From security em unicamp.br  Wed Oct  1 10:14:05 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Wed, 1 Oct 2003 10:14:05 -0300
Subject: [SECURITY-L] NISCC Vulnerability Advisory 006489/OpenSSL
Message-ID: <20031001131405.GG347@unicamp.br>

----- Forwarded message from Nelson Murilo <nelson em pangeia.com.br> -----

From: Nelson Murilo <nelson em pangeia.com.br>
Subject: [S] NISCC Vulnerability Advisory 006489/OpenSSL
To: seguranca em pangeia.com.br
Date: Tue, 30 Sep 2003 20:32:55 -0300


[http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm]

NISCC Vulnerability Advisory 006489/OpenSSL

Vulnerability Issues in OpenSSL

Version Information

Advisory Reference 006489/OpenSSL 
Release Date 30 September 2003 
Last Revision 30 September 2003 
Version Number 1.1 
 
What is Affected?

All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions 
of SSLeay. (SSLeay is no longer maintained.)

Severity

Three specific vulnerabilities have been discovered in the OpenSSL libraries. 
Two of these could allow a Denial of Service attack, the third may result in an attacker being able to execute malicious code under certain conditions.

Summary

During 2002 the University of Oulu Security Programming Group (OUSPG) discovered a number of implementation specific vulnerabilities in the Simple Network Management Protocol (SNMP). NISCC has performed and commissioned further work to identify implementation specific vulnerabilities in related protocols that are vital to the UK Critical National Infrastructure (CNI). The OpenSSL implementation of the TLS (Transport Layer Security) and SSL (Secure Sockets Layer) protocols, which add communications protection to a range of Internet protocols, has been studied in this context.

NISCC has provided a test suite to the OpenSSL project. The OpenSSL development team has utilised the test suite to determine whether their product is vulnerable. Three specific vulnerabilities have been identified. The codebase has been updated to address the issues found.

Details

OpenSSL is an open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a general purpose cryptography library.

The vulnerabilities described in this advisory affect the OpenSSL implementation of the TLS and SSL protocols, which are typically used to provide security services to a range of Internet application protocols and in support of web and email applications.

TLS and SSL are intermediate protocols layered onto a TCP connection used to provide additional security to higher level protocols. These higher level protocols, particularly application protocols such as web services or email, may be layered on top of a TLS/SSL connection.

TLS is based on SSL v3, and although the two are not interoperable, implementations of TLS v1 are likely to support SSL v3. For the purpose of this discussion the two will be considered equivalent. TLS and SSL are not Abstract Syntax Notation One (ASN.1) based protocols and define their own presentation language as part of the TLS/SSL specification. However, they do depend on a number of ASN.1 objects used as part of the protocol exchange.

For example, if one of the parties involved in a TLS/SSL connection sends an ASN.1 element that cannot be handled properly, the behaviour of the receiving application may be unpredictable. It has been found that a vulnerability can arise where one of the parties generates an exceptional ASN.1 element as part of a client certificate. A Denial of Service may arise in the receiving application, or there may be an opportunity for further exploitation.

Vendor specific information will be released as it becomes available and if vendor permission has been received. Subscribers are advised to check the following URL regularly for updates:

http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm

[Please note that updates to this advisory will not be notified by email.]

The identified vulnerabilities (complete with CVE names) are as follows:

NISCC/006489/OpenSSL/1 [OpenSSL 0.9.6 and 0.9.7]
CAN-2003-0543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543
CAN-2003-0544 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544
An unusual ASN.1 tag value can cause an out of bounds read under certain circumstances resulting in a Denial of Service condition.

NISCC/006489/OpenSSL/2 [OpenSSL 0.9.6 and 0.9.7]
[No CVE name]
An invalid public key in a certificate will crash the verify code if it is set to ignore all errors. This is only done for debugging purposes and is not present in production code. Successful exploitation would result in a Denial of Service condition.

NISCC/006490/OpenSSL/3 [OpenSSL 0.9.7]
CAN-2003-0545 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545
Certain ASN.1 structures which are rejected as invalid by the parser result in part of the corresponding structure being freed up incorrectly. In theory exploitation of this vulnerability could result in an attacker being able to execute malicious code.



Solution

Please refer to the Vendor Information section of this advisory for implementation specific remediation.

These vulnerabilities have been fixed in OpenSSL 0.9.7c and 0.9.6k, available from the OpenSSL web site at:

http://www.openssl.org/news/secadv_20030930.txt

[OpenSSL was analysed by Stephen Henson, a member of the OpenSSL core team (steve em openssl.org). Stephen has also produced the patches to address the issues identified.]



Vendor Information 

The following vendors have provided information about how their products are affected by these vulnerabilities. 

Apple 
"Vulnerable. This is fixed in Mac OS X 10.2.8 which is available from http://www.apple.com/support/." 

Hewlett-Packard 
"At the time of writing this document, HP is investigating the potential impact to HP's optional software products. As further information becomes available HP will provide notice of the availability of necessary patches through the standard security bulletin announcements and through your normal HP Services support channel. 



HP-UX - not impacted
HP Tru64 Unix - not impacted
HP NonStop Servers - not impacted" 

Nortel Networks 
"Nortel Networks products incorporating TLS/SSL enabled web servers are not configured to accept or require client authentication; accordingly they are Not Impacted by this vulnerability. Nortel Networks will apply available third-party patches to future product releases or Maintenance Releases." 



Red Hat 
"Red Hat distributes OpenSSL 0.9.6 in various Red Hat Linux distributions and with the Stronghold secure web server. Updated packages which contain backported patches for these issues are available along with our advisories at the URL below. Users of the Red Hat Network will be able to update their systems using the 'up2date' tool. 

Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2003-293.html 
Red Hat Linux 7.1, 7.2, 7.3, 8.0: http://rhn.redhat.com/errata/RHSA-2003-291.html 
Stronghold 4 cross-platform: http://rhn.redhat.com/errata/RHSA-2003-290.html 

Red Hat distributes OpenSSL 0.9.7 in Red Hat Linux 9. Updated packages which contain backported patches for these issues are available along with our advisory at the URL below. Users of the Red Hat Network will be able to update their systems using the 'up2date' tool. 

Red Hat Linux 9: http://rhn.redhat.com/errata/RHSA-2003-292.html" 



Contact Information

The NISCC Vulnerability Management Team can be contacted as follows:


Email vulteam em niscc.gov.uk 
(Please quote the advisory reference in the subject line.) 
Telephone +44 (0)20 7821 1330 Extension 4511 
(Monday to Friday 08:30 - 17:00) 
Fax +44 (0)20 7821 1686 
Post Vulnerability Management Team
NISCC
PO Box 832
London
SW1P 1BG 


We encourage those who wish to communicate via email to make use of our PGP key. This is available from http://www.uniras.gov.uk/UNIRAS.asc.

Please note that UK government protectively marked material should not be sent to the email address above.

If you wish to be added to our email distribution list, please email your request to uniras em niscc.gov.uk.



What is NISCC?

For further information regarding the UK National Infrastructure Security Co-Ordination Centre, please visit the NISCC web site at: 
http://www.niscc.gov.uk/aboutniscc/index.htm

Reference to any specific commercial product, process or service by trade name, trademark manufacturer or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by NISCC. The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes.

Neither shall NISCC accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this notice.

© 2003 Crown Copyright

Revision History 

September 30, 2003: Initial release
September 30, 2003: Added Nortel impact statement

<End of NISCC Vulnerability Advisory>


----- End forwarded message -----


From security em unicamp.br  Wed Oct  1 10:21:20 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Wed, 1 Oct 2003 10:21:20 -0300
Subject: [SECURITY-L] Samba chega a versao 3.0
Message-ID: <20031001132118.GH347@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: Samba chega X versXo 3.0
To: security em unicamp.br
Date: Tue, 30 Sep 2003 21:40:57 -0300 (ART)

Samba chega à versão 3.0
Terça-feira, 30 de setembro de 2003 - 16h01

SÃO PAULO - O Samba, programa para integração de redes
Windows com o Linux, saiu da versão 2 e ganhou novos
recursos.

A principal novidade é a integração com o Active
Directory, um recurso presente em redes com Windows
2000 e 2003. Com isso, usuários do Samba podem ser
autenticados em domínios de Windows 2000 e 2003. Além
disso, o próprio servidor Samba pode integrar a rede
com Active Directory. Outra melhoria foi o sistema de
impressão, que está mais compatível com Windows
2000/XP/2003.

O novo Samba pode ser baixado no site:
http://info.abril.com.br/aberto/download/1797.shl

Eric Costa, da INFO

http://info.abril.com.br/aberto/infonews/092003/30092003-6.shl

----- End forwarded message -----


From security em unicamp.br  Wed Oct  1 15:42:14 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Wed, 1 Oct 2003 15:42:14 -0300
Subject: [SECURITY-L] OpenSSL 0.9.7c
Message-ID: <20031001184212.GJ347@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: OpenSSL 0.9.7c
To: security em unicamp.br
Date: Wed, 1 Oct 2003 11:44:01 -0300 (ART)

OpenSSL 0.9.7c
Enviado em: Wednesday, October 01 @ 11:32:58 BRT

http://www.linuxsecurity.com.br/article.php?sid=7899&mode=thread&order=0

Nova versão corrigindo vulnerabilidades recém
anunciadas... O projeto OpenSSL representa um esforço
colaborativo para desenvolvimento de um toolkit
implementando protocolos Secure Sockets Layer (SSL
v2/v3) e Transport Layer Security (TLS v1) robustos,
de qualidade comercial e com todas as características,
além de criptografia forte e completa para uso de
todos... OpenSSL é baseado na excelente biblioteca
SSLeay desenvolvida por Eric A. Young e Tim J.
Hudson...



Site: http://www.openssl.org


----- End forwarded message -----


From security em unicamp.br  Wed Oct  1 15:47:14 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Wed, 1 Oct 2003 15:47:14 -0300
Subject: [SECURITY-L] CAIS-Alerta: Multiplas vulnerabilidades no OpenSSL
Message-ID: <20031001184713.GK347@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Multiplas vulnerabilidades no OpenSSL
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 1 Oct 2003 11:57:01 -0300 (BRT)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

	O CAIS esta repassando o alerta divulgado recentemente pelo
OpenSSL Project, "OpenSSL Security Advisory [30 September 2003]:
Vulnerabilities in ASN1. parsing", tratando de multiplas vulnerabilidades
no gerenciamento de pilha e parsing de strings no OpenSSL. Tal
vulnerabilidade pode permitir a um atacante remoto causar
indisponibilidade no servico ou executar codigo arbitrario.

Sistemas afetados:

	. Sistemas executando todas as versoes do OpenSSL ate' a versao
          0.9.6j e 0.9.7b
	. Sistemas executando todas as versoes de SSLeay
	. Qualquer aplicacao que utiliza a biblioteca ASN1 do OpenSSL para
          fazer o parsing de dados nao confiaveis. Isso inclui todas as
          aplicacoes baseadas em SSL ou TLS, S/MIME (PKCS#7) ou rotinas de
          geracao de certificados

Correcoes disponiveis:

A correcao consiste em fazer a atualizacao para as versoes 0.9.7c ou
0.9.6k, bem como recompilar todas as aplicacoes que foram linkadas
estaticamente com bibliotecas do OpenSSL.

	. OpenSSL 0.9.7c
	  http://www.openssl.org/source/openssl-0.9.7c.tar.gz

	. OpenSSL 0.9.6k
	  http://www.openssl.org/source/openssl-0.9.6k.tar.gz

Maiores informacoes:

	http://www.openssl.org/news/secadv_20030930.txt
	http://www.kb.cert.org/vuls/id/255484
	http://www.kb.cert.org/vuls/id/935264

Identificadores CVE:  CAN-2003-0545, CAN-2003-0543, CAN-2003-0544
			(http://cve.mitre.org)

O CAIS recomenda aos administradores manterem seus sistemas e aplicativos
sempre atualizados, de acordo com as ultimas versoes e correcoes
disponibilizadas pelos fabricantes.


Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################


OpenSSL Security Advisory [30 September 2003]

Vulnerabilities in ASN.1 parsing
================================

NISCC (www.niscc.gov.uk) prepared a test suite to check the operation
of SSL/TLS software when presented with a wide range of malformed client
certificates.

Dr Stephen Henson (steve em openssl.org) of the OpenSSL core team
identified and prepared fixes for a number of vulnerabilities in the
OpenSSL ASN1 code when running the test suite.

A bug in OpenSSLs SSL/TLS protocol was also identified which causes
OpenSSL to parse a client certificate from an SSL/TLS client when it
should reject it as a protocol error.

Vulnerabilities
- ---------------

1. Certain ASN.1 encodings that are rejected as invalid by the parser
can trigger a bug in the deallocation of the corresponding data
structure, corrupting the stack. This can be used as a denial of service
attack. It is currently unknown whether this can be exploited to run
malicious code. This issue does not affect OpenSSL 0.9.6.

2. Unusual ASN.1 tag values can cause an out of bounds read under
certain circumstances, resulting in a denial of service vulnerability.

3. A malformed public key in a certificate will crash the verify code if
it is set to ignore public key decoding errors. Public key decode errors
are not normally ignored, except for debugging purposes, so this is
unlikely to affect production code. Exploitation of an affected
application would result in a denial of service vulnerability.

4. Due to an error in the SSL/TLS protocol handling, a server will parse
a client certificate when one is not specifically requested. This by
itself is not strictly speaking a vulnerability but it does mean that
*all* SSL/TLS servers that use OpenSSL can be attacked using
vulnerabilities 1, 2 and 3 even if they don't enable client
authentication.

Who is affected?
- ----------------

All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all
versions of SSLeay are affected.

Any application that makes use of OpenSSL's ASN1 library to parse
untrusted data. This includes all SSL or TLS applications, those using
S/MIME (PKCS#7) or certificate generation routines.

Recommendations
- ---------------

Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications
statically linked to OpenSSL libraries.

References
- ----------

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0545 for issue 1:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545

and CAN-2003-0543 and CAN-2003-0544 for issue 2:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20030930.txt



-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP3rrQ+kli63F4U8VAQHjWQQAtBXbV031+OFhfThzcdr5jsQwwPijyAnN
OSglZjhvlCpzj+Z0hzJAYVWUpQnlHemHcTi71aodIE4vi6q2S1b1utnamr/2DGbr
BxoYg/QgU37DQtCbgpMryfiBE+HaRP3jZN6b6Sb+HPJfNZPr/E+bIsB0CT7qGkM7
5vIklJme9NE=
=D5fn
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Fri Oct  3 10:03:39 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Fri, 3 Oct 2003 10:03:39 -0300
Subject: [SECURITY-L] Vulnerabilidades de seguranca (1)
Message-ID: <20031003130332.GE3994@unicamp.br>

Srs. Usuarios,

Atualizamos o site da Equipe de Seguranca em Sistemas e Redes
da Unicamp com os seguintes boletins de vulnerabilidades:


26/09/2003
----------
Mandrake Linux Security Update Advisory (MDKSA-2003:095)
Assunto: vulnerabilidade de seguranca no pacote proftpd.
http://www.security.unicamp.br/docs/bugs/2003/09/v103.txt 

Mandrake Linux Security Update Advisory (MDKSA-2003:096)
Assunto: vulnerabilidade de seguranca no pacote apache2.
http://www.security.unicamp.br/docs/bugs/2003/09/v104.txt 


27/09/2003
----------
Trustix Secure Linux Security Advisory (#2003-037)
Assunto: vulnerabilidade de seguranca no pacote proftpd.
http://www.security.unicamp.br/docs/bugs/2003/09/v106.txt 

Gentoo Linux Security Announcement (200309-15)
Assunto: vulnerabilidade de seguranca no pacote media-video/mplayer.
http://www.security.unicamp.br/docs/bugs/2003/09/v107.txt 


28/09/2003
----------
Debian Security Advisory (DSA 391-1)
Assunto: vulnerabilidade de seguranca no pacote freesweep.
http://www.security.unicamp.br/docs/bugs/2003/09/v105.txt 

Gentoo Linux Security Announcement (200309-16)
Assunto: vulnerabilidade de seguranca no pacote net-ftp/proftpd.
http://www.security.unicamp.br/docs/bugs/2003/09/v108.txt 


29/09/2003
----------
Debian Security Advisory (DSA 392-1)
Assunto: vulnerabilidade de seguranca no pacote webfs.
http://www.security.unicamp.br/docs/bugs/2003/09/v109.txt 

Anúncio de Segurança do Conectiva Linux (CLA-2003:750)
Assunto: vulnerabilidade remota no pacote proftpd.
http://www.security.unicamp.br/docs/bugs/2003/09/v110.txt 

CERT Advisory Notice
Assunto: Clarifications regarding recent vulnerabilities in OpenSSH. 
http://www.security.unicamp.br/docs/bugs/2003/09/v111.txt 

Immunix Secured OS Security Advisory (IMNX-2003-7+-022-01)
Assunto: vulnerabilidade de seguranca no pacote openssl.
http://www.security.unicamp.br/docs/bugs/2003/09/v116.txt 


30/09/2003
----------
Red Hat Security Advisory (RHSA-2003:291-01)
Assunto: Updated OpenSSL packages fix vulnerabilities.
http://www.security.unicamp.br/docs/bugs/2003/09/v112.txt 

OpenPKG Security Advisory (OpenPKG-SA-2003.044)
Assunto: vulnerabilidade de seguranca no pacote openssl.
http://www.security.unicamp.br/docs/bugs/2003/09/v113.txt 

OpenSSL Security Advisory 
http://www.security.unicamp.br/docs/bugs/2003/09/v114.txt 

Gentoo Linux Security Announcement (200309-17)
Assunto: vulnerabilidade de seguranca no pacote mpg123.
http://www.security.unicamp.br/docs/bugs/2003/09/v115.txt 

Guardian Digital Security Advisory (ESA-20030930-027)
Assunto: vulnerabilidade de seguranca nos pacotes openssl e
openssl-misc.
http://www.security.unicamp.br/docs/bugs/2003/09/v117.txt 

Gentoo Linux Security Announcement (200309-18)
Assunto: vulnerabilidade de seguranca no pacote teapop.
http://www.security.unicamp.br/docs/bugs/2003/09/v118.txt 

Mandrake Linux Security Update Advisory (MDKSA-2003:097)
Assunto: vulnerabilidade de seguranca no pacote mplayer.
http://www.security.unicamp.br/docs/bugs/2003/09/v119.txt 

Anúncio de Segurança do Conectiva Linux (CLA-2003:751)
Assunto: vulnerabilidades remotas no pacote openssl.
http://www.security.unicamp.br/docs/bugs/2003/09/v120.txt 

Cisco Security Advisory
Assunto: SSL Implementation Vulnerabilities.
http://www.security.unicamp.br/docs/bugs/2003/09/v121.txt 

Mandrake Linux Security Update Advisory (MDKSA-2003:098)
Assunto: vulnerabilidade de seguranca no pacote openssl.
http://www.security.unicamp.br/docs/bugs/2003/09/v122.txt 

Slackware Security Advisory (SSA:2003-273-01)
Assunto: OpenSSL security update.
http://www.security.unicamp.br/docs/bugs/2003/09/v123.txt 


--
Equipe de Seguranca em Sistemas e Redes
Unicamp - Universidade Estadual de Campinas
Mailto:security em unicamp.br
http://www.security.unicamp.br    


From security em unicamp.br  Thu Oct  2 09:21:49 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Thu, 2 Oct 2003 09:21:49 -0300
Subject: [SECURITY-L] CAIS-Alerta: Exploracao de Vulnerabilidade do Internet
	Explorer (IN-2003-04)
Message-ID: <20031002122149.GA3994@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Exploracao de Vulnerabilidade do Internet Explorer
 (IN-2003-04)
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 1 Oct 2003 17:51:47 -0300 (BRT)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS esta' repassando o CERT Incident Note IN-2003-04, Exploitation of
Internet Explorer Vulnerability, tratando do aumento de atividade hacker
baseada na exploracao da vulnerabilidade do Microsoft Internet Explorer
que permite ao atacante executar codigo arbitrario na maquina
comprometida.

De acordo com o CERT/CC, os atacantes estao explorando a vulnerabilidade
relatada no Vulnerability Note VU#865940, para obter acesso a sistemas e
fazer com que estes disparem ataques DoS ou se conectem por dial-up em
servicos que podem gerar diversos prejuizos, inclusive financeiros, para
os usuarios.

O Incident Note em anexo apresenta algumas solucoes de contorno para a
vulnerabilidade em questao, ja que as correcoes disponibilizadas pelo
fabricante nao sao suficientes para corrigir _totalmente_ o problema.

Segue a lista de alertas e referencias adicionais relacionados ao assunto
tratado no referido Incident Note:

	. Alerta repassado pelo CAIS: Microsoft Security Bulletin MS03-032
	  "Patch Acumulativo para o Internet Explorer (822925)"
	  http://www.rnp.br/cais/alertas/2003/MS03-032.html

	. Alerta repassado pelo CAIS: CERT Advisory CA-2003-22
	  "Multiple Vulnerabilities in Microsoft Internet Explorer"
	   http://www.rnp.br/cais/alertas/2003/CA200322.html

	. CERT Vulnerability Note VU#865940
	  http://www.kb.cert.org/vuls/id/865940


Maiores informacoes podem ser encontradas em:

	http://www.cert.org/incident_notes/IN-2003-04.html

O CAIS relembra aos administradores e usuarios a necessidade de manterem
seus sistemas e aplicativos sempre atualizados, de acordo com as
informacoes e correcoes disponibilizadas pelos respectivos fabricantes.
Vale ressaltar a importancia de manter um anti-virus instalado e
atualizado.

Finalmente, como a questao tratada neste alerta ainda nao possui solucao
conhecida, o CAIS estara acompanhando o desenrolar do assunto, mantendo-os
informados a respeito.

Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################


CERT® Incident Note IN-2003-04

The CERT Coordination Center publishes incident notes to provide
information about incidents to the Internet community.

Exploitation of Internet Explorer Vulnerability

Release Date: October 1, 2003

Overview

The CERT/CC has received reports indicating that attackers are actively
exploiting the Microsoft Internet Explorer vulnerability described in
VU#865940.
Description

Reports to the CERT/CC indicate that attackers are leveraging the
vulnerability described in VU#865940 to cause victim systems to perform
various tasks. These attacks include the installation of tools for
launching distributed denial-of-service (DDoS) attacks and the use of the
victim system's modem to dial pay-per-minute services thereby incurring
significant expense to users. By convincing a user running a vulnerable
version of Microsoft Internet Explorer (IE) to view an HTML document
(e.g., a web page or HTML email), a remote attacker could execute
arbitrary code with the privileges of the user.

The vulnerability described in VU#865940 exists due to an interaction
between IE's MIME type processing and the way it handles HTML application
(HTA) files embedded in OBJECT tags. When an HTA file is referenced by the
DATA attribute of an OBJECT element, and the web server returns the
Content-Type header set to application/hta, IE may execute the HTA file
directly, without user intervention. The HTML used to reference the HTA
file can be created in at least three ways:

   1. The HTML can be static
   2. The HTML can be generated by script
(<http://lists.netsys.com/pipermail/full-disclosure/2003-September/009639.html>)
   3. The HTML can be generated by Data Binding an XML source to an HTML
consumer
(<http://lists.netsys.com/pipermail/full-disclosure/2003-September/009665.html>)

The extension of the HTA file does not affect this behavior, for example
<OBJECT DATA="somefile.jpg"> (where somefile.jpg is a text file containing
HTML code). IE security zone settings for ActiveX controls may prevent an
HTA from being executed in this manner.

Additional details on VU#865940 can be found in the Vulnerability Note.

Any program that uses the WebBrowser ActiveX control or the IE HTML
rendering engine (MSHTML) may be affected by this vulnerability. Outlook
and Outlook Express are affected, however recent versions of these
programs open mail in the Restricted sites zone where ActiveX controls and
plug-ins are disabled by default.

Although Microsoft has released a cumulative patch for Internet Explorer
(see MS03-032) that stops HTAs from executing in one case in which static
HTML is used to create an OBJECT element referencing the HTA, the patch
does not prevent HTAs from executing in the cases when the requisite HTML
is generated by script or by Data Binding. We have confirmed reports of
attackers exploiting the Data Binding method.

Solutions

The CERT/CC is unaware of a complete solution for this vulnerability.

Apply patch

The cumulative patch (822925) referenced in Microsoft Security Bulletin
MS03-032 (released on 2003-08-20) stops HTAs from executing in one case in
which static HTML is used to create an OBJECT element referencing the HTA
(1). The patch does not prevent HTAs from executing in at least two other
cases in which the requisite HTML is generated by script (2) or by Data
Binding (3). The CERT/CC recommends that users and administrators take
additional steps to protect against exploitation via the latter methods.
Additional steps for users

Disable ActiveX controls and plug-ins

It appears that disabling the "Run ActiveX controls and plug-ins" setting
will prevent OBJECT elements from being instantiated, thus preventing
exploitation of this vulnerability. Disable "Run ActiveX controls and
plug-ins" in the Internet zone and any zone used to read HTML email. Note
that there may be other attack vectors that are not governed by the "Run
ActiveX controls and plug-ins" setting.

Apply the Outlook Email Security Update

Another way to effectively disable ActiveX controls and plug-ins in
Outlook is to install the Outlook Email Security Update. The update
configures Outlook to open email messages in the Restricted Sites Zone,
where Active scripting is disabled by default. In addition, the update
provides further protection against malicious code that attempts to
propagate via Outlook. The Outlook Email Security Update is available for
Outlook 98 and Outlook 2000. The functionality of the Outlook Email
Security Update is included in Outlook 2002 and Outlook Express 6.

Maintain updated antivirus software

Antivirus software with updated virus definitions may identify and prevent
some exploit attempts. Variations of exploits or attack vectors may not be
detected. Do not rely on antivirus software to defend against this
vulnerability. The CERT/CC maintains a partial list of antivirus vendors.
Additional steps for system administrators
The following steps are recommended for system administrators and advanced
users.

Unmap HTA MIME type

Deleting or renaming the following registry key prevents HTAs from
executing in the three cases listed above:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content
Type\application/hta

Note that there may be other attack vectors that do not rely on this MIME
setting.

Block Content-Type headers

Use an application layer firewall, HTTP proxy, or similar technology to
block or modify HTTP Content-Type headers with the value
"application/hta". This technique may not work for encrypted HTTP
connections and it may break applications that require the
"application/hta" Content-Type header.
Block mshta.exe

Use a host-based firewall to deny network access to the HTA host:
%SystemRoot%\system32\mshta.exe. Examining network traces of known attack
vectors, it seems that the exploit HTML/HTA code is accessed three times,
twice by IE and once by mshta.exe. The HTA is instantiated at some point
before the third access attempt. Blocking mshta.exe prevents the third
access attempt, which appears prevent the exploit code from being loaded
into the HTA. There may be other attack vectors that circumvent this
workaround. For example, a vulnerability that allowed data in the browser
cache to be loaded into the HTA could remove the need for mshta.exe to
access the network. This technique may break applications that require
HTAs to access the network. Also, specific host-based firewalls may or may
not properly block mshta.exe from accessing the network.

Recovering from a system compromise

If you believe a system under your administrative control has been
compromised, please follow the Steps for Recovering from a UNIX or NT
System Compromise.

Reporting

The CERT/CC is tracking activity related to this worm as CERT#35432.
Relevant artifacts or activity can be sent to cert em cert.org with the
appropriate CERT# in the subject line. Authors: Allen Householder and Art
Manion
This document is available from:
http://www.cert.org/incident_notes/IN-2003-04.html
CERT/CC Contact Information

Email: cert em cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
    CERT Coordination Center
    Software Engineering Institute
    Carnegie Mellon University
    Pittsburgh PA 15213-3890
    U.S.A.

CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4)
Monday through Friday; they are on call for emergencies during other
hours, on U.S. holidays, and on weekends.
Using encryption

We strongly urge you to encrypt sensitive information sent by email. Our
public PGP key is available from

http://www.cert.org/CERT_PGP.key

If you prefer to use DES, please call the CERT hotline for more
information.
Getting security information

CERT publications and other security information are available from our
web site

http://www.cert.org/

To subscribe to the CERT mailing list for advisories and bulletins, send
email to majordomo em cert.org. Please include in the body of your message

subscribe cert-advisory

* "CERT" and "CERT Coordination Center" are registered in the U.S. Patent
and Trademark Office.

NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software
Engineering Institute is furnished on an "as is" basis. Carnegie Mellon
University makes no warranties of any kind, either expressed or implied as
to any matter including, but not limited to, warranty of fitness for a
particular purpose or merchantability, exclusivity or results obtained
from use of the material. Carnegie Mellon University does not make any
warranty of any kind with respect to freedom from patent, trademark, or
copyright infringement.
Conditions for use, disclaimers, and sponsorship information

Copyright ©2003 Carnegie Mellon University.

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP3s+aukli63F4U8VAQFoWwP8DMzVtGwZ2fArKpRYJ73/hHNGjg6GX0Of
0IN4KKVgqOhDBdqrdbVmB4OFHhdqwZva6vOLy+nEoNwpwpVd0/tjTe34d2/snZ6c
BFW3MSnAVKPIp3AWE8rJb2vRqlLxDQohLa/k4cK48drAQQ0NZbQr5bsJmOvXQCwv
L9v3loBi8CA=
=aa71
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Thu Oct  2 09:23:32 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Thu, 2 Oct 2003 09:23:32 -0300
Subject: [SECURITY-L] CERT Advisory CA-2003-26 Multiple Vulnerabilities in
	SSL/TLS Implementations
Message-ID: <20031002122331.GB3994@unicamp.br>

----- Forwarded message from CERT Advisory <cert-advisory em cert.org> -----

From: CERT Advisory <cert-advisory em cert.org>
Subject: CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations 
To: cert-advisory em cert.org
Date: Wed, 1 Oct 2003 19:29:56 -0400
Organization: CERT(R) Coordination Center - +1 412-268-7090


-----BEGIN PGP SIGNED MESSAGE-----

CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS
Implementations

   Original issue date: October 1, 2003
   Last revised: --
   Source: CERT/CC

   A complete revision history is at the end of this file.


Systems Affected

     * OpenSSL versions prior to 0.9.7c and 0.9.6k
     * Multiple SSL/TLS implementations
     * SSLeay library


Overview

   There are multiple vulnerabilities in different implementations of the
   Secure   Sockets  Layer  (SSL)  and  Transport  Layer  Security  (TLS)
   protocols.  These  vulnerabilities  occur primarily in Abstract Syntax
   Notation  One  (ASN.1)  parsing code. The most serious vulnerabilities
   may  allow  a  remote  attacker  to execute arbitrary code. The common
   impact is denial of service.


I. Description

   SSL  and  TLS  are  used  to  provide  authentication, encryption, and
   integrity  services to higher-level network applications such as HTTP.
   Cryptographic   elements   used   by  the  protocols,  such  as  X.509
   certificates, are represented as ASN.1 objects. In order to encode and
   decode   these   objects,   many  SSL  and  TLS  implementations  (and
   cryptographic libraries) include ASN.1 parsers.

   OpenSSL is a widely-deployed open source implementation of the SSL and
   TLS  protocols.  OpenSSL also provides a general-purpose cryptographic
   library that includes an ASN.1 parser.

   The U.K. National Infrastructure Security Co-ordination Centre (NISCC)
   has   developed   a  test  suite  to  analyze  the  way  SSL  and  TLS
   implementations  handle  exceptional ASN.1 objects contained in client
   and  server  certificate  messages. Although the test suite focuses on
   certificate  messages,  any  untrusted ASN.1 element may be used as an
   attack  vector.  An advisory from OpenSSL describes as vulnerable "Any
   application  that  makes  use  of  OpenSSL's  ASN1  library  to  parse
   untrusted data. This includes all SSL or TLS applications, those using
   S/MIME (PKCS#7) or certificate generation routines."

   There are two certificate message attack vectors. An attacker can send
   crafted client certificate messages to a server, or attempt to cause a
   client  to  connect to a server under the attacker's control. When the
   client connects, the attacker can deliver a crafted server certificate
   message.  Note that the standards for TLS (RFC 2246) and SSL 3.0 state
   that  a  client  certificate  message  "...is  only sent if the server
   requests a certificate." To reduce exposure to these types of attacks,
   an   SSL/TLS  server  should  ignore  unsolicited  client  certificate
   messages (VU#732952).

   NISCC  has  published  two  advisories  describing  vulnerabilities in
   OpenSSL    (006489/OpenSSL)    and   other   SSL/TLS   implementations
   (006489/TLS).  The  second advisory covers multiple vulnerabilities in
   many  vendors'  products.  Further  details,  including  vendor status
   information, are available in the following vulnerability notes.

    VU#935264 - OpenSSL ASN.1 parser insecure memory deallocation
    A vulnerability  in  the way OpenSSL deallocates memory used to store
    ASN.1 structures  could  allow a remote attacker to execute arbitrary
    code with the privileges of the process using the OpenSSL library.
    (Other resources: NISCC/006490/OpenSSL/3, OpenSSL #1, CAN-2003-0545)

    VU#255484 - OpenSSL contains integer overflow handling ASN.1 tags (1)
    An integer  overflow  vulnerability  in the way OpenSSL handles ASN.1
    tags could allow a remote attacker to cause a denial of service.
    (Other resources: NISCC/006490/OpenSSL/1, OpenSSL #2, CAN-2003-0543)

    VU#380864 - OpenSSL contains integer overflow handling ASN.1 tags (2)
    A second  integer  overflow  vulnerability in the way OpenSSL handles
    ASN.1 tags could allow a remote attacker to cause a denial of service.
    (Other resources: NISCC/006490/OpenSSL/1, OpenSSL #2, CAN-2003-0544)

    VU#686224 -  OpenSSL does not securely handle invalid public key when
    configured to ignore errors
    A vulnerability  in  the  way  OpenSSL handles invalid public keys in
    client certificate  messages could allow a remote attacker to cause a
    denial of service. This vulnerability requires as a precondition that
    an  application  is  configured  to ignore public key decoding errors,
    which is not typically the case on production systems.
    (Other resources: NISCC/006490/OpenSSL/2, OpenSSL #3)

    VU#732952 - OpenSSL accepts unsolicited client certificate messages
    OpenSSL accepts  unsolicited  client certificate messages. This could
    allow an  attacker  to exploit underlying flaws in client certificate
    handling, such as the vulnerabilities listed above.
    (Other resources: OpenSSL #4)

    VU#104280 - Multiple vulnerabilities in SSL/TLS implementations
    Multiple  vulnerabilities   exist   in   different  vendors'  SSL/TLS
    implementations. The  impacts of these vulnerabilities include remote
    execution of  arbitrary  code,  denial  of service, and disclosure of
    sensitive  information.   VU#104280   covers   an  undefined  set  of
    vulnerabilities  that   affect   SSL/TLS  implementations  from  many
    different vendors.
    (Other resources: NISCC/006490/TLS)


II. Impact

   The  impacts  of  these  vulnerabilities vary. In almost all, a remote
   attacker   could   cause  a  denial  of  service.  For  at  least  one
   vulnerability in OpenSSL (VU#935264), a remote attacker may be able to
   execute  arbitrary  code.  Please see Appendix A, the Systems Affected
   section of VU#104280, and the OpenSSL vulnerability notes for details.


III. Solution

Upgrade or apply a patch

   To  resolve  the OpenSSL vulnerabilities, upgrade to OpenSSL 0.9.7c or
   OpenSSL 0.9.6k. Alternatively, upgrade or apply a patch as directed by
   your  vendor. Recompile any applications that are statically linked to
   OpenSSL libraries.

   For  solutions  for  the  other  SSL/TLS  vulnerabilities  covered  by
   VU#104280,  please  see Appendix A and the Systems Affected section of
   VU#104280.


Appendix A. Vendor Information

   This  appendix  contains information provided by vendors. When vendors
   report  new  information, this section is updated, and the changes are
   noted  in  the  revision  history. If a vendor is not listed below, we
   have  not  received  their  authenticated,  direct  statement. Further
   vendor  information  is  available in the Systems Affected sections of
   the vulnerability notes listed above.

AppGate Network Security AB

     The  default  configuration  of  AppGate is not vulnerable. However
     some  extra  functionality which administrators can enable manually
     may  cause  the system to become vulnerable. For more details check
     the AppGate support pages at http://www.appgate.com/support.

Apple Computer Inc.

     Apple:  Vulnerable.  This  is  fixed  in  Mac  OS X 10.2.8 which is
     available from http://www.apple.com/support/

Clavister

     Clavister Firewall: Not vulnerable
     As of version 8.3, Clavister Firewall implements an optional HTTP/S
     server  for  purposes  of  user authentication. However, since this
     implementation  does  not  support  client  certificates and has no
     ASN.1 parser code, there can be no ASN.1-related vulnerabilities as
     far as SSL is concerned.

     Earlier  versions  of  Clavister  Firewall do not implement any SSL
     services.

Cray Inc.

     Cray  Inc.  supports  OpenSSL  through its Cray Open Software (COS)
     package.  The OpenSSL version in COS 3.4 and earlier is vulnerable.
     Spr 726919 has been opened to address this.

F5 Networks

     F5  products  BIG-IP,  3-DNS, ISMan and Firepass are vulnerable. F5
     will  have ready security patches for each of these products. Go to
     ask.f5.com  for  the appropriate security response instructions for
     your product.

Hitachi

     Hitachi Web Server is NOT Vulnerable to this issue.

IBM

     [AIX]
     The  AIX  Security  Team  is  aware of the issues discussed in CERT
     Vulnerability  Notes VU#255484, VU#380864, VU#686224, VU#935264 and
     VU#732952.

     OpenSSL  is available for AIX via the AIX Toolbox for Linux. Please
     note that the Toolbox is made available "as-is" and is unwarranted.
     The  Toolbox  ships  with OpenSSL 0.9.6g which is vulnerable to the
     issues  referenced  above.  A  patched  version  of OpenSSL will be
     provided  shortly and this vendor statement will be updated at that
     time.

     Please  note  that  OpenSSH,  which  is  made available through the
     Expansion Pack is not vulnerable to these issues.

     [eServer]
     IBM eServer Platform Response
     For information related to this and other published CERT Advisories
     that  may  relate  to  the IBM eServer Platforms (xSeries, iSeries,
     pSeries, and zSeries) please go to
     https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/
     securityalerts?OpenDocument&pathID=

     In  order  to  access  this information you will require a Resource
     Link    ID.    To    subscribe    to    Resource    Link    go   to
     http://app-06.www.ibm.com/servers/resourcelink and follow the steps
     for registration.

     All questions should be refered to servsec em us.ibm.com.

Ingrian Networks

     Ingrian  Networks  is  aware  of this vulnerablity and will issue a
     security advisory when our investigation is complete.

Juniper Networks

     The  OpenSSL  code  included in domestic versions of JUNOS Internet
     Software  that  runs  on  all  M-series  and  T-series  routers  is
     susceptible  to  these vulnerabilities. The SSL library included in
     Releases  2.x  and  3.x  of  SDX provisioning software for E-series
     routers is susceptible to these vulnerabilities.

     Solution Implementation
     Corrections  for  all the above vulnerabilities are included in all
     versions  of  JUNOS  built  on  or after October 2, 2003. Customers
     should  contact Juniper Networks Technical Assistance Center (JTAC)
     for instructions on obtaining and installing the corrected code.
     SDX  software  built  on  or  after  October  2,  2003, contain SSL
     libraries  with  corrected  code.  Contact JTAC for instructions on
     obtaining and installing the corrected code.

MandrakeSoft

     The   vulnerabilities   referenced  by  VU#255484,  VU#380864,  and
     VU#935264   have   been  corrected  by  packages  released  in  our
     MDKSA-2003:098 advisory.

NEC Corporation

     Subject: VU#104280
     sent on October 1, 2003

     [Server Products]
     * EWS/UP 48 Series operating system
       - is NOT vulnerable.
       It doesn't include SSL/TLS implementation.

Novell

     Novell  is reviewing our application portfolio to identify products
     affected  by the vulnerabilities reported by the NISCC. We have the
     patched  OpenSSL  code and are reviewing and testing it internally,
     and preparing patches for our products that are affected. We expect
     the  first  patches to become available via our Security Alerts web
     site (http://support.novell.com/security-alerts) during the week of
     6 Oct 2003. Customers are urged to monitor our web site for patches
     to   versions  of  our  products  that  they  use  and  apply  them
     expeditiously.

OpenSSL

     Please see OpenSSL Security Advisory [30 September 2003].

Openwall GNU/*/Linux

     Openwall  GNU/*/Linux  currently uses OpenSSL 0.9.6 branch and thus
     was  affected  by the ASN.1 parsing and client certificate handling
     vulnerabilities pertaining to those versions of OpenSSL. It was not
     affected   by   the   potentially  more  serious  incorrect  memory
     deallocation  vulnerability  (VU#935264, CVE CAN-2003-0545) that is
     specific to OpenSSL 0.9.7.

     Owl-current  as  of  2003/10/01 has been updated to OpenSSL 0.9.6k,
     thus correcting the vulnerabilities.

Red Hat

     Red  Hat  distributes  OpenSSL  0.9.6  in  various  Red  Hat  Linux
     distributions  and  with  the Stronghold secure web server. Updated
     packages  which  contain  backported  patches  for these issues are
     available  along with our advisories at the URL below. Users of the
     Red Hat Network can update their systems using the 'up2date' tool.

     Red Hat Enterprise Linux:
     http://rhn.redhat.com/errata/RHSA-2003-293.html

     Red Hat Linux 7.1, 7.2, 7.3, 8.0:
     http://rhn.redhat.com/errata/RHSA-2003-291.html

     Stronghold 4 cross-platform:
     http://rhn.redhat.com/errata/RHSA-2003-290.html

     Red  Hat  distributes  OpenSSL  0.9.7  in  Red Hat Linux 9. Updated
     packages  which  contain  backported  patches  for these issues are
     available  along  with  our advisory at the URL below. Users of the
     Red Hat Network can update their systems using the 'up2date' tool.

     Red Hat Linux 9:
     http://rhn.redhat.com/errata/RHSA-2003-292.html

Riverstone Networks

     Riverstone Networks routers are not vulnerable.

SCO

     We are aware of the issue and are diligently working on a fix.

SGI

     SGI acknowledges receiving the vulnerabilities reported by CERT and
     NISCC.  CAN-2003-0543  [VU#255484],  CAN-2003-0544  [VU#380864] and
     CAN-2003-0545  [VU#935264]  have  been  addressed  by  SGI Security
     Advisory 20030904-01-P:

     ftp://patches.sgi.com/support/free/security/advisories/20030904-01-
     P.asc

     No further information is available at this time.

     For  the  protection  of  all our customers, SGI does not disclose,
     discuss  or  confirm vulnerabilities until a full investigation has
     occurred  and  any  necessary  patch(es)  or  release  streams  are
     available  for  all vulnerable and supported SGI operating systems.
     Until SGI has more definitive information to provide, customers are
     encouraged  to  assume  all security vulnerabilities as exploitable
     and  take  appropriate  steps  according  to  local  site  security
     policies   and   requirements.   As   further  information  becomes
     available,  additional advisories will be issued via the normal SGI
     security  information  distribution  methods  including the wiretap
     mailing list on http://www.sgi.com/support/security/

Stonesoft

     Stonesoft  has  published  a  security  advisory that addresses the
     issues in vulnerability notes VU#255484 and VU#104280. The advisory
     is at http://www.stonesoft.com/document/art/3040.html

Stunnel

     Stunnel  requires  the OpenSSL libraries for compilation (POSIX) or
     OpenSSL  DLLs for runtime operation (Windows). While Stunnel itself
     is  not  vulnerable,  it's  dependence  on  OpenSSL means that your
     installation likely is vulnerable.

     If  you  compile  from source, you need to install a non-vulnerable
     version of OpenSSL and recompile Stunnel.

     If  you  use the compiled Windows DLLs from stunnel.org, you should
     download new versions which are not vulnerable. OpenSSL 0.9.7c DLLs
     are available at
     http://www.stunnel.org/download/stunnel/win32/openssl-0.9.7c/

     No  new  version  of  Stunnel  source  or  executable  will be made
     available,  because  the  problems  are  inside  OpenSSL -- Stunnel
     itself does not have the vulnerability.

SuSE

     All  SuSE  products  are affected. Update packages are being tested
     and will be published on Wednesday, October 1st.

VanDyke

     None   the   VanDyke   Software   products  are  subject  to  these
     vulnerabilities  due  to  the  fact that OpenSSL is not used in any
     VanDyke products.


Appendix B. References

     * CERT/CC Vulnerability Note VU#935264 -
       <http://www.kb.cert.org/vuls/id/935264>
     * CERT/CC Vulnerability Note VU#255484 -
       <http://www.kb.cert.org/vuls/id/255484>
     * CERT/CC Vulnerability Note VU#380864 -
       <http://www.kb.cert.org/vuls/id/380864>
     * CERT/CC Vulnerability Note VU#686224 -
       <http://www.kb.cert.org/vuls/id/686224>
     * CERT/CC Vulnerability Note VU#732952 -
       <http://www.kb.cert.org/vuls/id/732952>
     * CERT/CC Vulnerability Note VU#104280 -
       <http://www.kb.cert.org/vuls/id/104280>
     * OpenSSL Security Advisory [30 September 2003] -
       <http://www.openssl.org/news/secadv_20030930.txt>
     * NISCC Vulnerability Advisory 006489/OpenSSL -
       <http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm>
     * NISCC Vulnerability Advisory 006489/TLS -
       <http://www.uniras.gov.uk/vuls/2003/006489/tls.htm>
     * ITU ASN.1 documentation -
       <http://www.itu.int/ITU-T/studygroups/com10/languages/>

     _________________________________________________________________

   NISCC  discovered  and researched these vulnerabilities; this document
   is  based  on their work. We would like to thank Stephen Henson of the
   OpenSSL  project  and  the  Oulu  University  Secure Programming Group
   (OUSPG) for their previous work in this area.
     _________________________________________________________________

   Feedback can be directed to the author, Art Manion.
   ______________________________________________________________________

   This document is available from:
   http://www.cert.org/advisories/CA-2003-26.html
   ______________________________________________________________________


CERT/CC Contact Information

   Email: cert em cert.org
          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890
          U.S.A.

   CERT/CC   personnel   answer  the  hotline  08:00-17:00  EST(GMT-5)  /
   EDT(GMT-4)  Monday  through  Friday;  they are on call for emergencies
   during other hours, on U.S. holidays, and on weekends.

Using encryption

   We  strongly  urge you to encrypt sensitive information sent by email.
   Our public PGP key is available from

     http://www.cert.org/CERT_PGP.key

   If  you  prefer  to  use  DES,  please  call the CERT hotline for more
   information.

Getting security information

   CERT  publications  and  other security information are available from
   our web site

     http://www.cert.org/

   To  subscribe  to  the CERT mailing list for advisories and bulletins,
   send  email  to majordomo em cert.org. Please include in the body of your
   message

   subscribe cert-advisory

   *  "CERT"  and  "CERT  Coordination Center" are registered in the U.S.
   Patent and Trademark Office.
   ______________________________________________________________________

   NO WARRANTY
   Any  material furnished by Carnegie Mellon University and the Software
   Engineering  Institute  is  furnished  on  an  "as is" basis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied  as  to  any matter including, but not limited to, warranty of
   fitness  for  a  particular purpose or merchantability, exclusivity or
   results  obtained from use of the material. Carnegie Mellon University
   does  not  make  any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.
   ______________________________________________________________________

   Conditions for use, disclaimers, and sponsorship information

   Copyright 2003 Carnegie Mellon University.

   Revision History

   October 1, 2003: Initial release


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP3thtTpmH2w9K/0VAQGzWAP9EpSwNUVNzSsGJjCLIX4jAKdGizhNEA/f
ZED6pvYreSwcry5SLvBMsn9vfftOdcIM1T9iPmWNm5KxQ1EsnlkojkMHdfPON56o
WpwwnLo89TxhNWgd7ThYbqXbIIPzfi0g6FM3lW4OVKEX/itscX83WPoUHp9OYBb9
pFFrq38EPjE=
=NRed
-----END PGP SIGNATURE-----

----- End forwarded message -----


From security em unicamp.br  Fri Oct  3 10:47:15 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Fri, 3 Oct 2003 10:47:15 -0300
Subject: [SECURITY-L] Vulnerabilidades de seguranca (2)
Message-ID: <20031003134715.GF3994@unicamp.br>

Srs. Usuarios,

Atualizamos o site da Equipe de Seguranca em Sistemas e Redes
da Unicamp com os seguintes boletins de vulnerabilidades:


01/10/2003
----------
SuSE Security Announcement (SuSE-SA:2003:041)
Assunto: vulnerabilidade de seguranca no pacote lsh.
http://www.security.unicamp.br/docs/bugs/2003/10/v1.txt 

Debian Security Advisory (DSA 393-1)
Assunto: vulnerabilidade de seguranca no pacote openssl.
http://www.security.unicamp.br/docs/bugs/2003/10/v2.txt 

SuSE Security Announcement (SuSE-SA:2003:042)
Assunto: vulnerabilidade de seguranca no pacote mysql.
http://www.security.unicamp.br/docs/bugs/2003/10/v3.txt 

Gentoo Linux Security Announcement (200309-19)
Assunto: vulnerabilidade de seguranca no pacote openssl.
http://www.security.unicamp.br/docs/bugs/2003/10/v4.txt 

CAIS-Alerta
Assunto: Multiplas vulnerabilidades no OpenSSL. 
http://www.security.unicamp.br/docs/bugs/2003/10/v5.txt 

SuSE Security Announcement (SuSE-SA:2003:043)
Assunto: vulnerabilidade de seguranca no pacote openssl.
http://www.security.unicamp.br/docs/bugs/2003/10/v6.txt 

Novell, Inc (NOVL-2003-10087450)
Assunto: Novell Response to NISCC/CERT Advisories re: OpenSSL.
http://www.security.unicamp.br/docs/bugs/2003/10/v7.txt 

CAIS-Alerta
Assunto: Exploracao de Vulnerabilidade do Internet Explorer (IN-2003-04).
http://www.security.unicamp.br/docs/bugs/2003/10/v8.txt 

CERT Advisory CA-2003-26
Assunto: Multiple Vulnerabilities in SSL/TLS Implementations. 
http://www.security.unicamp.br/docs/bugs/2003/10/v10.txt 


02/10/2003
----------
CAIS-Alerta
Assunto: CA-2003-26 Multiple Vulnerabilities in SSL/TLS.
http://www.security.unicamp.br/docs/bugs/2003/10/v11.txt 

Tawie Server Linux Security Advisory #2003-0001
Assunto: vulnerabilidade de seguranca no pacote openssl.
http://www.security.unicamp.br/docs/bugs/2003/10/v12.txt 

FreeBSD Security Advisories (FreeBSD-SA-03:16)
Assunto: file descriptor leak in readv.
http://www.security.unicamp.br/docs/bugs/2003/10/v9.txt 



--
Equipe de Seguranca em Sistemas e Redes
Unicamp - Universidade Estadual de Campinas
Mailto:security em unicamp.br
http://www.security.unicamp.br    


From security em unicamp.br  Mon Oct  6 14:24:16 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 6 Oct 2003 14:24:16 -0300
Subject: [SECURITY-L] CAIS-Alerta: Atividade do Trojan QHosts-1
Message-ID: <20031006172416.GG421@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Atividade do Trojan QHosts-1
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Fri, 3 Oct 2003 16:21:59 -0300 (BRT)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

        O CAIS tomou conhecimento de que esta' circulando na Internet um
novo trojan chamado QHosts-1, que explora a falha do Internet Explorer
ainda nao corrigida para modificar as configuracoes DNS do computador
infectado, com objetivo de redirecionar as requisicoes feitas pelo usuario
para dominios especificos.

        O malware infecta maquinas que estejam executando Windows 2000 ou
Windows XP, atraves de Pop-ups que aparecem quando o usuario acessa
determinados sites.

A sequencia de infeccao e' listada abaixo:

1. O usuario e' direcionado a um web site que contem o codigo malicioso

2. Um script em Visual Basic e' automaticamente executado, gravando o
   arquivo AOLFIX.EXE no diretorio %TEMP%.

3. O arquivo AOLFIX.EXE e' executado imediatamente, executando diversas
   operacoes.

4. O script cria o arquivo O.BAT, que e' executado ao final para remover
   os arquivos AOLFIX.EXE e O.BAT.

As mudancas efetuadas no sistema contaminado sao:

1. O arquivo HOSTS e' criado no diretorio %WinDir%\Help, redirecionando
   sites de busca mais populares para o endereco IP 207.44.220.30.

2. A chave de registro
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
   "DataBasePath" = %SystemRoot%\help e' criada para modificar o path do
   arquivo HOSTS.

3. A configuracao de DNS e' alterada, passando a ser 69.57.146.14 e
   69.57.147.175.

4. A chave de registro HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\windows
   "r0x" = your s0x e' criada

5. Um arquivo de controle chamado winlog e' criado dentro do diretorio Windows

6. O diretorio c:\bdtmp\tmp e' criado.

7. Diversas chaves de registro do Internet Explorer sao criadas ou
   modificadas, como segue:

* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Search Bar" =  http://www.google.com/ie
* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use Search Asst" = no
* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl "(Default)" = http://www.google.com/keyword/%s
* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Search Page" = http://www.google.com
* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl "provider" = gogl
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search "SearchAssistant" = http://www.google.com/ie

As instrucoes para desinfeccao do sistema contaminado:

1. Desabilitar a opcao Active Scripting no Internet Explorer

2. Remover os arquivos %WinDir%Help\hosts e %WinDir%\winlog

3. Modificar a seguinte chave de registro:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
   "DataBasePath" = %SystemRoot%\System32\drivers\etc

4. Remover a seguinte chave de registro:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\windows "r0x"

5. Reconfigurar as opcoes de DNS novamente.


Maiores informacoes podem ser obtidas em:

        http://vil.nai.com/vil/content/v_100719.htm
        http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-032.asp
        http://www.rnp.br/cais/alertas/2003/cert-in-200304.html

O CAIS recomenda aos administradores manterem seus sistemas e aplicativos
sempre atualizados, de acordo com as ultimas versoes, correcoes ou
solucoes de contorno disponibilizadas pelos fabricantes ou grupos de
seguranca de renome na area.


Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP33MYekli63F4U8VAQGiCwQAoFrif+nvGqyli5U0rYqhkTDO7c7shTAE
IyxWjEQndRwsS7GW0PtyzzkQ3vNnYFNELoFyX8rkymOE8juHSTjqLxPHAs+9P65I
m9tuTDqa7hA0ipFQPOo82DbuFgUTny6t1KR8vtOvxpzv3hMEhBRZvj6N/f8c0a+O
51TMwZgxK+U=
=OlAe
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Mon Oct  6 14:23:23 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 6 Oct 2003 14:23:23 -0300
Subject: [SECURITY-L] CAIS-Alerta: Malware Earthstation 5
Message-ID: <20031006172317.GF421@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Malware Earthstation 5
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Fri, 3 Oct 2003 15:34:36 -0300 (BRT)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS tomou conhecimento de que um aplicativo conhecido como
"Earthstation 5" esta' sendo considerado como 'malware', ou seja,
possuidor de codigo malicioso que pode permitir que arquivos do computador
em que foi instalado sejam removidos remotamente sem o consentimento do
usuario.

O aplicativo "Earthstation 5" surgiu ha' 6/12 meses atras como mais um
aplicativo P2P (Peer-to-Peer) que possuia o diferencial de nao necessitar
de registro do usuario que queria utiliza-lo.

Os desenvolvedores do referido software entraram em conflito com a
RIAA/MPAA, organismos que protegem os direitos autorais e que combatem
diretamente os aplicativos P2P, o que acabou tornando tal aplicativo muito
popular para esta finalidade.

O referido conflito pode ser ilustrado atraves da seguinte citacao:
"Earthstation 5 is at war with the Motion Picture Association of America
(MPAA) and the Record Association of America (RIAA), and to make our point
very clear that their governing laws and policys have absolutely no
meaning to us here in Palestine, we will continue to add even more movies
for FREE.", de acordo com site:
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=SVBIZINK2.story&STORY=/
www/story/08-19-2003/0002003023&EDATE=TUE+Aug+19+2003,+06:14+AM


O aplicativo "Earthstation 5", tambem conhecido como "ES5" ou "ESV" esta'
disponivel para download nos enderecos listados a seguir, alem de outras
fontes:

	. http://www.es5.com/
	. http://www.earthstation5.com/


As versoes do aplicativo que foram identificados com trechos de codigo
malicioso sao:

ES5 build 1266
ES5 build 2180 (latest version)

Segue a lista das assinaturas MD5 associadas a estes arquivos:

e35838ef6668abe883344e3a7e734794 *es5beta1266.exe
ce44a1f0542b9132f2debd9866febc65 *es5beta2180.exe
373c30ba0e8b1dce05dcab2acce94a77 *es5_build1266.exe
915de0f8e72be40bf071a86bc9dc2626 *es5_build2180.exe


Maiores informacoes:

http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=SVBIZINK2.story&STORY=/
       www/story/08-19-2003/0002003023&EDATE=TUE+Aug+19+2003,+06:14+AM

http://lists.netsys.com/pipermail/full-disclosure/2003-October/011339.html


O CAIS relembra aos usuarios sobre algumas das melhores praticas para
download de arquivos na Internet:

. Fazer download de sites oficiais e confiaveis.

. Ter um anti-virus instalado e atualizado, usando-o para checar o arquivo
  obtido por download.

. Checar a assinatura MD5 do arquivo, sempre que possivel.

. Acompanhar os alertas de seguranca e noticias sobre os malwares, trojans
  e/ou eventuais comprometimentos de repositorios de sofware/aplicativos.


Finalmente, o CAIS recomenda aos administradores manterem seus sistemas e
aplicativos sempre atualizados, de acordo com as ultimas versoes e
correcoes disponibilizadas pelos fabricantes.


Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP33BQ+kli63F4U8VAQEBKQQAxislY7iBqxH3Mzt4pR2vuO7JXJCnuiL7
TaFOvNyTwwZakrczvW9uiIVZci/WuMk3Ht31sxM+1q1EZOgZg7angAdeMarvGt9M
8qDOVw5Q4vA3LxW32mPBai3d+3mLMTH58kcOssa6TZSqmoC5Y3Qo5fvOTCF/Qf0F
CnQYar1rCew=
=cFZN
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Mon Oct  6 14:22:00 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 6 Oct 2003 14:22:00 -0300
Subject: [SECURITY-L] Cavalo-de-troia comanda o IE remotamente
Message-ID: <20031006172159.GE421@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: Cavalo-de-trXia comanda o IE remotamente
To: security em unicamp.br
Date: Thu, 2 Oct 2003 19:18:16 -0300 (ART)

Cavalo-de-tróia comanda o IE remotamente
Quinta-feira, 02 de outubro de 2003 - 16h52

SÃO PAULO - O cavalo-de-tróia QHosts-1 permite que um
hacker remoto direcione o browser da máquina
contaminada para páginas de sua escolha. Segundo a
McAfee, o invasor explora uma falha de segurança
existente no Internet Explorer.

O QHosts não se propaga espontaneamente. Para que um
computador seja infectado, o usuário precisa abrir uma
página HTML que contenha o código do invasor. O script
embutido no HTML cria e executa o executável.

O cavalo-de-tróia modifica os ajustes de TCP/IP na
máquina contaminada, apontando-a para páginas
diferentes das solicitadas pelo usuário. Segundo a
McAfee, o QHosts aponta para um site na web que contém
códigos maliciosos que exploram vulnerabilidades.

Uma dessas vulnerabilidades está no Internet Explorer
e foi supostamente eliminada pelo mais recente pacote
de correções do IE, o MS03-032. No entanto, a McAfee
assegura que essa correção não previne esse atque,
pois permite a execução automática de um script
contido num arquivo HTML. Apesar disso, o QHosts é
classificado como um invasor de baixo risco.

Carlos Machado, da INFO 

http://info.abril.com.br/aberto/infonews/102003/02102003-6.shl

Yahoo! Mail - o melhor webmail do Brasil
http://mail.yahoo.com.br

----- End forwarded message -----


From security em unicamp.br  Mon Oct  6 14:19:58 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 6 Oct 2003 14:19:58 -0300
Subject: [SECURITY-L] Lancada versao final do OpenOffice 1.1
Message-ID: <20031006171950.GD421@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: LanXada versXo final do OpenOffice 1.1
To: security em unicamp.br
Date: Thu, 2 Oct 2003 10:56:39 -0300 (ART)

Lançada versão final do OpenOffice 1.1


Data: 01/10/2003

No dia 01/10 foi lançada a versão 1.1 do OpenOffice,
uma das mais populares suítes de código-aberto do
mundo. Possuindo diversas novas funcionalidades,
compatibilidade com os documentos Microsoft Office e
um suporte nativo mais completo a vários idiomas esta
versão já está disponível em vários mirrors, alguns
localizados no Brasil.

Lembrando que a poucos dias, a equipe do
OpenOffice.Org.Br lançou a OpenOffice1.1RC4 totalmente
traduzida para o Português do Brasil. Não está
distante a data em que a versão final também estará
disponível em nosso idioma. ;)

Mais informações sobre o release do OpenOffice1.1 você
encontra em
http://www.openoffice.org/dev_docs/features/1.1/index.html.

Se você não tá afim de esperar a versão 100% traduzida
para PT-BR e quer usar a OpenOffice1.1 original, pode
baixá-la nos mirrors disponíveis aqui no Brasil, como
por exemplo o
Linorg(http://linorg.usp.br/OpenOffice.org/stable/1.1.0/)
e o Projeto
Brasil(http://oobr.querencialivre.rs.gov.br/openoffice/stable/1.1.0/)

Autor: José Oliveira

http://linuxhard.sosphp.com.br/artigos.php?id=29


----- End forwarded message -----


From security em unicamp.br  Mon Oct  6 16:23:55 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 6 Oct 2003 16:23:55 -0300
Subject: [SECURITY-L] CAIS-Alerta: Patch Acumulativo para o Internet
	Explorer (828750)
Message-ID: <20031006192354.GI421@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: CAIS-Alerta: Patch Acumulativo para o Internet Explorer
 (828750)
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Mon, 6 Oct 2003 11:19:36 -0300 (BRT)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS esta' repassando o alerta divulgado pela Microsoft, Microsoft
Security Bulletin MS03-040: Cumulative Patch for Internet Explorer
(828750), que trata da disponibilização de patch acumulativo para o
Microsoft Internet Explorer que elimina duas vulnerabilidades
recentemente identificadas.


Sistemas Afetados:

	. Internet Explorer 5.01
	. Internet Explorer 5.5
	. Internet Explorer 6.0
	. Internet Explorer 6.0 for Windows Server 2003


Correções disponíveis:

A correção consiste na aplicação do patch recomendado pela Microsoft e
disponível em:

. Todas as versoes exceto Microsoft Internet Explorer 6.0 for Windows
Server 2003
http://www.microsoft.com/windows/ie/downloads/critical/828750/default.asp


. Microsoft Internet Explorer 6.0 for Windows Server 2003
http://www.microsoft.com/windows/ie/downloads/critical/828750s/default.asp


Maiores informações:

http://www.microsoft.com/technet/security/bulletin/ms03-040.asp

Identificadores do CVE: CAN-2003-0809, CAN-2003-0838
			(http://cve.mitre.org)


O CAIS recomenda aos administradores de plataformas Microsoft que
mantenham seus sistemas e aplicativos sempre atualizados.


Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

- ----------------------------------------------------------------------
Title:      Cumulative Patch for Internet Explorer (828750)
Date:       October 3, 2003
Software:   Internet Explorer 5.01
	    Internet Explorer 5.5
            Internet Explorer 6.0
            Internet Explorer 6.0 for Windows Server 2003
Impact:     Run code of attacker's choice
Max Risk:   Critical
Bulletin:   MS03-040

Microsoft encourages customers to review the Security Bulletins at:
    http://www.microsoft.com/technet/security/bulletin/MS03-040.asp
    http://www.microsoft.com/security/security_bulletins/MS03-040.asp
- ----------------------------------------------------------------------

Issue:
======
This is a cumulative patch that includes the functionality of all
previously released patches for Internet Explorer 5.01, 5.5 and 6.0.
In addition, it eliminates the following newly discovered
vulnerabilities:

A vulnerability that occurs because Internet Explorer does not
properly determine an object type returned from a Web server in a
popup window. It could be possible for an attacker who exploited this
vulnerability to run arbitrary code on a user's system. If a user
visited an attacker's Web site, it would be possible for the attacker
to exploit this vulnerability without any other user action. An
attacker could also craft an HTML-based e-mail that would attempt to
exploit this vulnerability.

A vulnerability that occurs because Internet Explorer does not
properly determine an object type returned from a Web server during
XML data binding. It could be possible for an attacker who exploited
this vulnerability to run arbitrary code on a user's system. If a
user visited an attacker's Web site, it would be possible for the
attacker to exploit this vulnerability without any other user action.
An attacker could also craft an HTML-based e-mail that would attempt
to exploit this vulnerability.

A change has been made to the method by which Internet Explorer
handles Dynamic HTML (DHTML) Behaviors in the Internet Explorer
Restricted Zone.  It could be possible for an attacker exploiting a
separate vulnerability (such as one of the two vulnerabilities
discussed above) to cause Internet Explorer to run script code in the
security context of the Internet Zone. In addition, an attacker could
use Windows Media Player's (WMP) ability to open URL's to construct
an attack. An attacker could also craft an HTML-based e-mail that
could attempt to exploit this behavior.

To exploit these flaws, the attacker would have to create a specially
formed HTML-based e-mail and send it to the user. Alternatively an
attacker would have to host a malicious Web site that contained a Web
page designed to exploit these vulnerabilities. The attacker would
then have to persuade a user to visit that site.

As with the previous Internet Explorer cumulative patches released
with bulletins MS03-004, MS03-015,  MS03-020, and MS03-032, this
cumulative patch will cause window.showHelp( ) to cease to function
if you have not applied the HTML Help update. If you have installed
the updated HTML Help control from Knowledge Base article 811630, you
will still be able to use HTML Help functionality after applying this
patch.

In addition to applying this security patch it is recommended that
users also install the Windows Media Player update referenced in
Knowledge Base Article 828026.  This update is available from Windows
Update as well as the Microsoft Download Center for all supported
versions of Windows Media Player. While not a security patch, this
update contains a change to the behavior of Windows Media Player's
ability to launch URL's to help protect against DHTML behavior based
attacks.  Specifically, it restricts Windows Media Player's ability
to launch URL's in the local computer zone from other zones.

Mitigating Factors:
====================
- -By default, Internet Explorer on Windows Server 2003 runs in
Enhanced
Security Configuration. This default configuration of Internet
Explorer
blocks automatic exploitation of this attack. If Internet Explorer
Enhanced Security Configuration has been disabled, the protections
put in place that prevent this vulnerability from being automatically
exploited would be removed.

- -In the Web-based attack scenario, the attacker would have to host a
Web site that contained a Web page used to exploit this
vulnerability.  An attacker would have no way to force a user to
visit a malicious Web Site. Instead, the attacker would need to lure
them there, typically by getting them to click a link that would take
them to the attacker's site.

- -Exploiting the vulnerability would allow the attacker only the same
privileges as the user. Users whose accounts are configured to have
few privileges on the system would be at less risk than ones who
operate with administrative privileges.

Risk Rating:
============
 -Critical

Patch Availability:
===================
 - A patch is available to fix this vulnerability. Please read the
   Security Bulletins at
    http://www.microsoft.com/technet/security/bulletin/MS03-040.asp
    http://www.microsoft.com/security/security_bulletins/MS03-040.asp
   for information on obtaining this patch.


- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE
FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO
THE FOREGOING LIMITATION MAY NOT APPLY.





*******************************************************************


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP4F6Bekli63F4U8VAQHHqQQAiOQVOT7gCJY7AcrG9+ALlDEVrmNoTM5Z
T0mUPtQv5RJJgUQ5lNt1Tr4PF4lKMcPrk2VmK6hvXBg8HJFGasUt3+jwfkMvO90Q
MbgcBH2RqVfGu66Gjv5bSJv902HHMvptaiiKZZyvoOGHWFt2LKzz3D+PZ6cBzsqC
R785jUVGfYY=
=pPUV
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Mon Oct  6 16:25:03 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 6 Oct 2003 16:25:03 -0300
Subject: [SECURITY-L] IPFilter 4.0beta3
Message-ID: <20031006192503.GJ421@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: IPFilter 4.0beta3
To: security em unicamp.br
Date: Mon, 6 Oct 2003 11:26:32 -0300 (ART)

IPFilter 4.0beta3
Enviado em: Monday, October 06 @ 11:00:07 BRT

http://www.linuxsecurity.com.br/article.php?sid=7911&mode=thread&order=0

Darren Reed anunciou uma nova versão BETA do filtro de
pacotes IPFILTER...



http://coombs.anu.edu.au/~avalon/

Yahoo! Mail - o melhor webmail do Brasil
http://mail.yahoo.com.br

----- End forwarded message -----


From security em unicamp.br  Tue Oct  7 08:48:42 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Tue, 7 Oct 2003 08:48:42 -0300
Subject: [SECURITY-L] CAIS-Alerta: Inicio do Horario de Verao 2003/2004
Message-ID: <20031007114842.GA2245@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Inicio do Horario de Verao 2003/2004
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Mon, 6 Oct 2003 11:31:37 -0300 (BRT)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS gostaria de trazer `a atencao de todos que, de acordo com o Decreto
4.844 de 24 de Setembro de 2003, o horario de verao 2003/2004 tera' inicio
a zero hora (00:00) do dia 19 de Outubro de 2003, com termino a zero hora
(00:00) do dia 15 de Fevereiro de 2004.

Para tanto, no proximo dia 19 de Outubro, sera' preciso adiantar os
relogios em 1 hora nos estados que participam do horario de verao. Sao
eles: Rio Grande do Sul, Santa Catarina, Parana, Sao Paulo, Rio de
Janeiro, Espirito Santo, Minas Gerais, Goias, Mato Grosso do Sul e no
Distrito Federal.


Lembramos a todos que, tratando-se de incidentes de seguranca, a precisao
dos relogios dos sistemas e' fundamental para manter a consistencia dos
logs, alem de ser imprescindivel nas investigacoes e identificacao de
responsaveis. Lembramos ainda que os logs reportados durante a vigencia do
horario de verao estarao no timezone GMT-2.

O Decreto 4.844, que institui o horario de verao 2003/2004 no territorio
nacional, esta' disponivel no seguinte endereco:

http://www.mme.gov.br/ministerio/legislacao/decretos/horariodeverao2003.pdf


O CAIS esta' a disposicao para maiores esclarecimentos.

Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP4F84Okli63F4U8VAQGF6wQAr5f9ooinCtQ9YsIjWIDNA+pWPl8JeFyr
xIJ86eMpOOE/MbD67E0TsfVVe2IcTMT55VI+x4KaO3B+NjQqALy57PvvCHy+nSc6
x1y+umED/buMjUB6FX/FnICn5WYMGhGHGSNBxSmlnFVQ/pjf6l2pyZ5AZHHBU0oc
Nb9AG2KbaSg=
=FDA8
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Tue Oct  7 08:51:10 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Tue, 7 Oct 2003 08:51:10 -0300
Subject: [SECURITY-L] Depois do virus Qhosts-1,
	Microsoft cria pacote de correcao do IE
Message-ID: <20031007115110.GB2245@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: Depois do vXrus Qhosts-1, Microsoft cria pacote de correXXo do IE
To: security em unicamp.br
Date: Mon, 6 Oct 2003 14:51:23 -0300 (ART)

06/10/2003  - 11h24
Depois do vírus Qhosts-1, Microsoft cria pacote de
correção do IE
da Folha Online

http://www1.folha.uol.com.br/folha/informatica/ult124u14054.shtml

Na semana passada, surgiu na web o vírus
Qhosts-1(http://www1.folha.uol.com.br/folha/informatica/ult124u14051.shtml),
que explora uma vulnerabilidade antiga no navegador de
internet da Microsoft. Agora, a gigante do software
alerta seus usuários para que instalem um pacote de
correções(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-040.asp)
para falhas no Internet Explorer 5.01, 5.5 e 6.

Além disso, o arquivo corrige a recém-descoberta
vulnerabilidade no browser, classificada como crítica
pela Microsoft.

Esta acontece porque o Internet Explorer não determina
apropriadamente a resposta de um servidor de internet
em uma janela pop-up (aquelas telas que abrem no
computador quando você visita determinados sites). Com
isso, o hacker que conseguir explorar essa brecha de
segurança pode assumir o controle do computador
atacado.

Se o usuário visitar a página do pirata de internet,
este consegue explorar a vulnerabilidade se qualquer
outra ação da vítima. O hacker também pode enviar um
e-mail em HTML que também tenta explorar a falha.

O Internet Explorer não determina apropriadamente a
resposta do servidor durante a ligação do protocolo de
comunicação e o adaptador de rede --que se dá pela
linguagem XML (Extensible Markup Language).

A Microsoft fez uma mudança na forma como o Internet
Explorer trabalha com as ações DHTML (Dynamic HTML)
nos sites estabelecidos como restritos pelo usuário. O
hacker pode conseguir instalar códigos de sua esolha
mesmo dentro do contexto considerado seguro.

Além disso, o pirata pode usar o Windows Media Player
para abrir um endereço de internet e realizar um
ataque.

Segurança

Além de instalar o arquivo de correção, a Microsoft
recomenda que o usuário instale a atualização 828026
do Windows Media Player. Ela está disponível tanto no
Windows Update quanto no Microsoft Download Center --e
funciona com todas as versões do tocador de mídia.

Esse arquivo de correção restringe a capacidade do WMP
de abrir endereços de internet de outras zonas no
sistema local.

----- End forwarded message -----


From security em unicamp.br  Tue Oct  7 09:55:29 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Tue, 7 Oct 2003 09:55:29 -0300
Subject: [SECURITY-L] CAIS-Alerta: Alteracoes de configuracao necessarias
	para o Horario de Verao 2003/2004
Message-ID: <20031007125529.GA2354@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Alteracoes de configuracao necessarias para o Horario
 de Verao 2003/2004
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Mon, 6 Oct 2003 16:12:51 -0300 (BRT)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

Como foi devidamente anunciado pelo CAIS o inicio do horario de verao
2003/2004 sera' no proximo dia 19 de Outubro de 2003. Com isto, algumas
configuracoes nos sistemas se fazem necessarias.

O CAIS ressalta que o teor do presente alerta e' essencialmente tecnico,
com o intuito de orientar e auxiliar os administradores de sistemas nas
tarefas de configuracao necessarias para adequar os sistemas mais
utilizados ao horario de verao brasileiro 2003/2004.

A ideia basica e' que o sistema reflita as mudancas no fuso horario
(zoneinfo) durante o periodo. Para tal bastara' que sejam atualizados os
relogios locais (localtime) das maquinas.

A seguir, estao descritos os procedimentos de atualizacao do localtime nos
sistemas operacionais mais utilizados, a saber: FreeBSD, GNU/Linux,
Solaris, AIX e Windows. Tendo em vista a grande plataforma instalada de
equipamentos de conectividade da CISCO, sao consideradas tambem as
configuracoes necessarias para alguns equipamentos deste fabricante, que
usam o IOS.

Antes de prosseguir com estes procedimentos e' preciso que se saiba de
antemao o timezone da sua regiao.

  *DICA! Aqueles que nao souberem qual o timezone da sua regiao podem
         consultar o site do Observatorio Nacional (www.on.br), no link
         "Servico da Hora", onde pode ser encontrada uma tabela com as
         referidas informacoes.


IOS-Cisco
=========

Nos arquivos de configuracao dos roteadores Cisco sera' preciso
incluir (ou atualizar) as seguintes linhas:

  clock timezone GMT-3 -3
  clock summer-time GMT-2 date Oct 19 2003 0:00 Feb 15 2004 0:00

  *OBS! Os logs gerados pelo Cisco passarao a informar a hora como GMT-2
        para refletir a nova configuracao de timezone.


GNU/Linux
=========

Usuarios GNU/Linux devem seguir o procedimento abaixo:

1. Verificar a existencia do arquivo '/etc/localtime' e se este arquivo e'
    um link.

   * DICA! Nao e' recomendado possuir o arquivo /etc/localtime com link
     para o arquivo /usr/share/zoneinfo/Brazil/East, pois sistemas em que
     o diretorio /usr nao estiver acessivel (nao tiver sido montado, por
     exemplo)  no momento de inicializacao da maquina, as informacoes
     contidas no localtime nao serao carregadas.


2. Verificar se no diretorio /usr/share/zoneinfo/Brazil existe algum
   arquivo NAO BINARIO que contenha informacoes relativas a outros
   horarios de verao (DICA!: geralmente e' um arquivo com extensao .zic)

   a) Se nao existir nenhum arquivo com tais informacoes, devera' ser
      criado um novo, de nome 'verao.2003.zic' por exemplo, e
      inserir as seguintes linhas.

 Rule Brazil  2003    only     -       Oct    19   00:00   1       D
 Rule Brazil  2004    only     -       Feb    15   00:00   0       S

 Zone    Brazil/East             -3:00   Brazil          E%sT

   b) Se existir algum arquivo com informacoes de horario de verao de
      outros anos, bastara' inserir as linhas mencionadas.


   As duas primeiras linhas dizem quando se inicia o horario de
   verao, quando termina, e qual a acao a ser tomada. Lembre-se que no
   inicio do horario de verao, deve ser adicionada uma hora.

   A ultima linha diz qual o arquivo que sera' gerado pelo comando zic, no
   exemplo sera' o arquivo 'East' (dentro do diretorio Brazil). Esta linha
   tambem informa o timezone da regiao, no caso de Sao Paulo e' -3.
   Deve-se mudar esse valor para o timezone correspondente a sua regiao,
   e o nome do arquivo para o nome equivalente ao seu timezone.


3. Com o arquivo 'verao.2003.zic' em maos, deve-se executar o
  comando 'zic', tal como segue:

	# zic verao.2003.zic

  No caso particular, este comando atualizara' o arquivo
  /usr/share/zoneinfo/Brazil/East.


4. Por ultimo, se o arquivo /etc/localtime nao for um link para este
   arquivo deve-se copiar o arquivo East para /etc/localtime

	# cp /usr/share/zoneinfo/Brazil/East /etc/localtime


FreeBSD
=======

Usuarios do sistema FreeBSD devem proceder da mesma forma que usuarios
GNU/Linux. A unica diferenca e' que o diretorio onde devera' ser criado o
arquivo verao.2003.zic sera' o /usr/share/zoneinfo. Como anteriormente
dito, as linhas a serem incluidas neste arquivo sao:

 Rule Brazil  2003    only     -       Oct    19   00:00   1       D
 Rule Brazil  2004    only     -       Feb    15   00:00   0       S

 Zone    hv2003             -3:00   Brazil          E%sT


No exemplo acima, o nome 'hv2003' representa o arquivo que sera' criado ao
executar o comando 'zic verao.2003.zic', o qual contera' as informacoes do
horario de verao. Este novo arquivo devera' ser copiado para
/etc/localtime, lembrando que sera' preciso fazer uma copia do arquivo
/etc/localtime antes de sobrescreve-lo.


Solaris
=======

Usuarios de Solaris devem seguir o procedimento abaixo:

1. Verificar o zoneinfo respectivo. O arquivo /etc/TIMEZONE contem as
   informacoes relativas a qual arquivo sera' consultado para verificar o
   zoneinfo.

	# more /etc/TIMEZONE

	TZ=Brazil/East

  No exemplo acima, devera' ser consultado o arquivo East, no diretorio
  Brazil. Por default, este diretorio deve estar em
  /usr/share/lib/zoneinfo.

2. Verificar se no diretorio /usr/share/lib/zoneinfo existe algum arquivo
   NAO BINARIO que contenha informacao relativa a outros horarios de verao
   (DICA!: geralmente e' um arquivo com extensao .zic)

   a) Se nao existir nenhum arquivo com tais informacoes, devera' ser
      criado um novo arquivo, de nome 'brazil.zic' por exemplo, e
      inserir as seguintes linhas.

 Rule Brazil  2003    only     -       Oct    19   00:00   1       D
 Rule Brazil  2004    only     -       Feb    15   00:00   0       S

 Zone    Brazil/East             -3:00   Brazil          E%sT


   b) Se existir arquivo com informacoes de horario de verao de outros
      anos bastara' inserir as linhas acima.


   As duas primeiras linhas dizem quando se inicia o horario de
   verao, quando termina, e qual a acao a ser tomada. Lembre-se que no
   inicio do horario de verao, deve ser adicionada uma hora.

   A ultima linha diz qual o arquivo que sera' gerado pelo comando zic, no
   exemplo sera' o arquivo 'East' (dentro do diretorio Brazil). Esta linha
   tambem informa o timezone da regiao, no caso de Sao Paulo e' -3.
   Deve-se mudar esse valor para o timezone correspondente a sua regiao,
   e o nome do arquivo para o nome equivalente ao seu timezone.


   No exemplo que segue, existe um diretorio Brazil dentro de
   /usr/share/lib/zoneinfo que contem um arquivo brazil.zic que deve ser
   atualizado com as linhas acima mencionadas.

3. Deve-se entao gerar o novo arquivo (em formato binario) como segue:

	# zic brazil.zic

   Este comando ira' gerar automaticamente o arquivo East como foi
   indicado no arquivo /etc/TIMEZONE.

     OBS: Tem sido observado em sistemas Solaris que o daemon que agenda
          processos (cron) deixa de executar tarefas depois das alteracoes
          citadas em decorrencia do horario de verao. Para tanto, sera'
          preciso reinicializar o daemon apos a entrada do horario de
          verao.


AIX
===

Usuarios de AIX devem alterar o arquivo /etc/environment colocando a
diretiva:

2003: TZ=GRNLNDST3GRNLNDDT,M10.3.0/00:00:00,M2.3.0/00:00:00

Isto indica que o horario de verao se inicia `as 00:00 do terceiro domingo
do mes 10 (19 de Outubro) e finaliza `as 00:00 do terceiro domingo do mes
2 (15 de Fevereiro).


Windows
=======

Para sistemas Windows 9*/NT/2000/XP, recomenda-se o uso do utilitario
TZEDIT (tzedit.exe), incluido no CD do Resource Kit que acompanha o CD de
distribuicao do sistema. Nao existe URL oficial para fazer download deste
programa no site da Microsoft, mas ele pode ser facilmente encontrado na
Internet, lembrando que neste ultimo caso NAO existe garantia na
integridade do programa.

Ao ser executado este utilitario, deve ser editado o timezone atual,
indicando que o horario de verao inicia-se `as 00:00 do terceiro domingo
do mes de Outubro de 2003 e finaliza `as 00:00 do terceiro domingo do mes
de Fevereiro de 2004.

Alem disso, a configuracao de timezone no "Ajuste de Data/Hora" do Windows
deve ter marcada a opcao "Ajustar automaticamente o relogio para o horario
de verao".

O CAIS esta' a disposicao para maiores esclarecimentos.


Atenciosamente,

################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP4G+uekli63F4U8VAQHhBQP9FS7cQ5xnm7zI9VYZM5XYbPndmT8PLQ8p
7LzGwSUmf+4w1Qxoaxv62TO83LT+M8cH5FHm3H+0P2Qm065YAuUkMP1RavUt75Uw
JA5R1uJx92tfzwgAT0QNc7zu6YN688CmOP5nUdr8HI4FcklYMPBRwmrNRZEOdeaJ
0Q2R0lf4RwM=
=gfNF
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Wed Oct  8 16:37:00 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Wed, 8 Oct 2003 16:37:00 -0300
Subject: [SECURITY-L] Vulnerabilidades de seguranca
Message-ID: <20031008193659.GA4251@unicamp.br>

Srs. Usuarios,

Atualizamos o site da Equipe de Seguranca em Sistemas e Redes
da Unicamp com os seguintes boletins de vulnerabilidades:


01/10/2003
----------
Pine Digital Security Advisory (PINE-CERT-20030901)
Assunto: vulnerabilidade de seguranca na aplicacao kernel / fhold.
http://www.security.unicamp.br/docs/bugs/2003/10/v13.txt 

Pine Digital Security Advisory (PINE-CERT-20030902)
Assunto: vulnerabilidade de seguranca na aplicacao kernel / uio.
http://www.security.unicamp.br/docs/bugs/2003/10/v14.txt 

SCO Security Advisory (CSSA-2003-SCO.24)
Assunto: OpenServer 5.0.7: OpenSSH: multiple buffer handling problems.
http://www.security.unicamp.br/docs/bugs/2003/10/v15.txt 


03/10/2003
----------
FreeBSD Security Advisories (FreeBSD-SA-03:17)
Assunto: kernel memory disclosure via procfs.
http://www.security.unicamp.br/docs/bugs/2003/10/v17.txt 

Red Hat Security Advisory (RHSA-2003:256-02)
Assunto: Updated Perl packages fix security issues.
http://www.security.unicamp.br/docs/bugs/2003/10/v18.txt 

Guardian Digital Security Advisory (ESA-20031003-028)
Assunto: vulnerabilidade de seguranca nos pacotes openssl, openssl-misc. 
http://www.security.unicamp.br/docs/bugs/2003/10/v19.txt 

Tawie Server Linux Security Advisory #2003-0003 
Assunto: vulnerabilidade de seguranca no pacote openssl.
http://www.security.unicamp.br/docs/bugs/2003/10/v20.txt 

Anúncio de Segurança do Conectiva Linux (CLA-2003:757)
Assunto: vulnerabilidade local no pacote vixie-cron [Atualização do 
anúncio CLSA-2003-628]. 
http://www.security.unicamp.br/docs/bugs/2003/10/v21.txt 

CAIS-Alerta
Assunto: Malware Earthstation 5 
http://www.security.unicamp.br/docs/bugs/2003/10/v22.txt 

Anúncio de Segurança do Conectiva Linux (CLA-2003:758)
Assunto: problema com cron.allow e cron.deny no pacote vixie-cron.
http://www.security.unicamp.br/docs/bugs/2003/10/v23.txt 

CAIS-Alerta
Assunto: Atividade do Trojan QHosts-1. 
http://www.security.unicamp.br/docs/bugs/2003/10/v24.txt 

Anúncio de Segurança do Conectiva Linux (CLA-2003:759)
Assunto: vulnerabilidade de seguranca no pacote openssl.
http://www.security.unicamp.br/docs/bugs/2003/10/v25.txt 

FreeBSD Security Advisories (FreeBSD-SA-03:18)
Assunto: OpenSSL vulnerabilities in ASN.1 parsing. 
http://www.security.unicamp.br/docs/bugs/2003/10/v26.txt 

Microsoft Security Bulletin (MS03-040)
Assunto: Cumulative Patch for Internet Explorer (828750).
http://www.security.unicamp.br/docs/bugs/2003/10/v27.txt 


04/10/2003
----------
Gentoo Linux Security Announcement (200310-02)
Assunto: vulnerabilidade de seguranca no pacote cfengine.
http://www.security.unicamp.br/docs/bugs/2003/10/v28.txt 


05/10/2003
----------
FreeBSD Security Advisories (FreeBSD-SA-03:15)
Assunto: OpenSSH PAM challenge/authentication error.
http://www.security.unicamp.br/docs/bugs/2003/10/v29.txt 


06/10/2003
----------
CAIS-Alerta
Assunto: Patch Acumulativo para o Internet Explorer (828750).
http://www.security.unicamp.br/docs/bugs/2003/10/v30.txt 

CAIS-Alerta
Assunto: Inicio do Horario de Verao 2003/2004. 
http://www.security.unicamp.br/docs/bugs/2003/10/v31.txt 

CAIS-Alerta
Assunto: Alteracoes de configuracao necessarias para o Horario 
de Verao 2003/2004. 
http://www.security.unicamp.br/docs/bugs/2003/10/v16.txt 

Anúncio de Atualização do Conectiva Linux (CLA-2003:760)
Assunto: vulnerabilidade remota (estouro de buffer) no pacote
mplayer.
http://www.security.unicamp.br/docs/bugs/2003/10/v32.txt 


07/10/2003
----------
Red Hat Security Advisory (RHSA-2003:278-01)
Assunto: Updated SANE packages fix remote vulnerabilities.
http://www.security.unicamp.br/docs/bugs/2003/10/v33.txt 


--
Equipe de Seguranca em Sistemas e Redes
Unicamp - Universidade Estadual de Campinas
Mailto:security em unicamp.br
http://www.security.unicamp.br    


From security em unicamp.br  Tue Oct 14 16:08:13 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Tue, 14 Oct 2003 16:08:13 -0300
Subject: [SECURITY-L] Mozilla 1.4.1
Message-ID: <20031014190809.GB7922@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: Mozilla 1.4.1 !
To: security em unicamp.br
Date: Mon, 13 Oct 2003 16:29:45 -0300 (ART)

Mozilla 1.4.1 !

Saiu esse fim de semana o Mozilla 1.4.1, foram
corrigidos alguns bugs, melhoramento de performance,
estabilidade e compatibilidade com web sites.
Site : http://www.mozilla.org/
Download :
http://ftp.mozilla.org/pub/mozilla/releases/mozilla1.4.1/mozilla-i686-pc-linux-gnu-1.4.1-sea.tar.gz (13.8Mb)


----- End forwarded message -----


From security em unicamp.br  Tue Oct 14 16:21:49 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Tue, 14 Oct 2003 16:21:49 -0300
Subject: [SECURITY-L] Samba-3.0.1pre1 pronto para Download
Message-ID: <20031014192149.GF7922@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: Samba-3.0.1pre1 pronto para Download!
To: security em unicamp.br
Date: Tue, 14 Oct 2003 11:43:45 -0300 (ART)

Samba-3.0.1pre1 pronto para Download!

Corrigidos muitos bugs da versao 3.0.0.
Release Notes:
http://us1.samba.org/samba/ftp/pre/WHATSNEW-3.0.1pre1.txt
Download: http://us1.samba.org/samba/ftp/pre/samba-3.0.1pre1.tar.gz


----- End forwarded message -----


From security em unicamp.br  Tue Oct 14 16:24:13 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Tue, 14 Oct 2003 16:24:13 -0300
Subject: [SECURITY-L] Processo contra MS pode melhorar seguranca de softwares
Message-ID: <20031014192413.GG7922@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: Processo contra MS pode melhorar seguranXa de softwares
To: security em unicamp.br
Date: Tue, 14 Oct 2003 11:50:39 -0300 (ART)

Processo contra MS pode melhorar segurança de
softwares

14/10/2003 - 10:06 Helena Nacinovic

http://www.infoguerra.com.br/

O mais novo processo contra a Microsoft pode estimular
os fabricantes de software a melhorar a segurança de
seus produtos. Essa foi a análise divulgada pelo
Gartner
Group(http://www3.gartner.com/DisplayDocument?doc_cd=117770),
empresa dedicada a pesquisas e consultoria. A
Microsoft está sendo processada com uma ação conjunta
na Califórnia, EUA, sob a acusação de expor os
usuários de seus produtos a furto de identidade por
causa de métodos ineficientes de segurança dos
softwares.

O processo foi aberto no dia 30 de setembro por um
morador da Califórnia e se tornou uma ação coletiva
que acusa a empresa de Redmond de vender sistemas
operacionais e aplicativos altamente vulneráveis a
vírus e outros ataques maliciosos que causam falhas
nas redes de computador. Além disso, os alertas de
segurança da Microsoft foram considerados complexos
demais para os usuários comuns de computadores,
ajudando os crackers a fazer ataques com mais rapidez.

O Gartner Group declarou que o nível de
vulnerabilidades em softwares hoje é um "problema
atraente" que torna o trabalho dos criminosos fácil
demais. Apesar de não prever nenhum impacto imediato
no setor de segurança de software devido ao processo,
o Gartner Group acredita que os fabricantes devem
ficar atentos à decisão final do processo, além de
criar novas regras e métodos para diminuir a
incidência de vulnerabilidades em seus produtos. Em
seu relatório, o Gartner sugere que os fabricantes de
software devem assegurar que seus produtos tenham o
máximo de segurança na instalação padrão, além de
limitar as vulnerabilidades reduzindo a complexidade
dos produtos.

A Microsoft já anunciou, na semana passada, que vai
atualizar seu sistema operacional no começo de 2004
para diminuir os riscos para os usuários. As mudanças
foram anunciadas pelo presidente da empresa, Steve
Ballmer, e incluem um "service pack" para Windows XP e
Windows Server 2003. Entre as alterações previstas, a
Microsoft destacou melhorias na forma como o Windows
gerencia a memória do computador, numa tentativa de
proteger os usuários das falhas mais comuns do sistema
operacional. Alguns dos vírus mais perigosos
atualmente exploram essas falhas. Outra mudança será a
inclusão de um firewall integrado, que a empresa
promete ser mais eficiente do que as versões
anteriores.

A Microsoft prometeu também reformular seu sistema de
divulgação e distribuição dos patches de segurança,
que hoje são disponibilizados semanalmente. Agora eles
serão mensais e mais simples de instalar ou remover.
No entanto, a empresa frisou que não vai deixar de
disponibilizar patches no meio do mês, caso seja
encontrada alguma falha séria. Os consumidores dos
produtos Microsoft estão preocupados com a segurança
de seus dados e máquinas, já que os ataques virtuais,
vírus e outras pragas estão se tornando cada vez mais
comuns. 

----- End forwarded message -----


From security em unicamp.br  Tue Oct 14 16:25:21 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Tue, 14 Oct 2003 16:25:21 -0300
Subject: [SECURITY-L] Finalmente saiu o tao esperado Mandrake 9.2
Message-ID: <20031014192515.GH7922@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: Finalmente saiu o tXo esperado Mandrake 9.2 (f
To: security em unicamp.br
Date: Tue, 14 Oct 2003 13:43:48 -0300 (ART)

Finalmente saiu o tão esperado Mandrake 9.2 (fivestar)

Em primeira mão segue "Acabou de sair o Mandrake 9.2,
site congestionado e tudo mais".
Features:
http://www.mandrakelinux.com/en/9.2/features/
New Packs: http://www.mandrakesoft.com/products/92/
Download: http://www.mandrakelinux.com/en/ftp.php3
Novidades: Kernel 2.4.22 (a Linux 2.6.0pre kernel is
also provided in contribs)
XFree86 4.3, Glibc 2.3.2, GCC 3.3.1
Apache 2.0.43, Samba 2.2.8a, MySQL 4.0.15, ProFTPD
1.2.8, Postfix 2.0.13, OpenSSH 3.6.1p2 KDE 3.1.3,
GNOME 2.4.0, IceWM 1.2.13, WindowMaker 0.80.2,
Enlightenment 0.16.5, Blackbox 0.65.0
OpenOffice.org 1.1, KOffice 1.3.0 Mozilla 1.4, The
GIMP 1.2.5, XMMS 1.2.7

Pacotes:
http://www.mandrakelinux.com/en/9.2/features/15.php3
Infelizmente ISOS soh no fim de outubro


----- End forwarded message -----


From security em unicamp.br  Tue Oct 14 16:27:28 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Tue, 14 Oct 2003 16:27:28 -0300
Subject: [SECURITY-L] Software de mensagem instantanea e' novo alvo de
	hackers
Message-ID: <20031014192727.GI7922@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: Software de mensagem instantXnea X novo alvo de hackers
To: security em unicamp.br
Date: Tue, 14 Oct 2003 13:48:21 -0300 (ART)

14/10/2003  - 12h22
Software de mensagem instantânea é novo alvo de
hackers
da Folha Online

http://www1.folha.uol.com.br/folha/informatica/ult124u14130.shtml

Os hackers estão explorando as falhas de segurança
existentes em navegadores de internet para
"sequestrar" contas de usuários de programas de IM
(mensagens instantâneas), alertam especialistas em
segurança.

Recentemente, quando a Microsoft decidiu fechar salas
de bate-papo por questões de segurança, a empresa
sugeriu a IM como alternativa.

Embora a empresa diga que esse método de bate-papo
seja mais seguro, os hackers já exploraram
vulnerabilidades no Internet Explorer para assumir
controle de contas de mensagens instantâneas, disse
Drew Copley, engenheiro de segurança da eEye Digital
Security, que foi quem descobriu o bug original no
browser.

Segundo Copley, a prática pode abrir computadores para
usuários desconhecidos, bem como expôr as crianças à
pornografia enviada por spammers.

Em alta

A empresa de segurança na internet Symantec disse que
essas falhas foram responsáveis por um aumento de 400%
no número de ataques a programas de IM e redes P2P
(peer-to-peer) desde 2002.

Usando aquilo que conhecem como interfaces de
programação de aplicativos (uma série de rotinas,
protocolos e ferramentas para o desenvolvimento de
aplicativos), os hackers criam vírus e cavalos de
Tróia capazes de capturar remotamente a lista de
contatos de algum usuário de IM.

Neal Hindocha, especialista em segurança da Symantec,
alertou que em poder da lista de amigos --ao invés de
procurar por endereços IP vulneráveis--, essas pragas
têm mais potencial destrutivo do que vírus como o
Codered, Slammer e Blaster, que se espalharam pela
internet

Normalmente, explica Hindocha, a vítima é induzida a
visitar um site, seja pela distribuição de um link por
programas de IM ou por e-mails em HTML, que então
automaticamente faz o download do vírus na máquina
atacada.

BugTraq

De acordo com o boletim de segurança BugTraq, já
existe --e circula pela web-- um programa capaz de
sequestrar uma conta do AIM (da AOL) uso, mudar sua
senha e enviar mensagens a todos os colegas com o link
para uma página de internet maliciosa.

Outro ataque contra usuários do AIM direciona esses
internautas a um site onde um cavalo de Tróia instala
um discador automático. Os usuários com acesso à
internet por linha discada são então conectados a
serviços de pornografia por telefone.

Segundo a empresa sul-coreana de antivírus Global
Hauri, um ataque semelhante acontece contra os
usuários do MSN Messenger, da Microsoft. Este tenta
conectar o internauta a um site pornográfico e também
se envia para os contatos na lista de IM da vítima.

Nem a Microsoft, nem a AOL comentaram o assunto.


----- End forwarded message -----


From security em unicamp.br  Wed Oct 15 09:46:34 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Wed, 15 Oct 2003 09:46:34 -0300
Subject: [SECURITY-L] CAIS-Alerta: Denial of Service no servico RPC da
	Microsoft
Message-ID: <20031015124628.GA9102@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Denial of Service no servico RPC da Microsoft
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Tue, 14 Oct 2003 17:01:10 -0300 (BRST)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS esta' repassando o Internet Security Systems Brief, "Microsoft RPC
Race Condition Denial of Service", que trata de uma falha existente no
servico RPC do Windows, que pode permitir a um atacante remoto conduzir um
ataque de negacao de servico contra hosts vulneraveis.

Esta vulnerabilidade esta' presente ate' mesmo nos sistemas atualizados
com todas as correcoes sugeridas pelo alerta do CAIS "Vulnerabilidades
múltiplas no serviço RPCSS (824146)", disponivel em:

	http://www.rnp.br/cais/alertas/2003/MS03-039.html

O CAIS ja' tomou conhecimento da existencia de um codigo malicioso que
explora essa vulnerabilidade. Segue abaixo a assinatura MD5 do referido
codigo malicioso:

	27a94d87f8337a722d1563d34802b379  rpc3.zip

	. conteudo do arquivo rpc3.zip:

	794eb220b9c3fc6775b08dd9425c24b0  bshell2
	03153221293aa3465b5009d9f7dd60a0  rpc3.exe
	ecd9669142d9333fe41ed52fdbdecff6  rpcdcom3.c

Sistemas afetados

	. Microsoft Windows 2000
	. Microsoft Windows XP

Identificador CVE: CAN-2003-0813
                   (http://cve.mitre.org)

Maiores informacoes podem ser obtidas atraves da seguinte url:

	http://xforce.iss.net/xforce/alerts/id/155

O CAIS relembra aos administradores e usuarios a necessidade de manterem
seus sistemas e aplicativos sempre atualizados, de acordo com as
informacoes e correcoes disponibilizadas pelos respectivos fabricantes.
Vale ressaltar a importancia de manter um anti-virus instalado e
atualizado.

Finalmente, como a questao tratada neste alerta ainda nao possui solucao
conhecida, o CAIS estara acompanhando o desenrolar do assunto, mantendo-os
informados a respeito.


Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

Internet Security Systems Security Brief
October 14, 2003

Microsoft RPC Race Condition Denial of Service

Synopsis:

ISS X-Force has discovered a flaw in the Microsoft RPC service during a
routine audit that may allow remote attackers to trigger a Denial of
Service (DoS) condition on vulnerable hosts. This vulnerability exists in
the most current patch-levels of the Windows operating systems, including
computers patched against the issues described in Microsoft Security
Bulletin MS03-039. This vulnerability has been reported by various sources
as a new exploit vector against the vulnerability disclosed in MS03-039.
This assessment is incorrect. The vulnerability described in this Advisory
manifests as a result of a separate multi-threaded race condition when
processing incoming RPC requests.

Impact:

X-Force has demonstrated that a DoS vulnerability exists by exploiting the
race condition. Attackers can take advantage of this vulnerability by
crashing the Microsoft RPC service, and/or forcing vulnerable systems to
reboot. X-Force has not demonstrated that this vulnerability can be used
to execute arbitrary code or to compromise a vulnerable system.
Significant  barriers exist which may prevent reliable exploitation
outside of controlled lab conditions.

Affected Versions:

Microsoft Windows 2000
Microsoft Windows XP

For the complete ISS X-Force Security Advisory, please visit:
http://xforce.iss.net/xforce/alerts/id/155

______

About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.

Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved
worldwide.

Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce em iss.net for
permission.

Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key
server,
as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
xforce em iss.net of Internet Security Systems, Inc.



-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP4xWGukli63F4U8VAQF4DgP7BMF6Up7/gudorDZa1z3dFfnJAQjST9X8
J5YmjOkvBB+Jbw69Yf6HBPe/ra1Km4WrsWl4JduQHyFXLRr1ZFEUs2t0JPbNPGiO
qh0+jVBmjIqMAqBUW0WSH5B65sf7WJPMLJtJ98lYHZnVnp3hA7+m7moO2/v9sgZZ
Oe+WjUnmWG0=
=tItc
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Wed Oct 15 16:16:53 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Wed, 15 Oct 2003 16:16:53 -0300
Subject: [SECURITY-L] Boletins de noticias
Message-ID: <20031015191652.GD9102@unicamp.br>

Srs. Usuarios,

Atualizamos o site da Equipe de Seguranca em Sistemas e
redes da Unicamp com os seguintes boletins de noticia e/ou
revistas eletronicas:


06/10/2003
----------
Módulo Security News no. 312
Fonte: Módulo Security Solutions S/A 
http://www.security.unicamp.br/docs/informativos/2003/10/b2.txt


08/10/2003
----------
SANS NewsBites Vol. 5 Num. 40 
Fonte: SANS Institute 
http://www.security.unicamp.br/docs/informativos/2003/09/b3.txt


09/10/2003
----------
SANS Critical Vulnerability Analysis Vol 2 No 39 
Fonte: SANS Institute
http://www.security.unicamp.br/docs/informativos/2003/10/b4.txt


13/10/2003
----------
Módulo Security News no. 313
Fonte: Módulo Security Solutions S/A 
http://www.security.unicamp.br/docs/informativos/2003/10/b5.txt


15/10/2003
----------
SANS NewsBites Vol. 5 Num. 41 
Fonte: SANS Institute 
http://www.security.unicamp.br/docs/informativos/2003/09/b6.txt


--
Equipe de Seguranca em Sistemas e Redes
Unicamp - Universidade Estadual de Campinas
mailto:security em unicamp.br
http://www.security.unicamp.br      


From security em unicamp.br  Mon Oct 20 11:23:45 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 20 Oct 2003 11:23:45 -0200
Subject: [SECURITY-L] Vulnerabilidades de seguranca
Message-ID: <20031020132345.GA369@unicamp.br>

Srs. Usuarios,

Atualizamos o site da Equipe de Seguranca em Sistemas e Redes
da Unicamp com os seguintes boletins de vulnerabilidades:


09/10/2003
----------


Red Hat Security Advisory (RHSA-2003:281-01)
Assunto: Updated MySQL packages fix vulnerability
http://www.security.unicamp.br/docs/bugs/2003/10/v34.txt 


NetBSD Security Advisory (2003-015)
Assunto: Remote and local vulnerabilities in XFree86 font libraries
http://www.security.unicamp.br/docs/bugs/2003/10/v35.txt 


NetBSD Security Advisory (2003-016)
Assunto: Sendmail - another prescan() bug CAN-2003-0694
http://www.security.unicamp.br/docs/bugs/2003/10/v36.txt 


NetBSD Security Advisory (2003-017)
Assunto: OpenSSL multiple vulnerabilities
http://www.security.unicamp.br/docs/bugs/2003/10/v37.txt 


Mandrake Linux Security Update Advisory (MDKSA-2003:099)
Assunto: Vulnerabilidades de Seguranca no pacote sane
http://www.security.unicamp.br/docs/bugs/2003/10/v38.txt 


11/10/2003
----------

Debian Security Advisory (DSA 394-1)
Assunto: ASN.1 parsing vulnerability
http://www.security.unicamp.br/docs/bugs/2003/10/v39.txt 


14/10/2003
----------

CAIS
Assunto: CAIS-Alerta: Denial of Service no servico RPC da Microsoft
http://www.security.unicamp.br/docs/bugs/2003/10/v40.txt 


Anuncio de Seguranca do Conectiva Linux (CLA-2003:762)
Assunto: Corre\xe7\xe3o para vulnerabilidade local e hor\xe1rio brasileiro de ver\xe3o 2003
http://www.security.unicamp.br/docs/bugs/2003/10/v41.txt 


Anuncio de Seguranca do Conectiva Linux (CLA-2003:763)
Assunto:  Hor\xe1rio brasileiro de ver\xe3o 2003/2004
http://www.security.unicamp.br/docs/bugs/2003/10/v42.txt 


Debian Security Advisory (DSA 395-1)
Assunto: incorrect input handling in tomcat4
http://www.security.unicamp.br/docs/bugs/2003/10/v43.txt 


--
Equipe de Seguranca em Sistemas e Redes
Unicamp - Universidade Estadual de Campinas
Mailto:security em unicamp.br
http://www.security.unicamp.br    


From security em unicamp.br  Mon Oct 20 13:36:42 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 20 Oct 2003 13:36:42 -0200
Subject: [SECURITY-L] CAIS-Alerta: Alteracoes no Procedimento de Divulgacao
	de Alertas da Microsoft
Message-ID: <20031020153641.GB611@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Alteracoes no Procedimento de Divulgacao de Alertas da
 Microsoft
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 15 Oct 2003 16:10:55 -0300 (BRST)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS traz ao conhecimento de todos o fato de que a Microsoft esta'
alterando o procedimento de divulgacao de seus alertas de seguranca.

Assim, a partir de outubro de 2003, os alertas de seguranca da Microsoft
deverao ser divulgados em uma unica data, na segunda terca-feira de cada
mes, proximo ao horario de 10 AM PST (Pacific Standard Time).
Excepcionalmente, os alertas referentes ao mes de outubro estao sendo
divulgados hoje, uma quarta-feira.

Os casos criticos constituirao as excecoes a regra estabelecida e poderao
motivar a divulgacao de um alerta fora da data planejada.

Segundo a Microsoft, estas mudancas baseiam-se nos dados obtidos com seus
clientes, a grande maioria descontente com o processo anterior de
divulgacao semanal dos alertas.

Alem disto, o formato de divulgacao dos alertas tambem sofreu alteracoes e
incorporou novas informacoes, sendo algumas de teor mais tecnico e outras
com o objetivo de auxiliar as tarefas de instalacao e gerenciamento das
correcoes aplicadas.

Maiores informacoes sobre este assunto podem ser obtidas no seguinte White
Paper divulgado pela Microsoft:

"Revamping the Security Bulletin Release Process"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/revsbwp.asp

O CAIS informa que continuara' repassando os alertas de seguranca da
Microsoft como tem feito ate' o presente momento, ou seja, incluindo um
resumo em portugues com as principais informacoes do alerta original.


Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################



-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP42bx+kli63F4U8VAQHWiwP/ZluNPSEAUhzyiADPfz2uCXqwuXsXsT9P
wxkh8UWTBJ1R//5oJY6DCRZfIl10aNBd5hYVDcCHFmB3/PndV30JOGLsdkd0pfmN
9uvOyeEKUOW3OmoPDqhy3lndFsQv4iJj18hHDArrcOELItjDK0dNBhkOsrNgmIdv
NHsqSDChDz4=
=hKc8
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Mon Oct 20 13:36:58 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 20 Oct 2003 13:36:58 -0200
Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft Authenticode
	(823182)
Message-ID: <20031020153658.GC611@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade no Microsoft Authenticode (823182)
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 15 Oct 2003 16:11:19 -0300 (BRST)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS esta' repassando o alerta divulgado pela Microsoft, "Microsoft
Security Bulletin MS03-041: Vulnerability in Authenticode Verification
Could Allow Remote Code Execution (823182)", que trata da identificacao de
uma vulnerabilidade no Authenticode que pode ser explorada remotamente
permitindo a um atacante a execucao de codigo arbitrario.

O Authenticode e' o sistema que permite ao usuario autorizar ou nao a
instalacao de componentes ActiveX presentes em uma pagina web. Em certas
condicoes onde o sistema esta' com pouca memoria livre, a vulnerabilidade
descrita causa a instalacao do componente sem que seja pedida autorizacao
ao usuario. Isto pode causar a execucao de codigo malicioso com os
privilegios do usuario que acessa a pagina.


Sistemas Afetados:

	. Microsoft Windows NT Workstation 4.0, Service Pack 6a
	. Microsoft Windows NT Server 4.0, Service Pack 6a
	. Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
	. Microsoft Windows 2000, Service Pack 2
	. Microsoft Windows 2000, Service Pack 3, Service Pack 4
	. Microsoft Windows XP Gold, Service Pack 1
	. Microsoft Windows XP 64-bit Edition
	. Microsoft Windows XP 64-bit Edition Version 2003
	. Microsoft Windows Server 2003
	. Microsoft Windows Server 2003 64-bit Edition

Sistemas nao Afetados:

	. Microsoft Windows Millennium Edition


Correções disponíveis:

A correção consiste na aplicação do patch recomendado pela Microsoft e
disponível em:


. Microsoft Windows NT Workstation 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=921466F5-BC40-4E8E-BB57-6B81B57C21B6&displaylang=en

. Microsoft Windows NT Server 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=21F64FF0-9175-42BE-A8E4-BDC59A98BDF2&displaylang=en

. Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=C6688576-4682-4A30-BBD7-1817F2944890&displaylang=en

. Microsoft Windows 2000, Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=C862E049-58B2-4486-8D98-23183D7EE17D&displaylang=en

. Microsoft Windows 2000, Service Pack 3, Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=90D27AEC-7D2A-45FD-B85A-E98E574338F1&displaylang=en

. Microsoft Windows XP Gold, Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=6CDF5303-D767-4D68-9BA7-055E93E87847&displaylang=en

. Microsoft Windows XP 64-bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=D92EF2E8-C03A-43C0-B428-D76C4B669151&displaylang=en

. Microsoft Windows XP 64-bit Edition Version 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11&displaylang=en

. Microsoft Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=135D8C00-7B4B-4C21-8EAA-D58814635E0D&displaylang=en

. Microsoft Windows Server 2003 64-bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11&displaylang=en



Maiores informações:

http://www.microsoft.com/technet/security/bulletin/ms03-041.asp


Identificadores do CVE: CAN-2003-0660, (http://cve.mitre.org)


O CAIS recomenda aos administradores de plataformas Microsoft que
mantenham seus sistemas e aplicativos sempre atualizados.


Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

Title: Vulnerability in Authenticode Verification Could Allow Remote
Code Execution (823182)

Date: October 15, 2003

Software: Microsoft Windows NT Workstation 4.0, Service Pack 6a;
Microsoft Windows NT Server 4.0, Service Pack 6a; Microsoft Windows
NT Server 4.0, Terminal Server Edition, Service Pack 6; Microsoft
Windows 2000, Service Pack 2; Microsoft Windows 2000, Service Pack 3,
Service Pack 4; Microsoft Windows XP Gold, Service Pack 1; Microsoft
Windows XP 64-bit Edition; Microsoft Windows XP 64-bit Edition
Version 2003; Microsoft Windows Server 2003; Microsoft Windows Server
2003 64-bit Edition

Impact: Remote Code Execution

Maximum Severity Rating: Critical

Bulletin: MS03-041

The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-041

What Is It?
The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-044 which concerns a vulnerability in the
above listed versions of Windows.  Customers are advised to review
the information in the bulletin, test and deploy the patch
immediately in their environments, if applicable.

More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-041.asp

If you have any questions regarding the patch or its implementation
after reading the above listed bulletin you should contact Product
Support Services in the United States at 1-866-PCSafety
(1-866-727-2338).  International customers should contact their local
subsidiary.


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP42b3ekli63F4U8VAQHkGQP9Ea+BjzzEz38q3fgCXv/gvDWN9eCA7opu
uiM18hNu16sM/efH3WQRrvFhJ3LZ1qmuEKoxTNopYQbdesdGThoMiaGGCTPl+uVZ
jrILysmnYY/YYUWvqV6aPHvwkYxMVpxVNuG68d5KX4RK4NlSvBe5tjC0tF2uXxU2
c/iMv1k/Mf4=
=Cm0H
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Mon Oct 20 13:37:17 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 20 Oct 2003 13:37:17 -0200
Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Windows Troubleshooter
	(826232)
Message-ID: <20031020153717.GD611@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade no Windows Troubleshooter (826232)
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 15 Oct 2003 16:11:39 -0300 (BRST)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS esta' repassando o alerta divulgado pela Microsoft, "Microsoft
Security Bulletin MS03-042: Buffer Overflow in Windows Troubleshooter
ActiveX Control Could Allow Code Execution (826232)", que trata da
identificacao de uma vulnerabilidade no controle ActiveX Windows
Troubleshooter que pode permitir a um atacante remoto a execucao de codigo
arbitrario.

O controle ActiveX (Tshoot.ocx) Windows Troubleshooter (auxiliador de
solucao de problemas) possui uma falha ao validar parametros em algumas
circunstancias.


Sistemas Afetados:

	. Microsoft Windows 2000, Service Pack 2
	. Microsoft Windows 2000, Service Pack 3, Service Pack 4

Sistemas nao Afetados:

	. Microsoft Windows NT 4.0
	. Microsoft Windows NT Server 4.0, Terminal Server Edition
	. Microsoft Windows Millennium Edition
	. Microsoft Windows XP
	. Microsoft Windows Server 2003


Correções disponíveis:

A correção consiste na aplicação do patch recomendado pela Microsoft e
disponível em:


. Microsoft Windows 2000, Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=FC1FD84B-B3A4-43F5-804B-A2608EC56163&displaylang=en

. Microsoft Windows 2000, Service Pack 3, Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=48D16574-9B17-463B-A5D2-D75BA5128EF9&displaylang=en


Maiores informações:

http://www.microsoft.com/technet/security/bulletin/ms03-042.asp

Identificadores do CVE: CAN-2003-0661, (http://cve.mitre.org)


O CAIS recomenda aos administradores de plataformas Microsoft que
mantenham seus sistemas e aplicativos sempre atualizados.


Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

Title: Buffer Overflow in Windows Troubleshooter ActiveX Control
Could Allow Code Execution (826232)

Date: October 15, 2003

Software:
Microsoft Windows 2000, Service Pack 2
Microsoft Windows 2000, Service Pack 3, Service Pack 4

Impact: Remote Code Execution.

Maximum Severity Rating: CRITICAL

Bulletin: MS03-042

The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-042

What Is It?
The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-037 which concerns a vulnerability in products
listed above.  Customers are advised to review the information in the
bulletin, test and deploy the patch immediately in their
environments, if applicable.

More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-042.asp
If you have any questions regarding the patch or its implementation
after reading the above listed bulletin you should contact Product
Support Services in the United States at 1-866-PCSafety
(1-866-727-2338).  International customers should contact their local
subsidiary.


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP42b8ekli63F4U8VAQGd9wP7By3xdfv4e5d7QPGsc0MitLhjS+KRDooo
eyk4wlemjeCfORdXr4mrSmoG7adfUG3T0uvlsbsIGA0omB/1FNYQdSkMYbVfZupB
EiNkuOnL4zancuvqE9Yo0LpBuI9/wyC4QTazLY7LvT3imLLvBtUY3LEsfaABxmAh
DDPyjaQAcvg=
=xg1Z
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Mon Oct 20 13:38:34 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 20 Oct 2003 13:38:34 -0200
Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft ListBox e
	ComboBox Control (824141)
Message-ID: <20031020153833.GG611@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade no Microsoft ListBox e ComboBox Control
 (824141)
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 15 Oct 2003 16:13:02 -0300 (BRST)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS esta' repassando o alerta divulgado pela Microsoft, "Microsoft
Security Bulletin MS03-045: Buffer Overrun in the ListBox and in the
ComboBox Control Could Allow Code Execution (824141)", que trata da
identificacao de uma vulnerabilidade nos controles ListBox e ComboBox que
pode ser explorada remotamente permitindo a um atacante local a execucao
de codigo arbitrario.

A vulnerabilidade existe nos controles ListBox e ComboBox, pois ambos
utilizam uma funcao que esta' localizada no arquivo User32.dll e que
contem um buffer overrun.


Sistemas Afetados:

	. Microsoft Windows NT Workstation 4.0, Service Pack 6a
	. Microsoft Windows NT Server 4.0, Service Pack 6a
	. Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
	. Microsoft Windows 2000, Service Pack 2
	. Microsoft Windows 2000 Service Pack 3, Service Pack 4
	. Microsoft Windows XP Gold, Service Pack 1
	. Microsoft Windows XP 64 bit Edition
	. Microsoft Windows XP 64 bit Edition Version 2003
	. Microsoft Windows Server 2003
	. Microsoft Windows Server 2003 64 bit Edition


Siatemas nao Afetados:

	. Microsoft Windows Millennium Edition


Correções disponíveis:

A correção consiste na aplicação do patch recomendado pela Microsoft e
disponível em:

. Microsoft Windows NT Workstation 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=5EA88ABE-8D53-4E25-959C-E80EB5FD7A91&displaylang=en

. Microsoft Windows NT Server 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=F3E87075-AAE5-49F4-9D37-24A116296188&displaylang=en

. Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=0ADC8D90-2355-49A0-976B-57281B4521C1&displaylang=en

. Microsoft Windows 2000, Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=01358EAC-F1C5-4CB7-BE3D-64459F4AD3FD&displaylang=en

. Microsoft Windows 2000 Service Pack 3, Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=379F234D-CE7E-4897-8D29-0764997F1E42&displaylang=en

. Microsoft Windows XP Gold, Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=ABC764AC-5B7B-4B99-BF3E-F57352E4C507&displaylang=en

. Microsoft Windows XP 64 bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=3E7B03BF-2231-4069-B76F-0BD69CF6E1D9&displaylang=en

. Microsoft Windows XP 64 bit Edition Version 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=E4BD7C05-EA0E-49C7-9BDD-ABB496CA87CA&displaylang=en

. Microsoft Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=02F97DE4-29DF-4D33-A33B-E7630349E69E&displaylang=en

. Microsoft Windows Server 2003 64 bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=E4BD7C05-EA0E-49C7-9BDD-ABB496CA87CA&displaylang=en



Maiores informações:

http://www.microsoft.com/technet/security/bulletin/ms03-045.asp

Identificadores do CVE: CAN-2003-0659, (http://cve.mitre.org)


O CAIS recomenda aos administradores de plataformas Microsoft que
mantenham seus sistemas e aplicativos sempre atualizados.


Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

Title: Buffer Overrun in the ListBox and in the ComboBox Control
Could Allow Code Execution (824141)

Date: October 15, 2003

Software: Microsoft Windows NT Workstation 4.0, Service Pack 6a; Microsoft
Windows NT Server 4.0, Service Pack 6a; Microsoft Windows NT Server 4.0,
Terminal Server Edition, Service Pack 6; Microsoft Windows 2000, Service
Pack 2; Microsoft Windows 2000 Service Pack 3, Service Pack 4; Microsoft
Windows XP Gold, Service Pack 1; Microsoft Windows XP 64 bit Edition;
Microsoft Windows XP 64 bit Edition Version 2003;  Microsoft Windows
Server 2003; Microsoft Windows Server 2003 64 bit Edition;

Impact: Local Elevation of Privilege

Maximum Severity Rating: Important

Bulletin: MS03-045

The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-045

What Is It?
The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-045 which concerns a vulnerability in the
above listed versions of Windows.  Customers are advised to review
the information in the bulletin, test and deploy the patch
immediately in their environments, if applicable.

More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-045.asp

If you have any questions regarding this alert please contact your
Technical Account Manager or Application Development Consultant.


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP42cS+kli63F4U8VAQHiNAP9Fv88Tpt0Iy2Ja2X4AupgsfshJdnD7cgh
5VUOJo+Z3IL4hQBiLpCE+J0I897jg8dn5r56IcgCBuH8bkh81hsK4+Ct6W/5H3l7
3sawgFtrowgnPEm/QQLvR5/plT8ioRxqpwU2VnekelqjQg5ZddilZnQZzzOQAZaZ
6IVhaILHUvU=
=w+rD
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Mon Oct 20 13:38:53 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 20 Oct 2003 13:38:53 -0200
Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Exchange Server
	(829436)
Message-ID: <20031020153853.GH611@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade no Exchange Server (829436)
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 15 Oct 2003 16:13:59 -0300 (BRST)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS esta' repassando o alerta divulgado pela Microsoft, "Microsoft
Security Bulletin MS03-046: Vulnerability in Exchange Server Could Allow
Arbitrary Code Execution (829436)", que trata da identificacao de uma
vulnerabilidade no Exchange Server que pode ser explorada remotamente
permitindo a um atacante a execucao de codigo arbitrario.

Uma vulnerabilidade no servico de Internet Mail do Exchange Server permite
que um atacante conecte na porta SMTP do servidor, e execute um comando
"verb" preparado de maneira especial, causando um consumo excessivo de
memoria. No Exchange Server 5.5 este comando causa a interrupcao do
servico pela falta de memoria. No Exchange Server 2000 o comando pode
causar o mesmo efeito de negacao de servico acima, mas se for construido
da maneira correta, o comando pode causar a execucao de codigo arbitrario
com os privilegios do usuario que executa o Exchange Server, normalmente
"Administrator".

Sistemas Afetados:

	. Microsoft Exchange Server 5.5, Service Pack 4
	. Microsoft Exchange 2000 Server, Service Pack 3


Sistemas nao Afetados:

	. Microsoft Exchange Server 2003


Correções disponíveis:

A correção consiste na aplicação do patch recomendado pela Microsoft e
disponível em:

. Microsoft Exchange Server 5.5, Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=A9E872EA-54B0-4179-8AE9-5648BFB46459&displaylang=en

. Microsoft Exchange 2000 Server, Service Pack 3
http://www.microsoft.com/downloads/details.aspx?FamilyId=7BAF5394-1B4E-4937-A570-9F232AE49F01&displaylang=en

Para aplicar este patch, é necessario que o Exchange Server 5.5 esteja
atualizado com o Service Pack 4. O pacote pode ser encontrado em:

. http://www.microsoft.com/exchange/downloads/55/sp4.asp


Maiores informações:

http://www.microsoft.com/technet/security/bulletin/ms03-046.asp

Identificadores do CVE: CAN-2003-0714, (http://cve.mitre.org)


O CAIS recomenda aos administradores de plataformas Microsoft que
mantenham seus sistemas e aplicativos sempre atualizados.


Atenciosamente,

################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

Title: Vulnerability in Exchange Server Could Allow Arbitrary Code
Execution (829436)

Date: October 15, 2003

Software: Microsoft Exchange Server 5.5, Service Pack 4; Microsoft
Exchange 2000 Server, Service Pack 3

Impact: Remote Code Execution

Maximum Severity Rating: Critical

Bulletin: MS03-046

The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-046

What Is It?
The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-046 which concerns a vulnerability in the
versions of Microsoft Exchange Server listed above.  Customers are
advised to review the information in the bulletin, test and deploy
the patch immediately in their environments, if applicable.

More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-046.asp

If you have any questions regarding this alert please contact your
Technical Account Manager or Application Development Consultant.


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP42cfekli63F4U8VAQEg4AQAlM7cYmd4hXelg7FK0aFLmeFKIQePIxzH
gWT+lcnq6SM5EVZcMdPQ6q6nZxs4/kqtJ1h/G/I68QS2iiE6Qpu6Dl6iT5EjxIks
YtYQqf7dhOyhRZA9e6GN7ow0rHxKc0sIoHtJvxoqZWqjRsUd/i9Vf+3hY7SXRz6G
sC2xyIfn8rk=
=ERd5
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Mon Oct 20 13:37:44 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 20 Oct 2003 13:37:44 -0200
Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft Messenger
	Service (828035)
Message-ID: <20031020153744.GE611@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade no Microsoft Messenger Service (828035)
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 15 Oct 2003 16:12:03 -0300 (BRST)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS esta' repassando o alerta divulgado pela Microsoft, "Microsoft
Security Bulletin MS03-043: Buffer Overrun in Messenger Service Could
Allow Code Execution (828035)", que trata da identificacao de uma
vulnerabilidade no Messenger Service que pode permitir a um atacante
remoto a execucao de codigo arbitrario com privilegios Local System ou
mesmo resultar na interrupcao do servico Messenger.

O servico Messenger e' um servico Windows que transmite mensagens "net
send" e mensagens que sao enviadas atraves do servico Alerter entre
computadores clientes e servidores.


Sistemas Afetados:

	. Microsoft Windows NT Workstation 4.0, Service Pack 6a
	. Microsoft Windows NT Server 4.0, Service Pack 6a
	. Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
	. Microsoft Windows 2000, Service Pack 2
	. Microsoft Windows 2000, Service Pack 3, Service Pack 4
	. Microsoft Windows XP Gold, Service Pack 1
	. Microsoft Windows XP 64-bit Edition
	. Microsoft Windows XP 64-bit Edition Version 2003
	. Microsoft Windows Server 2003
	. Microsoft Windows Server 2003 64-bit Edition


Sistemas nao Afetados:

	. Microsoft Windows Millennium Edition


Correções disponíveis:

A correção consiste na aplicação do patch recomendado pela Microsoft e
disponível em:

. Microsoft Windows NT Workstation 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=7597FCF4-6615-4074-9E46-A17D808ED38D&displaylang=en

. Microsoft Windows NT Server 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=B1949456-996A-485A-9A28-79FD79F26A1B&displaylang=en

. Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=64AB4B66-1A6E-4264-93A8-26CDB98B05A8&displaylang=en

. Microsoft Windows 2000, Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=A0061377-1683-4C13-9527-5534F6C7CF85&displaylang=en

. Microsoft Windows 2000, Service Pack 3, Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=99F1B40D-906A-4945-A021-4B494CCCBDE0&displaylang=en

. Microsoft Windows XP Gold, Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=F02DA309-4B0A-4438-A0B9-5B67414C3833&displaylang=en

. Microsoft Windows XP 64-bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=2BE95254-4C65-4CA5-80A5-55FDF5AA2296&displaylang=en

. Microsoft Windows XP 64-bit Edition Version 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B990946-84C8-4C91-899C-5A44EC13174E&displaylang=en

. Microsoft Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=1DF106F3-7EC4-4EB0-9143-C1E3C9E2F5F8&displaylang=en

. Microsoft Windows Server 2003 64-bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B990946-84C8-4C91-899C-5A44EC13174E&displaylang=en



Maiores informações:

http://www.microsoft.com/technet/security/bulletin/ms03-043.asp

Identificadores do CVE: CAN-2003-0717, (http://cve.mitre.org)


O CAIS recomenda aos administradores de plataformas Microsoft que
mantenham seus sistemas e aplicativos sempre atualizados.


Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

Title: Buffer Overrun in Messenger Service Could Allow Code Execution
(828035)

Date: October 15, 2003

Software:
Microsoft Windows NT Server 4.0
Microsoft Windows NT 4.0 Workstation
Microsoft Windows NT Server 4.0, Terminal Server Edition
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003

Impact: Allow attacker to execute arbitrary code.

Maximum Severity Rating: CRITICAL

Bulletin: MS03-043

The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-043

What Is It?
The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-043 which concerns a vulnerability in products
listed above.  Customers are advised to review the information in the
bulletin, test and deploy the patch immediately in their
environments, if applicable.

More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-043.asp

If you have any questions regarding the patch or its implementation
after reading the above listed bulletin you should contact Product
Support Services in the United States at 1-866-PCSafety
(1-866-727-2338).  International customers should contact their local
subsidiary.

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP42cC+kli63F4U8VAQHw6QQAosukC4K7UBFa6AHvkZOkzhm0YoLwSaew
itSlP9b2kQgTQHSpeDKgmtmVqM7BnyiJ1J730n6YRBpNFNAkLmMna9SD279PyV/K
BFu5IchKJb3xCUAcZefhqAjlh+ItIBtrmZqMd0VXfGojvJL8piVr9cDXOg384G2q
lHrl/TEjFc8=
=oJfp
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Mon Oct 20 13:38:10 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 20 Oct 2003 13:38:10 -0200
Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Windows Help e Support
	Center (825119)
Message-ID: <20031020153805.GF611@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade no Windows Help e Support Center (825119)
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 15 Oct 2003 16:12:32 -0300 (BRST)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS esta' repassando o alerta divulgado pela Microsoft, "Microsoft
Security Bulletin MS03-044: Buffer Overrun in Windows Help and Support
Center Could Lead to System Compromise (825119)", que trata da
identificacao de uma vulnerabilidade no Windows Help e Support Center que
pode permitir a um atacante remoto a execucao de codigo arbitrario.


Sistemas Afetados:

	. Microsoft Windows Millennium Edition
	. Microsoft Windows NT Workstation 4.0, Service Pack 6a
	. Microsoft Windows NT Server 4.0, Service Pack 6a
	. Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
	. Microsoft Windows 2000, Service Pack 2
	. Microsoft Windows 2000, Service Pack 3, Service Pack 4
	. Microsoft Windows XP Gold, Service Pack 1
	. Microsoft Windows XP 64-bit Edition
	. Microsoft Windows XP 64-bit Edition Version 2003
	. Microsoft Windows Server 2003
	. Microsoft Windows Server 2003 64-bit Edition


Correções disponíveis:

A correção consiste na aplicação do patch recomendado pela Microsoft e
disponível em:

. Microsoft Windows Millennium Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=7D6F4228-0E31-4F46-9795-5CDD566BB3B8&displaylang=en

. Microsoft Windows NT Workstation 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=88BCDC9A-E370-47D8-B818-4E659C7F95AE&displaylang=en

. Microsoft Windows NT Server 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=735602AC-BA6E-40D4-8A20-3441F02A25CB&displaylang=en

. Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=5C16FFAB-9CE7-4444-9AA5-BC6ABE3FD479&displaylang=en

. Microsoft Windows 2000, Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=62B23A0C-67F0-4F11-A95E-E4FB080A63C6&displaylang=en

. Microsoft Windows 2000, Service Pack 3, Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=C2AB63FD-35CA-4D33-9F8C-8BF5DE2D1117&displaylang=en

. Microsoft Windows XP Gold, Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=84317458-0BEB-4B2C-A095-66CA09DFDAC6&displaylang=en

. Microsoft Windows XP 64-bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=97F4868A-5E41-4657-B9FC-7EA13954B982&displaylang=en

. Microsoft Windows XP 64-bit Edition Version 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B990946-84C8-4C91-899C-5A44EC13174E&displaylang=en

. Microsoft Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=40F25862-A815-4674-9175-E3640E3EFD49&displaylang=en

. Microsoft Windows Server 2003 64-bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B990946-84C8-4C91-899C-5A44EC13174E&displaylang=en



Maiores informações:

http://www.microsoft.com/technet/security/bulletin/ms03-044.asp

Identificadores do CVE: CAN-2003-0711, (http://cve.mitre.org)


O CAIS recomenda aos administradores de plataformas Microsoft que
mantenham seus sistemas e aplicativos sempre atualizados.


Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

Title: Buffer Overrun in Windows Help and Support Center Could Lead
to System Compromise (825119)

Date: October 15, 2003

Software: Microsoft Windows Millennium Edition; Microsoft Windows NT
Workstation 4.0, Service Pack 6a; Microsoft Windows NT Server 4.0, Service
Pack 6a; Microsoft Windows NT Server 4.0, Terminal Server Edition, Service
Pack 6; Microsoft Windows 2000, Service Pack 2; Microsoft Windows 2000,
Service Pack 3, Service Pack 4; Microsoft Windows XP Gold, Service Pack 1;
Microsoft Windows XP 64-bit Edition; Microsoft Windows XP 64-bit Edition
Version 2003; Microsoft Windows Server 2003; Microsoft Windows Server 2003
64-bit Edition

Impact: Remote Code Execution

Maximum Severity Rating: Critical

Bulletin: MS03-044

The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-044

What Is It?
The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-044 which concerns a vulnerability in the
above listed versions of Windows.  Customers are advised to review
the information in the bulletin, test and deploy the patch
immediately in their environments, if applicable.

More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-044.asp

If you have any questions regarding this alert please contact your
Technical Account Manager or Application Development Consultant.


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP42cJukli63F4U8VAQFHHQP/R1dwwJdNVV1eIHslhdjLnk8ZHwtI/E6E
Kanfo9ePWadBFKY6BLb+pJ/5TtrJUKEmvEio9Y7ANWJF6+uLfsFsL1FntOKzqGim
R8M6Or5ENne+B7sCeSf3wotuFD+B1fHaQ6OPWen+47YeFUf6fEvPCBzFxjClab4D
gFxmlHnONxQ=
=rl8v
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Mon Oct 20 13:39:15 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 20 Oct 2003 13:39:15 -0200
Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Exchange Server 5.5
	Outlook Web Access (828489)
Message-ID: <20031020153915.GI611@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade no Exchange Server 5.5 Outlook Web
 Access (828489)
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 15 Oct 2003 16:14:29 -0300 (BRST)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS esta' repassando o alerta divulgado pela Microsoft, "Microsoft
Security Bulletin MS03-047: Vulnerability in Exchange Server 5.5 Outlook
Web Access Could Allow Cross-Site Scripting Attack (828489)", que trata da
identificacao de uma vulnerabilidade de cross-site scripting no componente
Outlook Web Access, que pode ser explorada remotamente permitindo a um
atacante a execucao de codigo arbitrario. Esta vulnerabilidade que afeta o
Exchange Server 5.5 e' diferente da reportada no alerta MS03-046.

A vulnerabilidade so' pode ser explorada se o atacante enviar um e-mail
com um link formatado de uma maneira especial, induzindo o usuario a
clica-lo. Outra forma seria criar um web site com o link acima, e induzir
o usuario a acessar o site e clicar no link. O ataque so' sera bem
sucedido se o usuario, no momento que acessar o link, estiver logado no
servidor Exchange usando a interface web do Outlook.


Sistemas Afetados:

	. Microsoft Exchange Server 5.5, Service Pack 4


Sistemas nao Afetados:

	. Microsoft Exchange 2000 Server
	. Microsoft Exchange Server 2003



Correções disponíveis:

A correção consiste na aplicação do patch recomendado pela Microsoft e
disponível em:

. Microsoft Exchange Server 5.5, Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=C516FE75-95CE-4FFF-B83D-9B170FCD0C1C&displaylang=en

Para aplicar este patch, é necessario que o Exchange Server 5.5 esteja
atualizado com o Service Pack 4. O pacote pode ser encontrado em:

. http://www.microsoft.com/exchange/downloads/55/sp4.asp


Maiores informações:

http://www.microsoft.com/technet/security/bulletin/ms03-047.asp

Identificadores do CVE:  CAN-2003-0712, (http://cve.mitre.org)


O CAIS recomenda aos administradores de plataformas Microsoft que
mantenham seus sistemas e aplicativos sempre atualizados.


Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

Title: Vulnerability in Exchange Server 5.5 Outlook Web Access Could
Allow Cross-Site Scripting Attack (828489)

Date: October 15, 2003

Software: Microsoft Exchange Server 5.5, Service Pack 4

Impact: Remote Code Execution

Maximum Severity Rating: Moderate

Bulletin: MS03-047

The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-047

What Is It?
The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-047 which concerns a vulnerability in Exchange
Server 5.5 Outlook Web Access.  Customers are advised to review the
information in the bulletin and test and deploy the patch in their
environments, if applicable.

More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-047.asp

If you have any questions regarding this alert please contact your
Technical Account Manager or Application Development Consultant.

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP42cm+kli63F4U8VAQFTiAP/WIIWhZGPvZ25QfrwMlBE8SgOS8UWoXM3
jo8XJrBIxUK+RrnM23rXSiE9JwUQdx/pIHls1JSk/22woPyi6TA4lWxvho1GYIrs
xNr6chTieE50oYcd1CHVwZoVKwPHSTLpqSEd6Sb95B0DObuympYP0lfjpuexbzL5
5/qApBzBinc=
=v7ks
-----END PGP SIGNATURE-----


----- End forwarded message -----


From security em unicamp.br  Mon Oct 20 13:42:17 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 20 Oct 2003 13:42:17 -0200
Subject: [SECURITY-L] Opera 7.2.1
Message-ID: <20031020154216.GK611@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: Saiu o Opera 7.2.1
To: security em unicamp.br
Date: Thu, 16 Oct 2003 17:21:26 -0300 (ART)

Saiu o Opera 7.2.1

Hoje é certeza saiu o Opera Versão 7.2.1
Site:
http://www.opera.com/products/desktop/?platform=linux
Download TGZ:
http://www.opera.com/download/?platform=linux
Download BZ2:
http://www.opera.com/download/?platform=linux
Download RPM:
http://www.opera.com/download/?platform=linux
Download DEB:
http://www.opera.com/download/?platform=linux
ChangeLog: http://www.opera.com/linux/changelogs/721/


----- End forwarded message -----


From security em unicamp.br  Mon Oct 20 13:41:39 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 20 Oct 2003 13:41:39 -0200
Subject: [SECURITY-L] CERT Advisory CA-2003-27 Multiple Vulnerabilities in
	Microsoft Windows and Exchange
Message-ID: <20031020154137.GJ611@unicamp.br>

----- Forwarded message from CERT Advisory <cert-advisory em cert.org> -----

From: CERT Advisory <cert-advisory em cert.org>
Subject: CERT Advisory CA-2003-27 Multiple Vulnerabilities in Microsoft Windows and Exchange 
To: cert-advisory em cert.org
Date: Thu, 16 Oct 2003 16:01:19 -0400
Organization: CERT(R) Coordination Center - +1 412-268-7090


-----BEGIN PGP SIGNED MESSAGE-----


CERT Advisory  CA-2003-27  Multiple  Vulnerabilities in Microsoft Windows
and Exchange

   Original issue date: October 16, 2003
   Last revised: --
   Source: CERT/CC

   A complete revision history is at the end of this file.


Systems Affected

     * Multiple  versions  of  Microsoft Windows (ME, NT 4.0, NT 4.0 TSE,
       2000, XP, Server 2003)
     * Microsoft Exchange Server 5.5 and Microsoft Exchange Server 2000


Overview

   There  are multiple vulnerabilities in Microsoft Windows and Microsoft
   Exchange,  the  most  serious of which could allow remote attackers to
   execute arbitrary code.


I. Description

   There  are  a  number  of  vulnerabilities  in  Microsoft  Windows and
   Microsoft Exchange that could allow an attacker to gain administrative
   control   of   a   vulnerable   system.  The  most  serious  of  these
   vulnerabilities  allow  an unauthenticated, remote attacker to execute
   arbitrary  code with no action required on the part of the victim. For
   detailed information, see the following vulnerability notes:

     VU#575892 - Buffer overflow in Microsoft Windows Messenger Service
     There  is a buffer overflow in the Messenger service on most recent
     versions  of  Microsoft  Windows  that  could  allow an attacker to
     execute arbitrary code.
     (Other resources: MS03-043, CAN-2003-0717)

     VU#422156  -  Microsoft  Exchange  Server  fails to properly handle
     specially crafted SMTP extended verb requests
     Microsoft  Exchange  fails  to  handle  certain SMTP extended verbs
     correctly.  In  Exchange  5.5, this can lead to a denial-of-service
     condition.  In  Exchange 2000, this could permit an attacker to run
     arbitrary code.
     (Other resources: MS03-046, CAN-2003-0714)

   In  addition,  several other vulnerabilities may permit an attacker to
   execute arbitrary code if the attacker can convince the victim to take
   some  specific  action  (e.g.,  viewing  a  web  page or an HTML email
   message).  For  detailed  information, see the following vulnerability
   notes:

     VU#467036  -  Microsoft  Windows  Help  and Support Center contains
     buffer overflow in code used to handle HCP protocol
     There  is  a  buffer  overflow  in  the  Microsoft Windows Help and
     Support  Center  that could permit an attacker to execute arbitrary
     code with SYSTEM privileges.
     (Other resources: MS03-044, CAN-2003-0711)

     VU#989932  -  Microsoft  Windows  contains buffer overflow in Local
     Troubleshooter ActiveX control (Tshoot.ocx)
     Microsoft  Windows  ships  with  a  troubleshooting  application to
     assist users with problems. A vulnerability in this application may
     permit  a  remote  attacker  to  execute  arbitrary  code  with the
     privileges of the current user.
     (Other resources: MS03-042)

     VU#838572  -  Microsoft  Windows  Authenticode  mechanism  installs
     ActiveX controls without prompting user
     A  vulnerability  in  Microsoft's Authenticode could allow a remote
     attacker  to  install  an untrusted ActiveX control on the victim's
     system.  The  ActiveX  control  could  run  code  of the attacker's
     choice.
     (Other resources: MS03-041, CAN-2003-0660)

     VU#435444  - Microsoft Outlook Web Access (OWA) contains cross-site
     scripting vulnerability in the "Compose New Message" form
     There  is a cross-site scripting vulnerability in Microsoft Outlook
     Web Access.
     (Other resources: MS03-047, CAN-2003-0712)

   Finally,  there  is  a  vulnerability in ListBox and ComboBox controls
   that  could  allow  a  local  user  to  gain  elevated privileges. For
   detailed information, see

     VU#967668   -  Microsoft  Windows  ListBox  and  ComboBox  controls
     vulnerable to buffer overflow when supplied crafted Windows message
     There  is  a  buffer overflow in a function called by the Microsoft
     Windows  ListBox  and  ComboBox  controls  that could allow a local
     attacker  to  execute arbitrary code with privileges of the process
     hosting the controls.
     (Other resources: MS03-045, CAN-2003-0659)


II. Impact

   The  impact  of these vulnerabilities ranges from denial of service to
   the ability to execute arbitrary code.


III. Solution

Disable the Messenger Service

   For  VU#575892,  Microsoft  recommends  first  disabling the Messenger
   service  and  then  evaluating  the  need  to  apply the patch. If the
   Messenger  service  is  not  required, leave it in the disabled state.
   Apply the patch to make sure that systems are protected, especially if
   the  Messenger  service  is re-enabled. Instructions for disabling the
   Messenger service can be found in VU#575892 and MS03-043.

Apply patches

   Microsoft  has  provided  patches  for  these problems. Details can be
   found  in  the  relevant  Microsoft  Security Bulletins. For many home
   users,  the  simplest  way  to obtain these patches will be by running
   Windows Update.


Appendix A. Vendor Information

   This  appendix  contains information provided by vendors. When vendors
   report  new  information, this section is updated, and the changes are
   noted  in  the  revision  history. If a vendor is not listed below, we
   have  not  received  their  authenticated,  direct  statement. Further
   vendor  information  is  available in the Systems Affected sections of
   the vulnerability notes listed above.

Microsoft Corporation

     Please  see  the  following Microsoft Security Bulletins: MS03-041,
     MS03-042, MS03-043, MS03-044, MS03-045, MS03-046, and MS03-047.


Appendix B. References

     * CERT/CC Vulnerability Note VU#575892 -
       <http://www.kb.cert.org/vuls/id/575892>
     * CERT/CC Vulnerability Note VU#422156 -
       <http://www.kb.cert.org/vuls/id/422156>
     * CERT/CC Vulnerability Note VU#467036 -
       <http://www.kb.cert.org/vuls/id/467036>
     * CERT/CC Vulnerability Note VU#989932 -
       <http://www.kb.cert.org/vuls/id/989932>
     * CERT/CC Vulnerability Note VU#838572 -
       <http://www.kb.cert.org/vuls/id/838572>
     * CERT/CC Vulnerability Note VU#435444 -
       <http://www.kb.cert.org/vuls/id/435444>
     * CERT/CC Vulnerability Note VU#967668 -
       <http://www.kb.cert.org/vuls/id/967668>
     * Microsoft Security Bulletin MS03-041 -
       <http://www.microsoft.com/technet/security/bulletin/MS03-041.asp>
     * Microsoft Security Bulletin MS03-041 -
       <http://www.microsoft.com/technet/security/bulletin/MS03-042.asp>
     * Microsoft Security Bulletin MS03-041 -
       <http://www.microsoft.com/technet/security/bulletin/MS03-043.asp>
     * Microsoft Security Bulletin MS03-041 -
       <http://www.microsoft.com/technet/security/bulletin/MS03-044.asp>
     * Microsoft Security Bulletin MS03-041 -
       <http://www.microsoft.com/technet/security/bulletin/MS03-045.asp>
     * Microsoft Security Bulletin MS03-041 -
       <http://www.microsoft.com/technet/security/bulletin/MS03-046.asp>
     * Microsoft Security Bulletin MS03-041 -
       <http://www.microsoft.com/technet/security/bulletin/MS03-047.asp>

     _________________________________________________________________

   Our  thanks  to Microsoft Corporation for the information contained in
   their  security bulletins. Microsoft has credited the following people
   for  their  help  in  discovering and responding to these issues: Greg
   Jones  of  KPMG  UK  and  Cesar  Cerrudo,  The  Last Stage of Delirium
   Research  Group, David Litchfield of Next Generation Security Software
   Ltd.,  Brett  Moore  of Security-Assessment.com, Joao Gouveia, and Ory
   Segal of Sanctum Inc.
     _________________________________________________________________

   Feedback  can  be  directed  to  the  authors, Shawn V. Hernan and Art
   Manion.
   ______________________________________________________________________

   This document is available from:

     <http://www.cert.org/advisories/CA-2003-27.html>
   ______________________________________________________________________


CERT/CC Contact Information

   Email: <cert em cert.org>
          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890
          U.S.A.

   CERT/CC   personnel   answer  the  hotline  08:00-17:00  EST(GMT-5)  /
   EDT(GMT-4)  Monday  through  Friday;  they are on call for emergencies
   during other hours, on U.S. holidays, and on weekends.

Using encryption

   We  strongly  urge you to encrypt sensitive information sent by email.
   Our public PGP key is available from
   
     <http://www.cert.org/CERT_PGP.key>

   If  you  prefer  to  use  DES,  please  call the CERT hotline for more
   information.

Getting security information

   CERT  publications  and  other security information are available from
   our web site
   
     <http://www.cert.org/>

   To  subscribe  to  the CERT mailing list for advisories and bulletins,
   send email to <majordomo em cert.org>. Please include in the body of your
   message

     subscribe cert-advisory

   *  "CERT"  and  "CERT  Coordination Center" are registered in the U.S.
   Patent and Trademark Office.
   ______________________________________________________________________

   NO WARRANTY
   Any  material furnished by Carnegie Mellon University and the Software
   Engineering  Institute  is  furnished  on  an  "as is" basis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied  as  to  any matter including, but not limited to, warranty of
   fitness  for  a  particular purpose or merchantability, exclusivity or
   results  obtained from use of the material. Carnegie Mellon University
   does  not  make  any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.
   ______________________________________________________________________

   Conditions for use, disclaimers, and sponsorship information

   Copyright 2003 Carnegie Mellon University.

   Revision History

   October 16, 2003: Initial release


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP474hpZ2NNT/dVAVAQHpowP/XT60oVtiTpggPZC3c7zmqQNOLeC2ah1L
c7gcNSmwa8Ij25D53ephFaMP0PyPDM9w8WX7uDfCYE2W/yMyBx3jwfMs6C5d2wM1
7zhOwu9b2N75rf/UGDuO/QXMe9KSHkIFVJuS3hS6PsOcP307zuh5ieaWCnrGaHFj
3JwQQsmNUTA=
=C7x3
-----END PGP SIGNATURE-----

----- End forwarded message -----


From security em unicamp.br  Mon Oct 20 13:55:30 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 20 Oct 2003 13:55:30 -0200
Subject: [SECURITY-L] Microsoft lanca pacotao para o Windows XP
Message-ID: <20031020155522.GL611@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: Microsoft lanXa pacotXo para o Windows XP
To: security em unicamp.br
Date: Fri, 17 Oct 2003 20:37:40 -0300 (ART)

Microsoft lança pacotão para o Windows XP

 Paul Roberts, IDG News Service
 17/10/2003 16:38

http://pcworld.terra.com.br/AdPortalV3/adCmsDocumentoShow.aspx?documento=8204761&Area=975000

Steve Ballmer, executivo-chefe da Microsoft, prometeu
na semana passada que iria simplificar o processo de
instalação de pacotes de segurança para seus usuários.
Esta semana, a companhia cumpriu a promessa de
Ballmer, ao lançar uma atualização consolidada do
Windows XP que traz 22 correções para problemas
críticos em um pacote único para download.

O lançamento, chamado de Update Rollup 1 para
Microsoft Windows XP, já está disponível para download
dos usuários do sistema operacional no endereço
www.windowsupdate.com e inclui cerca de 9 MB de
correções de segurança.

As correções de software abrangem diversos problemas
do XP, incluindo 17 delas lançadas entre 2002 e 2003
que foram adicionadas a boletins de segurança da
Microsoft.

Embora o XP inclua um recurso automatizado de
atualizações para baixar e instalar os patches de
segurança direto da Microsoft, o Update Rollup
pretende tornar a vida de usuários do XP mais fácil,
caso eles não tenham já feito a atualização.

O lançamento do XP Update Rollup vem em um momento que
a Microsoft reforça suas tecnologias e políticas para
distribuir atualizações de software. Falando na
Worldwide Partner Conference da Microsoft em New
Orleans, na semana passada, Ballmer anunciou diversas
mudanças no modo que a companhia passa a lidar com as
correções de software.

Em resposta às queixas de clientes, a companhia agora
passa a anunciar lançamentos de pacotes de correção
uma vez por mês (antes era toda semana), exceto em
casos de perigo iminente relacionado a uma falha,
segundo Ballmer.

A companhia também trabalha no desenvolvimento de
patches de software cada vez menores e com maior
qualidade, que devem lidar melhor com problemas logo
após terem sido desenvolvidos.

Na última quarta-feira, a Microsoft lançou o primeiro
pacote acumulado de segurança, alertando os usuários
sobre cinco vulnerabilidades críticas, quatro delas no
Windows e outra no Exchange Server. Infelizmente,
esses patches não fazem parte do Update Rollup do XP e
os usuários terão de baixar o pacotão e depois as
novas correções.


----- End forwarded message -----


From security em unicamp.br  Mon Oct 20 17:08:28 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Mon, 20 Oct 2003 17:08:28 -0200
Subject: [SECURITY-L] Vulnerabilidades de Seguranca
Message-ID: <20031020190828.GA1186@unicamp.br>


Srs. Usuarios,

Atualizamos o site da Equipe de Seguranca em Sistemas e Redes
da Unicamp com os seguintes boletins de vulnerabilidades:


17/10/2003
----------

CAIS
Assunto:Inicio do Horario de Verao 2003/2004
http://www.security.unicamp.br/docs/bugs/2003/10/v65.txt 


ANUNCIO DE ATUALIZACAO DO CONECTIVA LINUX (CLA-2003:767)
Assunto: Problema com listagem de alguns diret\xf3rios in proftpd
http://www.security.unicamp.br/docs/bugs/2003/10/v64.txt 


CONECTIVA LINUX SECURITY ANNOUNCEMENT (CLA-2003:766)
Assunto: Local denial of service vulnerabilities in gdm
http://www.security.unicamp.br/docs/bugs/2003/10/v63.txt 


ANUNCIO DE SEGURANCA DO CONECTIVA LINUX (CLA-2003:766)
Assunto: Vulnerabilidades locais de nega\xe7\xe3o de servi\xe7o no pacote gdm
http://www.security.unicamp.br/docs/bugs/2003/10/v62.txt 


CONECTIVA LINUX SECURITY ANNOUNCEMENT (CLA-2003:765)
Assunto: Local denial of service vulnerability in ircd
http://www.security.unicamp.br/docs/bugs/2003/10/v61.txt 


Anuncio de Seguranca do Conectiva Linux (CLA-2003:765)
Assunto: Vulnerabilidade local de nega\xe7\xe3o de servi\xe7o no pacote ircd
http://www.security.unicamp.br/docs/bugs/2003/10/v60.txt 


CAIS		
Assunto: CAIS-Alerta: CA-2003-27 Multiplas vulnerabilidades no Microsoft Windows e Exchange
http://www.security.unicamp.br/docs/bugs/2003/10/v59.txt 


16/10/2003
----------


Mandrake Linux Security Update Advisory (MDKSA-2003:101)
Assunto: Vulnerabilidades de Seguranca no pacote fetchmail
http://www.security.unicamp.br/docs/bugs/2003/10/v58.txt 


Mandrake Linux Security Update Advisory (MDKSA-2003:100)
Assunto: Vulnerabilidades de Seguranca no pacote gdm
http://www.security.unicamp.br/docs/bugs/2003/10/v57.txt 


CERT Advisory (CA-2003-27)
Assunto: Multiple  Vulnerabilities in Microsoft Windows and Exchange
http://www.security.unicamp.br/docs/bugs/2003/10/v56.txt 


15/10/2003
----------

SCO Security Advisory (CSSA-2003-SCO.26)
Assunto: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple security vulnerabilities in Xsco
http://www.security.unicamp.br/docs/bugs/2003/10/v55.txt 


CAIS
Assunto: Microsoft Exchange Server Security Bulletin Summary for October 2003
http://www.security.unicamp.br/docs/bugs/2003/10/v54.txt 


CAIS
Assunto: Vulnerabilidade no Exchange Server 5.5 Outlook Web Access (828489)
http://www.security.unicamp.br/docs/bugs/2003/10/v53.txt 


CAIS
Assunto: CAIS-Alerta: Vulnerabilidade no Exchange Server (829436)
http://www.security.unicamp.br/docs/bugs/2003/10/v52.txt 


CAIS
Assunto: CAIS-Alerta: Vulnerabilidade no Microsoft ListBox e ComboBox Control (824141)
http://www.security.unicamp.br/docs/bugs/2003/10/v51.txt 


CAIS
Assunto: CAIS-Alerta: Vulnerabilidade no Windows Help e Support Center (825119)
http://www.security.unicamp.br/docs/bugs/2003/10/v50.txt 


CAIS
Assunto: CAIS-Alerta: Vulnerabilidade no Microsoft Messenger Service (828035)
http://www.security.unicamp.br/docs/bugs/2003/10/v49.txt 


CAIS
Assunto: CAIS-Alerta: Vulnerabilidade no Windows Troubleshooter (826232)
http://www.security.unicamp.br/docs/bugs/2003/10/v48.txt 


CAIS
Assunto: CAIS-Alerta: Vulnerabilidade no Microsoft Authenticode (823182) 
http://www.security.unicamp.br/docs/bugs/2003/10/v47.txt 


CAIS
Assunto: CAIS-Alerta: Alteracoes no Procedimento de Divulgacao de Alertas da Microsoft 
http://www.security.unicamp.br/docs/bugs/2003/10/v46.txt 


CERT
Assunto: New CERT Coordination Center (CERT/CC) PGP Key
http://www.security.unicamp.br/docs/bugs/2003/10/v45.txt 


11/10/2003
----------

Debian Security Advisory (DSA 394-1)
Assunto: ASN.1 parsing vulnerability
http://www.security.unicamp.br/docs/bugs/2003/10/v44.txt 



--
Equipe de Seguranca em Sistemas e Redes
Unicamp - Universidade Estadual de Campinas
Mailto:security em unicamp.br
http://www.security.unicamp.br    


From security em unicamp.br  Tue Oct 21 10:35:34 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Tue, 21 Oct 2003 10:35:34 -0200
Subject: [SECURITY-L] Boletin de Noticias
Message-ID: <20031021123534.GB2321@unicamp.br>


Srs. Usuarios,

Atualizamos o site da Equipe de Seguranca em Sistemas e
redes da Unicamp com os seguintes boletins de noticia e/ou
revistas eletronicas:

20/10/2003
----------

SANS Thursday Tool Talk on October 23
Fonte: SANS Institute
http://www.security.unicamp.br/docs/informativos/2003/10/b11.txt


SecurityFocus Newsletter #219
Fonte: SecurityFocus.com
http://www.security.unicamp.br/docs/informativos/2003/10/b10.txt


Módulo Security News no. 314
Fonte: Módulo Security Solutions S/A 
http://www.security.unicamp.br/docs/informativos/2003/10/b9.txt


17/10/2003
----------

SANS Training and GIAC Certification Update 15
Fonte: SANS Institute
http://www.security.unicamp.br/docs/informativos/2003/10/b8.txt


15/10/2003
----------

SANS Critical Vulnerability Analysis Vol 2 No 40 
Fonte: SANS Institute
http://www.security.unicamp.br/docs/informativos/2003/10/b7.txt



--
Equipe de Seguranca em Sistemas e Redes
Unicamp - Universidade Estadual de Campinas
mailto:security em unicamp.br
http://www.security.unicamp.br      


From security em unicamp.br  Thu Oct 23 09:16:05 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Thu, 23 Oct 2003 09:16:05 -0200
Subject: [SECURITY-L] Correcao do Windows trava programas
Message-ID: <20031023111605.GA90341@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: CorreXXo do Windows trava programas
To: security em unicamp.br
Date: Wed, 22 Oct 2003 17:45:35 -0300 (ART)

Correção do Windows trava programas

22/10/2003 - 18:29 Redação InfoGuerra

Uma das correções de segurança divulgadas pela
Microsoft na semana passada pode causar erros de
execução de alguns programas e instabilidade no
sistema operacional. O problema, confirmado pela
empresa, só afeta o Windows 2000 SP4 em alguns
idiomas, entre os quais o português do Brasil e de
Portugal.

O patch lançado com o boletim
MS03-045(http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-045.asp)
corrige uma vulnerabilidade importante, que permite a
execução de código não autorizado ao se explorar um
estouro de buffer (memória temporária) nos controles
ListBox e ComboBox do Windows. Mas alguns usuários que
instalaram a correção tiveram vários problemas com
determinados programas &#8213; incluindo antivírus
&#8213;, bloqueios do sistema e telas azuis.

No boletim de segurança, que foi atualizado para
incorporar o alerta sobre o problema, a Microsoft
afirmou que os erros causados pela correção não estão
relacionados à vulnerabilidade em questão, mas sim a
um erro de espaço designado na memória para os
arquivos KERNEL32.DLL e MPR.DLL. Ainda não existe uma
solução para os problemas de compatibilidade do patch,
mas a Microsoft garante que a vulnerabilidade inicial
foi corrigida.

É possível contornar os problemas gerados pelo patch
desinstalando-o. Isso poderá deixar o sistema
vulnerável a ataques, mas a gravidade da situação é
amenizada pelo fato de que a falha no sistema só
permite a elevação dos privilégios de um usuário com
acesso prévio ao computador, mas não pode ser
explorada remotamente. 


----- End forwarded message -----


From security em unicamp.br  Thu Oct 23 14:39:30 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Thu, 23 Oct 2003 14:39:30 -0200
Subject: [SECURITY-L] MySQL 4.0.16
Message-ID: <20031023163930.GB90341@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: MySQL 4.0.16
To: security em unicamp.br
Date: Thu, 23 Oct 2003 13:21:57 -0300 (ART)

MySQL 4.0.16

Foram corrigidos muitos bugs da versão anterior, desse
banco de dados muito usado em linux.
Site: http://www.mysql.com
Download: http://www.mysql.com/downloads/mysql-4.1.html


----- End forwarded message -----


From security em unicamp.br  Fri Oct 24 09:51:58 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Fri, 24 Oct 2003 09:51:58 -0200
Subject: [SECURITY-L] ANNOUNCE: Apache-SSL 1.3.28/1.51 released
Message-ID: <20031024115158.GA98593@unicamp.br>

----- Forwarded message from Adam Laurie <adam em algroup.co.uk> -----

From: Adam Laurie <adam em algroup.co.uk>
Subject: [S] [apache-ssl] ANNOUNCE: Apache-SSL 1.3.28/1.51 released
To: apache-ssl em lists.aldigital.co.uk,
	apache-sslannounce em lists.aldigital.co.uk
Date: Wed, 22 Oct 2003 10:48:00 +0000
Organization: http://www.apache-ssl.org

Changes with Apache-SSL 1.3.28/1.51

  *) Add AES ciphersuites to keysize table. (Someone gave me a patch for
     this, but I lost it - let me know who you were).
     [Ben Laurie]

Changes with Apache-SSL 1.3.28/1.50

  *) Add CRL support. New directives SSLUseCRL, SSLCRLCheckAll and
     SSLOnRevocationSetEnv are in the sample configuration file. Note
     that an option to redirect to a URL on revocation would be
     feasible but is not yet implemented.
     [Ben Laurie]

on master distribution site now, but may take up to 6 hours to be picked 
up by mirrors. ben is working on the docco for the new directives (so 
don't hold your breath! :)

cheers,
Adam
-- 
Adam Laurie                   Tel: +44 (20) 8742 0755
A.L. Digital Ltd.             Fax: +44 (20) 8742 5995
The Stores                    http://www.thebunker.net
2 Bath Road                   http://www.aldigital.co.uk
London W4 1LT                 mailto:adam em algroup.co.uk
UNITED KINGDOM                PGP key on keyservers


-----------------------------------------------------------------------------------
----- End forwarded message -----


From security em unicamp.br  Wed Oct 29 09:15:52 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Wed, 29 Oct 2003 09:15:52 -0200
Subject: [SECURITY-L] Microsoft corrige patches defeituosos
Message-ID: <20031029111551.GA2982@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: Microsoft corrige patches defeituosos
To: security em unicamp.br
Date: Tue, 28 Oct 2003 21:05:13 -0300 (ART)

Microsoft corrige patches defeituosos

28/10/2003 - 18:41 Helena Nacinovic

http://www.infoguerra.com.br/infonews/viewnews.cgi?newsid1067373688,1656,

A Microsoft relançou o patch (correção de segurança)
contido no boletim MS03-045
(http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-045.asp),
para corrigir problemas criados pelo patch lançado
anteriormente. A correção inicial causava erros de
execução de alguns programas e instabilidade no
sistema operacional Windows 2000 SP4 em alguns
idiomas, entre os quais o português do Brasil e de
Portugal.

O boletim MS03-045 alertava sobre uma falha que
permite a execução de código não autorizado ao se
explorar um estouro de buffer (memória temporária) nos
controles ListBox e ComboBox do Windows. A nova versão
do patch para essa falha corrige não apenas o problema
original, mas também os erros da primeira versão.

A Microsoft também anunciou um novo patch relacionado
ao boletim MS03-047
(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-047.asp),
que alerta sobre uma vulnerabilidade no gerenciador de
correio eletrônico Exchange Server 5.5. A correção
anterior não abrangia algumas das versões em certos
idiomas instalados pelos Language Packs for Outlook
Web Access. A empresa alerta que, para o
funcionamento correto do patch, é preciso que o
servidor tenha uma versão do Internet Explorer igual
ou superior à 5.01.

A vulnerabilidade abre brechas no Exchange Server
devido à forma como o Outlook Web Access codifica a
linguagem HTML no formulário de um nova mensagem. Um
atacante que explore a falha pode fazer com que um
usuário execute um script malicioso para, a partir
daí, acessar qualquer dado do site a que a vítima
tenha acesso.


----- End forwarded message -----


From security em unicamp.br  Wed Oct 29 09:16:10 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Wed, 29 Oct 2003 09:16:10 -0200
Subject: [SECURITY-L] FreeBSD 4.9 is now available
Message-ID: <20031029111610.GB2982@unicamp.br>

----- Forwarded message from Murray Stokely <murray em freebsd.org> -----

From: Murray Stokely <murray em freebsd.org>
Subject: [FreeBSD-Announce] FreeBSD 4.9 is now available
To: announce em freebsd.org
Date: Wed, 29 Oct 2003 00:55:19 -0800

I am happy to announce the availability of FreeBSD 4.9-RELEASE, the
latest release of the FreeBSD -STABLE development branch.  Since
FreeBSD 4.8-RELEASE in April 2003, we have made conservative updates
to a number of software programs in the base system, dealt with known
security issues, and merged support for large memory i386 machines
with Page Address Extensions (PAE) from 5.1.

For a complete list of new features, known problems, and late-breaking
news, please see the release notes and errata list, available here:

     http://www.FreeBSD.org/releases/4.9R/relnotes.html
     http://www.FreeBSD.org/releases/4.9R/errata.html

This release does not include all of the new technologies that were
introduced with FreeBSD 5.1 in June.  Most developer resources are
focused on improving the FreeBSD 5.X branch, and this may very well be
the last major release of FreeBSD 4.X.  The security officer team will
continue to actively support the 4.X branch according to the normal
policy.  Additional 4.9.X releases may be made available when
necessitated by security vulnerabilities or high-impact bugfixes.

We encourage all our users to evaluate FreeBSD 5.1 and the upcoming
5.2.  Because PAE support has only been a feature in 4.X for a few
months, it has not received wide-spread testing, and our most
conservative users may wish to stay with FreeBSD 4.8 until they choose
to migrate to 5.X.

For more information about the distinctions between FreeBSD 4.X and
5.X, or for general information about the FreeBSD release engineering
activities, please see :

     http://www.FreeBSD.org/releng/

Availability
------------

FreeBSD 4.9-RELEASE supports the i386 and alpha architectures and can
be installed directly over the net using the boot floppies or copied
to a local NFS/FTP server.

Please continue to support the FreeBSD Project by purchasing media
from one of our supporting vendors.  The following companies have
contributed substantially to the development of FreeBSD:

  FreeBSD Mall, Inc.        http://www.freebsdmall.com/
  Daemonnews, Inc.          http://www.bsdmall.com/freebsd1.html

Each CD or DVD set contains the FreeBSD installation and application
package bits for the i386 ("PC") architecture. For a set of distfiles
used to build ports in the ports collection, please see the FreeBSD
Toolkit, a 6 CD set containing extra bits which no longer fit on the 4
CD set, or the DVD distribution.

If you can't afford FreeBSD on media, or just want to use it for
evangelism purposes, then by all means download the ISO images. We
can't promise that all the mirror sites will carry the larger ISO
images, but they will at least be available from:

  ftp.FreeBSD.org
  ftp3.FreeBSD.org
  ftp.au.FreeBSD.org
  ftp2.de.FreeBSD.org
  ftp4.de.FreeBSD.org
  ftp7.de.FreeBSD.org
  ftp.tw.FreeBSD.org
  ftp6.tw.FreeBSD.org

FreeBSD is also available via anonymous FTP from mirror sites in the
following countries: Argentina, Australia, Brazil, Bulgaria, Canada,
China, Czech Republic, Denmark, Estonia, Finland, France, Germany,
Hong Kong, Hungary, Iceland, Ireland, Japan, Korea, Lithuania, the
Netherlands, New Zealand, Poland, Portugal, Romania, Russia, Saudi
Arabia, South Africa, Slovak Republic, Slovenia, Spain, Sweden,
Taiwan, Thailand, Ukraine, and the United Kingdom.

Before trying the central FTP site, please check your regional
mirror(s) first by going to:

ftp://ftp.<yourdomain>.FreeBSD.org/pub/FreeBSD

Any additional mirror sites will be labeled ftp2, ftp3 and so on.

More information about FreeBSD mirror sites can be found at:

http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html

For instructions on installing FreeBSD, please see Chapter 2 of The
FreeBSD Handbook. It provides a complete installation walk-through for
users new to FreeBSD, and can be found online at:

http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/install.html

Acknowledgments
---------------

Many companies donated equipment, network access, or man-hours to
finance the release engineering activities for FreeBSD 4.9 including
The FreeBSD Mall, Compaq, Yahoo!, Sentex Communications, and
NTT/Verio.

In addition to myself, the release engineering team for 4.9-RELEASE
includes:

 Scott Long <scottl em FreeBSD.org>	  Release Engineering
 Bruce A. Mah <bmah em FreeBSD.org>          Release Engineering, Documentation
 Wilko Bulte <wilko em FreeBSD.org>          Release Engineering, Alpha arch
 Mike Silbersack <silby em silby.com>        PAE Testing
 Luoqi Chen <luoqi em freebsd.org>           PAE Merge
 Robert Watson <rwatson em FreeBSD.org>      Release Engineering, Security
 John Baldwin <jhb em FreeBSD.org>           Release Engineering
 Joe Marcus Clarke <marcus em FreeBSD.org>   Package Building, GNOME
 Kris Kennaway <kris em FreeBSD.org>         Package Building
 Will Andrews <will em FreeBSD.org>          Package Building, KDE
 Jacques A. Vidrine <nectar em FreeBSD.org>  Security Officer

Please join me in thanking them for all the hard work which went into
making this release. Many thanks are also due to the FreeBSD
committers (committers em FreeBSD.org), without whom there would be
nothing to release, and thousands of FreeBSD users world-wide who have
contributed bug fixes, features, and suggestions.

Enjoy!

Murray Stokely
(For the FreeBSD Release Engineering Team)

MD5 (4.9-i386-disc1.iso) = 9195be15a4c8c54a6a6a23272ddacaae
MD5 (4.9-i386-disc2.iso) = 51d28c35308cc916b9a9bfcacb3146b8
MD5 (4.9-RELEASE-alpha-miniinst.iso) = 51e189a32a5f1bb058adc7627b673ae6
MD5 (4.9-RELEASE-alpha-disc2.iso) = ec316dcfb33ca76ba2a240e50d7c9fce



----- End forwarded message -----


From security em unicamp.br  Thu Oct 30 09:17:17 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Thu, 30 Oct 2003 09:17:17 -0200
Subject: [SECURITY-L] Apache 2.0.48 Released
Message-ID: <20031030111717.GB296@unicamp.br>

----- Forwarded message from Apache HTTP Server Project <striker em apache.org> -----

From: "Apache HTTP Server Project" <striker em apache.org>
Subject: [S] [ANNOUNCE] Apache 2.0.48 Released
To: <announce em httpd.apache.org>
Date: Wed, 29 Oct 2003 14:50:04 +0100
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)


                       Apache 2.0.48 Released

   The Apache Software Foundation and the Apache HTTP Server Project are
   pleased to announce the eleventh public release of the Apache 2.0
   HTTP Server.  This Announcement notes the significant changes in
   2.0.48 as compared to 2.0.47.

   This version of Apache is principally a bug fix release.  A summary of
   the bug fixes is given at the end of this document.  Of particular
   note is that 2.0.48 addresses two security vulnerabilities:

   mod_cgid mishandling of CGI redirect paths could result in CGI output
   going to the wrong client when a threaded MPM is used.
   [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789]

   A buffer overflow could occur in mod_alias and mod_rewrite when
   a regular expression with more than 9 captures is configured.
   [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542]


   This release is compatible with modules compiled for 2.0.42 and later
   versions.  We consider this release to be the best version of Apache
   available and encourage users of all prior versions to upgrade.

   Apache 2.0.48 is available for download from

     http://httpd.apache.org/download.cgi

   Please see the CHANGES_2.0 file, linked from the above page, for
   a full list of changes.

   Apache 2.0 offers numerous enhancements, improvements, and performance
   boosts over the 1.3 codebase.  For an overview of new features introduced
   after 1.3 please see

     http://httpd.apache.org/docs-2.0/new_features_2_0.html

   When upgrading or installing this version of Apache, please keep
   in mind the following:
   If you intend to use Apache with one of the threaded MPMs, you must
   ensure that the modules (and the libraries they depend on) that you
   will be using are thread-safe.  Please contact the vendors of these
   modules to obtain this information.


                       Apache 2.0.48 Major changes

   Security vulnerabilities closed since Apache 2.0.47

    *) SECURITY [CAN-2003-0789]: mod_cgid: Resolve some mishandling of
       the AF_UNIX socket used to communicate with the cgid daemon and
       the CGI script.  [Jeff Trawick]

    *) SECURITY [CAN-2003-0542]: Fix buffer overflows in mod_alias and
       mod_rewrite which occurred if one configured a regular expression
       with more than 9 captures.  [André Malo]

   Bugs fixed and features added since Apache 2.0.47

    *) mod_include: fix segfault which occured if the filename was not
       set, for example, when processing some error conditions.
       PR 23836.  [Brian Akins <bakins em web.turner.com>, André Malo]

    *) fix the config parser to support <Foo>..</Foo> containers (no
       arguments in the opening tag) supported by httpd 1.3. Without
       this change mod_perl 2.0's <Perl> sections are broken.
       ["Philippe M. Chiasson" <gozer em cpan.org>]

    *) mod_cgid: fix a hash table corruption problem which could
       result in the wrong script being cleaned up at the end of a
       request.  [Jeff Trawick]

    *) Update httpd-*.conf to be clearer in describing the connection
       between AddType and AddEncoding for defining the meaning of
       compressed file extensions. [Roy Fielding]

    *) mod_rewrite: Don't die silently when failing to open RewriteLogs.
       PR 23416.  [André Malo]

    *) mod_rewrite: Fix mod_rewrite's support of the [P] option to send
       rewritten request using "proxy:". The code was adding multiple "proxy:"
       fields in the rewritten URI. PR: 13946.
       [Eider Oliveira <eider em bol.com.br>]

    *) cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and
       expires as directed in RFC 2616. [Thomas Castelle tcastelle em generali.fr]

    *) Ensure that ssl-std.conf is generated at configure time, and switch
       to using the expanded config variables to work the same as
       httpd-std.conf PR: 19611
       [Thom May]

    *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
       [Hartmut Keil <Hartmut.Keil em adnovum.ch>]

    *) mod_autoindex: If a directory contains a file listed in the
       DirectoryIndex directive, the folder icon is no longer replaced
       by the icon of that file. PR 9587.
       [David Shane Holden <dpejesh em yahoo.com>]

    *) Fixed mod_usertrack to not get false positive matches on the
       user-tracking cookie's name.  PR 16661.
       [Manni Wood <manniwood em planet-save.com>]

    *) mod_cache: Fix the cache code so that responses can be cached
       if they have an Expires header but no Etag or Last-Modified
       headers. PR 23130.
       [bjorn em exoweb.net]

    *) mod_log_config: Fix %b log format to write really "-" when 0 bytes
       were sent (e.g. with 304 or 204 response codes).  [Astrid Keßler]

    *) Modify ap_get_client_block() to note if it has seen EOS.
       [Justin Erenkrantz]

    *) Fix a bug, where mod_deflate sometimes unconditionally compressed the
       content if the Accept-Encoding header contained only other tokens than
       "gzip" (such as "deflate"). PR 21523.  [Joe Orton, André Malo]

    *) Avoid an infinite recursion, which occured if the name of an included
       config file or directory contained a wildcard character. PR 22194.
       [André Malo]

    *) mod_ssl: Fix a problem setting variables that represent the
       client certificate chain.  PR 21371  [Jeff Trawick]

    *) Unix: Handle permissions settings for flock-based mutexes in
       unixd_set_global|proc_mutex_perms().  Allow the functions to be
       called for any type of mutex.  PR 20312  [Jeff Trawick]

    *) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]

    *) Fix a misleading message from the some of the threaded MPMs when
       MaxClients has to be lowered due to the setting of ServerLimit.
       [Jeff Trawick]

    *) Lower the severity of the "listener thread didn't exit" message
       to debug, as it is of interest only to developers.  PR 9011
       [Jeff Trawick]

    *) MPMs: The bucket brigades subsystem now honors the MaxMemFree setting.
       [Cliff Woolley, Jean-Jacques Clar]

    *) Install config.nice into the build/ directory to make
       minor version upgrades easier. [Joshua Slive]

    *) Fix mod_deflate so that it does not call deflate() without checking
       first whether it has something to deflate. (Currently this causes
       deflate to generate a fatal error according to the zlib spec.)
       PR 22259. [Stas Bekman]

    *) mod_ssl: Fix FakeBasicAuth for subrequest.  Log an error when an
       identity spoof is encountered.
       [Sander Striker]

    *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
       containing the .htaccess file is requested without a trailing slash.
       PR 20195.  [André Malo]

    *) ab: Overlong credentials given via command line no longer clobber
       the buffer.  [André Malo]

    *) mod_deflate: Don't attempt to hold all of the response until we're
       done.  [Justin Erenkrantz]

    *) Assure that we block properly when reading input bodies with SSL.
       PR 19242.  [David Deaves <David.Deaves em dd.id.au>, William Rowe]

    *) Update mime.types to include latest IANA and W3C types.  [Roy Fielding]

    *) mod_ext_filter: Set additional environment variables for use by
       the external filter.  PR 20944.  [Andrew Ho, Jeff Trawick]

    *) Fix buildconf errors when libtool version changes.  [Jeff Trawick]

    *) Remember an authenticated user during internal redirects if the
       redirection target is not access protected and pass it
       to scripts using the REDIRECT_REMOTE_USER environment variable.
       PR 10678, 11602.  [André Malo]

    *) mod_include: Fix a trio of bugs that would cause various unusual
       sequences of parsed bytes to omit portions of the output stream.
       PR 21095. [Ron Park <ronald.park em cnet.com>, André Malo, Cliff Woolley]

    *) Update the header token parsing code to allow LWS between the
       token word and the ':' seperator.  [PR 16520]
       [Kris Verbeeck <kris.verbeeck em advalvas.be>, Nicel KM <mnicel em yahoo.com>]

    *) Eliminate creation of a temporary table in ap_get_mime_headers_core()
       [Joe Schaefer <joe+gmane em sunstarsys.com>]

    *) Added FreeBSD directory layout. PR 21100.
       [Sander Holthaus <info em orangexl.com>, André Malo]

    *) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP
       response. PR 21085. [Glenn Nielsen <glenn em apache.org>, André Malo]

    *) mod_rewrite: Perform child initialization on the rewrite log lock.
       This fixes a log corruption issue when flock-based serialization
       is used (e.g., FreeBSD).  [Jeff Trawick]

    *) Don't respect the Server header field as set by modules and CGIs.
       As with 1.3, for proxy requests any such field is from the origin
       server; otherwise it will have our server info as controlled by
       the ServerTokens directive.  [Jeff Trawick]


---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe em httpd.apache.org
For additional commands, e-mail: announce-help em httpd.apache.org


----- End forwarded message -----


From security em unicamp.br  Thu Oct 30 09:18:47 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Thu, 30 Oct 2003 09:18:47 -0200
Subject: [SECURITY-L] Microsoft muda configuracao padrao do Windows XP
Message-ID: <20031030111847.GC296@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: Microsoft muda configuraXXo padrXo do Windows XP
To: security em unicamp.br
Date: Wed, 29 Oct 2003 18:56:45 -0300 (ART)

Microsoft muda configuração padrão do Windows XP

29/10/2003 - 19:01 Helena Nacinovic

http://www.infoguerra.com.br

A Microsoft anunciou que vai desativar o serviço
Windows Messenger e ativar o Internet Connection
Firewall (ICF) no sistema operacional Windows XP. As
novas configurações farão parte do padrão (default) do
sistema. O objetivo é tornar as máquinas mais seguras
contra ataques virtuais, sem exigir que o usuário
tenha de fazer muitas mudanças na configuração padrão.
A empresa também tem planos de implementar
configurações default mais seguras para o navegador
Internet Explorer.

O Windows Messenger, também chamado de Mensageiro, é
um programa para enviar mensagens à area de trabalho
dos computadores, planejado principalmente para ser
usado por administradores que desejam enviar avisos
aos usuários de sua rede. O serviço, porém, é pouco
utilizado e ultimamente tem sido explorado por
spammers para mandar mensagens em janelas pop-up
diretamente aos computadores das vítimas. Além disso,
foram descobertas várias falhas de segurança no
serviço, que permitem que crackers o utilizem para
comandar as máquinas vulneráveis.

Com o novo Windows XP Service Pack 2, o serviço vai
ser desativado e os usuários que ainda assim quiserem
usá-lo poderão ativá-lo manualmente. O service pack
está previsto para chegar aos consumidores até a
primeira metade de 2004.

Segundo o site britânico The
Register(http://www.theregister.co.uk/content/55/33654.html),
a Microsoft também planeja desativar o serviço em
outras versões do Windows, mas não deu detalhes de
como isso será feito. Na semana passada, a AOL já
tinha tomado a decisão arbitrária de desativar o
Windows Messenger nas máquinas de seus clientes,
devido aos problemas de segurança.

Existem outras configurações padrão do Windows que
facilitam ataques virtuais, como o serviço Windows
Scripting Host (WSH), usado como porta de entrada para
vírus em Visual Basic, como I Love You, Anna
Kournikova, Haptime e Homepage. O WSH fica ativo como
padrão em várias versões do Windows e serve para
executar scripts de várias linguagens, incluindo
Visual Basic. No entanto, a menos que o usuário use
especificamente o serviço, ele pode ser desativado sem
problemas, aumentando a segurança da máquina.

Outra configuração padrão perigosa do Windows é a
função que oculta as extensões dos arquivos
reconhecidas pelo sistema. Os criadores de vírus tiram
vantagem dessa função para produzir arquivos maléficos
com duas extensões, uma falsa e a verdadeira. Desta
forma, a verdadeira fica oculta e a falsa, geralmente
com aparência inofensiva, é exibida. Um bom exemplo
disso foi o vírus Homepage, que vinha em arquivos com
extensões .TXT.VBS. Como .VBS é uma extensão
reconhecida pelo Windows, o sistema a ocultava e as
vítimas acreditavam estar abrindo um inocente arquivo
de texto (TXT), em vez de um perigoso vírus.


----- End forwarded message -----


From security em unicamp.br  Thu Oct 30 09:17:01 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Thu, 30 Oct 2003 09:17:01 -0200
Subject: [SECURITY-L] Apache HTTP Server 1.3.29 Released
Message-ID: <20031030111701.GA296@unicamp.br>

----- Forwarded message from Jim Jagielski <jim em apache.org> -----

From: Jim Jagielski <jim em apache.org>
Subject: [S] [ANNOUNCEMENT] Apache HTTP Server 1.3.29 Released
To: announce em httpd.apache.org
Date: Wed, 29 Oct 2003 08:47:50 -0500
X-Mailer: Apple Mail (2.552)


                   Apache HTTP Server 1.3.29 Released

   The Apache Software Foundation and The Apache HTTP Server Project are
   pleased to announce the release of version 1.3.29 of the Apache HTTP
   Server ("Apache").  This Announcement notes the significant changes
   in 1.3.29 as compared to 1.3.28.  The Announcement is also available
   in German from http://www.apache.org/dist/httpd/Announcement.html.de.

   This version of Apache is principally a bug and security fix release.
   A partial summary of the bug fixes is given at the end of this 
document.
   A full listing of changes can be found in the CHANGES file.  Of
   particular note is that 1.3.29 addresses and fixes 1 potential
   security issue:

     o CAN-2003-0542 (cve.mitre.org)
       Fix buffer overflows in mod_alias and mod_rewrite which occurred 
if
       one configured a regular expression with more than 9 captures.

   We consider Apache 1.3.29 to be the best version of Apache 1.3 
available
   and we strongly recommend that users of older versions, especially of
   the 1.1.x and 1.2.x family, upgrade as soon as possible.  No further
   releases will be made in the 1.2.x family.

   Apache 1.3.29 is available for download from:

       http://httpd.apache.org/download.cgi

   This service utilizes the network of mirrors listed at:

       http://www.apache.org/mirrors/

   Please consult the CHANGES_1.3 file for a full list of changes.

   As of Apache 1.3.12 binary distributions contain all standard Apache
   modules as shared objects (if supported by the platform) and include
   full source code.  Installation is easily done by executing the
   included install script.  See the README.bindist and INSTALL.bindist
   files for a complete explanation.  Please note that the binary
   distributions are only provided for your convenience and current
   distributions for specific platforms are not always available.  Win32
   binary distributions are based on the Microsoft Installer (.MSI)
   technology.  While development continues to make this installation 
method
   more robust, questions should be directed to the
   news:comp.infosystems.www.servers.ms-windows newsgroup.

   For an overview of new features introduced after 1.2 please see

   http://httpd.apache.org/docs/new_features_1_3.html

   In general, Apache 1.3 offers several substantial improvements over
   version 1.2, including better performance, reliability and a wider
   range of supported platforms, including Windows NT and 2000 (which
   fall under the "Win32" label), OS2, Netware, and TPF threaded
   platforms.

   Apache is the most popular web server in the known universe; over 
half
   of the servers on the Internet are running Apache or one of its
   variants.

   IMPORTANT NOTE FOR APACHE USERS:   Apache 1.3 was designed for Unix 
OS
   variants.  While the ports to non-Unix platforms (such as Win32, 
Netware
   or OS2) are of an acceptable quality, Apache 1.3 is not optimized for
   these platforms.  Security, stability, or performance issues on these
   non-Unix ports do not generally apply to the Unix version, due to
   software's Unix origin.

   Apache 2.0 has been structured for multiple operating systems from 
its
   inception, by introducing the Apache Portability Library and MPM 
modules.
   Users on non-Unix platforms are strongly encouraged to move up to
   Apache 2.0 for better performance, stability and security on their
   platforms.

                     Apache 1.3.29 Major changes

  Security vulnerabilities

     * CAN-2003-0542 (cve.mitre.org)
       Fix buffer overflows in mod_alias and mod_rewrite which occurred 
if
       one configured a regular expression with more than 9 captures.

  New features

   New features that relate to specific platforms:

     * Enabled RFC1413 ident functionality for both Win32 and
       NetWare platforms.  This also included an alternate thread safe
       implementation of the socket timout functionality when querying
       the identd daemon.

  Bugs fixed

   The following noteworthy bugs were found in Apache 1.3.28 (or 
earlier)
   and have been fixed in Apache 1.3.29:

     * Within ap_bclose(), ap_pclosesocket() is now called consistently
       for sockets and ap_pclosef() for files.  Also, closesocket()
       is used consistenly to close socket fd's.  The previous
       confusion between socket and file fd's would cause problems
       with some applications now that we proactively close fd's to
       prevent leakage.  PR 22805.

     * Fixed mod_usertrack to not get false positive matches on the
       user-tracking cookie's name.  PR 16661.

     * Prevent creation of subprocess Zombies when using CGI wrappers
       such as suEXEC and cgiwrap.  PR 21737.

--
=======================================================================
 Jim Jagielski   [|]   jim em jaguNET.com   [|]   http://www.jaguNET.com/
    "A society that will trade a little liberty for a little order
           will lose both and deserve neither" - T.Jefferson


---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe em httpd.apache.org
For additional commands, e-mail: announce-help em httpd.apache.org


----- End forwarded message -----


From security em unicamp.br  Fri Oct 31 11:00:39 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Fri, 31 Oct 2003 11:00:39 -0200
Subject: [SECURITY-L] Lancado KOffice 1.3 RC1
Message-ID: <20031031130038.GA350@unicamp.br>

----- Forwarded message from Caio Souza Mendes <caio_sm em yahoo.com.br> -----

From: Caio Souza Mendes <caio_sm em yahoo.com.br>
Subject: LanXado KOffice 1.3 RC1
To: security em unicamp.br
Date: Fri, 31 Oct 2003 09:33:14 -0300 (ART)

Lançado KOffice 1.3 RC1

O projeto KDE anunciou a disponibilidade da primeira
release candidate do KOffice 1.3.
Essa versão contém um elevado número de correções de
bugs.

Para ler o changelog e para download acesse:
http://www.koffice.org/releases/1.3rc1-release.php

Fonte: NoticiasLinux.com.br


----- End forwarded message -----


From security em unicamp.br  Fri Oct 31 09:27:22 2003
From: security em unicamp.br (Security Team - UNICAMP)
Date: Fri, 31 Oct 2003 09:27:22 -0200
Subject: [SECURITY-L] OpenBSD 3.4 Released
Message-ID: <20031031112716.GA486@unicamp.br>

----- Forwarded message from Ted Unangst <tedu em zeitbombe.org> -----

Date: Thu, 30 Oct 2003 18:24:27 -0500 (EST)
From: Ted Unangst <tedu em zeitbombe.org>
X-X-Sender: tedu em ns.codefusionis.com
To: misc em openbsd.org
Subject: OpenBSD 3.4 Released
Precedence: list

We just couldn't wait another 2 days, so now you can enjoy OpenBSD 3.4 a 
little early and protect yourself from ghosts and goblins.

------------------------------------------------------------------------
- OpenBSD 3.4 RELEASED -------------------------------------------------

Nov 1, 2003.

We are pleased to announce the official release of OpenBSD 3.4.
This is our 14th release on CD-ROM (and 15th via FTP).  We remain
proud of OpenBSD's record of seven years with only a single remote
hole in the default install.  As in our previous releases, 3.4
provides significant improvements, including new features, in nearly
all areas of the system:

- Ever-improving security            (http://www.OpenBSD.org/security.html)

  o W^X (pronounced: "W xor X") improvements, especially on the i386
    architecture.  Native i386 binaries have their executable segments
    rearranged to support isolating code from data, and the cpu CS limit
    is used to impose a best effort limit on code execution. 

  o ld.so on ELF platforms now loads libraries in a randomized order.
    Furthermore, on the i386 architecture, libraries and executable code
    are mapped at random addresses.  Together with W^X and ProPolice, these
    changes increase the difficulty of successfully exploiting an
    application error.

  o A static bounds checker has been added to the system compiler, designed
    to detect improper use of string and buffer manipulation functions.
    Through use of this checker, hundreds of bugs of in the source and
    ports trees were found and fixed.

  o Privilege separation has been implemented for the syslog daemon, making
    it much more robust against future errors. The child which listens to
    network traffic now runs as a normal user and chroots itself, while
    the parent process tracks the state of the child and performs privileged
    operations on its behalf.

  o Thousands of occurrences of unsafe library calls such as strcpy(),
    strcat() and sprintf() have been changed to the safer alternatives
    strlcpy(), strlcat(), and snprintf() or asprintf() in one of the most
    intensive audits yet performed by the OpenBSD project.  The kernel is
    now completely free of these functions, as is most of the userland
    source tree.

  o Many improvements and bug fixes in the ProPolice stack protector.
    Several other code generation bugs for RISC architectures were also
    found and fixed.

  o The kernel is now also compiled with the ProPolice stack protector.

  o Privilege separation has been implemented in the X server.
    The privileged child process is responsible for the operations that
    cannot be done after the main process has switched to a non-privileged
    user.  This greatly reduces the potential damage that could be caused
    by malicious X clients, in case of bugs in the X server.

  o Emulation support for binary compatibility is now controlled via
    sysctl.  Emulation is now disabled by default to limit exposure to
    malicious binaries, and can be enabled in sysctl.conf(5). 

  o The ports tree now supports building programs with systrace(1),
    reducing the risk of harm at compile time via trojaned configure
    scripts.

- Improved hardware support             (http://www.OpenBSD.org/plat.html)

  o Support for AES instruction on just released VIA C3 processors,
    capable of 1.6Gbit/s AES128-CBC in openssl(1) speed tests.

  o Kauai ATA controllers (Apple ATA100 wdc) enabling support for
    Powerbook 12" and 17" models.

  o Support for controlling LongRun registers on Transmeta CPUs.

  o Many fixes to aac(4), ahc(4), osiop(4), siop(4) SCSI drivers.

  o New it(4), lm(4) and viaenv(4) hardware monitor drivers.

  o New safe(4) driver for SafeNet crypto accelerators.

  o New mtd(4) driver for Myson Technologies network cards.

  o More ethernet cards supported by sk(4), wi(4), fxp(4), and dc(4).

  o Massive overhaul and sync with NetBSD of the entire usb(4) system.

  o New and better support for various controllers in pciide(4), including
    experimental support for Serial ATA controllers.

  o New drivers to support mgx(4) and pninek(4) SPARC framebuffers.
    The vigra(4) driver also supports more models.
    
  o pcmcia(4) support for Tadpole SPARCBooks and SPARCs with pcmcia-sbus
    bridges. 

- Major improvements in the pf packet filter, including:

  o Packet tagging (e.g. filter on tags added by bridge based on MAC address)

  o Stateful TCP normalization (prevent uptime calculation and NAT detection)

  o Passive OS detection (filter or redirect connections based on source OS)

  o SYN proxy (protect servers against SYN flood attacks)

  o Adaptive state timeouts (prevent state table overflows under attack)


- New features and significant bug-fixes included with 3.4

  o Symbol caching in ld.so reducing the start up time of large applications.

  o More licenses fixes, including the removal of the advertising clause
    for large parts of the source tree.

  o Replacement of GNU diff/diff3, grep/egrep/fgrep/zgrep/zegrep/zfgrep,
    and gzip/zcat/gunzip/gzcat/zcmp/zmore/zdiff/zforce/gzexe/znew with BSD
    licensed equivalents.

  o Addition of read-only support for NTFS file systems.

  o Reliability improvements to layered file systems, enabling NULLFS
    to work again.

  o Import of growfs(8) utility, allowing expansion of existing file systems.

  o Improvements to the Linux emulator enabling more applications to run
    with greater stability.

  o Significant improvements to the pthread library.

  o Replace many static fd_set uses, to instead use poll(2) or dynamic
    allocation.

  o ANSIfication and stricter prototypes for a large portion of the source tree.

  o Legacy KerberosIV support has been removed, and the remaining KerberosV
    codebase has been restructured for easier management.

  o USER_LDT option now controllable via sysctl.

  o Many, many man page improvements.


- The "ports" tree is greatly improved  (http://www.OpenBSD.org/ports.html)

  o The 3.4 CD-ROMs ship with many pre-built packages for the common
    architectures.  The FTP site contains hundreds more packages
    (for the important architectures) which we could not fit onto
    the CD-ROMs (or which had prohibitive licenses).

- The system includes the following major components from outside suppliers:

  o XFree86 4.3.0 (+ patches).

  o gcc 2.95.3 (+ patches and ProPolice).

  o Perl 5.8.0 (+ patches).

  o Apache 1.3.28 and mod_ssl 2.8.15, DSO support (+ patches).

  o OpenSSL 0.9.7b (+ patches).

  o Groff 1.15.

  o Sendmail 8.12.9.

  o Bind 9.2.2 (+ patches).

  o Lynx 2.8.4rel.1 with HTTPS and IPv6 support (+ patches)

  o Sudo 1.6.7p5.

  o Ncurses 5.2.

  o KAME-stable IPv6.

  o Heimdal 0.6rc1 (+ patches)

  o Arla-current

  o OpenSSH 3.7.1

If you'd like to see a list of what has changed between OpenBSD 3.3
and 3.4, look at

        http://www.OpenBSD.org/plus34.html

Even though the list is a summary of the most important changes
made to OpenBSD, it still is a very very long list.

------------------------------------------------------------------------
- SECURITY AND ERRATA --------------------------------------------------

We provide patches for known security threats and other important
issues discovered after each CD release.  As usual, between the
creation of the OpenBSD 3.4 FTP/CD-ROM binaries and the actual 3.4
release date, our team found and fixed some new reliability problems
(note: most are minor, and in subsystems that are not enabled by
default).  Our continued research into security means we will find
new security problems -- and we always provide patches as soon as
possible.  Therefore, we advise regular visits to

        http://www.OpenBSD.org/security.html
and
	http://www.OpenBSD.org/errata.html

Security patch announcements are sent to the security-announce em OpenBSD.org
mailing list.  For information on OpenBSD mailing lists, please see:

	http://www.OpenBSD.org/mail.html

------------------------------------------------------------------------
- CD-ROM SALES ----------------------------------------------------------

OpenBSD 3.4 is also available on CD-ROM.  The 3-CD set costs $40USD
(EUR 45) and is available via mail order and from a number of
contacts around the world.  The set includes a colorful booklet
which carefully explains the installation of OpenBSD.  A new set
of cute little stickers are also included (sorry, but our FTP mirror
sites do not support STP, the Sticker Transfer Protocol).  As an
added bonus, the second CD contains an exclusive audio track,
"The Legend of Puffy Hood."  Lyrics for the song may be found at:
    http://www.OpenBSD.org/lyrics.html#34

Profits from CD sales are the primary income source for the OpenBSD
project -- in essence selling these CD-ROM units ensures that OpenBSD
will continue to make another release six months from now.

The OpenBSD 3.4 CD-ROMs are bootable on the following four platforms:
  o i386
  o macppc
  o sparc
  o sparc64 (UltraSPARC)

(Other platforms must boot from floppy, network, or other method).

For more information on ordering CD-ROMs, see:

        http://www.OpenBSD.org/orders.html

The above web page lists a number of places where OpenBSD CD-ROMs
can be purchased from.  For our default mail order, go directly to:

        https://https.OpenBSD.org/cgi-bin/order

or, for European orders:

	https://https.OpenBSD.org/cgi-bin/order.eu

All of our developers strongly urge you to buy a CD-ROM and support
our future efforts.  Additionally, donations to the project are highly
appreciated, as described in more detail at:

        http://www.OpenBSD.org/goals.html#funding


------------------------------------------------------------------------
- T-SHIRT SALES --------------------------------------------------------

The project continues to expand its funding base by selling t-shirts
and polo shirts.  And our users like them too.  We have a variety
of shirts available, with the new and old designs, from our web
ordering system at:

        https://https.OpenBSD.org/cgi-bin/order

and for Europe:

	https://https.OpenBSD.org/cgi-bin/order.eu

The OpenBSD 3.4 and OpenSSH t-shirts are available now!

------------------------------------------------------------------------
- FTP INSTALLS ---------------------------------------------------------

If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
installed via FTP.  Typically you need a single small piece of boot
media (e.g., a boot floppy) and then the rest of the files can be
installed from a number of locations, including directly off the
Internet.  Follow this simple set of instructions to ensure that
you find all of the documentation you will need while performing
an install via FTP.  With the CD-ROMs, the necessary documentation
is easier to find.

1) Read either of the following two files for a list of ftp
   mirrors which provide OpenBSD, then choose one near you:

        http://www.OpenBSD.org/ftp.html
        ftp://ftp.OpenBSD.org/pub/OpenBSD/3.4/ftplist

   As of Nov 1, 2003, the following ftp sites have the 3.4 release:

	ftp://ftp.ca.openbsd.org/pub/OpenBSD/3.4/	Alberta, Canada
	(above is master site, please USE A MIRROR below)
	ftp://ftp.usa.openbsd.org/pub/OpenBSD/3.4/	Boulder, CO, USA
	ftp://ftp7.usa.openbsd.org/pub/os/OpenBSD/3.4/	West Lafayette, IN, USA
	ftp://openbsd.wiretapped.net/pub/OpenBSD/3.4/	Sydney, Australia
	ftp://ftp.kd85.com/pub/OpenBSD/3.4/		Lovendegem, Belgium
	ftp://ftp.calyx.nl/pub/OpenBSD/3.4/		Amsterdam, Netherlands
	ftp://ftp.se.openbsd.org/pub/OpenBSD/3.4/	Stockholm, Sweden
	ftp://ftp.linux.org.tr/pub/OpenBSD/3.4/		Turkey

   Other mirrors will take a day or two to update.

2) Connect to that ftp mirror site and go into the directory
   pub/OpenBSD/3.4/ which contains these files and directories.
   This is a list of what you will see:

	ANNOUNCEMENT   XF4.tar.gz     mac68k/        sparc/
	Changelogs/    alpha/         macppc/        sparc64/
	HARDWARE       ftplist        mvme68k/       src.tar.gz
	PACKAGES       hp300/         packages/      sys.tar.gz
	PORTS          hppa/          ports.tar.gz   tools/
	README         i386/          root.mail      vax/

   It is quite likely that you will want at LEAST the following
   files which apply to all the architectures OpenBSD supports.

        README          - generic README
        HARDWARE        - list of hardware we support
        PORTS           - description of our "ports" tree
        PACKAGES        - description of pre-compiled packages
        root.mail       - a copy of root's mail at initial login.
			  (This is really worthwhile reading).

3) Read the README file.  It is short, and a quick read will make
   sure you understand what else you need to fetch.

4) Next, go into the directory that applies to your architecture,
   for example, i386.  This is a list of what you will see:

	CKSUM          INSTALL.os2br  cdrom34.fs     index.txt
	INSTALL.ata    INSTALL.pt     comp34.tgz     man34.tgz
	INSTALL.chs    MD5            etc34.tgz      misc34.tgz
	INSTALL.dbr    base34.tgz     floppy34.fs    xbase34.tgz
	INSTALL.i386   bsd            floppyB34.fs   xfont34.tgz
	INSTALL.linux  bsd.rd         floppyC34.fs   xserv34.tgz
	INSTALL.mbr    cd34.iso       game34.tgz     xshare34.tgz

   If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386
   and the appropriate floppy*.fs or cd34.iso file.  Consult the
   INSTALL.i386 file if you don't know which of the floppy images
   you need (or simply fetch all of them).

5) If you are an expert, follow the instructions in the file called
   README; otherwise, use the more complete instructions in the
   file called INSTALL.i386.  INSTALL.i386 may tell you that you
   need to fetch other files.

6) Just in case, take a peek at:

        http://www.OpenBSD.org/errata.html

   This is the page where we talk about the mistakes we made while
   creating the 3.4 release, or the significant bugs we fixed
   post-release which we think our users should have fixes for.
   Patches and workarounds are clearly described there.

Note: If you end up needing to write a raw floppy using Windows,
      you can use "fdimage.exe" located in the pub/OpenBSD/3.4/tools
      directory to do so.

------------------------------------------------------------------------
- XFree86 FOR MOST ARCHITECTURES ---------------------------------------

XFree86 has been integrated more closely into the system.  This
release contains XFree86 4.3.0.  Most of our architectures ship
with XFree86, including sparc, sparc64 and macppc.  During installation,
you can install XFree86 quite easily.  Be sure to try out xdm(1)
and see how we have customized it for OpenBSD.

On the i386 platform a few older X servers are included from XFree86
3.3.6.  These can be used for cards that are not supported by XFree86
4.3.0 or where XFree86 4.3.0 support is buggy.  Please read the
/usr/X11R6/README file for post-installation information.

------------------------------------------------------------------------
- PORTS TREE -----------------------------------------------------------

The OpenBSD ports tree contains automated instructions for building
third party software.  The software has been verified to build and
run on the various OpenBSD architectures.  The 3.4 ports collection,
including many of the distribution files, is included on the 3-CD
set.  Please see the PORTS file for more information.

Note: some of the most popular ports, e.g., the Apache web server
and several X applications, come standard with OpenBSD.  Also, many
popular ports have been pre-compiled for those who do not desire
to build their own binaries (see BINARY PACKAGES, below).

------------------------------------------------------------------------
- BINARY PACKAGES WE PROVIDE -------------------------------------------

A large number of binary packages are provided.  Please see the PACKAGES
file (ftp://ftp.OpenBSD.org/pub/OpenBSD/3.4/PACKAGES) for more details.

------------------------------------------------------------------------
- SYSTEM SOURCE CODE ---------------------------------------------------

The CD-ROMs contain source code for all the subsystems explained
above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/3.4/README)
file explains how to deal with these source files.  For those who
are doing an FTP install, the source code for all four subsystems
can be found in the pub/OpenBSD/3.4/ directory:

        XF4.tar.gz     ports.tar.gz   src.tar.gz     sys.tar.gz

------------------------------------------------------------------------
- THANKS ---------------------------------------------------------------

OpenBSD 3.4 includes artwork and CD artistic layout by Ty Semaka,
who also wrote the lyrics and arranged an audio track on the OpenBSD
3.4 CD set.  Ports tree and package building by Christian Weisgerber
and Peter Valchev.  System builds by Theo de Raadt, Henning Brauer,
and Michael Shalayeff.  ISO-9660 filesystem layout by Theo de Raadt.

We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use.  We would also like
to thank those who pre-ordered the 3.4 CD-ROM or bought our previous
CD-ROMs.  Those who did not support us financially have still helped
us with our goal of improving the quality of the software.

Our developers are:

    Aaron Campbell, Alexander Yurchenko, Andreas Gunnarsson,
    Angelos D. Keromytis, Anil Madhavapeddy, Artur Grabowski,
    Ben Lindstrom, Bjorn Sandell, Bob Beck, Brad Smith, Brandon Creighton,
    Brian Caswell, Brian Somers, Bruno Rohee, Camiel Dobbelaar,
    Can Erkin Acar, Cedric Berger, Chad Loder, Chris Cappuccio,
    Christian Weisgerber, Constantine Sapuntzakis, Dale Rahn,
    Damien Couderc, Damien Miller, Dan Harnett, Daniel Hartmeier,
    David B Terrell, David Krause, David Lebel, David Leonard, Dug Song,
    Eric Jackson, Federico G. Schwindt, Grigoriy Orlov, Hakan Olsson,
    Hans Insulander, Heikki Korpela, Henning Brauer, Henric Jungheim,
    Hiroaki Etoh, Horacio Menezo Ganau, Hugh Graham, Ian Darwin,
    Jakob Schlyter, Jan-Uwe Finck, Jason Ish, Jason McIntyre, Jason Peel,
    Jason Wright, Jean-Baptiste Marchand, Jean-Francois Brousseau,
    Jean-Jacques Bernard-Gundol, Jim Rees, Jolan Luff, Jose Nazario,
    Joshua Stein, Jun-ichiro itojun Hagino, Kenjiro Cho,
    Kenneth R Westerback, Kevin Lo, Kevin Steves, Kjell Wooding,
    Louis Bertrand, Magnus Holmberg, Marc Espie, Marc Matteo, Marco S Hyman,
    Marcus Watts, Margarida Sequeira, Mark Grimes, Markus Friedl,
    Mats O Jansson, Matt Behrens, Matt Smart, Matthew Jacob, Matthieu Herrb,
    Michael Shalayeff, Michael T. Stolarchuk, Mike Frantzen, Mike Pechkin,
    Miod Vallat, Nathan Binkert, Nick Holland, Niels Provos, Niklas Hallqvist,
    Nikolay Sturm, Nils Nordman, Oleg Safiullin, Otto Moerbeek, Paul Janzen,
    Peter Galbavy, Peter Stromberg, Peter Valchev, Philipp Buehler,
    Reinhard J. Sammer, Rich Cannings, Ryan Thomas McBride,
    Shell Hin-lik Hung, Steve Murphree, Ted Unangst, Theo de Raadt,
    Thierry Deval, Thomas Nordin, Thorsten Lockert, Tobias Weingartner,
    Todd C. Miller, Todd T. Fries, Vincent Labrecque, Wilbern Cobb,
    Wim Vandeputte.

----- End forwarded message -----