[SECURITY-L] Observaoces sobre o patch acumulativo para IE + dicas sobre bugs do SNMP

Daniela Regina Barbetti daniela em ccuec.unicamp.br
Sex Fev 15 11:12:11 -02 2002 

----- Forwarded message from Giordani Rodrigues <editor em infoguerra.com.br> -----

From: "Giordani Rodrigues" <editor em infoguerra.com.br>
Subject: Re: [SECURITY-L] CAIS-Alerta: Patch Acumulativo para o Internet Explorer
To: "Daniela Regina Barbetti" <daniela em ccuec.unicamp.br>
Date: Fri, 15 Feb 2002 10:52:23 -0300
X-Mailer: Microsoft Outlook Express 6.00.2600.0000

Prezada Daniela,

Achei relevante comentar que foram constatadas algumas falhas nos patches
liberados pela MS neste último pacote, o que faz com que alguns bugs não
sejam corrigidos ou sejam apenas parcialmente corrigidos.

Para mais detalhes, por favor, veja essa matéria:

http://www.infoguerra.com.br/infonews/viewnews.cgi?newsid1013633177,42817,/

No final do texto há links para os testes. Eu fiz testes com um Win98
"patcheado" e realmente algumas ações que não deveriam acontecer continuam
acontecendo depois de aplicados os patches. A matéria original da Newsbytes,
citada, pode ser encontrada em http://www.newsbytes.com/news/02/174427.html

Gostaria também de passar uma dica (reproduzida abaixo) sobre uma ferramenta
para fazer scan em uma rede, detectar o SNMP e, de acordo com o anúncio,
determinar o nível de exposição do protocolo às recentes falhas descobertas.

Atenciosamente,

Giordani Rodrigues
Editor de InfoGuerra
URL: http://www.infoguerra.com.br
E-mail: editor em infoguerra.com.br



Sent: Thursday, February 14, 2002 7:01 PM
Subject: Security Alert! Free SNMP tool from Foundstone.


New Foundstone Freeware Tool Offered to Combat Latest SNMP Vulnerabilities

SNScan Accurately Detects Devices Using SNMP
Available at Foundstone.com

On February 12, 2002, CERT issued a warning regarding a vulnerability in the
Simple Network Management Protocol (SNMP) that could allow an outsider to
gain control of their systems. More than 200 popular products are built on
the protocol.

On February 13, 2002 the R&D Labs at Foundstone, Inc., the premier provider
of security assessments and vulnerability protection, announced SNScan, a
freeware tool developed entirely by Foundstone, to quickly and accurately
detect SNMP- (Simple Network Management Protocol) enabled devices on a
network. SNScan can effectively determine the level of exposure to SNMP-
related vulnerabilities across any network. Once these devices have been
identified, an administrator can determine whether to fix the SNMP service,
disable SNMP or implement filters to restrict access. Recent SNMP
vulnerabilities range from allowing host administrative access to Denial of
Service (DoS) attacks.

"SNMP is the main protocol used to manage network devices at large
corporations. There are potentially millions of systems on the Internet and
within companies that are vulnerable," said Stuart McClure, CTO of
Foundstone. "SNScan is based on our flagship technology, FoundScan, known in
the industry to give the most accurate information possible. Considering the
number of devices vulnerable, accuracy is going to be the most important
feature in combating this vulnerability."

SNScan is available as a freeware tool for download from the Foundstone
corporate Web site, at <http://www.foundstone.com/>. To get to SNScan, click
Vulnerability Alert on the right and select Scanners in the Free Tools
section.

For more information regarding Foundstone's FoundScan Vulnerability
Management solution, visit <http://www.foundstone.com/services/mvas.html>.
Or contact Rob Stevens at 1-877-91-FOUND


If you wish to be excluded from future Foundstone announcements, please
reply to this e-mail with only the single word UNSUBSCRIBE in the subject
line.



----- Original Message -----
From: "Daniela Regina Barbetti" <daniela em ccuec.unicamp.br>
To: <security-l em unicamp.br>
Cc: <uni-adm em ccuec.unicamp.br>
Sent: Friday, February 15, 2002 7:48 AM
Subject: [SECURITY-L] CAIS-Alerta: Patch Acumulativo para o Internet
Explorer


> ----- Forwarded message from Centro de Atendimento a Incidentes de
Seguranca <cais em cais.rnp.br> -----
>
> From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
> Subject: CAIS-Alerta: Patch Acumulativo para o Internet Explorer
> To: <rnp-alerta em cais.rnp.br>, <rnp-seg em cais.rnp.br>
> Cc: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
> Date: Thu, 14 Feb 2002 15:31:18 -0200 (EDT)
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> Prezados,
>
> O CAIS esta' repassando o alerta do CIAC, CIAC Bulletin M-041 Microsoft
> Internet Explorer Cumulative Patch, relativo ao alerta divulgado pela
> Microsoft, Microsoft Security Bulletin MS02-005, que trata da
> identificacao de seis vulnerabilidades no Internet Explorer.
>
> Uma destas vulnerabilidades permite ao atacante executar codigo
> remotamente no sistema cliente, podendo  obter acesso ao mesmo.
>
> Ressalta-se que o patch divulgado e' acumulativo, ou seja, uma vez
> instalado, elimina todas as vulnerabilidades divulgadas anteriormente e
> que afetam o IE 5.01, 5.5 e IE 6, alem das seis tratadas neste alerta.
>
> Sistemas Afetados:
>
> Plataformas Windows com Internet Explorer 5.01 SP2,
> 5.5 SP1 e SP2, ou 6.0.
>
> Correcoes disponiveis:
>
> A correcao consiste na aplicacao do  "11 February 2002 Cumulative Patch
> for IE", que pode ser obtido em:
>
> http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp
>
> Maiores informacoes:
>
>         http://www.microsoft.com/technet/security/bulletin/ms02-005.asp
>
> Identificadores do CVE: CAN-2002-0022, CAN-2002-0023, CAN-2002-0024,
> CAN-2002-0025, CAN-2002-0026 e CAN-2002-0027
>
>
> O CAIS recomenda fortemente aos administradores de sistemas Windows que
> atualizem seus sistemas.
>
>
> Atenciosamente,
>
>
>
> ################################################################
> #   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA / RNP      #
> #                                                              #
> # cais em cais.rnp.br     http://www.cais.rnp.br                  #
> # Tel. 019-37873300    Fax. 019-37873301                       #
> # Chave PGP disponivel em: http://www.cais.rnp.br/cais-pgp.key #
> ################################################################
>
>
> >From ciac em rumpole.ciac.org Thu Feb 14 12:14:35 2002
> Date: Tue, 12 Feb 2002 17:25:42 -0800 (PST)
> From: CIAC Mail User <ciac em rumpole.ciac.org>
> To: ciac-bulletin em rumpole.ciac.org
> Subject: CIAC Bulletin M-041 Microsoft Internet Explorer Cumulative Patch
>
> [For Public Release]
>              __________________________________________________________
>
>                        The U.S. Department of Energy
>                      Computer Incident Advisory Center
>                            ___  __ __    _     ___
>                           /       |     /_\   /
>                           \___  __|__  /   \  \___
>              __________________________________________________________
>
>                              INFORMATION BULLETIN
>
>                   Microsoft Internet Explorer Cumulative Patch
>                      [Microsoft Security Bulletin MS02-005]
>
> February 12, 2002 18:00 GMT                                       Number
M-041
>
____________________________________________________________________________
__
> PROBLEM:       Six vulnerabilities have been found in Internet Explorer,
the
>                most serious of which allows an intruder to remotely run
code
>                on another users system.
> PLATFORM:      Windows Platforms with Internet Explorer 5.01 SP2, 5.5 SP1
and
>                SP2, or 6.0.
> DAMAGE:        Depending on the vulnerability, an intruder can read or
execute
>                files on a client system and possibly get remote access to
the
>                system.
> SOLUTION:      Apply the 11 February 2002 Cumulative Patch for Internet
>                Explorer available on the Microsoft windowsupdate website.
>
____________________________________________________________________________
__
> VULNERABILITY  The risk is HIGH. Remote users can run code on a clients
system
> ASSESSMENT:    and possibly get user access on that system.
>
____________________________________________________________________________
__
> LINKS:
>  CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/m-041.shtml
>  ORIGINAL BULLETIN:
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/
>        security/bulletin/MS02-005.asp
>  PATCHES:            http://windowsupdate.microsoft.com
>
____________________________________________________________________________
__
>
>
> - -+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
> This message was posted through the FIRST mailing list server.
> Contact your team's FIRST representative to (un)subscribe,
>
> DO NOT REDISTRIBUTE BEYOND MEMBERS OF FIRST TEAMS UNLESS THE AUTHOR OF
> THIS MESSAGE GRANTS EXPRESS PERMISSION TO REDISTRIBUTE
> - -+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
> - ------------ Output from pgp ------------
> Signature by unknown keyid: 0x6CCB7419
>
>
>
>
>
>
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 5.0i for non-commercial use
> Charset: noconv
>
> iQCVAwUBPGv0bekli63F4U8VAQFc2gP+N4keuSfKjPf9YROUnrSUteWPEVR50Ji9
> 5ZIWSrXbU/CeXDtdwPAEdUX1NTxAhK/h66TwnBSV7n8F0AuLQCJ0hcZ7I2jGsRdU
> CvQJResYvxU68eSUD16ql4z5glXLz99DkGW+5cN6gEchuTGb/JVFzKsDq27WTenv
> wVy1ULb3MA8=
> =xb42
> -----END PGP SIGNATURE-----
>
>
>
> ----- End forwarded message -----

Mais detalhes sobre a lista de discussão SECURITY-L