From daniela em ccuec.unicamp.br Mon May 5 09:15:08 2003 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Mon, 5 May 2003 09:15:08 -0300 Subject: [SECURITY-L] Unibanco corrige sistema em 8 mil caixas automaticos Message-ID: <20030505121508.GC367@ccuec.unicamp.br> ----- Forwarded message from Nelson Murilo ----- From: Nelson Murilo Subject: [S] Unibanco corrige sistema em 8 mil caixas automáticos To: seguranca em pangeia.com.br Date: Fri, 2 May 2003 09:24:30 -0300 [http://idgnow.terra.com.br/idgnow/business/2003/04/0062] Unibanco corrige sistema em 8 mil caixas automáticos Terça-feira, 29 de Abril de 2003 - 11h02 Há duas semanas, conforme noticiou com exclusividade o site CSO Online, um dos caixas automáticos do Unibanco travou e, durante pelo menos dois dias, exibiu a mensagem de que um vírus havia sido "encontrado no equipamento" e o sistema estava parado. Depois de recolher a máquina . instalada em um Shopping Center da região central de São Paulo . e investigar o caso, o laboratório do Unibanco conclui - como já suspeitava - que houve uma falha em um dos sistemas utilizados no terminal automático. "A máquina tem sensores em todas as suas partes que possam sofrer violabilidade. Como houve tentativa de abrir o terminal em duas regiões (leitora de cartão magnético e dispensador de dinheiro) nosso sistema acabou trazendo uma mensagem errada", explica José Fernando Trita, diretor de tecnologia do banco. De acordo com o executivo, assim que a máquina foi danificada, sensores enviaram um sinal para a central de monitoramento do Unibanco, localizada em São Paulo. Esta central acionou a manutenção para reparar o problema mas, como reconhece o próprio executivo, houve atraso na presença do pessoal técnico. "O programa que gerencia estes problemas acabou entrando em uma condição na qual identificava duas violações simultaneamente e, por uma falha, exibiu a mensagem de vírus", afirma. Segundo Trita, embora todos os terminais possuam antivírus instalados, a mensagem exibida não veio desta ferramenta, mas de um sistema interno, criado pelo próprio banco. "Depois desta ocorrência o software foi totalmente revisado e não há mais nenhum problema desta natureza", diz. Para evitar futuras ocorrências, o executivo declara que todos os terminais do banco . mais de 8 mil em todo o País -passarão por um upgrade. "Como temos meios de fazer este trabalho remotamente, a atualização deve durar cerca de três dias. Vamos alternar o ciclo de inserção das mudanças para não prejudicar horários de pico nos caixas automáticos". ----- End forwarded message ----- From daniela em ccuec.unicamp.br Mon May 5 09:18:44 2003 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Mon, 5 May 2003 09:18:44 -0300 Subject: [SECURITY-L] Policia prende hacker do grupo Fluffi Bunni Message-ID: <20030505121844.GD367@ccuec.unicamp.br> ----- Forwarded message from Nelson Murilo ----- From: Nelson Murilo Subject: [S] Polícia prende hacker do grupo Fluffi Bunni To: seguranca em pangeia.com.br Date: Fri, 2 May 2003 11:41:12 -0300 [http://idgnow.terra.com.br/idgnow/internet/2003/04/0075] Polícia prende hacker do grupo Fluffi Bunni Quarta-feira, 30 de Abril de 2003 - 12h37 IDG Now! Membros da Unidade de Crimes de Computador prenderam nesta terça-feira (29/04), um membro suspeito do famoso grupo de hackers Fluffi Bunni. Lynn Htun, de 24 anos, foi preso pela polícia metropolitana enquanto visitava um estande na feira de segurança InfoSec, que acontece em Londres nesta semana. O suposto hacker foi detido com base em acusações registradas na corte de Guildford Crown, na Inglaterra, e deve começar a responder acusações no tribunal nesta quarta-feira (30/04). O grupo Fluffi Bunni é supostamente responsável por uma série de ataques contra Web sites de organizações norte-americanas de segurança. Depois de invadir e hackear os sites, o grupo deixa o desenho de um coelho rosa como cartão de visitas na página Web. De acordo com a empresa de segurança digital Mi2g, de Londres, o grupo realizou 23 ataques entre junho de 2000 e janeiro de 2002, incluindo sites como www.sans.org, www.attrition.org e www.securityfocus.com. Htun, que usa o nome online .Danny-Boy., chamou a atenção das autoridades inglesas que monitoram a Internet, incluindo chats frequentados por hackers. Ele tem a reputação de ser um .packet monkey. . alguém responsável por conduzir ataques denial of service (DoS). Allan Paller, diretor de pesquisas do instituto SANS, que teve seu Web site atacado pelo Fluffi Bunni em julho de 2001, afirmou que a identidade de Htun foi descoberta pelas autoridades assim que o ataque aconteceu, mas, naquela época, a iniciativa de prendê-lo foi lenta. .Estou surpreso por ele não ter saído da Inglaterra até agora., diz Paller. [ Gillian Law e Paul Roberts - IDG News Service, Londres ] ----- End forwarded message ----- From mieko em ccuec.unicamp.br Mon May 5 09:48:54 2003 From: mieko em ccuec.unicamp.br (Silvana Mieko Misuta) Date: Mon, 5 May 2003 09:48:54 -0300 Subject: [SECURITY-L] [0_47374_AEE7C282-5BFD-4E84-98BC-79A14F27B03B_BR@Newsletters.Microsoft.com: Revised: Microsoft Security Bulletin MS02-071: Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation(328310)] Message-ID: <20030505124854.GB483@ccuec.unicamp.br> ----- Forwarded message from Microsoft <0_47374_AEE7C282-5BFD-4E84-98BC-79A14F27B03B_BR em Newsletters.Microsoft.com> ----- From: "Microsoft" <0_47374_AEE7C282-5BFD-4E84-98BC-79A14F27B03B_BR em Newsletters.Microsoft.com> Subject: Revised: Microsoft Security Bulletin MS02-071: Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310) To: Date: Wed, 30 Apr 2003 23:30:55 -0700 X-Mailer: Microsoft CDO for Windows 2000 -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310) Released: December 11, 2002 Revised: April 30, 2003 (version 3.0) Software: Microsoft(r) Windows(r) NT 4.0, Windows 2000, and Windows XP Impact: Privilege elevation Max Risk: Important Bulletin: MS02-071 Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-071.asp http://www.microsoft.com/security/security_bulletins/ms02-071.asp - ---------------------------------------------------------------------- Reason for Revision: ==================== Subsequent to the release of this patch Microsoft identified a problem affected Windows NT 4.0 TSE multi processor systems which was causing them to fail. The patch should have been installable on both single and multi processor system and the installer should have copied the correct binaries onto the system depending on whether the system was single or multi processor. However an installer error meant that the correct binaries were not being copied onto multi processor systems, causing them to fail under certain scenarios. Microsoft has updated the patch for Windows NT 4.0 TSE to correct this error. It should be noted that this patch only corrects an installer problem with multi processor Windows NT 4.0 TSE systems - there is no requirement to re-install the patch on single processor systems as the installer functions correctly on those systems. Issue: ====== Subsequent to the release of this bulletin it was determined that the patch for Microsoft Windows NT 4.0 machines introduced an error that could, under certain configurations, cause NT 4.0 to fail. Microsoft has investigated this issue and has released an updated patch for Windows NT 4.0. The bulletin has been updated to include the new download links for the NT 4.0 patch. The error did not affect NT 4.0 TSE, except for the Japanese Language. Customers running the Japanese version of NT 4.0 TSE should apply the updated fix. Customers who have installed the patch on Microsoft Windows 2000 and Windows XP are unaffected by this error. Windows messages provide a way for interactive processes to react to user events (e.g., keystrokes or mouse movements) and communicate with other interactive processes. One such message, WM_TIMER, is sent at the expiration of a timer, and can be used to cause a process to execute a timer callback function. A security vulnerability results because it's possible for one process in the interactive desktop to use a WM_TIMER message to cause another process to execute a callback function at the address of its choice, even if the second process did not set a timer. If that second process had higher privileges than the first, this would provide the first process with a way of exercising them. By default, several of the processes running in the interactive desktop do so with LocalSystem privileges. As a result, an attacker who had the ability to log onto a system interactively could potentially run a program that would levy a WM_TIMER request upon such a process, causing it to take any action the attacker specified. This would give the attacker complete control over the system. In addition to addressing this vulnerability, the patch also makes changes to several processes that run on the interactive desktop with high privileges. Although none of these would, in the absence of the TM_TIMER vulnerability, enable an attacker to gain privileges on the system, we have included them in the patch to make the services more robust. Mitigating Factors: ==================== - -An attacker would need valid logon credentials to exploit the vulnerability. It could not be exploited remotely. - -Properly secured servers would be at little risk from this vulnerability. Standard best practices recommend only allowing trusted administrators to log onto such systems interactively; without such privileges, an attacker could not exploit the vulnerability. Risk Rating: ============ Important Patch Availability: =================== - A patch is available to fix this vulnerability. Please read the Security Bulletins at http://www.microsoft.com/technet/security/bulletin/ms02-071.asp http://www.microsoft.com/security/security_bulletins/ms02-071.asp for information on obtaining this patch. - ----------------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQEVAwUBPrAKMY0ZSRQxA/UrAQGuiAgAhKJcRoS/2A4h9/muCDQZbWmwsbxOoQLI BjXm2WU8xhsWhpo3uF/HAqofwyuosH6NQMDT5loM+ZQu4efCO1n06Z4olUFPKOe5 Idyx6o+rqEKqq9Sz5VdSFbqv3O+DJRTwJN6p7jKboH7ufRvuWhoVkiMub5NUzq80 mdPsvjSdu+V4j4WUGDH+RtZbYp8Jfx7qCypJYkvo/G8Tk6RxbVVeee4pH/sV0O5c zYmE2hT3BS4fEDJdEF/q68rU34oxKQQCu907pym9ZSK6XjFuIvtpR5qy9uATLZbR jv58DymcDPiHYAhgkHtwSZBde47X1uVEC+wh6rwBGP3r87A7Pfl6sw== =t1cO -----END PGP SIGNATURE----- ******************************************************************* You have received this e-mail bulletin because of your subscription to the Microsoft Product Security Notification Service. For more information on this service, please visit http://www.microsoft.com/technet/security/notify.asp. To verify the digital signature on this bulletin, please download our PGP key at http://www.microsoft.com/technet/security/notify.asp. To unsubscribe from the Microsoft Security Notification Service, please visit the Microsoft Profile Center at http://register.microsoft.com/regsys/pic.asp If you do not wish to use Microsoft Passport, you can unsubscribe from the Microsoft Security Notification Service via email as described below: Reply to this message with the word UNSUBSCRIBE in the Subject line. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security. ----- End forwarded message ----- From mieko em ccuec.unicamp.br Mon May 5 09:48:24 2003 From: mieko em ccuec.unicamp.br (Silvana Mieko Misuta) Date: Mon, 5 May 2003 09:48:24 -0300 Subject: [SECURITY-L] [0_47373_AEE7C282-5BFD-4E84-98BC-79A14F27B03B_BR@Newsletters.Microsoft.com: Microsoft Security Bulletin MS03-016: Cumulative Patch for BizTalk Server (815206)] Message-ID: <20030505124823.GA483@ccuec.unicamp.br> ----- Forwarded message from Microsoft <0_47373_AEE7C282-5BFD-4E84-98BC-79A14F27B03B_BR em Newsletters.Microsoft.com> ----- From: "Microsoft" <0_47373_AEE7C282-5BFD-4E84-98BC-79A14F27B03B_BR em Newsletters.Microsoft.com> Subject: Microsoft Security Bulletin MS03-016: Cumulative Patch for BizTalk Server (815206) To: Date: Wed, 30 Apr 2003 23:12:40 -0700 X-Mailer: Microsoft CDO for Windows 2000 -----BEGIN PGP SIGNED MESSAGE----- - -------------------------------------------------------------------- Title: Cumulative Patch for BizTalk Server (815206) Date: 30 April 2003 Software: Microsoft BizTalk Server 2000 & BizTalk Server 2002 Impact: Two vulnerabilities, the most serious of which could allow an attacker to run code of their choice Max Risk: Important Bulletin: MS03-016 Microsoft encourages customers to review the Security Bulletins at: http://www.microsoft.com/technet/security/bulletin/MS03-016.asp http://www.microsoft.com/security/security_bulletins/ms03-016.asp - -------------------------------------------------------------------- Issue: ====== Microsoft BizTalk Server is an Enterprise Integration product that allows organizations to integrate applications, trading partners, and business processes. BizTalk is used in intranet environments to transfer business documents between different back-end systems as well as extranet environments to exchange structured messages with trading partners. This patch addresses two newly reported vulnerabilities in BizTalk Server. The first vulnerability affects Microsoft BizTalk Server 2002 only. BizTalk Server 2002 provides the ability to exchange documents using the HTTP format. A buffer overrun exists in the component used to receive HTTP documents - the HTTP receiver - and could result in an attacker being able to execute code of their choice on the BizTalk Server. The second vulnerability affects both Microsoft BizTalk Server 2000 and BizTalk Server 2002. BizTalk Server provides the ability for administrators to manage documents via a Document Tracking and Administration (DTA) web interface. A SQL injection vulnerability exists in some of the pages used by DTA that could allow an attacker to send a crafted URL query string to a legitimate DTA user. If that user were to then navigate to the URL sent by the attacker, he or she could execute a malicious embedded SQL statement in the query string. Mitigating Factors: ==================== HTTP Receiver Buffer Overflow - -The HTTP Receiver is only present in Microsoft BizTalk Server 2002. BizTalk Server 2000 is not affected by this vulnerability. - -The HTTP receiver is not enabled by default. HTTP must be explicitly enabled as a receive transport during the setup of a BizTalk site. - -If the vulnerability was exploited to run arbitrary code, the code would run in the security context of the IIS Server. If the IIS Server is running under a user account, the attacker's permissions will be limited to those of this user account. DTA SQL Injection - -DTA users by default are not highly privileged SQL users such as database owners, since they are only required to be members of "BizTalk Server Report Users" security group in order to use DTA web interface. In this case, a successful attacker's permissions on the SQL Server will be restricted. Risk Rating: ============ Important Patch Availability: =================== - A patch is available to fix this vulnerability. Please read the Security Bulletins at http://www.microsoft.com/technet/security/bulletin/ms03-016.asp http://www.microsoft.com/security/security_bulletins/ms03-016.asp for information on obtaining this patch. Acknowledgment: =============== - Microsoft thanks Cesar Cerrudo for reporting this issue to us and working with us to protect customers - -------------------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQEVAwUBPrAIZo0ZSRQxA/UrAQHfHQf9G5T0C7pz9B4lk6ut16LtIxuzgr/lxIZU /37CkGyvSK2qmkG+i2qSN7OQ4k6Pdlx2edKbHu+K87Cg1L8izvZ0ZMbZucn3iKnW P+/3y7iSF7CHCztpZVqQJkp6FDimjzIQeCwwxWMCO2ZeDHGhl0V8d6nki/Us2iCP Rx3UcvwRaaJpq28qhf2CVXbtw4fBvVNZBFsgMjq5WQOrGwuihtfDOtxt4ZZFk5PT 8bP1z9JkUuk6QvQP6pU5xt/UL+aihCVRqx8pcXyfTx3cOqXdYvXPl4V5R1ERw1s6 2xV05naa77E61prPK8Moj3V52hPR5qPh8mc2tdKLqyZY5boPJP8H0Q== =y1Xu -----END PGP SIGNATURE----- ******************************************************************* You have received this e-mail bulletin because of your subscription to the Microsoft Product Security Notification Service. For more information on this service, please visit http://www.microsoft.com/technet/security/notify.asp. To verify the digital signature on this bulletin, please download our PGP key at http://www.microsoft.com/technet/security/notify.asp. To unsubscribe from the Microsoft Security Notification Service, please visit the Microsoft Profile Center at http://register.microsoft.com/regsys/pic.asp If you do not wish to use Microsoft Passport, you can unsubscribe from the Microsoft Security Notification Service via email as described below: Reply to this message with the word UNSUBSCRIBE in the Subject line. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security. ----- End forwarded message ----- From mieko em ccuec.unicamp.br Mon May 5 15:05:18 2003 From: mieko em ccuec.unicamp.br (Silvana Mieko Misuta) Date: Mon, 5 May 2003 15:05:18 -0300 Subject: [SECURITY-L] [cais@cais.rnp.br: CAIS-Alerta: Patch Acumulativo para o Microsoft BizTalk Server (815206)] Message-ID: <20030505180518.GA939@ccuec.unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Patch Acumulativo para o Microsoft BizTalk Server (815206) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Mon, 5 May 2003 14:42:32 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS está repassando o alerta divulgado pela Microsoft, Microsoft Security Bulletin MS03-016: Cumulative Patch for BizTalk Server (815206), que trata da disponibilização de patch acumulativo para o Microsoft BizTalk Server 2000 e 2002. Sistemas Afetados: . Microsoft BizTalk Server 2000 . Microsoft BizTalk Server 2002 Correções disponíveis: A correção consiste na aplicação do patch recomendado pela Microsoft e disponível em: . Microsoft BizTalk Server 2000: http://microsoft.com/downloads/details.aspx?FamilyId=001E93E4-0E6E-4289-AEFE-9161D2E5AF97&displaylang=en . Microsoft BizTalk Server 2002: http://microsoft.com/downloads/details.aspx?FamilyId=A05344FE-2622-4887-AA45-3DE7C4ED3C75&displaylang=en Maiores informações: http://www.microsoft.com/technet/security/bulletin/ms03-016.asp Identificadores do CVE: CAN-2003-0117, CAN-2003-0118 (http://cve.mitre.org) O CAIS recomenda aos administradores de plataformas Microsoft que mantenham seus sistemas e aplicativos sempre atualizados. Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA / RNP # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel em: http://www.cais.rnp.br/cais-pgp.key # ################################################################ - -------------------------------------------------------------------- Title: Cumulative Patch for BizTalk Server (815206) Date: 30 April 2003 Software: Microsoft BizTalk Server 2000 & BizTalk Server 2002 Impact: Two vulnerabilities, the most serious of which could allow an attacker to run code of their choice Max Risk: Important Bulletin: MS03-016 Microsoft encourages customers to review the Security Bulletins at: http://www.microsoft.com/technet/security/bulletin/MS03-016.asp http://www.microsoft.com/security/security_bulletins/ms03-016.asp - -------------------------------------------------------------------- Issue: ====== Microsoft BizTalk Server is an Enterprise Integration product that allows organizations to integrate applications, trading partners, and business processes. BizTalk is used in intranet environments to transfer business documents between different back-end systems as well as extranet environments to exchange structured messages with trading partners. This patch addresses two newly reported vulnerabilities in BizTalk Server. The first vulnerability affects Microsoft BizTalk Server 2002 only. BizTalk Server 2002 provides the ability to exchange documents using the HTTP format. A buffer overrun exists in the component used to receive HTTP documents - the HTTP receiver - and could result in an attacker being able to execute code of their choice on the BizTalk Server. The second vulnerability affects both Microsoft BizTalk Server 2000 and BizTalk Server 2002. BizTalk Server provides the ability for administrators to manage documents via a Document Tracking and Administration (DTA) web interface. A SQL injection vulnerability exists in some of the pages used by DTA that could allow an attacker to send a crafted URL query string to a legitimate DTA user. If that user were to then navigate to the URL sent by the attacker, he or she could execute a malicious embedded SQL statement in the query string. Mitigating Factors: ==================== HTTP Receiver Buffer Overflow - -The HTTP Receiver is only present in Microsoft BizTalk Server 2002. BizTalk Server 2000 is not affected by this vulnerability. - -The HTTP receiver is not enabled by default. HTTP must be explicitly enabled as a receive transport during the setup of a BizTalk site. - -If the vulnerability was exploited to run arbitrary code, the code would run in the security context of the IIS Server. If the IIS Server is running under a user account, the attacker's permissions will be limited to those of this user account. DTA SQL Injection - -DTA users by default are not highly privileged SQL users such as database owners, since they are only required to be members of "BizTalk Server Report Users" security group in order to use DTA web interface. In this case, a successful attacker's permissions on the SQL Server will be restricted. Risk Rating: ============ Important Patch Availability: =================== - A patch is available to fix this vulnerability. Please read the Security Bulletins at http://www.microsoft.com/technet/security/bulletin/ms03-016.asp http://www.microsoft.com/security/security_bulletins/ms03-016.asp for information on obtaining this patch. Acknowledgment: =============== - Microsoft thanks Cesar Cerrudo for reporting this issue to us and working with us to protect customers - -------------------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************* -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBPraij+kli63F4U8VAQH+lgQAopXOkMGvY7NOreOlZUUqMoPF2Ctle9pk 1LpDfInlhU4KD85J0biOWHKaeAXbAki8284+KwdhltX7J9VQRtqca502GNRGZvUo zkYjx7T8zAaVGTkt0OcOdshbAu8WtEGDYukcIV2MnYmOWKeXd2NlgCF1uMtSedG+ sd0gIsldSHE= =U9Dk -----END PGP SIGNATURE----- ----- End forwarded message ----- From mieko em ccuec.unicamp.br Tue May 6 09:38:31 2003 From: mieko em ccuec.unicamp.br (Silvana Mieko Misuta) Date: Tue, 6 May 2003 09:38:31 -0300 Subject: [SECURITY-L] Vulnerabilidades de Seguranca Message-ID: <20030506123831.GA2276@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 29/04/2003 ---------- Red Hat Network Alert (RHSA-2003:079-10) Assunto: Updated zlib packages fix gzprintf buffer overflow vulnerability http://www.security.unicamp.br/docs/bugs/2003/04/v180.txt Red Hat Security Advisory (RHSA-2003:093-01) Assunto: Updated MySQL packages fix vulnerabilities http://www.security.unicamp.br/docs/bugs/2003/04/v179.txt NGSSoftware Insight Security Research Advisory (#NISR29042003) Assunto: Oracle Database Server Buffer Overflow Vulnerability http://www.security.unicamp.br/docs/bugs/2003/04/v178.txt Red Hat Security Advisory (RHSA-2003:079-01) Assunto: Updated zlib packages fix gzprintf buffer overflow vulnerability http://www.security.unicamp.br/docs/bugs/2003/04/v177.txt 28/04/2003 ---------- Mandrake Linux Security Update Advisory (MDKSA-2003:052) Assunto: Vulnerabilidade de Seguranca no snort http://www.security.unicamp.br/docs/bugs/2003/04/v176.txt Red Hat Network Alert (RHSA-2003:112-03) Assunto: Updated squirrelmail packages fix cross-site scripting vulnerabilities http://www.security.unicamp.br/docs/bugs/2003/04/v175.txt Core Security Technologies Advisory (CORE-2003-0305-02) Assunto: Vulnerabilities in Kerio Personal Firewal http://www.security.unicamp.br/docs/bugs/2003/04/v174.txt Microsoft Assunto: Windows 2000 Security Hardening Guide Available http://www.security.unicamp.br/docs/bugs/2003/04/v173.txt Gentoo Linux Security Announcement (200304-09) Assunto: buffer overflow, insecure spool dir in mgetty http://www.security.unicamp.br/docs/bugs/2003/04/v172.txt Gentoo Linux Security Announcement (200304-08) Assunto: buffer overflow in pptpd http://www.security.unicamp.br/docs/bugs/2003/04/v171.txt Gentoo Linux Security Announcement (200304-07.1) Assunto: buffer overflow in monkeyd http://www.security.unicamp.br/docs/bugs/2003/04/v170.txt Gentoo Linux Security Announcement (200304-06) Assunto: Multiple Vulnerabilities in Snort Preprocessors http://www.security.unicamp.br/docs/bugs/2003/04/v169.txt 25/04/2003 ---------- Vulnerability in nsd LDAP Implementation (20030407-01-P) Assunto: Vulnerability in nsd LDAP Implementation http://www.security.unicamp.br/docs/bugs/2003/04/v168.txt SGI Security Advisory (20030406-02-P) Assunto: Multiple Vulnerabilities in BSD LPR Subsystem http://www.security.unicamp.br/docs/bugs/2003/04/v167.txt 24/04/2003 ---------- Bugzilla Security Advisory Assunto: XSS, insecure temporary filenames http://www.security.unicamp.br/docs/bugs/2003/04/v166.txt Microsoft Assunto: Windows Server 2003 Security Guide available http://www.security.unicamp.br/docs/bugs/2003/04/v165.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas Mailto:security em unicamp.br http://www.security.unicamp.br From mieko em ccuec.unicamp.br Tue May 6 11:31:54 2003 From: mieko em ccuec.unicamp.br (Silvana Mieko Misuta) Date: Tue, 6 May 2003 11:31:54 -0300 Subject: [SECURITY-L] Vulnerabilidades de Seguranca Message-ID: <20030506143154.GA2490@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 30/04/2003 ---------- Revised: Microsoft Security Bulletin (MS02-071) Assunto: Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310) http://www.security.unicamp.br/docs/bugs/2003/04/v202.txt Microsoft Security Bulletin (MS03-016) Assunto: Cumulative Patch for BizTalk Server (815206) http://www.security.unicamp.br/docs/bugs/2003/04/v201.txt Anuncio de Seguranca do Conectiva Linux (CLA-2003:636) Assunto: Nova versão do PostgreSQL http://www.security.unicamp.br/docs/bugs/2003/04/v200.txt CONECTIVA LINUX SECURITY ANNOUNCEMENT (CLA-2003:635) Assunto: Buffer overflow in the IMAP code in balsa http://www.security.unicamp.br/docs/bugs/2003/04/v199.txt Anuncio de Seguranca do Conectiva Linux (CLA-2003:635) Assunto: Vulnerabilidade no leitor IMAP in balsa http://www.security.unicamp.br/docs/bugs/2003/04/v198.txt REVISÃO: Anúncio de Segurança Conectiva (CLA-2003:633) Assunto: Vulnerabilidade no código XDR usado pela glibc http://www.security.unicamp.br/docs/bugs/2003/04/v197.txt REVISED: Conectiva Security Announcement (CLA-2003:633) Assunto: XDR integer overflow in glibc http://www.security.unicamp.br/docs/bugs/2003/04/v196.txt Anuncio de Seguranca do Conectiva Linux (CLA-2003:634) Assunto: Problema com versão da libdb in cyrus-imapd http://www.security.unicamp.br/docs/bugs/2003/04/v195.txt CONECTIVA LINUX SECURITY ANNOUNCEMENT (CLA-2003:633) Assunto: XDR integer overflow in glibc http://www.security.unicamp.br/docs/bugs/2003/04/v194.txt Anuncio de Seguranca do Conectiva Linux (CLA-2003:633) Assunto: Vulnerabilidade no código XDR usado pela glibc http://www.security.unicamp.br/docs/bugs/2003/04/v193.txt CONECTIVA LINUX SECURITY ANNOUNCEMENT (CLA-2003:614) Assunto: Buffer overflow vulnerability in sendmail http://www.security.unicamp.br/docs/bugs/2003/04/v192.txt Anuncio de Seguranca do Conectiva Linux (CLA-2003:614) Assunto: Vulnerabilidade de buffer overflow no sendmail http://www.security.unicamp.br/docs/bugs/2003/04/v191.txt CONECTIVA LINUX SECURITY ANNOUNCEMENT (CLA-2003:632) Assunto: Denial of service vulnerability in apache http://www.security.unicamp.br/docs/bugs/2003/04/v190.txt Anuncio de Seguranca do Conectiva Linux (CLA-2003:632) Assunto: Vulnerabilidade de negação de serviço no apache http://www.security.unicamp.br/docs/bugs/2003/04/v189.txt Guardian Digital Security Advisory (ESA-20030430-014) Assunto: multiple vulnerabilities in libpcap, tcpdump http://www.security.unicamp.br/docs/bugs/2003/04/v188.txt Guardian Digital Security Advisory (ESA-20030430-013) Assunto: stream4 preprocessor integer overflow vulnerability in snort http://www.security.unicamp.br/docs/bugs/2003/04/v187.txt Debian Security Advisory (DSA 292-3) Assunto: insecure temporary file creation in mime-support http://www.security.unicamp.br/docs/bugs/2003/04/v186.txt Cisco Security Advisory Assunto: Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service Vulnerability http://www.security.unicamp.br/docs/bugs/2003/04/v185.txt Gentoo Linux Security Announcement (200304-10) Assunto: buffer overflow in balsa http://www.security.unicamp.br/docs/bugs/2003/04/v184.txt Debian Security Advisory (DSA 296-1) Assunto: insecure execution in kdebase http://www.security.unicamp.br/docs/bugs/2003/04/v183.txt Debian Security Advisory (DSA 295-1) Assunto: buffer overflow in pptpd http://www.security.unicamp.br/docs/bugs/2003/04/v182.txt 29/04/2003 ---------- Red Hat Network Alert (RHSA-2003:012-09) Assunto: Updated CVS packages available http://www.security.unicamp.br/docs/bugs/2003/04/v181.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas Mailto:security em unicamp.br http://www.security.unicamp.br From mieko em ccuec.unicamp.br Tue May 6 13:09:02 2003 From: mieko em ccuec.unicamp.br (Silvana Mieko Misuta) Date: Tue, 6 May 2003 13:09:02 -0300 Subject: [SECURITY-L] Boletins de Noticias Message-ID: <20030506160902.GA2573@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e redes da Unicamp com os seguintes boletins de noticia e/ou revistas eletronicas: 30/04/2003 ---------- SANS NewsBites Vol. 5 Num. 17 Fonte: SANS http://www.security.unicamp.br/docs/informativos/2003/04/b17.txt 29/04/2003 ---------- SANS Training and GIAC Certification Update Fonte: SANS http://www.security.unicamp.br/docs/informativos/2003/04/b16.txt 28/04/2003 ---------- SecurityFocus Newsletter #194 Fonte: Security Focus http://www.security.unicamp.br/docs/informativos/2003/04/b15.txt No.290 : SPAM - quanto se perde e como evitar? - Parte 1 Fonte: Modulo http://www.security.unicamp.br/docs/informativos/2003/04/b14.txt 23/04/2003 ---------- SANS NewsBites Vol. 5 Num. 16 Fonte: SANS http://www.security.unicamp.br/docs/informativos/2003/04/b13.txt 21/04/2003 ---------- SecurityFocus Newsletter #193 Fonte: Security Focus http://www.security.unicamp.br/docs/informativos/2003/04/b12.txt SANS Critical Vulnerability Analysis Vol 2 No 15 Fonte: SANS http://www.security.unicamp.br/docs/informativos/2003/04/b11.txt 19/04/2003 ---------- SANS Free Webcast April 23: Legal Liability For Information Security Fonte: SANS http://www.security.unicamp.br/docs/informativos/2003/04/b10.txt 17/04/2003 ---------- No.289 : COPPE/RAVEL e Portal Modulo.com - parceria traz mais conteudo para voce! Fonte: Modulo http://www.security.unicamp.br/docs/informativos/2003/04/b9.txt 16/04/2003 ---------- SANS NewsBites Vol. 5 Num. 15 Fonte: SANS http://www.security.unicamp.br/docs/informativos/2003/04/b8.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Tue May 6 13:45:07 2003 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Tue, 6 May 2003 13:45:07 -0300 Subject: [SECURITY-L] Microsoft offers Windows security guide Message-ID: <20030506164507.GC2194@ccuec.unicamp.br> ----- Forwarded message from Nelson Murilo ----- From: Nelson Murilo Subject: [S] Microsoft offers Windows security guide To: seguranca em pangeia.com.br Date: Mon, 28 Apr 2003 09:12:51 -0300 [http://news.com.com/2100-1012-998390.html] By Robert Lemos Staff Writer, CNET News.com April 25, 2003 Microsoft released on Friday a tutorial and templates to help system administrators lock down the security of computers running the company's newest operating system, Windows Server 2003. The tutorial consists of portable document files (PDFs) detailing the reasoning behind configuring the server software for various applications, from a Web server connected to the Internet to a domain controller on a company's internal network. Also included are examples of Microsoft-recommended configurations for specific applications. "There are a lot of different settings that a customer can set on something like a Web server," said Michael Stephenson, lead program manager for Windows Server 2003. "What the guide does is explain to customers why they would want a setting a certain way." The publication of the security how-to guide came a day after the launch of the next generation of Microsoft's server OS. Among other things, the guide contains explanations, checklists, sample configurations and scripts for setting up eight different classes of servers using Windows Server 2003. Along with the Windows Server 2003 guide, the software giant released another set of documents, called "Threats and Countermeasures," which describes the various security options that can be set in Windows 2003 and XP. The guides are Microsoft's latest tactic in the battle to help better secure customers who install its software, as part of the Trustworthy Computing Initiative, the giant's 15-month-old strategy to increase customers' faith in its products. That's why Microsoft has decided to make a large body of best-practice documents available for Windows users, Stephenson said. "As part of Trustworthy Computing, we need to make it easier to be secure in a certain environment, and that's not something that we want to charge for," Stephenson said. The software giant has occasionally released such tools to help administrators identify vulnerabilities and harden the company's operating systems. The guides build on another set of similar documents released in mid-March for Windows 2000. In February 2002, Microsoft released the Baseline Security Advisor, a free application designed to let system owners scan their computers for Microsoft applications that were missing patches. In two weeks, the company plans to put the Windows Server 2003 guide's lessons into a Web tutorial format, to make learning the document's content easier. Microsoft also plans to release a new tool this summer to automate the configuration of Windows Server 2003 systems, Stephenson said. "This plays well to what we are doing in the future...automating security and configurations," Stephenson said. ----- End forwarded message ----- From mieko em ccuec.unicamp.br Tue May 6 17:24:36 2003 From: mieko em ccuec.unicamp.br (Silvana Mieko Misuta) Date: Tue, 6 May 2003 17:24:36 -0300 Subject: [SECURITY-L] [jessen@nic.br: [IRT-L] Anuncio: Cartilha de Seguranca para Internet -- versao 2.0] Message-ID: <20030506202434.GA35328@ccuec.unicamp.br> ----- Forwarded message from Klaus Steding-Jessen ----- From: Klaus Steding-Jessen Subject: [IRT-L] Anuncio: Cartilha de Seguranca para Internet -- versao 2.0 To: irt-l em listas.unesp.br Date: Tue, 11 Mar 2003 18:42:34 -0300 [Caros, lancamos uma nova versao da cartilha de seguranca para Internet. O publico alvo dessa cartilha sao os usuarios leigos de Internet. Por favor sintam-se a vontade para mandar sugestoes e divulgar entre os seus usuarios. --Klaus] O NBSO lançou uma nova versão da Cartilha de Segurança para Internet. A cartilha conta com versões HTML e PDF e está disponível em: http://www.nbso.nic.br/docs/cartilha/ Esta nova versão da Cartilha foi completamente revisada e teve seu formato alterado para facilitar a leitura e a localização de assuntos específicos. Ela conta com novas sessões sobre: * Fraude no uso de sites de comércio eletrônico e de bancos; * Aspectos de segurança para usuários de banda larga; * Recomendações de segurança para clientes de redes wireless e também para aqueles que pretendem montar uma rede doméstica; * Aspectos de privacidade envolvidos na criação de páginas web e blogs, no uso de e-mails, e no armazenamento de dados em disco. O documento foi dividido em 7 partes: Parte I: Conceitos de Segurança Parte II: Riscos Envolvidos no Uso da Internet e Métodos de Prevenção Parte III: Privacidade Parte IV: Fraudes na Internet Parte V: Redes de Banda Larga e Redes Sem Fio (Wireless) Parte VI: SPAM Parte VII: Incidentes de Segurança e Uso Abusivo da Rede Foi criado também um Checklist, que apresenta um resumo dos cuidados básicos citados ao londo de todas as partes do documento, e um Glossário com termos usados no documento. Abracos, Klaus. NIC BR Security Office http://www.nic.br/nbso.html _______________________________________________ irt-l mailing list - irt-l em listas.unesp.br https://listas.unesp.br/mailman/listinfo/irt-l ----- End forwarded message ----- From mieko em ccuec.unicamp.br Wed May 7 15:18:57 2003 From: mieko em ccuec.unicamp.br (Silvana Mieko Misuta) Date: Wed, 7 May 2003 15:18:57 -0300 Subject: [SECURITY-L] Vulnerabilidades de Seguranca Message-ID: <20030507181857.GA36762@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 07/05/2003 ---------- Cisco Security Advisory Assunto: Cisco VPN 3000 Concentrator Vulnerabilities http://www.security.unicamp.br/docs/bugs/2003/05/v25.txt 06/05/2003 ---------- NGSSoftware Insight Security Research Advisory (#NISR07052003B) Assunto: Multiple Vulnerabilities in SLWebMail http://www.security.unicamp.br/docs/bugs/2003/05/v24.txt NGSSoftware Insight Security Research Advisory (#NISR07052003A) Assunto: Multiple Buffer Overflows in SLMail http://www.security.unicamp.br/docs/bugs/2003/05/v23.txt Anuncio de Seguranca do Conectiva Linux (CLA-2003:642) Assunto: Vulnerabilidade no pr\xe9-processador stream4 no snort http://www.security.unicamp.br/docs/bugs/2003/05/v22.txt Anuncio de Seguranca do Conectiva Linux (CLA-2003:641) Assunto: Falta de depend\xeancias no pacote perl-modules http://www.security.unicamp.br/docs/bugs/2003/05/v21.txt Debian Security Advisory (DSA 299-1) Assunto: improper setuid-root execution in leksbot http://www.security.unicamp.br/docs/bugs/2003/05/v20.txt Debian Security Advisory (DSA 300-1) Assunto: buffer overflow in balsa http://www.security.unicamp.br/docs/bugs/2003/05/v19.txt 05/05/2003 ---------- RHN Errata Alert (RHSA-2003:093-14) Assunto: Updated MySQL packages fix vulnerabilities http://www.security.unicamp.br/docs/bugs/2003/05/v18.txt CONECTIVA LINUX SECURITY ANNOUNCEMENT (CLA-2003:640) Assunto: Vulnerabilties in cookies and random challenge generations in vnc http://www.security.unicamp.br/docs/bugs/2003/05/v17.txt Anuncio de Seguranca do Conectiva Linux (CLA-2003:640) Assunto: Vulnerabilidades na geração de cookies e números aleatórios http://www.security.unicamp.br/docs/bugs/2003/05/v16.txt Anuncio de Seguranca do Conectiva Linux (CLA-2003:639) Assunto: Diversas vulnerabilidades no Kerberos http://www.security.unicamp.br/docs/bugs/2003/05/v15.txt SCO Security Advisory (CSSA-2003-019.0) Assunto: OpenLinux: tcp SYN with FIN packets are not discarded http://www.security.unicamp.br/docs/bugs/2003/05/v14.txt Centro de Atendimento a Incidentes de Seguranca Assunto: CAIS-Alerta: Patch Acumulativo para o Microsoft BizTalk Server (815206) http://www.security.unicamp.br/docs/bugs/2003/05/v13.txt 02/05/2003 ---------- Anuncio de Seguranca do Conectiva Linux (CLA-2003:638) Assunto: Problema com dicion\xe1rio b\xe1sico no pacote cracklib http://www.security.unicamp.br/docs/bugs/2003/05/v12.txt SCO Security Advisory (CSSA-2003-018.0) Assunto: OpenLinux: file command buffer overflow http://www.security.unicamp.br/docs/bugs/2003/05/v11.txt SCO Security Advisory (CSSA-2003-017.0) Assunto: OpenLinux: Various serious Samba vulnerabilities http://www.security.unicamp.br/docs/bugs/2003/05/v10.txt Anuncio de Seguranca do Conectiva Linux (CLA-2003:637) Assunto: Erro de sintaxe no script vncserver http://www.security.unicamp.br/docs/bugs/2003/05/v9.txt Red Hat Security Advisory (RHSA-2003:113-01) Assunto: Updated mod_auth_any packages available http://www.security.unicamp.br/docs/bugs/2003/05/v8.txt Debian Security Advisory (DSA 298-1) Assunto: buffer overflows in epic4 http://www.security.unicamp.br/docs/bugs/2003/05/v6.txt 01/05/2003 ---------- Gentoo Linux Security Announcement (200305-01) Assunto: timing attack leads to information disclosure in openssh http://www.security.unicamp.br/docs/bugs/2003/05/v7.txt Microsoft Assunto: Integer Manipulation Attacks http://www.security.unicamp.br/docs/bugs/2003/05/v5.txt Red Hat Network (RHSA-2003:133-05) Assunto: Updated man packages fix minor vulnerability http://www.security.unicamp.br/docs/bugs/2003/05/v4.txt Cisco Security Advisory Assunto: Nessus exposes FTP and Telnet vulnerabilities in Cisco ONS15454, ONS15327, ONS15454SDH, and ONS15600 http://www.security.unicamp.br/docs/bugs/2003/05/v3.txt Debian Security Advisory (DSA 297-1) Assunto: integer overflow, buffer overflow in snort http://www.security.unicamp.br/docs/bugs/2003/05/v2.txt Red Hat Security Advisory (RHSA-2003:133-01) Assunto: Updated man packages fix minor vulnerability http://www.security.unicamp.br/docs/bugs/2003/05/v1.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas Mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Wed May 7 14:24:12 2003 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Wed, 7 May 2003 14:24:12 -0300 Subject: [SECURITY-L] Sai novo OpenOffice em portugues Message-ID: <20030507172412.GA36602@ccuec.unicamp.br> ----- Forwarded message from Andre Aparecido Nogueira ----- From: Andre Aparecido Nogueira Subject: Sai novo OpenOffice em português To: undisclosed-recipients: ; Date: Tue, 06 May 2003 08:16:30 -0300 Organization: Unicamp-Faculdade de Engenharia Agricola Sai novo OpenOffice em português Segunda-feira, 05 de maio de 2003 - 16h48 SÃO PAULO - O pacote de aplicações OpenOffice ganhou hoje mais uma versão em português. Agora, a versão em idioma nacional está mais próxima da última lançada em inglês. Entre as novidades da versão 1.0.3 estão a correção de diversos bugs, assim como melhorias nos mecanismos de importação de arquivos. Com o lançamento da versão em português, os fãs brasileiros do OpenOffice agora podem desfrutar dessa versão mais estável. Para baixar o OpenOffice 1.0.3, basta clicar no Download INFO . -- Andre Aparecido Nogueira Faculdade de Eng. Agricola/UNICAMP °v° E-mail: mailto:andre em agr.unicamp.br /(_)\ Seja livre, use Linux! ^ ^ ----- End forwarded message ----- From mieko em ccuec.unicamp.br Wed May 7 15:33:25 2003 From: mieko em ccuec.unicamp.br (Silvana Mieko Misuta) Date: Wed, 7 May 2003 15:33:25 -0300 Subject: [SECURITY-L] [caio_sm@yahoo.com.br: Falhas no ICQ abrem computador para hackers] Message-ID: <20030507183325.GA36785@ccuec.unicamp.br> ----- Forwarded message from Caio Souza ----- From: Caio Souza Subject: Falhas no ICQ abrem computador para hackers To: mieko em ccuec.unicamp.br Date: Tue, 6 May 2003 11:41:41 -0300 (ART) 06/05/2003 - 10h44 Falhas no ICQ abrem computador para hackers da Folha Online Duas sérias falhas na última versão do software de mensagens instantâneas ICQ (sigla para a expressão em inglês "I seek you" [Eu procuro você]) permitem que um hacker assuma o controle do PC dos usuários. O alerta foi dado pela empresa de segurança Core Security Technologies. A companhia encontrou seis vulnerabilidades no programa da America Online, mas disse que somente duas delas têm sérias implicações porque abrem o computador para invasores. "Porém, o risco associado a cada vulnerabilidade depende do ambiente no qual o ICQ está sendo usado", disse Ivan Arce, diretor de tecnologia da Core. Segundo a Core, a versão vulnerável é a ICQ Pro 2003a. No ano passado, a America Online lançou uma versão enxuta do comunicador, o ICQ Lite. Essa versão não tem as falhas descobertas pela Core. Os especialistas em segurança disseram que há mais de um mês tentam, sem sucesso, fazer contato com os responsáveis pelo software na America Online. Por isso decidiram publicar o alerta unilateralmente. Três das vulnerabilidades, incluindo uma das falhas críticas, acontecem no recurso de e-mail do programa. Um bug no componente pode permitir que um hacker explore a forma como o ICQ gerencia o e-mail para executar um código malicioso de sua escolha. Para isso, porém, ele precisa enganar o servidor de e-mail, fazendo-se passar pelo usuário. A outra falha considerada crítica foi encontrada em uma ferramenta do ICQ que permite atualizações automáticas, disse o grupo. Como esse componente não conta com a segurança adequada, um invasor pode enviar uma suposta atualização quando, na verdade, estará mandando um código malicioso. O ICQ foi criado pela empresa israelense Mirabilis, que foi comprada pela America Online em junho de 1998 e teve seu nome trocado para ICQ Inc. Com agências internacionais http://www1.folha.uol.com.br/folha/informatica/ult124u12856.shtml _______________________________________________________________________ Yahoo! Mail O melhor e-mail gratuito da internet: 6MB de espaço, antivírus, acesso POP3, filtro contra spam. http://br.mail.yahoo.com/ ----- End forwarded message ----- From mieko em ccuec.unicamp.br Wed May 7 16:00:26 2003 From: mieko em ccuec.unicamp.br (Silvana Mieko Misuta) Date: Wed, 7 May 2003 16:00:26 -0300 Subject: [SECURITY-L] Boletins de Noticias Message-ID: <20030507190026.GA36821@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e redes da Unicamp com os seguintes boletins de noticia e/ou revistas eletronicas: 07/05/2003 ---------- SANS NewsBites Vol. 5 Num. 18 Fonte: SANS http://www.security.unicamp.br/docs/informativos/2003/05/b5.txt 05/05/2003 ---------- No.291 : SPAM - quanto se perde e como evitar? - Parte 2 Fonte: Modulo http://www.security.unicamp.br/docs/informativos/2003/05/b4.txt SecurityFocus Newsletter #195 Fonte: Security Focus http://www.security.unicamp.br/docs/informativos/2003/05/b3.txt SANS Critical Vulnerability Analysis Vol 2 No 17 Fonte: SANS http://www.security.unicamp.br/docs/informativos/2003/05/b2.txt 03/05/2003 ---------- SANS Free First Wednesday Webcast: May 7 Fonte: SANS http://www.security.unicamp.br/docs/informativos/2003/05/b1.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Thu May 8 15:25:50 2003 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Thu, 8 May 2003 15:25:50 -0300 Subject: [SECURITY-L] [rcarlosr@hotmail.com: Fwd: Last Microsoft Security Pack] Message-ID: <20030508182550.GC38468@ccuec.unicamp.br> ----- Forwarded message from Carlos M ----- From: "Carlos M" Subject: Fwd: Last Microsoft Security Pack To: daniela em ccuec.unicamp.br Date: Thu, 08 May 2003 17:31:13 +0000 Cara Daniela. Recebi este e-mail falso em nome da Microsoft com o arquivo q406747.exe (205k) anexo contaminado pelo v?rus W32/Gibe.gen em MM. Talvez seja interessante alertar a comunidade de seguran?a. Atenciosamente, Carlos Renato Moura >----Original Message Follows---- >From: "Microsoft Network Security Department" >To: "Microsoft Customer" < > >Subject: Last Microsoft Security Pack >Date: Thu, 8 May 2003 10:26:03 -0400 > >Microsoft Customer > >this is the latest version of security update, the >"May 2003, Cumulative Patch" update which eliminates all >known security vulnerabilities affecting Internet Explorer, >Outlook and Outlook Express as well as five newly discovered >vulnerabilities. Install now to protect your computer from these >vulnerabilities, the most serious of which could allow an attacker to >run executable on your system. This update includes the functionality >of all previously released patches. > >System requirements: >Win 9x/Me/2000/NT/XP > >This update applies to: >Microsoft Internet Explorer, version 4.01 and later >Microsoft Outlook, version 8.00 and later >Microsoft Outlook Express, version 4.01 and later > >Recommendation: >Customers should install the patch at the earliest opportunity. > >How to install: >Run attached file. Click Yes on displayed dialog box. > >How to use: >You don't need to do anything after installing this item. > >Microsoft Technical Support is available at >http://support.microsoft.com/ > >For security-related information about Microsoft products, >please visit the Microsoft Security Advisor web site at >http://www.microsoft.com/security > >Contact us at >http://www.microsoft.com/isapi/goregwiz.asp?target=/contactus/contactus.asp > > >Please do not reply to this message. It was sent from an unmonitored >e-mail address and we are unable to respond to any replies. > >Thank you for using Microsoft products. >With friendly greetings, >Microsoft Network Security Department >________________________________________ >?2003 Microsoft Corporation. All rights reserved. The names of the actual >companies >and products mentioned herein may be the trademarks of their respective >owners. > > >--- >Outgoing mail is certified Virus Free. >Checked by Kaspersky anti-virus system (http://www.kaspersky.com). >Release Date: 18.4.2003 _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus ----- End forwarded message ----- From daniela em ccuec.unicamp.br Thu May 8 16:56:00 2003 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Thu, 8 May 2003 16:56:00 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20030508195600.GA38755@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 07/05/2003 ---------- Microsoft Security Bulletin (MS03-017) Assunto: Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787). http://www.security.unicamp.br/docs/bugs/2003/05/v26.txt 08/05/2003 ---------- Anuncio de Seguranca do Conectiva Linux (CLA-2003:643) Assunto: Vulnerabilidade de estouro de buffer no pacote slocate. http://www.security.unicamp.br/docs/bugs/2003/05/v27.txt CAIS-Alerta Assunto: Vulnerabilidade no Windows Media Player (817787). http://www.security.unicamp.br/docs/bugs/2003/05/v28.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas Mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Fri May 9 16:18:23 2003 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Fri, 9 May 2003 16:18:23 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20030509191823.GA40388@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 07/05/2003 ---------- Debian Security Advisory (DSA 302-1) Assunto: vulnerabilidade de seguranca no pacote fuzz. http://www.security.unicamp.br/docs/bugs/2003/05/v29.txt 08/05/2003 ---------- RT 1.0.7 vulnerable to Cross Site Scripting attacks http://www.security.unicamp.br/docs/bugs/2003/05/v30.txt Mandrake Linux Security Update Advisory (MDKSA-2003:055) Assunto: vulnerabilidade de seguranca no pacote kopete. http://www.security.unicamp.br/docs/bugs/2003/05/v31.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas Mailto:security em unicamp.br http://www.security.unicamp.br From daniela em ccuec.unicamp.br Thu May 29 10:04:51 2003 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Thu, 29 May 2003 10:04:51 -0300 Subject: [SECURITY-L] CAIS-Alerta: Patch Acumulativo para o IIS (811114) Message-ID: <20030529130450.GA5488@ccuec.unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Patch Acumulativo para o IIS (811114) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Thu, 29 May 2003 09:56:00 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta divulgado pela Microsoft, Microsoft Security Bulletin MS03-018: Cumulative Patch for Internet Information Service (811114), que trata da disponibilizacao de patch acumulativo para o IIS e da eliminacao de quatro vulnerabilidades recentemente identificadas. Sistemas afetados: . Microsoft Internet Information Server 4.0 . Microsoft Internet Information Services 5.0 . Microsoft Internet Information Services 5.1 Correcoes disponiveis: A correcao consiste na aplicacao dos patches recomendados pela Microsoft e disponiveis em: . IIS 4.0: http://microsoft.com/downloads/details.aspx?FamilyId=1DBC1914-98E9-4DED-ADBF-E9B374A1F79D&displaylang=en . IIS 5.0: http://microsoft.com/downloads/details.aspx?FamilyId=2F5D9852-4ADD-44F8-8715-AC3D7D7D94BF&displaylang=en . IIS 5.1: 32-bit Edition: http://microsoft.com/downloads/details.aspx?FamilyId=77CFE3EF-C5C5-401C-BC12-9F08154A5007&displaylang=en 64-bit Edition: http://microsoft.com/downloads/details.aspx?FamilyId=86F4407E-B9BF-4490-9421-008407578D11&displaylang=en Maiores informacoes: http://www.microsoft.com/technet/security/bulletin/MS03-018.asp Identificadores do CVE: CAN-2003-0223, CAN-2003-0224, CAN-2003-0225, CAN-2003-0226, (http://cve.mitre.org) O CAIS recomenda fortemente aos administradores de plataformas Microsoft que mantenham seus sistemas e aplicativos sempre atualizados. Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA / RNP # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel em: http://www.cais.rnp.br/cais-pgp.key # ################################################################ - ------------------------------------------------------------------- Title: Cumulative Patch for Internet Information Service (811114) Date: 28 May 2003 Software: Microsoft(r) Windows NT(r) 4.0, Windows(r) 2000, or Windows(r) XP Impact: Allow an attacker to execute code of their choice Max Risk: Important Bulletin: MS03-018 Microsoft encourages customers to review the Security Bulletins at: http://www.microsoft.com/technet/security/bulletin/MS03-018.asp http://www.microsoft.com/security/security_bulletins/ms03-018.asp - ------------------------------------------------------------------- Issue: ====== This patch is a cumulative patch that includes the functionality of all security patches released for IIS 4.0 since Windows NT 4.0 Service Pack 6a, and all security patches released to date for IIS 5.0 since Windows 2000 Service Pack 2 and IIS 5.1. A complete listing of the patches superseded by this patch is provided below, in the section titled "Additional information about this patch". In addition to all previously released security patches, this patch also includes fixes for the following newly discovered security vulnerabilities affecting IIS 4.0, 5.0 and 5.1: - - - A Cross-Site Scripting (CSS) vulnerability affecting IIS 4.0, 5.0 and 5.1 involving the error message that's returned to advise that a requested URL has been redirected. An attacker who was able to lure a user into clicking a link on his or her web site could relay a request containing script to a third-party web site running IIS, thereby causing the third-party site's response (still including the script) to be sent to the user. The script would then render using the security settings of the third-party site rather than the attacker's. - A buffer overrun that results because IIS 5.0 does not correctly validate requests for certain types of web pages known as server side includes. An attacker would need the ability to upload a Server-side include page to a vulnerable IIS server. If the attacker then requested this page, a buffer overrun could result, which would allow the attacker to execute code of their choice on the server with user-level permissions. - A denial of service vulnerability that results because of a flaw in the way IIS 4.0 and 5.0 allocate memory requests when constructing headers to be returned to a web client. An attacker would need the ability to upload an ASP page to a vulnerable IIS server. This ASP page, when called by the attacker, would attempt to return an extremely large header to the calling web client. Because IIS does not limit the amount of memory that can be used in this case, this could case IIS to fail as a result of running out of local memory. - - - A denial of service vulnerability that results because IIS 5.0 and 5.1 do not correctly handle an error condition when an overly long WebDAV request is passed to them. As a result an attacker could cause IIS to fail - however both IIS 5.0 and 5.1 will by default restart immediately after this failure. There is a dependency associated with this patch - it requires the patch from Microsoft Security Bulletin MS02-050 to be installed. If this patch is installed and MS02-050 is not present, client side certificates will be rejected. This functionality can be restored by installing the MS02-050 patch. Mitigating Factors: ==================== Redirection Cross Site Scripting: - IIS 6.0 is not affected. - The vulnerability could only be exploited if the attacker could entice another user into visiting a web page and clicking a link on it, or opening an HTML mail. - The target page must be an ASP page, which uses Response.Redirect to redirect the client, to a new URL that is based on the incoming URL of current request. Server Side Include Web Pages Buffer Overrun - IIS 4.0, IIS 5.1 and IIS 6.0 are not affected. - The IIS Lockdown tool by default disables the ssinc.dll mapping, which will block this attack. - By default IIS 5.0 runs under a user account and not the system account. Therefore an attacker who successfully exploited the vulnerability would only gain user level permissions rather than administrative level permissions. - An attacker must have the ability to upload files to the IIS Server. ASP Headers Denial of Service - An attacker must have the ability to upload files to the IIS server. - IIS 5.0 will automatically restart after failing. - IIS 5.1 and IIS 6.0 are not affected. WebDAV Denial of Service - IIS 6.0 is not affected. - IIS 5.0 and 5.1 will restart automatically after this failure. - The IIS Lockdown tool disables WebDAV by default, which will block this attack. Risk Rating: ============ Important Patch Availability: =================== - A patch is available to fix this vulnerability. Please read the Security Bulletins at http://www.microsoft.com/technet/security/bulletin/ms03-018.asp http://www.microsoft.com/security/security_bulletins/ms03-018.asp for information on obtaining this patch. Acknowledgment: =============== - SPIDynamics SPI Labs http://www.spidynamics.com/spilabs.html and NSFocus http://www.nsfocus.com/ - ------------------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************* -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBPtYDaOkli63F4U8VAQHsmwP7BIxaBXK0OZk7I2d40fe2pZEuEyDVbKEu rgy35sR54trMiNa6CkNVcJ2AtbedNFccz2puYj1cNahA9fc3jULUnMczTewvD4MM TELJSeEzNdF4VQ/hY+c8L5AMW9dqhlj/grLFkOpb02Dp+GHEZCIyzbHISJXRU8E/ Cq5I+x0b5ik= =lwfr -----END PGP SIGNATURE----- ----- End forwarded message ----- From daniela em ccuec.unicamp.br Thu May 29 13:06:59 2003 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Thu, 29 May 2003 13:06:59 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no ISAPI Extension do Windows Media Services (817772) Message-ID: <20030529160659.GD5488@ccuec.unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no ISAPI Extension do Windows Media Services (817772) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Thu, 29 May 2003 11:00:39 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS está repassando o alerta divulgado pela Microsoft, Microsoft Security Bulletin MS03-019: Flaw in ISAPI Extension for Windows Media Services Could Cause Denial of Service (817772), que trata de uma vulnerabilidade identificada na extensao ISAPI, Internet Services Application Programming Interface, relacionada com o Microsoft Windows Media Services. A exploracao desta vulnerabilidade resulta em negacao de servico (DoS) do IIS. Sistemas Afetados: . Microsoft Windows NT 4.0 . Microsoft Windows 2000 Correções disponíveis: A correção consiste na aplicação dos patches recomendados pela Microsoft e disponíveis em: . Microsoft Windows NT 4.0: http://microsoft.com/downloads/details.aspx?FamilyId=8D7E3716-1AA7-4EDC-B084-7D50C8D3C2AB&displaylang=en . Microsoft Windows 2000: http://microsoft.com/downloads/details.aspx?FamilyId=9EFA4EBD-2068-4742-917D-A2638688C029&displaylang=en Maiores informações: http://www.microsoft.com/technet/security/bulletin/ms03-019.asp Identificador do CVE: CAN-2003-0227, (http://cve.mitre.org) O CAIS recomenda aos administradores de plataformas Microsoft que mantenham seus sistemas e aplicativos sempre atualizados. Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA / RNP # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel em: http://www.cais.rnp.br/cais-pgp.key # ################################################################ - ------------------------------------------------------------------- Title: Flaw in ISAPI Extension for Windows Media Services Could Cause Denial of Service (817772) Date: 28 May 2003 Software: Microsoft(r) Windows NT(r) 4.0, and Windows(r) 2000 Impact: Allow an attacker to execute code of their choice Max Risk: Moderate Bulletin: MS03-019 Microsoft encourages customers to review the Security Bulletins at: http://www.microsoft.com/technet/security/bulletin/MS03-019.asp http://www.microsoft.com/security/security_bulletins/ms03-019.asp - ------------------------------------------------------------------- Issue: ====== Microsoft Windows Media Services is a feature of Microsoft Windows 2000 Server, Advanced Server, and Datacenter Server and is also available as a downloadable version for Windows NT 4.0 Server. Windows Media Services contain support for a method of delivering media content to clients across a network known as multicast streaming. In multicast streaming however, the server has no connection or knowledge of the clients that may be receiving the stream coming from the server. To facilitate logging of client information for the server Windows 2000 includes a capability specifically designed for that purpose. . To help with this problem, Windows 2000 includes logging capabilities for multicast and unicast transmissions. This capability is implemented as an Internet Services Application Programming Interface (ISAPI) extension - nsiislog.dll. When Windows Media Services are installed in Windows NT 4.0 Server or added through add/remove programs to Windows 2000, nsiislog.dll is installed to the Internet Information Services (IIS) Scripts directory on the server. There is a flaw in the way in which nsiislog.dll processes incoming requests. A vulnerability exists because an attacker could send specially formed communications to the server that could cause IIS to stop responding to Internet requests. Windows Media Services is not installed by default on Windows 2000, and must be downloaded to install on Windows NT 4.0. An attacker attempting to exploit this vulnerability would have to be aware which computers on the network had Windows Media Services installed on it and send a specific request to that server. The denial of service would only affect IIS, and other services on the server would remain unaffected. Mitigating Factors: ==================== - Windows Media Services 4.1 is not installed by default on Windows 2000, and must be downloaded to install on Windows NT 4.0. - Windows Media Services are not available for Windows 2000 Professional or Windows NT 4.0 Workstation - The attacker would have to know which server on the network Windows Media Services had been installed on. Risk Rating: ============ Moderate Patch Availability: =================== - A patch is available to fix this vulnerability. Please read the Security Bulletins at http://www.microsoft.com/technet/security/bulletin/ms03-019.asp http://www.microsoft.com/security/security_bulletins/ms03-019.asp for information on obtaining this patch. Acknowledgment: =============== - Brett Moore (brett em softwarecreations.co.nz) - ------------------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************* -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBPtYSmukli63F4U8VAQFszQP9FrCL1WzGWoNo2Ys7F7F/IdcRxG1onk9P oP7cCX51Ttt/fmi2M6Wf5oTvd8m0uUdXM8CFiGF4oqTBGp38nLSLpIf6tSk88IZr Ah03sobo6WuWQemXBVR9B96xrTfwJREW7wGvH6k8O4Eh3XFehoVgfdb3SuJhbCrh gehqtwZZd4I= =fLf0 -----END PGP SIGNATURE----- ----- End forwarded message ----- From daniela em ccuec.unicamp.br Fri May 30 10:12:49 2003 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Fri, 30 May 2003 10:12:49 -0300 Subject: [SECURITY-L] [CAIS-Doc] 2003 CSI/FBI Computer Crime and Security Survey Message-ID: <20030530131248.GA382@ccuec.unicamp.br> ----- Forwarded message from "Liliana E. Velasquez Alegre Solha" ----- From: "Liliana E. Velasquez Alegre Solha" Subject: [IRT-L] [CAIS-Doc] 2003 CSI/FBI Computer Crime and Security Survey To: irt-l em listas.unesp.br Date: Fri, 30 May 2003 09:58:18 -0300 (BRT) Prezados, Recentemente foi divulgada a 8a pesquisa sobre crimes em computadores, conduzida anualmente pelo CSI (Computer Security Institute), em conjunto com o FBI. Mais do que numeros, esta pesquisa tem como objetivos primarios ajudar a determinar o escopo de crimes em computadores, assim como mostrar o nivel de seguranca (ou inseguranca) das empresas, instituicoes, organizacoes americanas, visando com isto conscientizar usuarios, administradores, gerentes e demais profissionais de TI nesta area. Uma copia pode ser obtida atraves da seguinte URL: http://www.gocsi.com/forms/fbi/pdf.html Um abraco, Liliana Solha CAIS/RNP ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA / RNP # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel em: http://www.cais.rnp.br/cais-pgp.key # ################################################################ ----- End forwarded message ----- From daniela em ccuec.unicamp.br Fri May 30 10:13:17 2003 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Fri, 30 May 2003 10:13:17 -0300 Subject: [SECURITY-L] [CAIS-Doc] 2003 Australian Computer Crime and Security Surveys Message-ID: <20030530131316.GB382@ccuec.unicamp.br> ----- Forwarded message from "Liliana E. Velasquez Alegre Solha" ----- From: "Liliana E. Velasquez Alegre Solha" Subject: [IRT-L] [CAIS-Doc] 2003 Australian Computer Crime and Security Surveys To: irt-l em listas.unesp.br Date: Fri, 30 May 2003 09:58:54 -0300 (BRT) Prezados, De maneira similar ao CSI/FBI, o AusCERT, em conjunto com algumas entidades do governo australiano, tambem divulgou uma pesquisa sobre crimes em computadores, no ambito de instituicoes, empresas e organizacoes australianas. http://www.auscert.org.au/crimesurvey/ Um outro documento interessante tambem divulgado pelo AusCERT, foi o draft do handbook "Management of IT evidence", sobre o gerenciamento de evidencias eletronicas. O documento esta´ disponivel atraves da seguinte URL: http://www.auscert.org.au/render.html?it=3117 Abracos, Liliana CAIS/RNP ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA / RNP # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel em: http://www.cais.rnp.br/cais-pgp.key # ################################################################ ----- End forwarded message ----- From daniela em ccuec.unicamp.br Fri May 30 10:22:27 2003 From: daniela em ccuec.unicamp.br (Daniela Regina Barbetti Silva) Date: Fri, 30 May 2003 10:22:27 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20030530132227.GA406@ccuec.unicamp.br> Srs. Usuarios, Atualizamos o site da Equipe de Seguranca em Sistemas e Redes da Unicamp com os seguintes boletins de vulnerabilidades: 27/05/2003 ---------- Debian Security Advisory (DSA 307-1) Assunto: vulnerabilidade de seguranca no pacote gps. http://www.security.unicamp.br/docs/bugs/2003/05/v79.txt 28/05/2003 ---------- Microsoft Security Bulletin (MS03-019) Assunto: Flaw in ISAPI Extension for Windows Media Services Could Cause Denial of Service (817772). http://www.security.unicamp.br/docs/bugs/2003/05/v72.txt REVISED: Microsoft Security Bulletin (MS03-007) Assunto: Unchecked Buffer In Windows Component Could Cause Server Compromise (815021). http://www.security.unicamp.br/docs/bugs/2003/05/v73.txt Microsoft Security Bulletin (MS03-018) Assunto: Cumulative Patch for Internet Information Service (811114). http://www.security.unicamp.br/docs/bugs/2003/05/v74.txt REVISED: Microsoft Security Bulletin (MS03-013) Assunto: Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493). http://www.security.unicamp.br/docs/bugs/2003/05/v75.txt 29/05/2003 ---------- Slackware Security Advisory (SSA:2003-149-01) Assunto: CUPS DoS vulnerability fixed. http://www.security.unicamp.br/docs/bugs/2003/05/v76.txt CAIS-Alerta Assunto: Patch Acumulativo para o IIS (811114) http://www.security.unicamp.br/docs/bugs/2003/05/v77.txt CAIS-Alerta Assunto: Vulnerabilidade no ISAPI Extension do Windows Media. http://www.security.unicamp.br/docs/bugs/2003/05/v78.txt Mandrake Linux Security Update Advisory (MDKSA-2003:062) Assunto: vulnerabilidade de seguranca no pacote cups. http://www.security.unicamp.br/docs/bugs/2003/05/v80.txt -- Equipe de Seguranca em Sistemas e Redes Unicamp - Universidade Estadual de Campinas Mailto:security em unicamp.br http://www.security.unicamp.br