From security em unicamp.br Wed May 5 15:15:34 2004 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 5 May 2004 15:15:34 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20040505181533.GC4641@unicamp.br> Srs. Usuarios, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: CAIS-Alerta ----------- 01/05/2004 - Propagacao do Worm Sasser http://www.security.unicamp.br/docs/bugs/2004/05/v3.txt Debian Security Advisory ------------------------ 01/05/2004 - DSA 500-1 Assunto: vulnerabilidade de seguranca no pacote flim. http://www.security.unicamp.br/docs/bugs/2004/05/v5.txt 01/05/2004 - DSA 499-1 Assunto: vulnerabilidade de seguranca no pacote rsync. http://www.security.unicamp.br/docs/bugs/2004/05/v4.txt 30/04/2004 - DSA 498-1 Assunto: vulnerabilidade de seguranca nos pacotes libpng, libpng3. http://www.security.unicamp.br/docs/bugs/2004/04/v123.txt 29/04/2004 - DSA 497-1 Assunto: vulnerabilidade de seguranca no pacote mc. http://www.security.unicamp.br/docs/bugs/2004/04/v114.txt 29/04/2004 - DSA 496-1 Assunto: vulnerabilidade de seguranca no pacote eterm. http://www.security.unicamp.br/docs/bugs/2004/04/v113.txt 26/04/2004 - DSA 495-1 Assunto: vulnerabilidade de seguranca nos pacote kernel-source-2.4.16, kernel-patch-2.4.16-arm, kernel-image-2.4.16-lart, kernel-image-2.4.16-netwinder, kernel-image-2.4.16-riscpc. http://www.security.unicamp.br/docs/bugs/2004/04/v104.txt Fedora Update Notification -------------------------- 30/04/2004 - FEDORA-2004-112 Assunto: vulnerabilidade de seguranca no pacote mc. http://www.security.unicamp.br/docs/bugs/2004/04/v131.txt Guardian Digital Security Advisory ---------------------------------- 28/04/2004 - ESA-20040428-004 Assunto: vulnerabilidade de seguranca no kernel. http://www.security.unicamp.br/docs/bugs/2004/04/v109.txt Gentoo Linux Security Advisory ------------------------------ 29/04/2004 - GLSA 200404-21 Assunto: Multiple Vulnerabilities in Samba. http://www.security.unicamp.br/docs/bugs/2004/04/v115.txt 27/04/2004 - GLSA 200404-20 Assunto: Multiple vulnerabilities in xine. http://www.security.unicamp.br/docs/bugs/2004/04/v106.txt 26/04/2004 - GLSA 200404-18 Assunto: Multiple Vulnerabilities in ssmtp. http://www.security.unicamp.br/docs/bugs/2004/04/v105.txt 24/04/2004 - GLSA 200404-17 Assunto: ipsec-tools and iputils contain a remote DoS vulnerability. http://www.security.unicamp.br/docs/bugs/2004/04/v103.txt Mandrake Linux Security Update Advisory --------------------------------------- 30/04/2004 - MDKSA-2004:041 Assunto: vulnerabilidade de seguranca no pacote proftpd. http://www.security.unicamp.br/docs/bugs/2004/04/v129.txt 30/04/2004 - MDKSA-2004:040 Assunto: vulnerabilidade de seguranca no libpng. http://www.security.unicamp.br/docs/bugs/2004/04/v118.txt 29/04/2004 - MDKSA-2004:039 Assunto: vulnerabilidade de seguranca no mc. http://www.security.unicamp.br/docs/bugs/2004/04/v117.txt 28/04/2004 - MDKSA-2004:038 Assunto: vulnerabilidade de seguranca no sysklogd. http://www.security.unicamp.br/docs/bugs/2004/04/v112.txt 27/04/2004 - MDKSA-2004:037 Assunto: vulnerabilidade de seguranca no kernel. http://www.security.unicamp.br/docs/bugs/2004/04/v107.txt Netwosix Linux Security Advisory -------------------------------- 01/05/2004 - #2004-0014 Assunto: vulnerabilidade de seguranca no pacote xchat. http://www.security.unicamp.br/docs/bugs/2004/05/v2.txt 01/05/2004 - #2004-0013 Assunto: vulnerabilidade de seguranca no pacote samba. http://www.security.unicamp.br/docs/bugs/2004/05/v1.txt OpenPKG Security Advisory ------------------------- 30/04/2004 - OpenPKG-SA-2004.018 Assunto: vulnerabilidade de seguranca no pacote proftpd. http://www.security.unicamp.br/docs/bugs/2004/04/v124.txt 29/04/2004 - OpenPKG-SA-2004.017 Assunto: vulnerabilidade de seguranca no pacote png. http://www.security.unicamp.br/docs/bugs/2004/04/v116.txt Red Hat Security Advisory ------------------------- 30/04/2004 - RHSA-2004:173-00 Assunto: Updated mc packages resolve several vulnerabilities. http://www.security.unicamp.br/docs/bugs/2004/04/v130.txt 30/04/2004 - RHSA-2004:163-01 Assunto: Updated OpenOffice packages fix security vulnerability in neon. http://www.security.unicamp.br/docs/bugs/2004/04/v128.txt 30/04/2004 - RHSA-2004:175-01 Assunto: Updated utempter package fixes vulnerability. http://www.security.unicamp.br/docs/bugs/2004/04/v127.txt 30/04/2004 - RHSA-2004:181-01 Assunto: Updated libpng packages fix crash. http://www.security.unicamp.br/docs/bugs/2004/04/v126.txt 30/04/2004 - RHSA-2004:182-01 Assunto: Updated httpd packages fix mod_ssl security issue. http://www.security.unicamp.br/docs/bugs/2004/04/v121.txt 30/04/2004 - RHSA-2004:179-01 Assunto: An updated LHA package fixes security vulnerabilities. http://www.security.unicamp.br/docs/bugs/2004/04/v120.txt 30/04/2004 - RHSA-2004:177-01 Assunto: An updated X-Chat package fixes vulnerability in Socks-5 proxy. http://www.security.unicamp.br/docs/bugs/2004/04/v119.txt SCO Security Advisory --------------------- 04/05/2004 - SCOSA-2004.6 Assunto: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : apache multiple vulnerabilities, upgraded to apache-1.3.29. http://www.security.unicamp.br/docs/bugs/2004/05/v13.txt SGI Security Advisory --------------------- 03/05/2004 - 20040501-01-I Assunto: Sasser worm and Embedded Support Partner (ESP) port 5554/tcp. http://www.security.unicamp.br/docs/bugs/2004/05/v10.txt 28/04/2004 - 20040406-01-U Assunto: SGI Advanced Linux Environment security update #19. http://www.security.unicamp.br/docs/bugs/2004/04/v110.txt 27/04/2004 - 20040405-01-U Assunto: SGI ProPack v2.4: Kernel update #3. http://www.security.unicamp.br/docs/bugs/2004/04/v108.txt Slackware Security Advisory --------------------------- 04/05/2004 - SSA:2004-125-01 Assunto: lha update in bin package. http://www.security.unicamp.br/docs/bugs/2004/05/v12.txt 03/05/2004 - SSA:2004-124-04 Assunto: libpng update. http://www.security.unicamp.br/docs/bugs/2004/05/v9.txt 03/05/2004 - SSA:2004-124-03 Assunto: xine-lib update. http://www.security.unicamp.br/docs/bugs/2004/05/v8.txt 03/05/2004 - SSA:2004-124-02 Assunto: sysklogd update. http://www.security.unicamp.br/docs/bugs/2004/05/v7.txt 03/05/2004 - SSA:2004-124-01 Assunto: rsync update. http://www.security.unicamp.br/docs/bugs/2004/05/v6.txt 28/04/2004 - SSA:2004-119-01 Assunto: kernel security updates. http://www.security.unicamp.br/docs/bugs/2004/04/v111.txt SUSE Security Announcement: --------------------------- 05/05/2004 - SuSE-SA:2004:010 Assunto: Linux Kernel. http://www.security.unicamp.br/docs/bugs/2004/05/v11.txt Trustix Secure Linux Security Advisory -------------------------------------- 30/04/2004 - #2004-0025 Assunto: vulnerabilidade de seguranca nos pacotes libpng e proftpd. http://www.security.unicamp.br/docs/bugs/2004/04/v125.txt 29/04/2004 - #2004-0024 Assunto: vulnerabilidade de seguranca no pacote rsync. http://www.security.unicamp.br/docs/bugs/2004/04/v122.txt -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security em unicamp.br http://www.security.unicamp.br From security em unicamp.br Mon May 10 10:56:34 2004 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 10 May 2004 10:56:34 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20040510135634.GC301@unicamp.br> Srs. Usuarios, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Anúncio de Segurança do Conectiva Linux --------------------------------------- 06/05/2004 - CLA-2004:840 Assunto: Vulnerabilidades locais no pacote lha. http://www.security.unicamp.br/docs/bugs/2004/05/v19.txt Debian Security Advisory ------------------------ 07/05/2004 - DSA 501-1 Assunto: vulnerabilidade de seguranca no pacote exim. http://www.security.unicamp.br/docs/bugs/2004/05/v20.txt Fedora Legacy Update Advisory ----------------------------- 08/05/2004 - FLSA:1395 Assunto: Updated OpenSSL resolves security vulnerability. http://www.security.unicamp.br/docs/bugs/2004/05/v22.txt FreeBSD Security Advisory ------------------------- 05/05/2004 - FreeBSD-SA-04:09 Assunto: heimdal kadmind remote heap buffer overflow. http://www.security.unicamp.br/docs/bugs/2004/05/v17.txt 05/05/2004 - FreeBSD-SA-04:08 Assunto: heimdal cross-realm trust vulnerability. http://www.security.unicamp.br/docs/bugs/2004/05/v16.txt OpenPKG Security Advisory ------------------------- 07/05/2004 - OpenPKG-SA-2004.020 Assunto: vulnerabilidade de seguranca no pacote ssmtp. http://www.security.unicamp.br/docs/bugs/2004/05/v21.txt 05/05/2004 - OpenPKG-SA-2004.019 Assunto: vulnerabilidade de seguranca no pacote kolab. http://www.security.unicamp.br/docs/bugs/2004/05/v14.txt SGI Security Advisory --------------------- 05/05/2004 - 20040502-01-P Assunto: IRIX Networking Security Updates. http://www.security.unicamp.br/docs/bugs/2004/05/v15.txt SUSE Security Announcement: --------------------------- 06/05/2004 - SuSE-SA:2004:011 Assunto: Live CD 9.1 http://www.security.unicamp.br/docs/bugs/2004/05/v18.txt -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security em unicamp.br http://www.security.unicamp.br From security em unicamp.br Wed May 12 10:40:52 2004 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 12 May 2004 10:40:52 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Windows Help (840374) Message-ID: <20040512134051.GA4282@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Windows Help (840374) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 11 May 2004 17:43:32 -0300 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta divulgado pela Microsoft, "Microsoft Security Bulletin MS04-015: Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)", que trata da identificacao de uma vulnerabilidade no Windows Help e Support Center que pode permitir a um atacante remoto a execucao de codigo arbitrario. Um atacante poderia explorar a vulnerabilidade criando uma URL HCP (hcp://...) que permitiria a execucao de codigo arbitrario caso um usuario visitasse um web site ou visualizasse um e-mail malicioso. Um atacante poderia, por meio desta vulnerabilidade, ter total controle sob um sistema afetado embora seja necessaria a interacao do usuario para que isto aconteca. Sistemas Afetados: . Microsoft Windows XP and Microsoft Windows XP Service Pack 1 . Microsoft Windows XP 64-Bit Edition Service Pack 1 . Microsoft Windows XP 64-Bit Edition Version 2003 . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 64-Bit Edition Sistemas *nao* Afetados: . Microsoft Windows NT® Workstation 4.0 Service Pack 6a . Microsoft Windows NT Server 4.0 Service Pack 6a . Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 . Microsoft Windows 2000 Service Pack 2 . Microsoft Windows 2000 Service Pack 3 . Microsoft Windows 2000 Service Pack 4 . Microsoft Windows 98 . Microsoft Windows 98 Second Edition (SE) . Microsoft Windows Millennium Edition (ME) Correções disponíveis: A correção consiste na aplicação do patch recomendado pela Microsoft e disponível em: . Microsoft Windows XP and Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=563F65A3-D793-47B4-A607-948CAA5B3454&displaylang=en . Microsoft Windows XP 64-Bit Edition Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=EB954F03-EFC6-45FA-B87C-E29135199DC9&displaylang=en . Microsoft Windows XP 64-Bit Edition Version 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=EB954F03-EFC6-45FA-B87C-E29135199DC9&displaylang=en . Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=50AD42D7-81BD-4F96-9AD1-0E67310551DF&displaylang=en . Microsoft Windows Server 2003 64-Bit Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=E05DE6AB-FB0D-4A0E-B34E-BB69B9D6BA74&displaylang=en Mais informações: . Microsoft Security Bulletin MS04-015 Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374) http://www.microsoft.com/technet/security/bulletin/MS04-015.mspx . Microsoft Brasil - Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificadores do CVE: CAN-2004-0199, (http://cve.mitre.org) O CAIS recomenda aos administradores de plataformas Microsoft que mantenham seus sistemas e aplicativos sempre atualizados. Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ Microsoft Security Bulletin MS04-015 Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374) Issued: May 11, 2004 Updated: May 11, 2004 Version: 1.1 Summary Who should read this document: Customers who use Microsoft® Windows® Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Important Recommendation: Customers should install the update at the earliest opportunity. Security Update Replacement: None Caveats: Microsoft Knowledge Base Article 841996 documents a known issue that customers may experience when they install this security update on a system where the Help and Support Center service is disabled. For the installation of this security update to be successful, the Help and Support Center service cannot be disabled. The article also documents recommended solutions for this issue. For more information, see Microsoft Knowledge Base Article 841996. Tested Software and Security Update Download Locations: Affected Software: Microsoft Windows XP and Microsoft Windows XP Service Pack 1 ? Download the update Microsoft Windows XP 64-Bit Edition Service Pack 1 ? Download the update Microsoft Windows XP 64-Bit Edition Version 2003 ? Download the update Microsoft Windows Server? 2003 ? Download the update Microsoft Windows Server 2003 64-Bit Edition ? Download the update Non-Affected Software: Microsoft Windows NT® Workstation 4.0 Service Pack 6a Microsoft Windows NT Server 4.0 Service Pack 6a Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service Pack 4 Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) The software in this list has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support lifecycle for your product and version, visit the following Microsoft Support Lifecycle Web site. -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQKE7HOkli63F4U8VAQFYfwQAm1oOERgGoKGXp9ibej2n7tqcWsc/qy7D b926pfHraosm1vXbuby/TcBx4IPPZndELmOVeE6ZWIRxzNfp1lIr5rYWgKVat7T2 8OML8Gfp04Ro+msVB+onR7Z1vuzjJdA65x5I6BKKD6NGUmOcBWpqpyzgO9ICrGtK NxI9t5FEqEs= =yIKs -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed May 12 11:04:25 2004 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 12 May 2004 11:04:25 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20040512140425.GB4282@unicamp.br> Srs. Usuarios, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: CAIS-Alerta ----------- 11/05/2004 - Vulnerabilidade no Windows Help (840374) http://www.security.unicamp.br/docs/bugs/2004/05/v31.txt Debian Security Advisory ------------------------ 11/05/2004 - DSA 502-1 Assunto: vulnerabilidade de seguranca no pacote exim-tls. http://www.security.unicamp.br/docs/bugs/2004/05/v28.txt Gentoo Linux Security Advisory ------------------------------ 11/05/2004 - GLSA 200405-04 Assunto: OpenOffice.org vulnerability when using DAV servers. http://www.security.unicamp.br/docs/bugs/2004/05/v33.txt 11/05/2004 - GLSA 200405-03 Assunto: ClamAV VirusEvent parameter vulnerability. http://www.security.unicamp.br/docs/bugs/2004/05/v29.txt 09/05/2004 - GLSA 200405-02 Assunto: Multiple vulnerabilities in LHa. http://www.security.unicamp.br/docs/bugs/2004/05/v24.txt 09/05/2004 - GLSA 200405-01 Assunto: Multiple format string vulnerabilities in neon 0.24.4 and earlier. http://www.security.unicamp.br/docs/bugs/2004/05/v23.txt Mandrake Linux Security Update Advisory --------------------------------------- 10/05/2004 - MDKSA-2004:043 Assunto: vulnerabilidade de seguranca no pacote apache2. http://www.security.unicamp.br/docs/bugs/2004/05/v27.txt 10/05/2004 - MDKSA-2004:042 Assunto: vulnerabilidade de seguranca no pacote rsync. http://www.security.unicamp.br/docs/bugs/2004/05/v26.txt Microsoft Security Bulletins ---------------------------- 11/05/2004 - Microsoft Windows Security Bulletin Summary for May 2004 http://www.security.unicamp.br/docs/bugs/2004/05/v32.txt 11/05/2004 - Microsoft Security Bulletin Re-releases, May 2004 http://www.security.unicamp.br/docs/bugs/2004/05/v30.txt SCO Security Advisory --------------------- 07/05/2004 - SCOSA-2004.5 Assunto: OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : X sessions which are not started by scologin cannot use the X authorization protocol. http://www.security.unicamp.br/docs/bugs/2004/05/v25.txt -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security em unicamp.br http://www.security.unicamp.br From security em unicamp.br Mon May 17 16:28:42 2004 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 17 May 2004 16:28:42 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade de DoS em dispositivos wireless IEEE 802.11 Message-ID: <20040517192835.GA941@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade de DoS em dispositivos wireless IEEE 802.11 To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Thu, 13 May 2004 15:57:04 -0300 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta do AusCERT, "AA-2004.02 - Denial of Service Vulnerability in IEEE 802.11 Wireless Devices", que trata de uma vulnerabilidade que afeta implementacoes em hardware do protocolo wireless IEEE 802.11, propiciando uma condicao de Negacao de Servico (DoS) nos dispositivos atacados. Esta vulnerabilidade permite um ataque trivial, porem efetivo, contra a disponibilidade de servico de um equipamento WLAN (Wireless Local Area Network). Equipamentos wireless dentro da area de abrangencia do dispositivo atacante serao afetados. O alcance de um ataque bem sucedido cresce significativamente com o aumento do poder de transmissao do equipamento atacante. Sistemas afetados: Dispositivos de hardware wireless que implementem o padrao IEEE 802.11 usando a camada fisica DSSS. Inclui os padroes: . IEEE 802.11 . IEEE 802.11b . IEEE 802.11g de baixa velocidade (abaixo de 20Mbps) Sistemas *nao* afetados: . IEEE 802.11a . IEEE 802.11g de alta velocidade (acima 20Mbps) Correcoes disponiveis: No momento nao ha' solucao disponivel, seja na forma de software ou de atualizacao de firmware. Esta e' uma vulnerabilidade inerente aa propria implementacao de IEEE 802.11 DSSS. Mais informacoes: . AusCERT Security Bulletim AA-2004.02 Denial of Service Vulnerability in IEEE 802.11 Wireless Devices http://www.auscert.org.au/render.html?it=4091 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes disponibilizadas pelos fabricantes. Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ =========================================================================== AA-2004.02 AUSCERT Advisory Denial of Service Vulnerability in IEEE 802.11 Wireless Devices 13 May 2004 Last Revised: -- - - - --------------------------------------------------------------------------- 1. Description A vulnerability exists in hardware implementations of the IEEE 802.11 wireless protocol[1] that allows for a trivial but effective attack against the availability of wireless local area network (WLAN) devices. An attacker using a low-powered, portable device such as an electronic PDA and a commonly available wireless networking card may cause significant disruption to all WLAN traffic within range, in a manner that makes identification and localisation of the attacker difficult. The vulnerability is related to the medium access control (MAC) function of the IEEE 802.11 protocol. WLAN devices perform Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA), which minimises the likelihood of two devices transmitting simultaneously. Fundamental to the functioning of CSMA/CA is the Clear Channel Assessment (CCA) procedure, used in all standards-compliant hardware and performed by a Direct Sequence Spread Spectrum (DSSS) physical (PHY) layer. An attack against this vulnerability exploits the CCA function at the physical layer and causes all WLAN nodes within range, both clients and access points (AP), to defer transmission of data for the duration of the attack. When under attack, the device behaves as if the channel is always busy, preventing the transmission of any data over the wireless network. Previously, attacks against the availability of IEEE 802.11 networks have required specialised hardware and relied on the ability to saturate the wireless frequency with high-power radiation, an avenue not open to discreet attack. This vulnerability makes a successful, low cost attack against a wireless network feasible for a semi-skilled attacker. Although the use of WLAN technology in the areas of critical infrastructure and systems is still relatively nascent, uptake of wireless applications is demonstrating exponential growth. The potential impact of any effective attack, therefore, can only increase over time. 2. Platform Wireless hardware devices that implement IEEE 802.11 using a DSSS physical layer. Includes IEEE 802.11, 802.11b and low-speed (below 20Mbps) 802.11g wireless devices. Excludes IEEE 802.11a and high-speed (above 20Mbps) 802.11g wireless devices. 3. Impact Devices within range of the attacking device will be affected. If an AP is within range, all devices associated with that AP are denied service; if an AP is not within range, only those devices within range of the attacking device are denied service. Minimum threat characteristics: o An attack can be mounted using commodity hardware and drivers - no dedicated or high-power wireless hardware is required o An attack consumes limited resources on attacking device, so is inexpensive to mount o Vulnerability will not be mitigated by emerging MAC layer security enhancements ie IEEE 802.11 TGi o Independent vendors have confirmed that there is currently no defence against this type of attack for DSSS based WLANs The range of a successful attack can be greatly improved by an increase in the transmission power of the attacking device, and the use of high-gain antennae. 3. Workarounds/Mitigation At this time a comprehensive solution, in the form of software or firmware upgrade, is not available for retrofit to existing devices. Fundamentally, the issue is inherent in the protocol implementation of IEEE 802.11 DSSS. IEEE 802.11 device transmissions are of low energy and short range, so the range of this attack is limited by the signal strength of the attacking device, which is typically low. Well shielded WLANs such as those for internal infrastructures should be relatively immune, however individual devices within range of the attacker may still be affected. Public access points will remain particularly vulnerable. The model of a shared communications channel is a fundamental factor in the effectiveness of an attack on this vulnerability. For this reason, it is likely that devices based on the newer IEEE 802.11a standard will not be affected by this attack where the physical layer uses Orthogonal Frequency Division Multiplexing (OFDM). It is recognised that the 2.4G Hz band suffers from radio interference problems, and it is expected that operators of the technology will already have in place measures to shield their networks as well as a reduced reliance on this technology for critical applications. The effect of the DoS on WLANs is not persistent - once the jamming transmission terminates, network recovery is essentially immediate. The results of a successful DoS attack will not be directly discernable to an attacker, so an attack of this type may be generally less attractive to mount. At this time, AusCERT continues to recommend that the application of wireless technology should be precluded from use in safety, critical infrastructure and/or other environments where availability is a primary requirement. Operators of wireless LANs should be aware of the increased potential for undesirable activity directed at their networks. REFERENCES: [1] IEEE-SA Standards Board, "IEEE Std IEEE 802.11-1999 Information Technology - Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks - Specific Requirements - Part 11: Wireless LAN Medium Access Control (MAC) And Physical Layer (PHY) Specifications," IEEE 1999. http://standards.ieee.org/getieee802/download/802.11-1999.pdf - - - ------------------------------------------------------------------------- AusCERT would like to thank the Queensland University of Technology (QUT) Information Security Research Centre (ISRC) for the information contained in this advisory. AusCERT would like to thank all vendors that participated in this process and provided recommendations for mitigation and/or confirmed details of the vulnerability. - - - ------------------------------------------------------------------------- - - - --------------------------------------------------------------------------- AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 AusCERT also maintains a World Wide Web service which is found on: http://www.auscert.org.au. Internet Email: auscert em auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. Postal: Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 AUSTRALIA ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Revision History ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQKPFEekli63F4U8VAQEXfQQAkEoT7SgyxEirRstLuW/xg1NRfYlRL0sI yuLbFMGlutKydtWr1LiFfH9CjSUue7Ri2ASXFxl6vvYvv8FClawJJ9EEWDJny3mM dh7sAiY3EaZiWHbiY91KZwsTDVl/ylXR25W9CpRjaWGG4/rUkSkmsD789mswqDAx HktVStwW1ds= =Rb/n -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue May 18 10:25:22 2004 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 18 May 2004 10:25:22 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20040518132516.GB941@unicamp.br> Srs. Usuarios, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: CAIS-Alerta ----------- 13/05/2004 - Vulnerabilidade de DoS em dispositivos wireless IEEE 802.11. http://www.security.unicamp.br/docs/bugs/2004/05/v43.txt Debian Security Advisory ------------------------ 13/05/2004 - DSA 503-1 Assunto: vulnerabilidade de seguranca no pacote mah-jong. http://www.security.unicamp.br/docs/bugs/2004/05/v41.txt Fedora Update Notification -------------------------- 11/05/2004 - FEDORA-2004-115 Assunto: vulnerabilidade de seguranca no pacote iproute. http://www.security.unicamp.br/docs/bugs/2004/05/v36.txt 05/05/2004 - FEDORA-2004-106 Assunto: vulnerabilidade de seguranca no pacote libpng10. http://www.security.unicamp.br/docs/bugs/2004/05/v35.txt 05/05/2004 - FEDORA-2004-105 Assunto: vulnerabilidade de seguranca no pacote libpng. http://www.security.unicamp.br/docs/bugs/2004/05/v34.txt Gentoo Linux Security Advisory ------------------------------ 14/05/2004 - GLSA 200405-07 Assunto: Exim verify=header_syntax buffer overflow. http://www.security.unicamp.br/docs/bugs/2004/05/v51.txt 14/05/2004 - GLSA 200405-06 Assunto: libpng denial of service vulnerability. http://www.security.unicamp.br/docs/bugs/2004/05/v50.txt 13/05/2004 - GLSA 200405-05 Assunto: Utempter symlink vulnerability. http://www.security.unicamp.br/docs/bugs/2004/05/v42.txt HP Security Bulletin -------------------- 14/05/2004 - HPSBUX01034 Assunto: SSRT3613 rev.0 HP-UX B6848AB GTK+ Support Libraries elevated privileges. http://www.security.unicamp.br/docs/bugs/2004/05/v46.txt 14/05/2004 - HPSBUX01038 Assunto: SSRT4721 rev.0 HP-UX dtlogin unauthorized privileged access, Denial of Service (DoS). http://www.security.unicamp.br/docs/bugs/2004/05/v45.txt 13/05/2004 - HPSBUX01036 Assunto: SSRT4722 rev.0 HP-UX Mozilla denial of service. http://www.security.unicamp.br/docs/bugs/2004/05/v44.txt Mandrake Linux Security Update Advisory --------------------------------------- 17/05/2004 - MDKSA-2004:046 Assunto: vulnerabilidade de seguranca no pacote apache. http://www.security.unicamp.br/docs/bugs/2004/05/v55.txt 17/05/2004 - MDKSA-2004:045 Assunto: vulnerabilidade de seguranca no pacote passwd. http://www.security.unicamp.br/docs/bugs/2004/05/v54.txt 17/05/2004 - MDKSA-2004:044 Assunto: vulnerabilidade de seguranca no pacote libuser. http://www.security.unicamp.br/docs/bugs/2004/05/v53.txt NetBSD Security Advisory ------------------------ 12/05/2004 - #2004-0007 Assunto: Systrace systrace_exit() local root. http://www.security.unicamp.br/docs/bugs/2004/05/v39.txt OpenPKG Security Advisory ------------------------- 12/05/2004 - OpenPKG-SA-2004.021 Assunto: vulnerabilidade de seguranca no pacote apache. http://www.security.unicamp.br/docs/bugs/2004/05/v38.txt Slackware Security Advisory --------------------------- 18/05/2004 - SSA:2004-238-01 Assunto: vulnerabilidade de seguranca no pacote kdelibs. http://www.security.unicamp.br/docs/bugs/2004/05/v56.txt 17/05/2004 - SSA:2004-136-01 Assunto: vulnerabilidade de seguranca no pacote mc. http://www.security.unicamp.br/docs/bugs/2004/05/v52.txt SUSE Security Announcement: --------------------------- 14/05/2004 - SuSE-SA:2004:012 Assunto: vulnerabilidade de seguranca no pacote mc. http://www.security.unicamp.br/docs/bugs/2004/05/v49.txt Trustix Secure Linux Security Advisory -------------------------------------- 13/05/2004 - #2004-0029 Assunto: vulnerabilidade de seguranca no kernel. http://www.security.unicamp.br/docs/bugs/2004/05/v48.txt -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security em unicamp.br http://www.security.unicamp.br From security em unicamp.br Wed May 19 16:37:30 2004 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 19 May 2004 16:37:30 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20040519193726.GA5305@unicamp.br> Srs. Administradores, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Debian Security Advisory ------------------------ 19/05/2004 - DSA 507-1 Assunto: vulnerabilidade de seguranca no pacote cadaver. http://www.security.unicamp.br/docs/bugs/2004/05/v79.txt 19/05/2004 - DSA 506-1 Assunto: vulnerabilidade de seguranca no pacote neon. http://www.security.unicamp.br/docs/bugs/2004/05/v77.txt 19/05/2004 - DSA 505-1 Assunto: vulnerabilidade de seguranca no pacote cvs. http://www.security.unicamp.br/docs/bugs/2004/05/v76.txt 18/05/2004 - DSA 504-1 Assunto: vulnerabilidade de seguranca no pacote heimdal. http://www.security.unicamp.br/docs/bugs/2004/05/v62.txt Fedora Legacy Update Advisory ----------------------------- 18/05/2004 - FLSA:1546 Assunto: Updated utempter resolves security vulnerability. http://www.security.unicamp.br/docs/bugs/2004/05/v69.txt Fedora Update Notification -------------------------- 19/05/2004 - FEDORA-2004-131 Assunto: vulnerabilidade de seguranca no produto Fedora Core 2, pacote cvs. http://www.security.unicamp.br/docs/bugs/2004/05/v71.txt 19/05/2004 - FEDORA-2004-129 Assunto: vulnerabilidade de seguranca no produto Fedora Core 1, pacote neon. http://www.security.unicamp.br/docs/bugs/2004/05/v72.txt 19/05/2004 - FEDORA-2004-128 Assunto: vulnerabilidade de seguranca no produto Fedora Core 2, pacote subversion. http://www.security.unicamp.br/docs/bugs/2004/05/v75.txt 19/05/2004 - FEDORA-2004-127 Assunto: vulnerabilidade de seguranca no produto Fedora Core 1, pacote subversion. http://www.security.unicamp.br/docs/bugs/2004/05/v74.txt 19/05/2004 - FEDORA-2004-126 Assunto: vulnerabilidade de seguranca no produto Fedora Core 1, pacote cvs. http://www.security.unicamp.br/docs/bugs/2004/05/v70.txt 19/05/2004 - FEDORA-2004-122 Assunto: vulnerabilidade de seguranca no pacote kdelibs 3.2.2. http://www.security.unicamp.br/docs/bugs/2004/05/v67.txt 17/05/2004 - FEDORA-2004-121 Assunto: vulnerabilidade de seguranca no pacote kdelibs 3.1.4. http://www.security.unicamp.br/docs/bugs/2004/05/v60.txt 14/05/2004 - FEDORA-2004-110 Assunto: vulnerabilidade de seguranca no pacote cvs. http://www.security.unicamp.br/docs/bugs/2004/05/v59.txt 14/05/2004 - FEDORA-2004-103 Assunto: vulnerabilidade de seguranca no pacote neon. http://www.security.unicamp.br/docs/bugs/2004/05/v57.txt 14/05/2004 - FEDORA-2004-060 Assunto: vulnerabilidade de seguranca no pacote mailman. http://www.security.unicamp.br/docs/bugs/2004/05/v57.txt 13/05/2004 - FEDORA-2004-120 Assunto: vulnerabilidade de seguranca no pacote tcpdump. http://www.security.unicamp.br/docs/bugs/2004/05/v66.txt FreeBSD Security Advisory ------------------------- 19/05/2004 - FreeBSD-SA-04:10 Assunto: CVS pserver protocol parser errors. http://www.security.unicamp.br/docs/bugs/2004/05/v65.txt Gentoo Linux Security Advisory ------------------------------ 19/05/2004 - GLSA 200405-10 Assunto: Icecast denial of service vulnerability. http://www.security.unicamp.br/docs/bugs/2004/05/v80.txt 19/05/2004 - GLSA 200405-09 Assunto: ProFTPD Access Control List bypass vulnerability. http://www.security.unicamp.br/docs/bugs/2004/05/v68.txt 18/05/2004 - GLSA 200405-08 Assunto: Pound format string vulnerability. http://www.security.unicamp.br/docs/bugs/2004/05/v63.txt Mandrake Linux Security Update Advisory --------------------------------------- 18/05/2004 - MDKSA-2004:047 Assunto: vulnerabilidade de seguranca no pacote kdelibs. http://www.security.unicamp.br/docs/bugs/2004/05/v64.txt SGI Security Advisory --------------------- 17/05/2004 - 20040503-01-P Assunto: IRIX 6.5.24 rpc.mountd infinte loop. http://www.security.unicamp.br/docs/bugs/2004/05/v61.txt SUSE Security Announcement: --------------------------- 19/05/2004 - SuSE-SA:2004:013 Assunto: vulnerabilidade de seguranca no pacote cvs. http://www.security.unicamp.br/docs/bugs/2004/05/v78.txt -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security em unicamp.br http://www.security.unicamp.br From security em unicamp.br Thu May 20 09:38:23 2004 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 20 May 2004 09:38:23 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20040520123822.GB6823@unicamp.br> Srs. Usuarios, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Fedora Update Notification -------------------------- 19/05/2004 - FEDORA-2004-133 Assunto: vulnerabilidade de seguranca no produto Fedora Core 1, pacote kdepim. http://www.security.unicamp.br/docs/bugs/2004/05/v88.txt 19/05/2004 - FEDORA-2004-132 Assunto: vulnerabilidade de seguranca no produto Fedora Core 2, pacote ipsec-tools. http://www.security.unicamp.br/docs/bugs/2004/05/v84.txt Gentoo Linux Security Advisory ------------------------------ 19/05/2004 - GLSA 200405-11 Assunto: KDE URI Handler Vulnerabilities. http://www.security.unicamp.br/docs/bugs/2004/05/v83.txt Mandrake Linux Security Update Advisory --------------------------------------- 19/05/2004 - MDKSA-2004:049 Assunto: vulnerabilidade de seguranca no pacote libneon. http://www.security.unicamp.br/docs/bugs/2004/05/v82.txt 19/05/2004 - MDKSA-2004:048 Assunto: vulnerabilidade de seguranca no pacote cvs. http://www.security.unicamp.br/docs/bugs/2004/05/v81.txt OpenPKG Security Advisory ------------------------- 19/05/2004 - OpenPKG-SA-2004.024 Assunto: vulnerabilidade de seguranca nos pacotes neon, subversion, cadaver, sitecopy, tla. http://www.security.unicamp.br/docs/bugs/2004/05/v87.txt 19/05/2004 - OpenPKG-SA-2004.023 Assunto: vulnerabilidade de seguranca no pacote subversion. http://www.security.unicamp.br/docs/bugs/2004/05/v86.txt 19/05/2004 - OpenPKG-SA-2004.022 Assunto: vulnerabilidade de seguranca no pacote cvs. http://www.security.unicamp.br/docs/bugs/2004/05/v85.txt Slackware Security Advisory --------------------------- 19/05/2004 - SSA:2004-140-01 Assunto: vulnerabilidade de seguranca no pacote cvs. http://www.security.unicamp.br/docs/bugs/2004/05/v89.txt -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security em unicamp.br http://www.security.unicamp.br From security em unicamp.br Fri May 21 16:17:43 2004 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 21 May 2004 16:17:43 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20040521191742.GA12751@unicamp.br> Srs. Usuarios, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Fedora Update Notification -------------------------- 20/05/2004 - FEDORA-2004-134 Assunto: vulnerabilidade de seguranca no produto Fedora Core 2, pacote libgnome. http://www.security.unicamp.br/docs/bugs/2004/05/v98.txt Gentoo Linux Security Advisory ------------------------------ 20/05/2004 - GLSA 200405-15 Assunto: cadaver heap-based buffer overflow. http://www.security.unicamp.br/docs/bugs/2004/05/v97.txt 20/05/2004 - GLSA 200405-14 Assunto: Buffer overflow in Subversion. http://www.security.unicamp.br/docs/bugs/2004/05/v96.txt 20/05/2004 - GLSA 200405-13 Assunto: neon heap-based buffer overflow. http://www.security.unicamp.br/docs/bugs/2004/05/v95.txt 20/05/2004 - GLSA 200405-12 Assunto: CVS heap overflow vulnerability. http://www.security.unicamp.br/docs/bugs/2004/05/v94.txt HP Security Bulletin -------------------- 20/05/2004 - HPSBGN01041 Assunto: SSRT4696 rev.0 HP ProCurve Routing Switches TCP Denial of Service (DoS). http://www.security.unicamp.br/docs/bugs/2004/05/v93.txt Mandrake Linux Security Update Advisory --------------------------------------- 20/05/2004 - MDKSA-2004:046-1 Assunto: vulnerabilidade de seguranca no pacote apache-mod_perl. http://www.security.unicamp.br/docs/bugs/2004/05/v92.txt OpenPKG Security Advisory ------------------------- 21/05/2004 - OpenPKG-SA-2004.025 Assunto: vulnerabilidade de seguranca no pacote rsync. http://www.security.unicamp.br/docs/bugs/2004/05/v99.txt SGI Security Advisory --------------------- 19/05/2004 - 20040505-01-U Assunto: SGI ProPack v2.4: Kernel Update #4 - Security and other fixes. http://www.security.unicamp.br/docs/bugs/2004/05/v91.txt 19/05/2004 - 20040504-01-U Assunto: SGI ProPack 3: Kernel Update #1 - Security and other fixes. http://www.security.unicamp.br/docs/bugs/2004/05/v90.txt -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security em unicamp.br http://www.security.unicamp.br From security em unicamp.br Wed May 26 16:05:25 2004 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 26 May 2004 16:05:25 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20040526190523.GA5704@unicamp.br> Srs. Usuarios, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Anúncio de Segurança do Conectiva Linux --------------------------------------- 25/05/2004 - CLA-2004:842 Assunto: diversas correções para mailman. http://www.security.unicamp.br/docs/bugs/2004/05/v110.txt 25/05/2004 - CLA-2004:841 Assunto: correção para vulnerabilidade de buffer overflow no pacote libneon. http://www.security.unicamp.br/docs/bugs/2004/05/v108.txt Debian Security Advisory ------------------------ 22/05/2004 - DSA 508-1 Assunto: vulnerabilidade de seguranca no pacote xpcd. http://www.security.unicamp.br/docs/bugs/2004/05/v102.txt Fedora Update Notification -------------------------- 25/05/2004 - FEDORA-2004-139 Assunto: vulnerabilidade de seguranca no produto Fedora Core 2, pacote hwdata. http://www.security.unicamp.br/docs/bugs/2004/05/v111.txt 25/05/2004 - FEDORA-2004-138 Assunto: vulnerabilidade de seguranca no produto Fedora Core 2, pacote rsync. http://www.security.unicamp.br/docs/bugs/2004/05/v109.txt 25/05/2004 - FEDORA-2004-118 Assunto: vulnerabilidade de seguranca no produto Fedora Core 1, pacote php. http://www.security.unicamp.br/docs/bugs/2004/05/v105.txt 25/05/2004 - FEDORA-2004-117 Assunto: vulnerabilidade de seguranca no produto Fedora Core 1, pacote httpd. http://www.security.unicamp.br/docs/bugs/2004/05/v104.txt FreeBSD Security Advisory ------------------------- 26/05/2004 - FreeBSD-SA-04:11 Assunto: buffer cache invalidation implementation issues. http://www.security.unicamp.br/docs/bugs/2004/05/v113.txt Gentoo Linux Security Advisory ------------------------------ 25/05/2004 - GLSA 200405-20 Assunto: Insecure Temporary File Creation In MySQL. http://www.security.unicamp.br/docs/bugs/2004/05/v112.txt 25/05/2004 - ERRATA UPDATE: GLSA 200405-16:02 Assunto: Multiple XSS Vulnerabilities in SquirrelMail. http://www.security.unicamp.br/docs/bugs/2004/05/v107.txt 25/05/2004 - GLSA 200405-19 Assunto: Opera telnet URI handler file creation/truncation vulnerability. http://www.security.unicamp.br/docs/bugs/2004/05/v106.txt 23/05/2004 - GLSA 200405-18 Assunto: Buffer Overflow in Firebird. http://www.security.unicamp.br/docs/bugs/2004/05/v103.txt 21/05/2004 - GLSA 200405-16 Assunto: Multiple XSS Vulnerabilities in SquirrelMail. http://www.security.unicamp.br/docs/bugs/2004/05/v100.txt HP Security Bulletin -------------------- 25/05/2004 - HPSBMA01045 Assunto: SSRT4719 rev.0 hp OpenView Select Access remote unauthorized access. http://www.security.unicamp.br/docs/bugs/2004/05/v115.txt 24/05/2004 - HPSBUX01044 Assunto: SSRT4749 rev.0 HP-UX Java Runtime Environment (JRE) remote DoS. http://www.security.unicamp.br/docs/bugs/2004/05/v114.txt Mandrake Linux Security Update Advisory --------------------------------------- 21/05/2004 - MDKSA-2004:050 Assunto: vulnerabilidade de seguranca no kernel. http://www.security.unicamp.br/docs/bugs/2004/05/v101.txt -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security em unicamp.br http://www.security.unicamp.br From security em unicamp.br Thu May 27 16:46:34 2004 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 27 May 2004 16:46:34 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no CVS Message-ID: <20040527194630.GA6750@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no CVS To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Thu, 27 May 2004 13:22:00 -0300 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta do US-CERT, intitulado "TA04-147A - CVS Heap Overflow Vulnerability", que trata de uma vulnerabilidade que afeta o CVS (Concurrent Versions System), um sistema de gerenciamento de codigo-fonte amplamente utilizado em projetos Open Source. Esta vulnerabilidade permite que um atacante remoto execute codigo arbitrario, comandos, modifique informacoes sensiveis ou mesmo cause uma condicao de Negacao de Servico (DoS) no sistema vulneravel. Sistemas afetados: . Stable CVS anteriores a versao 1.11.16 . CVS Feature anteriores a versao 1.12.8 Correcoes disponiveis: Recomenda-se o upgrade ou aplicacao de correcao (patch) oferecida pelo seu fornecedor. Para obter uma lista de correcoes por fornecedor consulte: . US-CERT Vulnerability Note VU#192038 http://www.kb.cert.org/vuls/id/192038 Outras opcoes para se solucionar o problema sao (1) desabilitar o servidor CVS ou (2) bloquear/restringir acesso seguindo as orientacoes do alerta original do US-CERT. Mais informacoes: . TA04-147A - CVS Heap Overflow Vulnerability (US-CERT) http://www.us-cert.gov/cas/techalerts/TA04-147A.html . Advisory 07/2004 - CVS remote vulnerability (e-matters Security) http://security.e-matters.de/advisories/072004.html . Chrooted SSH CVS server HOW-TO (IDEALX) http://www.netsys.com/library/papers/chrooted-ssh-cvs-server.txt Identificador CVE: CAN-2004-0396 (http://cve.mitre.org) O CAIS recomenda aos administradores manterem seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes disponibilizadas pelos fabricantes. Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ CVS Heap Overflow Vulnerability Original release date: May 26, 2004 Last revised: -- Source: US-CERT Systems Affected * Concurrent Versions System (CVS) versions prior to 1.11.16 * CVS Features versions prior to 1.12.8 Overview A heap overflow vulnerability in the Concurrent Versions System (CVS) could allow a remote attacker to execute arbitrary code on a vulnerable system. I. Description CVS is a source code maintenance system that is widely used by open-source software development projects. There is a heap memory overflow vulnerability in the way CVS handles the insertion of modified and unchanged flags within entry lines. When processing an entry line, an additional byte of memory is allocated to flag the entry as modified or unchanged. There is a failure to check if a byte has been previously allocated for the flag, which creates an off-by-one buffer overflow. By calling a vulnerable function several times and inserting specific characters into the entry lines, a remote attacker could overwrite multiple blocks of memory. In some environments, the CVS server process is started by the Internet services daemon (inetd) and may run with root privileges. An authenticated client could exploit this vulnerability to execute arbitrary code, execute commands, modify sensitive information, or cause a denial of service. Note that if a CVS server is configured to permit anonymous read-only access, then this provides sufficient access to exploit a vulnerable server, as anonymous users are authenticated through the cvspserver process. US-CERT is tracking this issue as VU#192038. This reference number corresponds to CVE candidate CAN-2004-0396. II. Impact An authenticated client could exploit this vulnerability to execute arbitrary code on the vulnerable system with the privileges of the CVS server process. It is possible for an anonymous user with read-only access to exploit a vulnerable server as they are authenticated through the cvspserver process. In addition to compromising the system running CVS, there is a significant secondary impact in that source code maintained in CVS repositories could be modified to include Trojan horses, backdoors, or other malicious code. III. Solution Apply Patch or Upgrade Apply the appropriate patch or upgrade as specified by your vendor. For vendor specific responses, please see your vendor's website or Vulnerability Note VU#192038. This issue has been resolved in Stable CVS Version 1.11.16 and CVS Feature Version 1.12.8. Disable CVS Server Until a patch or upgrade can be applied, consider disabling the CVS server. Block or Restrict Access Block or restrict access to the CVS server from untrusted hosts and networks. The CVS server typically listens on 2401/tcp, but may use another port or protocol. Limit CVS Server Privileges * Configure CVS server to run in a restricted (chroot) environment. * Run CVS servers with the minimum set of privileges required on the host file system. * Provide separate systems for development (write) and public/anonymous (read-only) CVS access. * Host public/anonymous CVS servers on single-purpose, secured systems. Note that some of these workarounds will only limit the scope and impact of possible attacks. Note also that anonymous (read-only) access is sufficent to exploit this vulnerability. Appendix B. References * http://security.e-matters.de/advisories/072004.html * http://secunia.com/advisories/11641/ * http://www.securitytracker.com/alerts/2004/May/1010208.html * http://www.netsys.com/library/papers/chrooted-ssh-cvs-server.txt US-CERT thanks Stefan Esser of e-matters for reporting this problem and for information used to construct this advisory. Feedback can be directed to the authors: Jason A. Rafail and Damon Morda Copyright 2004 Carnegie Mellon University. Terms of use Revision History May 26, 2004: Initial release -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQLYVsekli63F4U8VAQHZ4QP/cyBHuUeDhWoeHfmbjhEXlFJwbQvuUwY2 N0HAB8F5v4LC3mAkST89zcFv63moGiuKcp3KHlyodDUIoGznQGjmMNaMa9sf8+TZ muizKvUNtqzD2jqh5l3iGiga285Mkb2Tuo0ytDH9kCp0CIFagDizNgZQUi9C3Eky 5r1wSAV0LSo= =e/VS -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Fri May 28 13:36:00 2004 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 28 May 2004 13:36:00 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no GNU/Mailman expoe senha dos assinantes Message-ID: <20040528163600.GB8589@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no GNU/Mailman expoe senha dos assinantes To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 28 May 2004 09:59:00 -0300 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS alerta que versoes anteriores a 2.1.5 do GNU/Mailman, um gerenciador de listas de discussao amplamente utilizado, possuem uma vulnerabilidade que permite que um assinante de uma dada lista gerenciada por este sistema recupere a senha de qualquer outro assinante atraves de comandos enviados por e-mail. Uma mensagem enviada para nomedalista-request em example.net contendo as linhas: password address=$assinante_vitima password address=$assinante_atacante retornara as senhas tanto do assinante-vitima quanto do assinante-atacante. Uma das implicacoes mais criticas desta e de outras vulnerabilidades que expoem senhas esta em se descobrir a senha de um usuario e confronta-la contra outros sistemas. Num caso extremo em que o usuario atacado utilize sempre a mesma senha isto pouparia trabalho de um atacante, uma vez que ataques de engenharia social ou ferramentas de quebra de senha por forca bruta, por exemplo, nao seriam necessarios. Sistemas afetados: . GNU/Mailman com versoes anteriores a 2.1.5 Correcoes disponiveis: Recomenda-se atualizar a versao do GNU/Mailman para a ultima oferecida por sua distribuicao. Se sua distribuicao ainda nao tiver disbonibilizado a versao 2.1.5 do GNU/Mailman ela pode ser obtida em: . Mailman, the GNU Mailing List Manager http://www.gnu.org/software/mailman Mais informacoes: . [Mailman-Users] RELEASED Mailman 2.1.5 http://www.mail-archive.com/mailman-users em python.org/msg24544.html . Nessus Plugins: Mailman password retrieval http://cgi.nessus.org/plugins/dump.php3?id=12253 Identificador CVE: CAN-2004-0412 (http://cve.mitre.org) O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. O CAIS ainda recomenda, especificamente neste caso, que: . adminitradores de listas de discussao que utilizem do software gerenciador GNU/Mailman assinem a lista de anuncios: Mailman-announce -- Announce-only list for Mailman releases and news http://mail.python.org/mailman/listinfo/mailman-announce . usuarios evitem repetir senhas ao longo de diversos sistemas. Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ [Mailman-Users] RELEASED Mailman 2.1.5 * From: Barry Warsaw * Subject: [Mailman-Users] RELEASED Mailman 2.1.5 * Date: Sat, 15 May 2004 16:33:01 -0700 Today I am releasing Mailman 2.1.5, a bug fix release that also contains new support for the Turkish language, and a few minor new features. Mailman 2.1.5 is a significant upgrade which should improve disk i/o performance, administrative overhead for discarding held spams, and the behavior of bouncing member disables. This version also contains a fix for an exploit that could allow 3rd parties to retrieve member passwords. It is thus highly recommended that all existing sites upgrade to the latest version. The full source tarball, as well as a patch against Mailman 2.1.4 have been made available. See http://sourceforge.net/project/showfiles.php?group_id=103 for links to downloads. NOTE: You will want to read the UPGRADING file for important information regarding upgrading from earlier version to Mailman 2.1.5. A number of internal file formats have changed so you must shut down web and mail access to Mailman before you upgrade. You will also want to re-run configure (i.e. config.status) before you run "make install". See also: http://www.list.org http://mailman.sf.net http://www.gnu.org/software/mailman Finally, a personal note. I have left Zope Corporation to join Secure Software, a company started by John Viega -- Mailman's original author. Although I won't be working on Mailman in any official capacity, it is exciting to be working with him and the rest of the folks there. I leave Zope Corp on a positive note and wish nothing but success for them too. You can find Secure Software on the web at http://www.securesoftware.com. Please continue to use my [EMAIL PROTECTED] email address for all Mailman correspondences. I don't expect much to change for the Mailman project at all. Enjoy, - -Barry 2.1.5 (15-May-2004) - The admindb page has a checkbox that allows you to discard all held messages that are marked Defer. On heavy lists with lots of spam holds, this makes clearing them much faster. - The qrunner system has changed to use only one file per message. However the configuration variable METADATA_FORMAT has been removed, and support for SAVE_MSGS_AS_PICKLES has been changed. The latter no longer writes messages as plain text. Instead, they are stored as pickles of plain strings, using the text pickle format. This still makes them non-binary files readable and editable by humans. bin/dumpdb also works differently. It will print out the entire pickle file (with more verbosity) and if used with 'python -i', it binds msg to a list of all objects found in the pickle file. Removed from Defaults.py: PENDINGDB_LOCK_TIMEOUT, PENDINGDB_LOCK_ATTEMPTS, METAFMT_MARSHAL, METAFMT_BSDDB_NATIVE, METAFMT_ASCII, METADATA_FORMAT - The bounce processor has been redesigned so that now when an address's bounce score reaches the threshold, that address will be sent a probe message. Only if the probe bounces will the address be disabled. The score is reset to zero when the probe is sent. Also, bounce events are now kept in an event file instead of in memory. This should help contain the bloat of the BounceRunner. New supporting variables in Defaults.py: VERP_PROBE_FORMAT, VERP_PROBE_REGEXP REGISTER_BOUNCES_EVERY is promoted to a Defaults.py variable. - The pending database has been changed from a global pickle file, to a unique pickle file per mailing list. - The 'request' database file has changed from a marshal, to the more secure pickle format. - Disallow multiple password retrievals. - The email package is updated to version 2.5.5. - New language: Turkish. - Bugs and patches: 869644, 869647 (NotAMemberError for old cookie data), 878087 (bug in Slovenian catalog), 899263 (ignore duplicate pending ids), 810675 (discard all defers button) -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQLc3pukli63F4U8VAQG22QQAtSRGGB3YU5LBwdZyznttK0okUfgk5voR yRAVHtFAg+jUJNj9ub8bl3c6t4lI9XuFIq8XKpyUAK6CJJxOgjZ+uQbCh4GRXDT6 qGYJMpdpeeq9j21iexgHx4Kbd3YM6stnujWH3HV/jHZwVOdC4xDTXuMqNFBeuGls 7tp1EihOVUE= =GONY -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Fri May 28 15:39:07 2004 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 28 May 2004 15:39:07 -0300 Subject: [SECURITY-L] [FreeBSD-Announce] Announcing FreeBSD 4.10-RELEASE Message-ID: <20040528183907.GD8589@unicamp.br> ----- Forwarded message from Ken Smith ----- From: Ken Smith Subject: [FreeBSD-Announce] Announcing FreeBSD 4.10-RELEASE To: freebsd-announce em FreeBSD.org Date: Thu, 27 May 2004 01:35:03 -0400 I am happy to announce the availability of FreeBSD 4.10-RELEASE, the latest release of the FreeBSD -STABLE development branch. Since FreeBSD 4.9-RELEASE in October 2003 we have made conservative updates to a number of software programs in the base system, dealt with known security issues, and made many bugfixes. For a complete list of new features, known problems, and late-breaking news, please see the release notes and errata list, available here: http://www.FreeBSD.org/releases/4.10R/relnotes.html http://www.FreeBSD.org/releases/4.10R/errata.html FreeBSD 4.10 will become the first "Errata Branch". Release branches for previous versions of FreeBSD would only have critical security fixes applied. With FreeBSD 4.10 the scope of fixes will be expanded to include local Denial of Service fixes as well as other significant and well-tested fixes that may not represent security issues. The current plans are for one more FreeBSD 4.X release which will be FreeBSD 4.11-RELEASE. It is expected the upcoming FreeBSD 5.3 release will have reached the maturity level most users will be able to migrate to 5.X. Most developer resources continue to be devoted to the 5.X branch. For more information about FreeBSD release engineering activities, please see: http://www.FreeBSD.org/releng/ Availability ------------ FreeBSD 4.10-RELEASE supports the i386 and alpha architectures and can be installed directly over the net, using bootable media, or copied to a local NFS/FTP server. Distributions for both architectures are available now. Please continue to support the FreeBSD Project by purchasing media from one of our supporting vendors. The following companies will be offering FreeBSD 4.10 based products: FreeBSD Mall, Inc. http://www.freebsdmall.com/ Daemonnews, Inc. http://www.bsdmall.com/freebsd1.html If you can not afford FreeBSD on media, are impatient, or just want to use it for evangelism purposes, then by all means download the ISO images. We can not promise that all the mirror sites will carry the larger ISO images, but they will at least be available from the following sites. MD5 checksums for the release images are included at the bottom of this message. ftp://ftp.FreeBSD.org/pub/FreeBSD/ ftp://ftp3.FreeBSD.org/pub/FreeBSD/ ftp://ftp5.FreeBSD.org/pub/FreeBSD/ ftp://ftp10.FreeBSD.org/pub/FreeBSD/ ftp://ftp.au.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.au.FreeBSD.org/pub/FreeBSD/ ftp://ftp.cz.FreeBSD.org/pub/FreeBSD/ ftp://ftp.dk.FreeBSD.org/pub/FreeBSD/ ftp://ftp.fr.FreeBSD.org/pub/FreeBSD/ ftp://ftp.kr.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.jp.FreeBSD.org/pub/FreeBSD/ ftp://ftp1.ru.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.ru.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.tw.FreeBSD.org/pub/FreeBSD/ ftp://ftp.uk.FreeBSD.org/pub/FreeBSD/ ftp://ftp3.us.FreeBSD.org/pub/FreeBSD/ ftp://ftp10.us.FreeBSD.org/pub/FreeBSD/ ftp://ftp11.us.FreeBSD.org/pub/FreeBSD/ ftp://ftp15.us.FreeBSD.org/pub/FreeBSD/ FreeBSD is also available via anonymous FTP from mirror sites in the following countries: Argentina, Australia, Austria, Brazil, Canada, China, Croatia, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hong Kong, Hungary, Iceland, Ireland, Italy, Japan, Korea, Lithuania, Netherlands, Norway, Poland, Portugal, Romania, Russia, Saudi Arabia, Singapore, Slovak Republic, Slovenia, South Africa, Spain, Sweden, Switzerland, Taiwan, Turkey, Ukraine, United Kingdom, and the United States. Before trying the central FTP site, please check your regional mirror(s) first by going to: ftp://ftp..FreeBSD.org/pub/FreeBSD Any additional mirror sites will be labeled ftp2, ftp3 and so on. More information about FreeBSD mirror sites can be found at: http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html For instructions on installing FreeBSD, please see Chapter 2 of The FreeBSD Handbook. It provides a complete installation walk-through for users new to FreeBSD, and can be found online at: http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/install.html Acknowledgments --------------- Many companies donated equipment, network access, or man-hours to finance the release engineering activities for FreeBSD 4.10 including The FreeBSD Mall, Compaq, Yahoo!, Sentex Communications, and NTT/Verio. The release engineering team for 4.10-RELEASE includes: Scott Long Release Engineering, Alpha Release Building Bruce A. Mah Release Engineering, Documentation Robert Watson Release Engineering, Security John Baldwin Release Engineering Murray Stokely Release Engineering Ken Smith Release Engineering I386 Release Building, Mirror Site Coordination Hiroki Sato Release Engineering, Documentation Kris Kennaway Package Building Joe Marcus Clarke Package Building Jacques A. Vidrine Security Officer CD Image Checksums ------------------ For i386: MD5 (4.10-RELEASE-i386-disc1.iso) = acdfe766794b0b5fbb2e5997af6e78dd MD5 (4.10-RELEASE-i386-disc2.iso) = 502c14e2e2d62c15d302da51ea36c199 MD5 (4.10-RELEASE-i386-miniinst.iso) = 3214c17137439ad422f53606d5626cad For Alpha: MD5 (4.10-RELEASE-alpha-disc1.iso) = 529fe8669a3fb5e127b5affc48b4c669 MD5 (4.10-RELEASE-alpha-disc2.iso) = b0d0293bfa7e6764800cb29dd22ebf45 MD5 (4.10-RELEASE-alpha-miniinst.iso) = c7c5d3149e32f88cfaef0759dfee2c55 -ken ----- End forwarded message ----- From security em unicamp.br Fri May 28 16:47:20 2004 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 28 May 2004 16:47:20 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20040528194720.GE8589@unicamp.br> Srs. Usuarios, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Anúncio de Segurança do Conectiva Linux --------------------------------------- 26/05/2004 - CLA-2004:843 Assunto: Correção para vulnerabilidade de URI e outras melhorias no kde. http://www.security.unicamp.br/docs/bugs/2004/05/v122.txt CAIS-Alerta ----------- 28/05/2004 Assunto: Vulnerabilidade no GNU/Mailman expoe senha dos assinantes. http://www.security.unicamp.br/docs/bugs/2004/05/v127.txt 27/05/2004 Assunto: Vulnerabilidade no CVS. http://www.security.unicamp.br/docs/bugs/2004/05/v129.txt Gentoo Linux Security Advisory ------------------------------ 28/05/2004 - GLSA 200405-24 Assunto: MPlayer, xine-lib: vulnerabilities in RTSP stream handling. http://www.security.unicamp.br/docs/bugs/2004/05/v130.txt 27/05/2004 - GLSA 200405-23 Assunto: Heimdal: Kerberos 4 buffer overflow in kadmin. http://www.security.unicamp.br/docs/bugs/2004/05/v125.txt 26/05/2004 - GLSA 200405-22 Assunto: Apache 1.3: Multiple vulnerabilities. http://www.security.unicamp.br/docs/bugs/2004/05/v120.txt 26/05/2004 - GLSA 200405-21 Assunto: Midnight Commander: Multiple vulnerabilities. http://www.security.unicamp.br/docs/bugs/2004/05/v119.txt HP Security Bulletin -------------------- 25/05/2004 - HPSBMA01046 Assunto: SSRT4724 - HP integrated Lights Out (iLO) Denial of Service (DoS) using port zero. http://www.security.unicamp.br/docs/bugs/2004/05/v116.txt Mandrake Linux Security Update Advisory --------------------------------------- 26/05/2004 - MDKSA-2004:052 Assunto: vulnerabilidade de seguranca no pacote kolab-server. http://www.security.unicamp.br/docs/bugs/2004/05/v124.txt 26/05/2004 - MDKSA-2004:051 Assunto: vulnerabilidade de seguranca no pacote mailman. http://www.security.unicamp.br/docs/bugs/2004/05/v123.txt OpenPKG Security Advisory ------------------------- 27/05/2004 - OpenPKG-SA-2004.026 Assunto: vulnerabilidade de seguranca no pacote apache. http://www.security.unicamp.br/docs/bugs/2004/05/v126.txt SGI Security Advisory --------------------- 26/05/2004 - 20040507-01-P Assunto: libcpr vulnerability. http://www.security.unicamp.br/docs/bugs/2004/05/v121.txt 26/05/2004 - 20040506-01-U Assunto: SGI Advanced Linux Environment 3 Security Update #1. http://www.security.unicamp.br/docs/bugs/2004/05/v118.txt SUSE Security Announcement: --------------------------- 26/05/2004 - SuSE-SA:2004:014 Assunto: vulnerabilidade de seguranca nos pacotes kdelibs/kdelibs3. http://www.security.unicamp.br/docs/bugs/2004/05/v117.txt US-CERT Technical Cyber Security Alert -------------------------------------- 26/05/2004 - TA04-147A Assunto: CVS Heap Overflow Vulnerability. http://www.security.unicamp.br/docs/bugs/2004/05/v128.txt -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security em unicamp.br http://www.security.unicamp.br