantenham seus sistemas atualizados. Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA / RNP # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel em: http://www.cais.rnp.br/cais-pgp.key # ################################################################ - ---------------------------------------------------------------------- Title: 28 March 2002 Cumulative Patch for Internet Explorer Date: 28 March 2002 Software: Internet Explorer Impact: Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone. Max Risk: Critical Bulletin: MS02-015 Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-015.asp. - ---------------------------------------------------------------------- Issue: ====== This is a cumulative patch that includes the functionality of all previously released patches for IE 5.01, 5.5 and IE 6. In addition, it eliminates the following two newly discovered vulnerabilities: - A vulnerability in the zone determination function that could allow a script embedded in a cookie to be run in the Local Computer zone. While HTML scripts can be stored in cookies, they should be handled in the same zone as the hosting site associated with them, in most cases the Internet zone. An attacker could place script in a cookie that would be saved to the user's hard disk. When the cookie was opened by the site the script would then run in the Local Computer zone, allowing it to run with fewer restrictions than it would otherwise have. - A vulnerability in the handling of object tags that could allow an attacker to invoke an executable already present on the user's machine. A malicious user could create HTML web page that includes this object tag and cause a local program to run on the victim's machine. Mitigating Factors: ==================== Cookie-based Script Execution: - The script would run with the same rights as the user. The specific privileges the attacker could gain through this vulnerability would therefore depend on the privileges accorded to the user. Any limitations on a user's account, such as those applied through Group Policies, would also limit the actions of any script executed by this vulnerability. Local Executable Invocation via Object tag: - The vulnerability would not enable the attacker to pass any parameters to the program. Microsoft is not aware of any programs installed by default in any version of Windows that, when called with no parameters, could be used to compromise the system. - An attacker could only execute a file on the victim's local machine. The vulnerability could not be used to execute a program on a remote share or web site. - The vulnerability would not provide any way for an attacker to put a program of his choice onto another user's system. - An attacker would need to know the name and location of any executable on the system to successfully invoke it. - Outlook 98 and 2000 (after installing the Outlook Email Security Update), Outlook 2002, and Outlook Express 6 all open HTML mail in the Restricted Sites Zone. As a result, customers using these products would not be at risk from email-borne attacks. Risk Rating: ============ - Internet systems: Critical - Intranet systems: Critical - Client systems: Critical Patch Availability: =================== - A patch is available to fix this vulnerability. Please read the Security Bulletin at http://www.microsoft.com/technet/security/bulletin/ms02-015.asp for information on obtaining this patch. Acknowledgment: =============== - Andreas Sandblad, Sweden for reporting the Cookie-based Script Execution issue - --------------------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************* -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQCVAwUBPKmdSekli63F4U8VAQEFRAQAskOOLi4dlNydZMDlMMbB7VdDkBLwTqvj 4No9qQmTX/DCdhN8PVF2vfcqGSAzPrPubl8s7zXsv0G2et5iJmL7LDISkkdlnRtG +lbW9fMd9yvrsjhAoSIN+fnA0GNuThyW6qw7h9mu/rQA0EJOxVMDotdKKoxiKGfu xaprKhtZ9l4= =AhDl -----END PGP SIGNATURE----- ----- End forwarded message ----- From daniela em ccuec.unicamp.br Tue Apr 2 16:15:53 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Tue, 2 Apr 2002 16:15:53 -0300 Subject: [SECURITY-L] Boletins de noticias Message-ID: <20020402191552.GA12654@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e redes da Unicamp com os seguintes boletins de noticias e/ou revistas eletronicas: 25/03/2002: ----------- SecurityFocus.com Newsletter #137 Fonte: SecurityFocus.com http://www.security.unicamp.br/docs/informativos/2002/03/b11.txt 27/03/2002: ----------- SANS NewsBites Vol. 4 Num. 13 Fonte: SANS Institute http://www.security.unicamp.br/docs/informativos/2002/03/b12.txt SANS Windows Security Digest Vol. 5 Num. 3 Fonte: SANS Institute http://www.security.unicamp.br/docs/informativos/2002/03/b13.txt 02/04/2002: ----------- SANS NewsBites Vol. 4 Num. 14 Fonte: SANS Institute http://www.security.unicamp.br/docs/informativos/2002/04/b1.txt SecurityFocus.com Newsletter #138 Fonte: SecurityFocus.com http://www.security.unicamp.br/docs/informativos/2002/04/b2.txt -- Equipe de Seguranca em Sitemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Wed Apr 3 16:24:46 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Wed, 3 Apr 2002 16:24:46 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20020403192446.GA18709@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 13/03/2002: ----------- Caldera International, Inc. Security Advisory (CSSA-2002-007.0) Assunto: Linux: Updated Caldera Public Keys. http://www.security.unicamp.br/docs/bugs/2002/03/v99.txt Caldera International, Inc. Security Advisory (CSSA-2002-008.0) Assunto: Linux: CUPS buffer overflow when reading names of attributes. http://www.security.unicamp.br/docs/bugs/2002/03/v100.txt 15/03/2002: ----------- Caldera International, Inc. Security Advisory (CSSA-2002-009.0) Assunto: Linux: X server allows access to any shared memory on the system. http://www.security.unicamp.br/docs/bugs/2002/03/v101.txt 18/03/2002: ----------- Caldera International, Inc. Security Advisory (CSSA-2002-010.0) Assunto: Linux: ftp vulnerability in squid. http://www.security.unicamp.br/docs/bugs/2002/03/v102.txt 26/03/2002: ----------- Caldera International, Inc. Security Advisory (CSSA-2002-013.0) Assunto: Linux: Name Service Cache Daemon (nscd) advisory. http://www.security.unicamp.br/docs/bugs/2002/03/v105.txt 27/03/2002: ----------- Cisco Security Advisory Assunto: LDAP Connection Leak in CTI when User Authentication Fails. http://www.security.unicamp.br/docs/bugs/2002/03/v94.txt UPDATED: Cisco Security Advisory Assunto: LDAP Connection Leak in CTI when User Authentication Fails. http://www.security.unicamp.br/docs/bugs/2002/03/v106.txt 28/03/2002: ----------- Debian Security Advisory (DSA 125-1) Assunto: vulnerabilidade de seguranca no package "analog". http://www.security.unicamp.br/docs/bugs/2002/03/v95.txt SGI Security Advisory Assunto: IRIX TCP/IP Denial-of-Service attacks. http://www.security.unicamp.br/docs/bugs/2002/03/v96.txt SGI Security Advisory Assunto: IRIX FTP Bounce vulnerability. http://www.security.unicamp.br/docs/bugs/2002/03/v97.txt SGI Security Advisory Assunto: IRIX rpc/HOSTALIASES vulnerability. http://www.security.unicamp.br/docs/bugs/2002/03/v98.txt Caldera International, Inc. Security Advisory (CSSA-2002-012.0) Assunto: Linux: OpenSSH channel code vulnerability. http://www.security.unicamp.br/docs/bugs/2002/03/v104.txt 03/04/2002: ----------- Anúncio de segurança do Conectiva Linux (CLA-2002:471) Assunto: vulnerabilidade de seguranca no package cups. http://www.security.unicamp.br/docs/bugs/2002/04/v2.txt Cisco Security Advisory Assunto: Web interface vulnerabilities in ACS for Windows. http://www.security.unicamp.br/docs/bugs/2002/04/v3.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Thu Apr 4 16:44:05 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Thu, 4 Apr 2002 16:44:05 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20020404194405.GA20473@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 03/04/2002: ----------- Cisco Security Advisory Assunto: Vulnerability in the zlib Compression Library. http://www.security.unicamp.br/docs/bugs/2002/04/v4.txt SGI Security Advisory (20020201-01-P) Assunto: SNMP Vulnerabilities. http://www.security.unicamp.br/docs/bugs/2002/04/v5.txt Caldera International, Inc. Security Advisory (CSSA-2002-014.0) Assunto: Linux: rsync supplementary groups vulnerability. http://www.security.unicamp.br/docs/bugs/2002/04/v6.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Fri Apr 5 11:11:20 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Fri, 5 Apr 2002 11:11:20 -0300 Subject: [SECURITY-L] NIST guides target e-mail, patches Message-ID: <20020405141119.GE21670@ccuec.unicamp.br> ----- Forwarded message from Nelson Murilo ----- From: Nelson Murilo Subject: [S] NIST guides target e-mail, patches To: seguranca em pangeia.com.br Date: Fri, 5 Apr 2002 09:05:27 -0300 [http://www.fcw.com/fcw/articles/2002/0401/web-nist-04-04-02.asp] By Diane Frank April 4, 2002 The National Institute of Standards and Technology released new draft guidance April 3 for dealing with two of the most common sources of security breaches: poorly configured e-mail servers and the failure to apply software patches. The two draft guides are part of a series of guidance developed by NIST's Computer Security Division and are available through its Computer Security Resource Center Web site (csrc.nist.gov). NIST serves as the primary technical security resource for civilian agencies under the Computer Security Act of 1987. Other than Web servers, most viruses, worms and other malicious code are written for e-mail applications. Beyond disrupting e-mail service, attackers often will use e-mail to obtain or change sensitive information and even to gain access to the rest of an organization's network, according to the guide. NIST's e-mail guide is very technical and is intended for systems administrators who are responsible for installing, configuring and maintaining e-mail servers and clients. It includes general information on securing any e-mail application, but it also provides specifics for securing the most popular e-mail applications — Microsoft Corp.'s Exchange Server and Linux and Unix sendmail. Comments on the e-mail guide are due to Wayne Jansen (jansen em nist.gov) by April 30. NIST's draft guide on patches is intended for both managers and systems administrators. The guide addresses the low implementation rate of commercial software patches, which experts attribute to the success of most security attacks. Cyberattackers take advantage of known vulnerabilities, gaining access because systems administrators have not applied free patches that are available from multiple sources Several efforts are under way in government to help agencies apply the patches they need, including a new program available through the General Services Administration's Federal Computer Incident Response Center. But the basic problem cited by public- and private-sector experts is the lack of any standard process for applying the patches and the lack of oversight from managers to enforce the application. The NIST guide outlines a "systematic, accountable and documented process for handling security patches and vulnerabilities," according to NIST. IT also offers specific advice on regularly identifying vulnerabilities and obtaining patches; testing the effectiveness of the patches; and installing the patches on all necessary systems. Comments on this guide are due back to Peter Mell (peter.mell em nist.gov) by May 2. ----- End forwarded message ----- From daniela em ccuec.unicamp.br Fri Apr 5 15:37:13 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Fri, 5 Apr 2002 15:37:13 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20020405183713.GA22187@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 04/04/2002: ----------- Red Hat, Inc. Red Hat Security Advisory (RHSA-2002:053-12) Assunto: Race conditions in logwatch. http://www.security.unicamp.br/docs/bugs/2002/04/v7.txt Red Hat, Inc. Red Hat Security Advisory (RHSA-2002:054-09) Assunto: Race conditions in logwatch. http://www.security.unicamp.br/docs/bugs/2002/04/v8.txt Microsoft Security Bulletin (MS02-017) Assunto: Q311967: Unchecked buffer in the Multiple UNC Provider Could Enable Code Execution. http://www.security.unicamp.br/docs/bugs/2002/04/v9.txt Microsoft Security Bulletin (MS02-016) Assunto: Q318593: Opening Group Policy Files for Exclusive Read Blocks Policy Application. http://www.security.unicamp.br/docs/bugs/2002/04/v10.txt Caldera International, Inc. Security Advisory (CSSA-2002-015.0) Assunto: Linux: Double free in zlib (libz) vulnerability. http://www.security.unicamp.br/docs/bugs/2002/04/v11.txt Security Notice FreeBSD, Inc. (FreeBSD-SN-02:01) Assunto: security issues in ports. http://www.security.unicamp.br/docs/bugs/2002/04/v12.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Fri Apr 5 16:03:51 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Fri, 5 Apr 2002 16:03:51 -0300 Subject: [SECURITY-L] Boletim de noticias Message-ID: <20020405190351.GA22252@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e redes da Unicamp com os seguintes boletins de noticias e/ou revistas eletronicas: 05/04/2002: ----------- LinuxSecurity Brasil Edição Especial #2002/13 Fonte: Linux Security http://www.security.unicamp.br/docs/informativos/2002/04/b3.html -- Equipe de Seguranca em Sitemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Mon Apr 8 13:45:22 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Mon, 8 Apr 2002 13:45:22 -0300 Subject: [SECURITY-L] IMP 2.2.8 (SECURITY) released Message-ID: <20020408164521.GA966@ccuec.unicamp.br> ----- Forwarded message from "Brent J. Nordquist" ----- From: "Brent J. Nordquist" Subject: IMP 2.2.8 (SECURITY) released To: announce em lists.horde.org, Cc: bugtraq em securityfocus.com, Date: Sat, 6 Apr 2002 09:02:48 -0600 (CST) The Horde team announces the availability of IMP 2.2.8, which prevents some potential cross-site scripting (CSS) attacks. Site administrators should consider upgrading to IMP 3 (our first recommendation), but if this is not possible, IMP 2.2.8 should be used to prevent these potential attacks. The Horde Project would like to thank Nuno Loureiro for discovering this problem and providing a very thorough analysis. This release also has an update for Informix. Download: This release can be downloaded from the following locations: ftp://ftp.horde.org/pub/horde/ ftp://ftp.horde.org/pub/imp/ MD5 checksums: 96ae6dcf03cab2637c14c13d556049e0 horde-1.2.8.tar.gz 9f0e442f61ce542b945016bee2736d2f imp-2.2.8.tar.gz daa3f4f3821036d7ef47205dc2c7922c patch-horde-1.2.7-1.2.8.gz f3ee21b6b5e40516d46cef955f29e034 patch-imp-2.2.7-2.2.8.gz -- Brent J. Nordquist N0BJN / OPN: #horde ----- End forwarded message ----- From daniela em ccuec.unicamp.br Mon Apr 8 15:30:50 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Mon, 8 Apr 2002 15:30:50 -0300 Subject: [SECURITY-L] Comunicado: suporte e =?iso-8859-1?Q?atual?= =?iso-8859-1?Q?iza=E7=D5es_para_a_s=E9rie?= CL 5.x Message-ID: <20020408183050.GB2989@ccuec.unicamp.br> ----- Forwarded message from security em conectiva.com.br ----- From: security em conectiva.com.br Subject: [atualizacoes-anuncio] Comunicado: suporte e atualizaçÕes para a série CL 5.x To: atualizacoes-anuncio em papaleguas.conectiva.com.br, seguranca em distro.conectiva.com.br Date: Mon, 8 Apr 2002 14:56:03 -0300 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Comunicado A CONECTIVA S.A. realiza comunicado a todos os usuários e demais consumidores das seguintes versões do Software Conectiva Linux: Conectiva Linux 5.0 Conectiva Linux 5.1 Conectiva Linux Ecommerce Conectiva Linux Ferramentas Gráficas Conectiva Linux 5.0 espanhol Informamos que os serviços de Suporte Técnico e de Atualizações aos produtos acima referidos será descontinuado a partir de 30/04/02, estando a partir desta data extinto o atendimento de suporte técnico e a disponibilização de atualizações para tais produtos e suas respectivas versões. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8sdkm42jd0JmAcZARAh4MAJ90s2Yq2k8waR7scGA7o7iJqcHaMQCdE76W 2g/rQOBiHr4fOxMw045WuB8= =NfaN -----END PGP SIGNATURE----- ----- End forwarded message ----- From daniela em ccuec.unicamp.br Tue Apr 9 11:59:31 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Tue, 9 Apr 2002 11:59:31 -0300 Subject: [SECURITY-L] FreeBSD 5.0 Developer Preview #1 Now Available Message-ID: <20020409145931.GB4506@ccuec.unicamp.br> ----- Forwarded message from Murray Stokely ----- From: Murray Stokely Subject: FreeBSD 5.0 Developer Preview #1 Now Available To: announce em FreeBSD.org Date: Mon, 8 Apr 2002 15:05:12 -0700 A Developer Preview release of FreeBSD 5.0-CURRENT is now available for widespread testing. This preview is a significant milestone towards the eventual release of FreeBSD 5.0 in late 2002. Some of the many new features that are available in this snapshot are listed below: * SMP support has been largely reworked, incorporating code from BSD/OS 5.0 (in progress). * The random(4) device has been rewritten to use the Yarrow algorithm. It harvests entropy from a variety of interrupt sources (hardware devices) to provide the entropy required by strong cryptography. * Support for 32-bit Cardbus devices has been added for mobile computers (NEWCARD). * Significant security enhancements have been made throughout the system, including a reworked PAM implementation, ACLs, and fewer privileged programs in the base system. * An implementation of scheduler activations has been added to the kernel to more efficiently handle multi-threaded programs. (in progress). * A device filesystem has been added to allow entries in the /dev directory to be automatically attached. Among other benefits, devfs provides better support for attaching and detaching peripheral devices. * Support for the sparc64 architecture, including most modern workstations and entry level servers from Sun Microsystems (and possibly clones from Tatung, and others). * FFS snapshots and background fsck(8). ***************************** WARNING ******************************** This is a development snapshot, and may include serious software bugs. Do not install this on a machine where important data may be put at risk. In addition, a number of debugging options are turned on by default, so the poor performance of this snapshot should not set expectations for the final release of 5.0. ********************************************************************** That said, we have done our best to provide a stable system for developers and power-users to help test the new functionality in 5.0. For a complete list of new features and known problems, please see the release notes and errata list, available here: http://www.FreeBSD.org/releases/5.0R/DP1/relnotes.html http://www.FreeBSD.org/releases/5.0R/DP1/errata.html Availability ------------ 5.0-DP1 is available for the i386, alpha, and sparc64 architectures and can be installed directly over the net using the boot floppies or copied to a local NFS/FTP server. If you can't afford the CDs, are impatient, or just want to use it for evangelism purposes, then by all means download the ISOs, otherwise please continue to support the FreeBSD project by purchasing media from one of our supporting vendors. This Developer Preview release is available on CD-ROM from the FreeBSD Mall. http://www.FreeBSDMall.com/ FreeBSD is also available via anonymous FTP from mirror sites in the following countries: Argentina, Australia, Brazil, Bulgaria, Canada, China, Czech Republic, Denmark, Estonia, Finland, France, Germany, Hong Kong, Hungary, Iceland, Ireland, Israel, Japan, Korea, Lithuania, Latvia, the Netherlands, Poland, Portugal, Romania, Russia, Saudi Arabia, South Africa, Slovak Republic, Slovenia, Spain, Sweden, Taiwan, Thailand, the Ukraine, the United Kingdom, and the United States. Before trying the central FTP site, please check your regional mirror(s) first by going to: ftp://ftp..FreeBSD.org/pub/FreeBSD Any additional mirror sites will be labeled ftp2, ftp3 and so on. We can't promise that all the mirror sites will carry the larger ISO images, but they will at least be available from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.FreeBSD.org/pub/FreeBSD/ ftp://ftp5.FreeBSD.org/pub/FreeBSD/ ftp://ftp.au.freebsd.org/pub/FreeBSD/ ftp://ftp.uk.FreeBSD.org/pub/FreeBSD/ ftp://ftp.dk.FreeBSD.org/pub/FreeBSD/ See the FreeBSD Handbook for additional information about FreeBSD mirror sites. Acknowledgments --------------- Finally, we would like to thank the developers, users, and companies that continue to make FreeBSD releases possible. Many companies donated equipment, network access, or man-hours to finance our ongoing release engineering activities, including Compaq, Yahoo!, and The FreeBSD Mall. I couldn't possibly list all of the people that have helped make 5.0 DP1 a reality, but the following people deserve to be singled out. Will Andrews, Kris Kennaway, Steve Price, and the rest of the Ports team did an incredible job fixing hundreds of third-party packages. Robert Watson and Bruce A. Mah did an excellent job writing up the errata file, helping to decide what changes should be made specifically for this DP release, and much more. Jake Burkholder acted not only as lead developer for the sparc64 port, but also as package builder and release engineer! David O'Brien helped integrate XFree86 4.2 into this snapshot. Please join me in thanking them for all the hard work that went into polishing the FreeBSD -CURRENT development branch over the past month. I would also like to thank the FreeBSD Committers (committers em FreeBSD.org), without whom there would be nothing to release, and the many thousands of FreeBSD users world-wide who contributed bug fixes, features and suggestions. Above all else, remember that this is a work in progress. Please help us find bugs now, so that 5.0-RELEASE will be that much better. Thanks! - Murray ----- End forwarded message ----- From daniela em ccuec.unicamp.br Tue Apr 9 13:54:24 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Tue, 9 Apr 2002 13:54:24 -0300 Subject: [SECURITY-L] Snort 1.8.6 Message-ID: <20020409165423.GC4506@ccuec.unicamp.br> (...) -> [ Snort 1.8.6 ] Chris Green anunciou oficialmente a nova versao 1.8.6 do excelente e conhecido NIDS/Logger SNORT, presença obrigatória em qualquer rede ou servidor seguro... As versoes 1.8.4 e 1.8.5 continham diversos bugs, corrigidos na nova versao (lancada apos um grande intervalo de tempo)... Pra quem tem acompanhado o projeto ha tempos e tambem utilizado a ferramenta, a diminuicao dos alarmes falsos dessa ultima versao (devido a uma mudanca relacionada as regras) é significativa e sera percebida... O anuncio oficial pode ser lido na integra logo abaixo... Pacotes para diversas outras plataformas serao disponibilizados em breve... Mais informacoes: http://www.linuxsecurity.com.br/article.php?sid=5519 (...) ___ Gratos pela atencao, Renato Murilo Langona (renato em linuxsecurity.com.br) LinuxSecurity Brasil Solutions S/C Ltda. http://www.linuxsecurity.com.br http://www.unixsecurity.com.br From daniela em ccuec.unicamp.br Tue Apr 9 14:57:03 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Tue, 9 Apr 2002 14:57:03 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20020409175703.GA4946@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 08/04/2002: ----------- SuSE Security Announcement (SuSE-SA:2002:012) Assunto: vulnerabilidade de seguranca no package "ucdsnmp". http://www.security.unicamp.br/docs/bugs/2002/04/v13.txt Comunicado Conectiva sobre descontinuidade de softwares. http://www.security.unicamp.br/docs/bugs/2002/04/v14.txt Caldera International, Inc. Security Advisory (CSSA-2002-SCO.14) Assunto: Open UNIX 8.0.0 UnixWare 7.1.1 : X server allows access to any shared memory on the system. http://www.security.unicamp.br/docs/bugs/2002/04/v15.txt 09/04/2002: ----------- Cisco Security Advisory Assunto: Aironet Telnet Vulnerability. http://www.security.unicamp.br/docs/bugs/2002/04/v16.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Tue Apr 9 16:17:59 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Tue, 9 Apr 2002 16:17:59 -0300 Subject: [SECURITY-L] Boletim de noticias Message-ID: <20020409191759.GA5035@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e redes da Unicamp com os seguintes boletins de noticias e/ou revistas eletronicas: 08/04/2002: ----------- SecurityFocus.com Newsletter #139 Fonte: SecurityFocus.com http://www.security.unicamp.br/docs/informativos/2002/04/b4.txt -- Equipe de Seguranca em Sitemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Wed Apr 10 09:48:33 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Wed, 10 Apr 2002 09:48:33 -0300 Subject: [SECURITY-L] MBSA Message-ID: <20020410124832.GA6251@ccuec.unicamp.br> ----- Forwarded message from Marconi Pereira ----- From: Marconi Pereira Subject: MBSA To: "Daniela Unicamp (E-mail)" Date: Tue, 9 Apr 2002 18:27:27 -0300 X-Mailer: Internet Mail Service (5.5.2653.19) A Microsoft anunciou ontem a disponibilidade de uma ferramenta gratuita que varre vulnerabilidades nos computadores baseados em várias versões do sistema operacional Windows. Após varrer o sistema com o aplicativo, os usuários recebem um relatório de segurança que lista todos os buracos e as vulnerabilidades descobertos durante o processo. A MBSA não instala nem baixa qualquer correção, alerta a Microsoft, mas provê as instruções sobre como fazê-lo. Essa ferramenta foi desenvolvida pelo mesmo partner que criou o hfnetChk. http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/ tools/tools/mbsahome.asp Atenciosamente, Marconi P. Pereira ----- End forwarded message ----- From daniela em ccuec.unicamp.br Wed Apr 10 14:28:42 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Wed, 10 Apr 2002 14:28:42 -0300 Subject: [SECURITY-L] Cert warns of automated attacks Message-ID: <20020410172842.GF6816@ccuec.unicamp.br> ----- Forwarded message from Nelson Murilo ----- From: Nelson Murilo Subject: [S] Cert warns of automated attacks To: seguranca em pangeia.com.br Date: Wed, 10 Apr 2002 09:41:38 -0300 [http://www.vnunet.com/News/1130755] By James Middleton [09-04-2002] Hacking tools are becoming increasingly sophisticated The Computer Emergency Response Team (Cert) has released a report pinpointing the six fastest evolving trends in the black hat world of internet security. The organisation, which has been monitoring hacker activity since 1998, found that the most notable trend to evolve over recent years is the automation and speed of attack tools. Although widespread scanning over the internet has been common since 1997, today's tools are set to maximise impact and speed. Freely available attack tools now exploit vulnerabilities as part of the scanning process and are capable of self-initiating new attacks on a well-managed and co-ordinated global scale. "We've seen tools like Code Red and Nimda self-propagate to a point of global saturation in less than 18 hours," said Cert. Public communications protocols such as IRC and Instant Messenger have now become popular methods for co-ordinating attack tools. The tools are more sophisticated, and their signatures are more difficult to discover through signature-based systems such as antivirus software and intrusion detection systems. Attack tools are capable of disguising their nature, varying their patterns and making use of polymorphic techniques to upgrade or replace portions of themselves. Commonly used protocols such as IRC or HTTP are being used to disguise malicious code among legitimate network traffic. Cert also warned that the number of vulnerabilities discovered has more than doubled each year, making it nigh on impossible for administrators to keep on top of patches. "Intruders are often able to discover these exemplars before the vendors are able to correct them," warned the authority. The increasing permeability of firewalls is also posing a problem, as security is being sacrificed to convenience. More technologies are being designed to bypass firewalls, such as IPP (the Internet Printing Protocol) and WebDAV (Web-based Distributed Authoring and Versioning). While marketed as being 'firewall friendly' these technologies are actually designed to bypass typical firewall configurations. Other examples include aspects of 'mobile code', such as ActiveX, Java and JavaScript, which make it harder for malicious software to be discovered. Because security on the internet is, by its very nature, highly interdependent, another increasing threat to each system's exposure to attack depends on the state of security of the rest of the systems attached. A single attacker can relatively easily employ a large number of distributed systems to launch devastating attacks against a single victim. Cert found that the increasing threat from infrastructure attacks takes on four general methodologies. Distributed Denial of Service attacks use multiple systems to attack one or more victims. Cable modem, DSL, and university address blocks are increasingly targeted by intruders planning to install these attack tools. Worms, or self propagating malicious code, couple a highly automated nature with the relatively widespread number of vulnerabilities still unchecked, to compromise a large number of systems within a few hours. Code Red infected more than 250,000 systems in just nine hours on 19 July last year. Domain Name System architecture is also being targeted more frequently. The 13 top level domain servers for .com, .net and .org, along with those managing the country level domains, have long been considered a single point of threat in internet security. And routers are increasingly being targeted, because they can be used as attack platforms against the rest of the internet infrastructure. Cert said that the largest impact of these security events may well be the time and resources required to deal with them. Analyst firm Computer Economics recently estimated that the total economic impact of Code Red was $2.6bn, and that SirCam cost another $1.3bn. The 11 September attacks will cost around $15.8bn to restore IT and communication infrastructure. The full report can be found here. http://www.cert.org/archive/pdf/attack_trends.pdf ----- End forwarded message ----- From daniela em ccuec.unicamp.br Wed Apr 10 17:10:44 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Wed, 10 Apr 2002 17:10:44 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20020410201044.GA7266@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 09/04/2002: ----------- Red Hat, Inc. Red Hat Security Advisory (RHSA-2002:089-08) Assunto: Updated tcpdump packages available for Red Hat Linux 6.2 and 7.x. http://www.security.unicamp.br/docs/bugs/2002/04/v17.txt CAIS-Alerta: (MS02-017) Vulnerabilidade no MUP Multiple UNC Provider. http://www.security.unicamp.br/docs/bugs/2002/04/v18.txt CAIS-Alerta: (MS02-016) Vulnerabilidade nos arquivos de Group Policy. http://www.security.unicamp.br/docs/bugs/2002/04/v19.txt 10/04/2002: ----------- Cisco Security Advisory Assunto: Solaris /bin/log vulnerability. http://www.security.unicamp.br/docs/bugs/2002/04/v20.txt *** Importante *** Microsoft Security Bulletin (MS02-018) Assunto: Q319733: Cumulative Patch for Internet Information Services. http://www.security.unicamp.br/docs/bugs/2002/04/v21.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Thu Apr 11 16:26:57 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Thu, 11 Apr 2002 16:26:57 -0300 Subject: [SECURITY-L] Boletins de noticias Message-ID: <20020411192657.GA9018@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e redes da Unicamp com os seguintes boletins de noticias e/ou revistas eletronicas: 10/04/2002: ----------- SANS NewsBites Vol. 4 Num. 15 Fonte: SANS Institute http://www.security.unicamp.br/docs/informativos/2002/04/b5.txt -- Equipe de Seguranca em Sitemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Mon Apr 15 11:30:04 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Mon, 15 Apr 2002 11:30:04 -0300 Subject: [SECURITY-L] localhost compromise in OpenBSD 2.9 and 3.0 Message-ID: <20020415143003.GC386@ccuec.unicamp.br> ----- Forwarded message from "Todd C. Miller" ----- From: "Todd C. Miller" Subject: [S] localhost compromise in OpenBSD 2.9 and 3.0 To: security-announce em openbsd.org Date: Thu, 11 Apr 2002 13:03:34 -0600 OpenBSD 3.0 and 2.9 contain a potential localhost root compromise, found by Milos Urbanek. Earlier versions of OpenBSD are not affected. The mail(1) program will process tilde escapes even when it is not in interactive mode. Since mail(1) is called by the default cron(8) jobs, this can lead to a localhost root compromise. Patch for OpenBSD 3.0: href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/018_mail.patch Patch for OpenBSD 2.9: href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/023_mail.patch The 3.0-stable and 2.9-stable branches will be updated with this patch later today. ----- End forwarded message ----- From daniela em ccuec.unicamp.br Tue Apr 16 10:49:17 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Tue, 16 Apr 2002 10:49:17 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20020416134916.GA2465@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 10/04/2002: ----------- CAIS-Alerta: Patch Acumulativo para o IIS. http://www.security.unicamp.br/docs/bugs/2002/04/v22.txt SGI Security Advisory (20020401-01-P) Assunto: Mail, mailx, timed and sort vulnerabilities. http://www.security.unicamp.br/docs/bugs/2002/04/v23.txt 11/04/2002: ----------- CERT Advisory (CA-2002-09) Assunto: Multiple Vulnerabilities in Microsoft IIS. http://www.security.unicamp.br/docs/bugs/2002/04/v25.txt Mandrake Linux Security Update Advisory (MDKSA-2002:026) Assunto: vulnerabilidade de seguranca no package libsafe. http://www.security.unicamp.br/docs/bugs/2002/04/v26.txt 12/04/2002: ----------- CAIS-Alerta: CERT Advisory CA-2002-09 Multiple Vulnerabilities in Microsoft IIS. http://www.security.unicamp.br/docs/bugs/2002/04/v27.txt Caldera International, Inc. Security Advisory (CSSA-2002-SCO.16) Assunto: UnixWare 7.1.1: Multiple Vulnerabilities in BIND. http://www.security.unicamp.br/docs/bugs/2002/04/v28.txt 15/04/2002: ----------- CAIS-Alerta: Vulnerabilidade no Mail do OpenBSD. http://www.security.unicamp.br/docs/bugs/2002/04/v29.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Wed Apr 17 11:17:37 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Wed, 17 Apr 2002 11:17:37 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20020417141737.GA2157@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 15/04/2002: ----------- Cisco Security Advisory Assunto: Microsoft IIS Vulnerabilities in Cisco Products - MS02-018. http://www.security.unicamp.br/docs/bugs/2002/04/v30.txt 16/04/2002: ----------- Debian Security Advisory (DSA 126-1) Assunto: vulnerabilidade de seguranca no package imp. http://www.security.unicamp.br/docs/bugs/2002/04/v31.txt FreeBSD, Inc. Security Advisory (FreeBSD-SA-02:20) Assunto: syncache/syncookies denial of service. http://www.security.unicamp.br/docs/bugs/2002/04/v32.txt Caldera International, Inc. Security Advisory (CSSA-2002-016.0) Assunto: Linux: horde/imp cross scripting vulnerabilities. http://www.security.unicamp.br/docs/bugs/2002/04/v33.txt Mandrake Linux Security Update Advisory (MDKSA-2002:027) Assunto: vulnerabilidade de seguranca no package squid. http://www.security.unicamp.br/docs/bugs/2002/04/v34.txt SGI Security Advisory (20020403-01-I) Assunto: IRIX cron daemon vulnerability. http://www.security.unicamp.br/docs/bugs/2002/04/v35.txt Microsoft Security Bulletin (MS02-019) Assunto: Q321309: Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute. http://www.security.unicamp.br/docs/bugs/2002/04/v37.txt 17/04/2002: ----------- Debian Security Advisory (DSA 127-1) Assunto: vulnerabilidade de seguranca no package xpilot. http://www.security.unicamp.br/docs/bugs/2002/04/v36.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Wed Apr 17 15:39:58 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Wed, 17 Apr 2002 15:39:58 -0300 Subject: [SECURITY-L] Boletins de noticias Message-ID: <20020417183957.GA2569@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e redes da Unicamp com os seguintes boletins de noticias e/ou revistas eletronicas: 12/04/2002: ----------- LinuxSecurity Brasil Edição Especial #2002/14 Fonte: Linux Security http://www.security.unicamp.br/docs/informativos/2002/04/b6.html 16/04/2002: ----------- SecurityFocus.com Newsletter #140 Fonte: SecurityFocus.com http://www.security.unicamp.br/docs/informativos/2002/04/b7.txt 17/04/2002: ----------- SANS NewsBites Vol. 4 Num. 16 Fonte: SANS Institute http://www.security.unicamp.br/docs/informativos/2002/04/b8.txt -- Equipe de Seguranca em Sitemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Fri Apr 19 09:10:55 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Fri, 19 Apr 2002 09:10:55 -0300 Subject: [SECURITY-L] Brasileiros descobrem =?iso-8859-1?Q?falha?= =?iso-8859-1?Q?s_de_seguran=E7a?= no Windows 2000 Message-ID: <20020419121055.GB5538@ccuec.unicamp.br> ----- Forwarded message from "Andre Ap. Nogueira" ----- From: "Andre Ap. Nogueira" Subject: Brasileiros descobrem falhas de segurança no Windows 2000] To: Suporte Tecnico , "paulo em ccuec.unicamp.br" , "pserrano em ccuec.unicamp.br" , Daniela Regina Barbetti Silva Date: Thu, 18 Apr 2002 14:29:57 -0300 Brasileiros descobrem falhas de segurança no Windows 2000 -- 17/4/2002 -- TelecomWeb divulga com exclusividade conclusão do trabalho de mestrandos da Unicamp provando que autenticação, via protocolo Kerberos, pode ser quebrada Claudio Ferreira Marcus Cunha Granado e Leonardo Zurstrassen, ambos de 26 anos, descobriram em pesquisas para o trabalho de conclusão de mestrado, realizado pelo primeiro, em Segurança pelo Instituto de Computação da Unicamp, que o protocolo Kerberos, presente na autenticação do Windows 2000, não apresentava a segurança que a Microsoft sempre alardeou. Depois de publicado pela universidade e discutido com uma banca de professores, os resultados do trabalho só agora são revelados ao público, com exclusividade pelo TelecomWeb. Ironicamente, o manuscrito foi discutido em um congresso de segurança, o Wseg 2001, realizado em Santa Catarina. Implementado no Windows 2000 como uma resposta às críticas do mercado relacionadas à autenticação segura em sistemas, o protocolo Kerberos era tido como invulnerável até mesmo por hackers, como comprova a última edição do livro Hacking Exposed, de Stuart McClure, Joel Scambray e George Kurtz, Editora Foundstone, de 2001, na página 229. Consta no texto, quando se fala em ataques de password guessing: "...Window´s 2000´s Kerberos logon architecture is not vulnerable to such attackes...". Resumindo, o Kerberos seria totalmente seguro em ataques ligados a descoberta de senhas. A dupla de estudantes procurou o editor técnico da IT Mídia, Nivaldo Foresti, para respaldar a descoberta. Depois de uma série de testes realizados no IT Lab, constatou-se a fragilidade do Kerberos e foi iniciado o contato com a Microsoft Brasil para que a companhia desse uma posição sobre o problema. O primeiro encontro, realizado no dia 15 de março, resultou em diversas reuniões e culminou com o teste realizado nas instalações da Microsoft em São Paulo, no dia 4 de abril. Depois de algumas horas, para acerto do ambiente proposto pelos mestrandos, a prova foi evidenciada por técnicos da fabricante. A Microsoft não apresentou quaisquer registros desse problema em seus bancos de dados e a sua averiguação foi repassada para a matriz da empresa, em Redmond, nos Estados Unidos. Depois de 13 dias de espera e sem qualquer sinal concreto de data para uma posição da fabricante, a redação achou por bem revelar o acontecido ao mercado, até como uma forma de acelerar os trâmites internos da Microsoft. No entanto, ainda aguardamos a posição oficial da companhia para futura publicação. Como paradoxo irônico da história, os mestrandos (Marcus Cunha Granado e Leonardo Zurstrasser) estão desempregados no momento. Com a colaboração da dupla, as revistas Information Week (de 2 de maio) e a Network (de maio) trarão toda a definição técnica do problema e, se possível, a resposta da Microsoft para a deficiência do Kerberos. Nivaldo Foresti, editor técnico da IT Mídia, colaborou com esta matéria ----- End forwarded message ----- From daniela em ccuec.unicamp.br Fri Apr 19 10:34:02 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Fri, 19 Apr 2002 10:34:02 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20020419133402.GA5759@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 17/04/2002: ----------- FreeBSD, Inc. Security Advisory (FreeBSD-SA-02:21) Assunto: routing table memory leak. http://www.security.unicamp.br/docs/bugs/2002/04/v38.txt CAIS-Alerta: Syncache/Syncookies denial of service no FreeBSD. http://www.security.unicamp.br/docs/bugs/2002/04/v39.txt IBM Security Advisory Assunto: Induced failure of IBM Tivoli Policy Director WebSEAL component. http://www.security.unicamp.br/docs/bugs/2002/04/v40.txt Microsoft Security Bulletin (MS02-020) Assunto: Q319507: SQL Extended Procedure Functions Contain Unchecked Buffers. http://www.security.unicamp.br/docs/bugs/2002/04/v41.txt Mandrake Linux Security Update Advisory (MDKSA-2002:024-1) Assunto: vulnerabilidade de seguranca no package rsync. http://www.security.unicamp.br/docs/bugs/2002/04/v42.txt 18/04/2002: ----------- CAIS-Alerta: routing table memory leak denial of service no FreeBSD. http://www.security.unicamp.br/docs/bugs/2002/04/v43.txt REVISED: FreeBSD, Inc. Security Advisory (FreeBSD-SA-02:18) Assunto: zlib double-free. http://www.security.unicamp.br/docs/bugs/2002/04/v44.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Fri Apr 19 14:44:16 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Fri, 19 Apr 2002 14:44:16 -0300 Subject: [SECURITY-L] [andreas@netbank.com.br: =?iso-8859-1?Q?Re?= =?iso-8859-1?Q?=3A_=5BSECURITY-L=5D_Brasileiros_descobrem_falhas_de_segur?= =?iso-8859-1?Q?an=E7a?= no Windows 2000] Message-ID: <20020419174415.GA6156@ccuec.unicamp.br> ----- Forwarded message from Andreas Hasenack ----- From: Andreas Hasenack Subject: Re: [SECURITY-L] Brasileiros descobrem falhas de segurança no Windows 2000 To: Daniela Regina Barbetti Silva Cc: security-l em unicamp.br, uni-adm em ccuec.unicamp.br Date: Fri, 19 Apr 2002 12:09:43 -0300 Isso é mais antigp, realmente (para mim era novidade até assistir à apresentação do estudante da Unicamp no wseg'2001). É um problema mais ligado ao kerberos, onde os mecanismos atuais de pré-autenticação (como TIMESTAMP) permitem um ataque de dicionário. Esse paper de 1998 já discute isso, mesmo no Kerberos 5: http://theory.stanford.edu/~tjw/krbpass.html O que estudos mais recentes fizeram foi verificar algo específico do w2k, que usa RC4 (se não me engano) ao invés de DES ou 3DES, mas, a meu ver, é um problema do kerberos mesmo. Um outro paper, mais recente (o do cara da Unicamp é anterior a esse): http://diswww.mit.edu:8008/menelaus.mit.edu/kerberos/16357 Esse é um post na lista kerberos anunciando um paper (março 2002) e gerou uma discussão também. http://diswww.mit.edu:8008/menelaus.mit.edu/kerberos/16068 Outra mensagem sobre o paper do Thomas Wu, gerou bastante discussão também. Em Fri, Apr 19, 2002 at 09:10:55AM -0300, Daniela Regina Barbetti Silva escreveu: > ----- Forwarded message from "Andre Ap. Nogueira" ----- > > From: "Andre Ap. Nogueira" > Subject: Brasileiros descobrem falhas de segurança no Windows > 2000] > To: Suporte Tecnico , > "paulo em ccuec.unicamp.br" , > "pserrano em ccuec.unicamp.br" , > Daniela Regina Barbetti Silva > Date: Thu, 18 Apr 2002 14:29:57 -0300 > > > > Brasileiros descobrem falhas de segurança no Windows 2000 > -- 17/4/2002 -- > TelecomWeb divulga com exclusividade conclusão do trabalho de mestrandos da > Unicamp provando que autenticação, via protocolo Kerberos, pode ser quebrada [snip] ----- End forwarded message ----- From daniela em ccuec.unicamp.br Fri Apr 19 15:08:18 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Fri, 19 Apr 2002 15:08:18 -0300 Subject: [SECURITY-L] [deraison@nessus.org: Nessus 1.2.0 released] Message-ID: <20020419180818.GD6156@ccuec.unicamp.br> ----- Forwarded message from Renaud Deraison ----- From: Renaud Deraison Subject: Nessus 1.2.0 released To: sectools em securityfocus.com Date: Thu, 18 Apr 2002 19:03:19 +0200 The Nessus Team is pleased to announce the availability of Nessus 1.2.0 Nessus is a remote security scanner which has been developped since 1998. It is free, open-sourced (GPLed) and updated very regularly (and currently performs over 900 security checks) What is new in Nessus 1.2, in comparison of Nessus 1.0 ? -------------------------------------------------------- A lot of changes took place during the two years Nessus 1.2 has been worked on. Here's a non-exhaustive list : - Security checks are run in parallel ; - Full SSL support ; - "safe checks" option (makes nessusd rely on a banner rather than take the risk to disable the remote service) ; - "optimisations" option (make nessusd run "focused" tests (ie: IIS-specific tests on IIS, and so on...) - Better CGI auditing ; - IDS evasion options ; - KB saving support (can be used for off-line security audits) ; - Session saving support ; - Differential scans ; - New reports file formats ; - Tuned security checks (for better performance) ; - More configurable ; - Improved SMB support (Nessus can log into a domain, and extracts more information from the tested hosts). - Scales __much__ better ; - Kazillions of bugs fixed ; - And more ! Note that Nessus 1.2.x is the result of two years of work and improvements, so not everything can be listed. Have a look at the changelogs for full details (in nessus-core/CHANGES) Where to get it --------------- Nessus is available at : http://www.nessus.org/ and ftp://ftp.nessus.org/pub/nessus/nessus-1.2.0/ Portability ----------- Nessus 1.2.0 can be compiled on a wide range of Unixes, including : - Solaris - OpenBSD - FreeBSD - NetBSD - Red Hat Linux (and probably other distros) - Darwin / MacOS X - ... A Win32 client (NessusWX) is available for the Win32 platform (at http://nessuswx.nessus.org) More toys soon -------------- A web interface allowing you to mount your own ASP business will be released soon - keep an eye on our website for details about this :) Bugs ? What bugs ?? ------------------- If you find bugs or have enhancement requests, please send them to me (deraison em nessus.org) Thanks ------ I'd like to thank everyone who tested and improved Nessus when it was labelled as being unstable. I would like to thank in particular Michel Arboi (arboi em noos.fr) and Michael Scheidell (scheidell em fdma.com) who both did an insanely big amount of work for Nessus 1.2 Thanks, -- Renaud -- Renaud Deraison The Nessus Project http://www.nessus.org ----- End forwarded message ----- From daniela em ccuec.unicamp.br Tue Apr 23 15:47:08 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Tue, 23 Apr 2002 15:47:08 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20020423184708.GA2714@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 19/04/2002: ----------- CAIS-Alerta: Vulnerabilidade no Microsoft SQL Server (Q319507). http://www.security.unicamp.br/docs/bugs/2002/04/v45.txt 22/04/2002: ----------- Pine Internet Security Advisory (PINE-CERT-20020401) http://www.security.unicamp.br/docs/bugs/2002/04/v46.txt FreeBSD, Inc. Security Advisory (FreeBSD-SA-02:23) Assunto: insecure handling of stdio file descriptors. http://www.security.unicamp.br/docs/bugs/2002/04/v47.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Thu Apr 25 12:37:12 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Thu, 25 Apr 2002 12:37:12 -0300 Subject: [SECURITY-L] Boletins de noticias Message-ID: <20020425153711.GA5967@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e redes da Unicamp com os seguintes boletins de noticias e/ou revistas eletronicas: 19/04/2002: ----------- LinuxSecurity Brasil Edição Especial #2002/15 Fonte: Linux Security http://www.security.unicamp.br/docs/informativos/2002/04/b9.html 22/04/2002: ----------- SecurityFocus.com Newsletter #141 Fonte: SecurityFocus.com http://www.security.unicamp.br/docs/informativos/2002/04/b10.txt 24/04/2002: ----------- SANS NewsBites Vol. 4 Num. 17 Fonte: SANS Institute http://www.security.unicamp.br/docs/informativos/2002/04/b11.txt -- Equipe de Seguranca em Sitemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Thu Apr 25 14:28:36 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Thu, 25 Apr 2002 14:28:36 -0300 Subject: [SECURITY-L] [je@sekure.net: Sudo version 1.6.6 now available (fwd)] Message-ID: <20020425172835.GC5978@ccuec.unicamp.br> ----- Forwarded message from Jonas Eriksson ----- From: Jonas Eriksson Subject: Sudo version 1.6.6 now available (fwd) To: bugtraq em securityfocus.com Date: Thu, 25 Apr 2002 19:08:09 +0200 (CEST) ---------- Forwarded message ---------- Date: Thu, 25 Apr 2002 10:34:13 -0600 From: Todd C. Miller To: sudo-announce em courtesan.com Subject: Sudo version 1.6.6 now available Sudo version 1.6.6 is now available (ftp sites listed at the end). Changes since Sudo 1.6.5p2: o Fixed compilation problem on HP-UX 9.x. o Moved call to endpwent() and added a call to endgrent(). o Fixed a warning conflicting declaration of VOID with AFS. o Fixed a security hole in prompt rewriting found by Global InterSec. Please note that Sudo 1.6.6 fixes a security hole present in sudo versions 1.5.7 - 1.6.5p2. Please see: http://www.sudo.ws/pipermail/sudo-announce/2002-April/000020.html http://www.globalintersec.com/adv/sudo-2002041701.txt for details. sudo 1.6.6 distribution: ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.6.tar.gz Master WWW site: http://www.sudo.ws/sudo/dist/ Mirrors (not yet updated) WWW Mirrors: http://sudo.stikman.com/ (Los Angeles, California, USA) http://mirage.informationwave.net/sudo/ (Fanwood, New Jersey, USA) http://sudo.planetmirror.com/ (Australia) http://sudo.cdu.elektra.ru/ (Russia) Master FTP sites: ftp.sudo.ws:/pub/sudo/ ftp.cs.colorado.edu:/pub/sudo/ FTP Mirrors: ftp.cs.colorado.edu:/pub/sudo/ (Boulder, Colorado, USA) ftp.stikman.com:/pub/sudo/ (Los Angeles, California, USA) ftp.uu.net:/pub/security/sudo/ (Falls Church, Virginia, USA) ftp.tux.org:/pub/security/sudo/ (Beltsville, Maryland, USA) ftp.cerias.purdue.edu:/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA) ftp.uwsg.indiana.edu:/pub/sudo/ (Bloomington, Indiana, USA) sudobash.com:/pub/sudo/ (Ypsilanti, Michigan, USA) ftp.tamu.edu:/pub/mirrors/ftp.courtesan.com/ (College Station, Texas, USA) ftp.rge.com:/pub/admin/sudo/ (Rochester, New York, USA) mirage.informationwave.net:/sudo/ (Fanwood, New Jersey, USA) ftp.wiretapped.net:/pub/security/host-security/sudo/ (Australia) ftp.tuwien.ac.at:/utils/admin-tools/sudo/ (Austria) sunsite.ualberta.ca:/pub/Mirror/sudo/ (Alberta, Canada) ftp.csc.cuhk.edu.hk:/pub/packages/unix-tools/sudo/ (Hong Kong, China) ftp.eunet.cz:/pub/security/sudo/ (Czechoslovakia) ftp.umds.ac.uk:/pub/sudo/ (Great Britain) ftp.tvi.tut.fi:/pub/security/unix/sudo/ (Finland) ftp.lps.ens.fr:/pub/software/sudo/ (France) ftp.crihan.fr:/pub/security/sudo/ (France) ftp.rz.uni-osnabrueck.de:/pub/unix/security/sudo/ (Germany) ftp.win.ne.jp:/pub/misc/sudo/ (Japan) ftp.st.ryukoku.ac.jp:/pub/security/tool/sudo/ (Japan) ftp.eos.hokudai.ac.jp:/pub/misc/sudo/ (Japan) ftp.tokyonet.ad.jp:/pub/security/sudo/ (Japan) ftp.kobe-u.ac.jp:/pub/util/security/tool/sudo/ (Japan) ftp.cin.nihon-u.ac.jp:/pub/util/sudo/ (Japan) ftp.fujitsu.co.jp:/pub/misc/sudo/ (Japan) core.ring.gr.jp:/pub/misc/sudo/ (Japan) ftp.ring.gr.jp:/pub/misc/sudo/ (Japan) ftp.ayamura.org:/pub/sudo/ (Japan) ftp.iphil.net:/pub/sudo/ (Makati City, Philippines) ftp.icm.edu.pl:/vol/wojsyl5/sudo/ (Poland) ftp.assist.ro:/pub/mirrors/ftp.courtesan.com/pub/sudo/ (Romania) ftp.sai.msu.su:/pub/unix/security/ (Russia) ftp.cdu.elektra.ru:/pub/unix/security/sudo/ (Russia) ftp.mc.hik.se:/pub/unix/security/sudo/ (Sweden) ftp.sekure.net:/pub/sudo/ (Sweden) ftp.edu.tw:/UNIX/sudo/ (Taiwan) ftp.comu.edu.tr:/pub/linux/prog/sudo/ (Turkey) ____________________________________________________________ sudo-announce mailing list For list information, options, or to unsubscribe, visit: http://www.sudo.ws/mailman/listinfo/sudo-announce ----- End forwarded message ----- From daniela em ccuec.unicamp.br Thu Apr 25 14:29:34 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Thu, 25 Apr 2002 14:29:34 -0300 Subject: [SECURITY-L] [adam@algroup.co.uk: [S] [apache-ssl] ANNOUNCE: apache_1.3.24+ssl_1.48 released] Message-ID: <20020425172934.GD5978@ccuec.unicamp.br> ----- Forwarded message from Adam Laurie ----- From: Adam Laurie Subject: [S] [apache-ssl] ANNOUNCE: apache_1.3.24+ssl_1.48 released To: apache-ssl , apache-sslannounce Date: Thu, 25 Apr 2002 16:37:02 +0100 Organization: http://www.apache-ssl.org Organization: A.L. Group plc X-Mailer: Mozilla 4.76 [en] (Win95; U) from the CHANGES file: Changes with Apache-SSL 1.3.22/1.48 *) src/Configuration mysteriously had an explicit path for SSL_LIB_DIR instead of SSL_BASE. Fixed. [Ben Laurie, reported by John Sellens ] and yes, i had spotted the version number typo, but too late! tarball should hit mirror servers sometime in the next 24 hours, depending how often they upddate... cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 The Stores http://www.thebunker.net 2 Bath Road http://www.aldigital.co.uk London W4 1LT mailto:adam em algroup.co.uk UNITED KINGDOM PGP key on keyservers ----------------------------------------------------------------------------------- to unsubscribe, send a blank email to: apache-ssl-unsubscribe em lists.aldigital.co.uk ----- End forwarded message ----- From daniela em ccuec.unicamp.br Thu Apr 25 15:24:26 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Thu, 25 Apr 2002 15:24:26 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20020425182426.GA6178@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 24/04/2002: ----------- SGI Security Advisory (20020404-01-P) Assunto: IRIX hpsnmpd vulnerability. http://www.security.unicamp.br/docs/bugs/2002/04/v48.txt SGI Security Advisory (20020405-01-I) Assunto: IRIX syslogd vulnerability. http://www.security.unicamp.br/docs/bugs/2002/04/v49.txt SGI Security Advisory (20020406-01-P) Assunto: IRISconsole icadmin password vulnerability. http://www.security.unicamp.br/docs/bugs/2002/04/v50.txt Anúncio de atualização do Conectiva Linux (CLA-2002:472) Assunto: atualização do PHP prejudicou o ACID. http://www.security.unicamp.br/docs/bugs/2002/04/v51.txt Anúncio de atualização do Conectiva Linux (CLA-2002:473) Assunto: vulnerabilidade de "cross-site scripting" no imp. http://www.security.unicamp.br/docs/bugs/2002/04/v52.txt Anúncio de segurança do Conectiva Linux (CLA-2002:474) Assunto: vulnerabilidade de seguranca no ethereal. http://www.security.unicamp.br/docs/bugs/2002/04/v53.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Fri Apr 26 11:36:29 2002 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Fri, 26 Apr 2002 11:36:29 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20020426143629.GA7940@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 24/04/2002: ----------- Red Hat, Inc. Red Hat Security Advisory (RHSA-2002:063-05) Assunto: Updated icecast packages are available. http://www.security.unicamp.br/docs/bugs/2002/04/v56.txt 25/04/2002: ----------- Slackware-security Assunto: sudo upgrade fixes a potential vulnerability. http://www.security.unicamp.br/docs/bugs/2002/04/v54.txt Red Hat, Inc. Red Hat Security Advisory (RHSA-2002:072-07) Assunto: Updated sudo packages are available. http://www.security.unicamp.br/docs/bugs/2002/04/v55.txt Mandrake Linux Security Update Advisory (MDKSA-2002:028) Assunto: Updated sudo packages are available. http://www.security.unicamp.br/docs/bugs/2002/04/v57.txt Mandrake Linux Security Update Advisory (MDKSA-2002:029) Assunto: Updated imlib packages are available. http://www.security.unicamp.br/docs/bugs/2002/04/v58.txt Caldera International, Inc. Security Advisory (CSSA-2002-017.0) Assunto: Linux: squid compressed DNS answer message boundary failure. http://www.security.unicamp.br/docs/bugs/2002/04/v60.txt Microsoft Security Bulletin (MS02-021) Assunto: E-mail Editor Flaw Could Lead to Script Execution on Reply or Forward (Q321804). http://www.security.unicamp.br/docs/bugs/2002/04/v61.txt 26/04/2002: ----------- Debian Security Advisory (DSA 128-1) Assunto: Updated sudo packages are available. http://www.security.unicamp.br/docs/bugs/2002/04/v59.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br