[SECURITY-L] Observaoces sobre o patch acumulativo para IE + dicas sobre bugs do SNMP
Daniela Regina Barbetti
daniela em ccuec.unicamp.br
Sex Fev 15 11:12:11 -02 2002
----- Forwarded message from Giordani Rodrigues <editor em infoguerra.com.br> -----
From: "Giordani Rodrigues" <editor em infoguerra.com.br>
Subject: Re: [SECURITY-L] CAIS-Alerta: Patch Acumulativo para o Internet Explorer
To: "Daniela Regina Barbetti" <daniela em ccuec.unicamp.br>
Date: Fri, 15 Feb 2002 10:52:23 -0300
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Prezada Daniela,
Achei relevante comentar que foram constatadas algumas falhas nos patches
liberados pela MS neste último pacote, o que faz com que alguns bugs não
sejam corrigidos ou sejam apenas parcialmente corrigidos.
Para mais detalhes, por favor, veja essa matéria:
http://www.infoguerra.com.br/infonews/viewnews.cgi?newsid1013633177,42817,/
No final do texto há links para os testes. Eu fiz testes com um Win98
"patcheado" e realmente algumas ações que não deveriam acontecer continuam
acontecendo depois de aplicados os patches. A matéria original da Newsbytes,
citada, pode ser encontrada em http://www.newsbytes.com/news/02/174427.html
Gostaria também de passar uma dica (reproduzida abaixo) sobre uma ferramenta
para fazer scan em uma rede, detectar o SNMP e, de acordo com o anúncio,
determinar o nível de exposição do protocolo às recentes falhas descobertas.
Atenciosamente,
Giordani Rodrigues
Editor de InfoGuerra
URL: http://www.infoguerra.com.br
E-mail: editor em infoguerra.com.br
Sent: Thursday, February 14, 2002 7:01 PM
Subject: Security Alert! Free SNMP tool from Foundstone.
New Foundstone Freeware Tool Offered to Combat Latest SNMP Vulnerabilities
SNScan Accurately Detects Devices Using SNMP
Available at Foundstone.com
On February 12, 2002, CERT issued a warning regarding a vulnerability in the
Simple Network Management Protocol (SNMP) that could allow an outsider to
gain control of their systems. More than 200 popular products are built on
the protocol.
On February 13, 2002 the R&D Labs at Foundstone, Inc., the premier provider
of security assessments and vulnerability protection, announced SNScan, a
freeware tool developed entirely by Foundstone, to quickly and accurately
detect SNMP- (Simple Network Management Protocol) enabled devices on a
network. SNScan can effectively determine the level of exposure to SNMP-
related vulnerabilities across any network. Once these devices have been
identified, an administrator can determine whether to fix the SNMP service,
disable SNMP or implement filters to restrict access. Recent SNMP
vulnerabilities range from allowing host administrative access to Denial of
Service (DoS) attacks.
"SNMP is the main protocol used to manage network devices at large
corporations. There are potentially millions of systems on the Internet and
within companies that are vulnerable," said Stuart McClure, CTO of
Foundstone. "SNScan is based on our flagship technology, FoundScan, known in
the industry to give the most accurate information possible. Considering the
number of devices vulnerable, accuracy is going to be the most important
feature in combating this vulnerability."
SNScan is available as a freeware tool for download from the Foundstone
corporate Web site, at <http://www.foundstone.com/>. To get to SNScan, click
Vulnerability Alert on the right and select Scanners in the Free Tools
section.
For more information regarding Foundstone's FoundScan Vulnerability
Management solution, visit <http://www.foundstone.com/services/mvas.html>.
Or contact Rob Stevens at 1-877-91-FOUND
If you wish to be excluded from future Foundstone announcements, please
reply to this e-mail with only the single word UNSUBSCRIBE in the subject
line.
----- Original Message -----
From: "Daniela Regina Barbetti" <daniela em ccuec.unicamp.br>
To: <security-l em unicamp.br>
Cc: <uni-adm em ccuec.unicamp.br>
Sent: Friday, February 15, 2002 7:48 AM
Subject: [SECURITY-L] CAIS-Alerta: Patch Acumulativo para o Internet
Explorer
> ----- Forwarded message from Centro de Atendimento a Incidentes de
Seguranca <cais em cais.rnp.br> -----
>
> From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
> Subject: CAIS-Alerta: Patch Acumulativo para o Internet Explorer
> To: <rnp-alerta em cais.rnp.br>, <rnp-seg em cais.rnp.br>
> Cc: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
> Date: Thu, 14 Feb 2002 15:31:18 -0200 (EDT)
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> Prezados,
>
> O CAIS esta' repassando o alerta do CIAC, CIAC Bulletin M-041 Microsoft
> Internet Explorer Cumulative Patch, relativo ao alerta divulgado pela
> Microsoft, Microsoft Security Bulletin MS02-005, que trata da
> identificacao de seis vulnerabilidades no Internet Explorer.
>
> Uma destas vulnerabilidades permite ao atacante executar codigo
> remotamente no sistema cliente, podendo obter acesso ao mesmo.
>
> Ressalta-se que o patch divulgado e' acumulativo, ou seja, uma vez
> instalado, elimina todas as vulnerabilidades divulgadas anteriormente e
> que afetam o IE 5.01, 5.5 e IE 6, alem das seis tratadas neste alerta.
>
> Sistemas Afetados:
>
> Plataformas Windows com Internet Explorer 5.01 SP2,
> 5.5 SP1 e SP2, ou 6.0.
>
> Correcoes disponiveis:
>
> A correcao consiste na aplicacao do "11 February 2002 Cumulative Patch
> for IE", que pode ser obtido em:
>
> http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp
>
> Maiores informacoes:
>
> http://www.microsoft.com/technet/security/bulletin/ms02-005.asp
>
> Identificadores do CVE: CAN-2002-0022, CAN-2002-0023, CAN-2002-0024,
> CAN-2002-0025, CAN-2002-0026 e CAN-2002-0027
>
>
> O CAIS recomenda fortemente aos administradores de sistemas Windows que
> atualizem seus sistemas.
>
>
> Atenciosamente,
>
>
>
> ################################################################
> # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA / RNP #
> # #
> # cais em cais.rnp.br http://www.cais.rnp.br #
> # Tel. 019-37873300 Fax. 019-37873301 #
> # Chave PGP disponivel em: http://www.cais.rnp.br/cais-pgp.key #
> ################################################################
>
>
> >From ciac em rumpole.ciac.org Thu Feb 14 12:14:35 2002
> Date: Tue, 12 Feb 2002 17:25:42 -0800 (PST)
> From: CIAC Mail User <ciac em rumpole.ciac.org>
> To: ciac-bulletin em rumpole.ciac.org
> Subject: CIAC Bulletin M-041 Microsoft Internet Explorer Cumulative Patch
>
> [For Public Release]
> __________________________________________________________
>
> The U.S. Department of Energy
> Computer Incident Advisory Center
> ___ __ __ _ ___
> / | /_\ /
> \___ __|__ / \ \___
> __________________________________________________________
>
> INFORMATION BULLETIN
>
> Microsoft Internet Explorer Cumulative Patch
> [Microsoft Security Bulletin MS02-005]
>
> February 12, 2002 18:00 GMT Number
M-041
>
____________________________________________________________________________
__
> PROBLEM: Six vulnerabilities have been found in Internet Explorer,
the
> most serious of which allows an intruder to remotely run
code
> on another users system.
> PLATFORM: Windows Platforms with Internet Explorer 5.01 SP2, 5.5 SP1
and
> SP2, or 6.0.
> DAMAGE: Depending on the vulnerability, an intruder can read or
execute
> files on a client system and possibly get remote access to
the
> system.
> SOLUTION: Apply the 11 February 2002 Cumulative Patch for Internet
> Explorer available on the Microsoft windowsupdate website.
>
____________________________________________________________________________
__
> VULNERABILITY The risk is HIGH. Remote users can run code on a clients
system
> ASSESSMENT: and possibly get user access on that system.
>
____________________________________________________________________________
__
> LINKS:
> CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/m-041.shtml
> ORIGINAL BULLETIN:
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/
> security/bulletin/MS02-005.asp
> PATCHES: http://windowsupdate.microsoft.com
>
____________________________________________________________________________
__
>
>
> - -+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
> This message was posted through the FIRST mailing list server.
> Contact your team's FIRST representative to (un)subscribe,
>
> DO NOT REDISTRIBUTE BEYOND MEMBERS OF FIRST TEAMS UNLESS THE AUTHOR OF
> THIS MESSAGE GRANTS EXPRESS PERMISSION TO REDISTRIBUTE
> - -+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
> - ------------ Output from pgp ------------
> Signature by unknown keyid: 0x6CCB7419
>
>
>
>
>
>
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 5.0i for non-commercial use
> Charset: noconv
>
> iQCVAwUBPGv0bekli63F4U8VAQFc2gP+N4keuSfKjPf9YROUnrSUteWPEVR50Ji9
> 5ZIWSrXbU/CeXDtdwPAEdUX1NTxAhK/h66TwnBSV7n8F0AuLQCJ0hcZ7I2jGsRdU
> CvQJResYvxU68eSUD16ql4z5glXLz99DkGW+5cN6gEchuTGb/JVFzKsDq27WTenv
> wVy1ULb3MA8=
> =xb42
> -----END PGP SIGNATURE-----
>
>
>
> ----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L