From security em unicamp.br Wed Feb 2 15:09:32 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 2 Feb 2005 15:09:32 -0200 Subject: [SECURITY-L] CSIRT groups take on new roles Message-ID: <20050202170931.GC13584@unicamp.br> ----- Forwarded message from Cristine Hoepers ----- From: Cristine Hoepers Subject: [S] CSIRT groups take on new roles To: seguranca em pangeia.com.br Date: Mon, 31 Jan 2005 15:27:10 -0200 [http://www.nwfusion.com/careers/2005/013105man.html?fsrc=rss-security] CSIRT groups take on new roles Creating and sustaining a computer security incident response team calls for ample preparation. By Paul Roberts Network World, 01/31/05 Traditionally, computer security incident response teams are thought of as a way for large organizations to respond to hacking incidents, rogue employees or virus outbreaks. Now they are coming into the mainstream as a critical tool for maintaining business operations and regulatory compliance. "We're definitely seeing an increase in the number of [CSIRTs] being formed," says Georgia Killcrece, leader of the CSIRT development team at the CERT Coordination Center at Carnegie Mellon University. In many cases, companies are being driven to create CSIRTs by mandates from Washington, industry groups and the upper reaches of corporate management, she says. New requirements in laws such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, and California State Law SB 1386, hold companies accountable for the handling and whereabouts of sensitive data, and respond appropriately to any breaches of customer or employee privacy. At their best, CSIRTs let companies react in a consistent and coordinated way to events that affect IT systems. "Companies don't want to have to reinvent the wheel each time an incident occurs. They want to know what to do, gather the right information and pull the right people together," Killcrece says. Put together a plan To create an incident response team, start by getting the proper participants together. Business managers, network and desktop administrators, and IT security experts have to be involved, Killcrece says. Legal staff, human resources representatives and senior executives who make funding decisions also should participate in the planning. When drafting your CSIRT plan, start with the basics, recommends Adam Hansen, manager of security at Sonnenschein, Nath & Rosenthal, a law firm in Chicago. "Define things like 'What's an incident?' [or] 'What's a response?'" he says. Companies also need to identify the scope of a CSIRT's responsibilities, says Troy Smith, senior vice president at Marsh Risk Consulting. "You have to look at the core software applications that you need to sustain yourselves. If you have one set of systems that are really critical, the scope [of the CSIRT] could be narrow. If you're an organization that's very dependent on technology, it could be very broad," he says. Howard Schmidt, former White House cybersecurity adviser and the current chief security officer at online auction site eBay, recommends a holistic approach to creating CSIRTs. "A lot of time the focus is on looking at one piece of the network -- [intrusion-detection systems] or responding to viruses. People get tunnel vision about where the problem is based on what happened last week," Schmidt says. Hansen agrees. "If a breach of security is identified by IDS, you're going to need to work with other groups - the workstation group, the server group," he says. At the same time, CSIRT plans shouldn't be too prescriptive. The team must be able to grasp the big picture and be open ended when necessary, experts say. "I used to be adamant about having names in slots, and I was one of a couple of people who were on the spot if something went wrong," Hansen says. "Then I thought 'I really like hiking. If there was an incident while I'm hiking and I didn't have a cell phone signal, what would happen?' Now I've shifted to a [decentralized] model where I have a general manager at the top and a bunch of smart people working underneath him." On a practical level, the plan should spell out specific roles. In an emergency, it should be clear not just who the technical contacts are to fix or restore broken IT systems, but who is empowered to speak to the media if an incident occurs, who can speak to clients and who to call with legal questions. The CSIRT plan should indicate which executives can be contacted if issues need to be escalated, Hansen says. Organizations also should spell out who arbitrates disagreements and has the final word. "When you've got a whole bunch of people in the room, you need someone to break a tie," Schmidt says. CSIRTs also will need to have well-defined connections to outside groups, including specific contact information and previously established nondisclosure agreements with local and federal law enforcement, and computer forensics investigators, Hansen points out. In their focus on solving technical problems, organizations shouldn't lose track of the fact that humans make up the CSIRT, says Steve Fallin, director of the rapid response team at WatchGuard. "It's easy to get caught up in the excitement and intensity of what's happening. The reality is that people might need to take breaks, get up and grab a bite to eat or coffee. They'll get more quality work done over time than trying to work 12 or 15 hours without a break," he says. Finally, organizations have to test their CSIRT plans before incidents occur to make sure that everyone who might be called into action understands their roles. Testing a plan and getting everybody to understand what's required of them can take 18 months to two years, Killcrece says. "The biggest mistake is to think that you can [create CSIRTs] in a short time-that you'll set it up and it will be in operation next month," she says. Ultimately, the success of an organization's incident response team will depend on its commitment to that team: the resources and funding allocated, the time put into planning and rehearsing incident response scenarios. ----- End forwarded message ----- From security em unicamp.br Wed Feb 2 16:03:23 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 2 Feb 2005 16:03:23 -0200 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20050202180323.GD13584@unicamp.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Srs. Assinantes, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Debian Security Advisory: - ------------------------- 02/02/2005 - DSA 664-1 Assunto: vulnerabilidade de seguranca no pacote cpio. http://www.security.unicamp.br/docs/bugs/2005/02/v8.txt 01/02/2005 - DSA 663-1 Assunto: vulnerabilidade de seguranca no pacote prozilla. http://www.security.unicamp.br/docs/bugs/2005/02/v3.txt 01/02/2005 - DSA 662-1 Assunto: vulnerabilidade de seguranca no pacote squirrelmail. http://www.security.unicamp.br/docs/bugs/2005/02/v2.txt Fedora Update Notification: - --------------------------- 01/02/2005 - FEDORA-2005-105 Assunto: Fedora Core 2: squid. http://www.security.unicamp.br/docs/bugs/2005/02/v5.txt 28/01/2004 - FEDORA-2005-092 Assunto: Fedora Core 3: enscript. http://www.security.unicamp.br/docs/bugs/2005/01/v166.txt 28/01/2004 - FEDORA-2005-091 Assunto: Fedora Core 2: enscript. http://www.security.unicamp.br/docs/bugs/2005/01/v165.txt Gentoo Linux Security Advisory: - ------------------------------- 01/02/2005 - GLSA 200502-01 Assunto: FireHOL: Insecure temporary file creation. http://www.security.unicamp.br/docs/bugs/2005/02/v4.txt 31/01/2005 - GLSA 200501-46 Assunto: ClamAV: Multiple issues. http://www.security.unicamp.br/docs/bugs/2005/01/v164.txt 30/01/2005 - GLSA 200501-45 Assunto: Gallery: Cross-site scripting vulnerability. http://www.security.unicamp.br/docs/bugs/2005/01/v163.txt 30/01/2005 - GLSA 200501-44 Assunto: ncpfs: Multiple vulnerabilities. http://www.security.unicamp.br/docs/bugs/2005/01/v162.txt 30/01/2005 - GLSA 200501-43 Assunto: f2c: Insecure temporary file creation. http://www.security.unicamp.br/docs/bugs/2005/01/v161.txt 30/01/2005 - GLSA 200501-42 Assunto: VDR: Arbitrary file overwriting issue. http://www.security.unicamp.br/docs/bugs/2005/01/v160.txt 30/01/2005 - GLSA 200501-41 Assunto: TikiWiki: Arbitrary command execution. http://www.security.unicamp.br/docs/bugs/2005/01/v159.txt 28/01/2005 - GLSA 200501-40 Assunto: ngIRCd: Buffer overflow. http://www.security.unicamp.br/docs/bugs/2005/01/v158.txt HP Security Bulletin: - --------------------- 01/02/2005 - HPSBUX01111 Assunto: SSRT5900 rev.0 HP-UX TGA daemon remote Denial of Service (DoS). http://www.security.unicamp.br/docs/bugs/2005/02/v1.txt 31/01/2005 - HPSBTU01112 Assunto: SSRT4875 rev.1 - HP Tru64 UNIX: Java (TM) Technology Software Denial of Service (DoS). http://www.security.unicamp.br/docs/bugs/2005/01/v167.txt Mandrakelinux Security Update Advisory: - --------------------------------------- 01/02/2005 - MDKSA-2005:028 Assunto: vulnerabilidade de seguranca no pacote ncpfs. http://www.security.unicamp.br/docs/bugs/2005/02/v7.txt 31/01/2005 - MDKSA-2005:025 Assunto: vulnerabilidade de seguranca no pacote clamav. http://www.security.unicamp.br/docs/bugs/2005/01/v168.txt - -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security at unicamp.br http://www.security.unicamp.br GnuPG Public Key: http://www.security.unicamp.br/security.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFCARW//UMb1l3gm8IRAkwKAJ9+jfiNldjn8nml7bBGyq3K5R7engCeLxUm aqG8zNz3x3FYBMm70b5L6YI= =/Rx5 -----END PGP SIGNATURE----- From security em unicamp.br Fri Feb 4 15:11:46 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 4 Feb 2005 15:11:46 -0200 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20050204171145.GA18208@unicamp.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Srs. Assinantes, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Fedora Legacy Update Advisory: - ------------------------------ 01/02/2005 - FLSA:2272 Assunto: Updated unarj package fixes security issue. http://www.security.unicamp.br/docs/bugs/2005/02/v11.txt 01/02/2005 - FLSA:2187 Assunto: Updated freeradius packages fix security flaws. http://www.security.unicamp.br/docs/bugs/2005/02/v10.txt 01/02/2005 - FLSA:2255 Assunto: Updated zip package fixes security issue. http://www.security.unicamp.br/docs/bugs/2005/02/v9.txt Fedora Update Notification: - --------------------------- 02/02/2005 - FEDORA-2005-111 Assunto: Fedora Core 3: dbus. http://www.security.unicamp.br/docs/bugs/2005/02/v15.txt Gentoo Linux Security Advisory: - ------------------------------- 03/02/2005 - GLSA 200502-05 Assunto: Newspost: Buffer overflow vulnerability. http://www.security.unicamp.br/docs/bugs/2005/02/v19.txt 02/02/2005 - GLSA 200502-04:02 Assunto: Squid: Multiple vulnerabilities. http://www.security.unicamp.br/docs/bugs/2005/02/v18.txt 02/02/2005 - GLSA 200502-03 Assunto: enscript: Multiple vulnerabilities. http://www.security.unicamp.br/docs/bugs/2005/02/v17.txt 02/02/2005 - GLSA 200502-02 Assunto: UW IMAP: CRAM-MD5 authentication bypass. http://www.security.unicamp.br/docs/bugs/2005/02/v16.txt Mandrakelinux Security Update Advisory: - --------------------------------------- 02/02/2005 - MDKSA-2005:029 Assunto: vulnerabilidade de seguranca no pacote vim. http://www.security.unicamp.br/docs/bugs/2005/02/v14.txt 01/02/2005 - MDKSA-2005:027 Assunto: vulnerabilidade de seguranca no pacote chbg. http://www.security.unicamp.br/docs/bugs/2005/02/v13.txt 01/02/2005 - MDKSA-2005:026 Assunto: vulnerabilidade de seguranca no pacote imap. http://www.security.unicamp.br/docs/bugs/2005/02/v12.txt - -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security at unicamp.br http://www.security.unicamp.br GnuPG Public Key: http://www.security.unicamp.br/security.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFCA6yu/UMb1l3gm8IRAs3pAKCZCJ8YTPBK94L52gz8zDWAgkK6DACghyQc spooVvskYrbJam7HM9zBeT4= =CsHd -----END PGP SIGNATURE----- From security em unicamp.br Tue Feb 15 08:57:53 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 15 Feb 2005 08:57:53 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade na validacao de enderecos do ASP.NET (MS05-004) Message-ID: <20050215105753.GA7702@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade na validacao de enderecos do ASP.NET (MS05-004) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 11 Feb 2005 14:38:38 -0200 (BRDT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS05-004 - ASP.NET Path Validation Vulnerability (887219)", que trata de uma vulnerabilidade presente em uma rotina de uniformizacao utilizada pelo ASP.NET no mapeamento de um pedido web. Se explorada, a vulnerabilidade pode permitir que um atacante burle a seguranca de um website ASP.NET, obtendo assim acesso nao autorizado. Caso um atacante consiga explorar esta vulnerabilidade, ele podera' vir a executar uma serie de acoes, dependendo do conteudo do website. A vulnerabilidade e' considerada importante pela Microsoft. Sistemas afetados: Sistemas que possuem o Microsoft .NET Framework 1.0 ou Microsoft .NET Framework 1.1 instalado em: . Windows 2000 Service Pack 3 . Windows 2000 Service Pack 4 . Windows XP Service Pack 1 . Windows XP Service Pack 2 . Windows Server 2003 . Windows XP Tablet PC Edition . Windows XP Media Center Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: Sistemas que possuem Microsoft .NET Framework 1.0 - ------------------------------------------------- Atualizacao para .NET Framework 1.0 Service Pack 3 para os sistemas . Windows 2000 Service Pack 3 . Windows 2000 Service Pack 4 . Windows XP Service Pack 1 . Windows XP Service Pack 2 . Windows Server 2003 Download da atualizacao: http://www.microsoft.com/downloads/details.aspx?FamilyId=4E6D56E5-3D8D-423B-99A1-41EDF23D65BC Atualizacao para .NET Framework 1.0 Service Pack 3 para os sistemas . Windows XP Tablet PC Edition . Windows XP Media Center Edition Download da atualizacao: http://www.microsoft.com/downloads/details.aspx?FamilyId=EE611D27-52CF-43DB-BB97-21318C7FAA70 Atualizacao para .NET Framework 1.0 Service Pack 2 para os sistemas . Windows 2000 Service Pack 3 . Windows 2000 Service Pack 4 . Windows XP Service Pack 1 . Windows XP Service Pack 2 . Windows Server 2003 Download da atualizacao: http://www.microsoft.com/downloads/details.aspx?FamilyId=3271ACD5-EE3C-4BDF-AE28-56D2DF77151E Atualizacao para .NET Framework 1.0 Service Pack 2 para os sistemas . Windows XP Tablet PC Edition . Windows XP Media Center Edition Download da atualizacao: http://www.microsoft.com/downloads/details.aspx?FamilyId=33D4D33E-473F-4842-A3A8-C8266AEE8FAB Sistemas que possuem Microsoft .NET Framework 1.1 - ------------------------------------------------- Atualizacao para .NET Framework 1.1 Service Pack 1 para os sistemas . Windows 2000 Service Pack 3 . Windows 2000 Service Pack 4 . Windows XP Service Pack 1 . Windows XP Service Pack 2 . Windows XP Tablet PC Edition . Windows XP Media Center Edition Download da atualizacao: http://www.microsoft.com/downloads/details.aspx?FamilyId=8EC6FB8A-29EB-49CF-9DBC-1A0DC2273FF9 Atualizacao para .NET Framework 1.1 Service Pack 1 para os sistemas . Windows Server 2003 Download da atualizacao: http://www.microsoft.com/downloads/details.aspx?FamilyId=9BBD5617-49AE-40BF-B0FA-F9049349C6F5 Atualizacao para .NET Framework 1.1 para os sistemas . Windows 2000 Service Pack 3 . Windows 2000 Service Pack 4 . Windows XP Service Pack 1 . Windows XP Service Pack 2 . Windows XP Tablet PC Edition . Windows XP Media Center Edition Download da atualizacao: http://www.microsoft.com/downloads/details.aspx?FamilyId=C5E19719-000F-456A-BEAB-5BD7949F8AA2 Atualizacao para .NET Framework 1.1 para os sistemas . Windows Server 2003 Download da atualizacao: http://www.microsoft.com/downloads/details.aspx?FamilyId=E54BE8BE-22AF-4390-86E1-25D76794D5C7 Mais informacoes: . MS05-004 - ASP.NET Path Validation Vulnerability (887219) http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx . Vulnerability Note VU#283646 - Microsoft ASP.NET fails to perform proper canonicalization http://www.kb.cert.org/vuls/id/283646 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CAN-2004-0847 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQgzfpukli63F4U8VAQG3SwP7Bosv8ClVrqfEagA0Hd5mP9lMRIpivdnz Z5X9/ibTnzBaJG4pGs+8yY2W4pwAyN80yKTK3hWkLzGskvaTzdf2U8jD2CKxLrWt BSPVUP8AyT9dWzyC1ZfCNwIIWEIfENmtdYDJXLi7MuyOH+RItkoI8xHPxlB+NTZd Fnr22l8FHKA= =1Jt4 -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue Feb 15 08:58:09 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 15 Feb 2005 08:58:09 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft Office XP (MS05-005) Message-ID: <20050215105809.GB7702@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Microsoft Office XP (MS05-005) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 11 Feb 2005 14:40:34 -0200 (BRDT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS05-005 - Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)", que trata da existencia de uma vulnerabilidade presente no Microsoft Office XP, que pode permitir a execucao de codigo remota no sistema vulneravel. Esta vulnerabilidade pode ser explorada somente caso o atacante consiga persuadir o usuario a abrir um arquivo malicioso atraves do Internet Explorer ou clicando em um link presente em uma mensagem de e-mail. Um atacante que consiga explorar esta vulnerabilidade pode obter controle completo sobre o sistema vulneravel. A vulnerabilidade e' considerada critica pela Microsoft. Sistemas afetados: . Microsoft Office XP Service Pack 3 . Microsoft Office XP Service Pack 2 . Microsoft Project 2002 . Microsoft Visio 2002 . Microsoft Works Suite 2002 . Microsoft Works Suite 2003 . Microsoft Works Suite 2004 Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Office XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=A0115BF8-5F80-43E9-BE28-24D344600D69 . Microsoft Office XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=A0115BF8-5F80-43E9-BE28-24D344600D69 . Microsoft Project 2002 http://www.microsoft.com/downloads/details.aspx?FamilyId=9FB0B8CC-593A-4955-9AF1-84AD2664E3AC . Microsoft Visio 2002 http://www.microsoft.com/downloads/details.aspx?FamilyId=07EB60C3-D38A-4130-BC44-6C8511ECADB9 . Microsoft Works Suite 2002 http://www.microsoft.com/downloads/details.aspx?FamilyId=A0115BF8-5F80-43E9-BE28-24D344600D69 . Microsoft Works Suite 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=A0115BF8-5F80-43E9-BE28-24D344600D69 . Microsoft Works Suite 2004 http://www.microsoft.com/downloads/details.aspx?FamilyId=A0115BF8-5F80-43E9-BE28-24D344600D69 Mais informacoes: . MS05-005 - Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352) http://www.microsoft.com/technet/security/bulletin/ms05-005.mspx . Vulnerability Note VU#416001 - Microsoft Office XP contains buffer overflow vulnerability http://www.kb.cert.org/vuls/id/416001 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CAN-2004-0848 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQgzgC+kli63F4U8VAQGiMQP8DcfC1qAcTUlbI4E0GzHMFtQ2WnnRR+l/ BcULwQIoEgBTDB1GtQC6XJYPvrAjYrGjFv587EcGv52reFfju7Z7gDJgPe5q7NjP OEYAHzd9+CiCuxp5rIwzIysFAY/IqaKQYWrLqcRRYdyvPpkmUrsuDwvajMn1KE8O dDunH/ha3JU= =rstC -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue Feb 15 08:58:27 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 15 Feb 2005 08:58:27 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Windows SharePoint Services e SharePoint Team Services (MS05-006) Message-ID: <20050215105827.GC7702@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Windows SharePoint Services e SharePoint Team Services (MS05-006) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 11 Feb 2005 14:45:46 -0200 (BRDT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS05-006 - Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)", que trata de vulnerabilidades de cross-site scripting e de spoofing presentes nos servicos Windows SharePoint e Windows SharePoint Teams, utilizados para criacao de web sites colaborativos. A vulnerabilidade de cross-site scripting pode permitir que um atacante convenca um usuario a executar um arquivo contendo codigo malicioso. Caso isso ocorra, o programa malicioso sera' executado no contexto de seguranca do usuario, podendo permitir o acesso do atacante a qualquer arquivo do sistema cujas permissoes de seguranca sejam as mesmas do usuario que executou o programa malicioso. E' possivel tambem ao atacante explorar esta vulnerabilidade para modificar o cache de navegadores web e de proxies intermediarios de web, colocando falsos conteudos nestes caches. A vulnerabilidade e' classificada como moderada pela Microsoft. Sistemas afetados: . Windows SharePoint Services para Windows Server 2003 . SharePoint Team Services da Microsoft Usuarios do SharePoint Team Services: O Office XP Service Pack 2 para Office XP Web Component e o Office XP Service Pack 3 para SharePoint Team Services tambem estao vulneraveis a este problema. Entretanto, as atualizacoes de seguranca do Office XP Service Pack 2 para Office XP Web Components sao fornecidas somente como parte do arquivo completo de atualizacao de seguranca do Office XP. Para mais informacoes, veja o alerta original na secao "Mais informacoes". Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Windows SharePoint Services para Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=6BB93661-0CE7-46CF-B8BB-55546B58A2F2 . SharePoint Team Services da Microsoft http://www.microsoft.com/downloads/details.aspx?FamilyId=6BE3F8AD-768E-4BCB-8EB3-AD74B576038C Mais informacoes: . MS05-006 - Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981) http://www.microsoft.com/technet/security/bulletin/ms05-006.mspx . Vulnerability Note VU#340409 - Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting vulnerabilities http://www.kb.cert.org/vuls/id/340409 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CAN-2005-0049 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQgzhV+kli63F4U8VAQHOoAP/QyT5w2YJLI95VQ0O7VzOnL3MwUlwN8jM Rncl3ui+sOFBBm2x0/YiIKz1MOof8h8AiKAlcEEvH0dmUdWF2UEqaQUnkM5kWbyv B/vE4tj96JWHJyVKJzs3DZj3Q91PDhhIcAxn/vgMdGL+Pyi+SRwSuRR4AjplS/yU Hk62O2yVPOo= =X/xd -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue Feb 15 08:58:47 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 15 Feb 2005 08:58:47 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Windows pode permitir divulgacao de informacoes (MS05-007) Message-ID: <20050215105847.GD7702@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Windows pode permitir divulgacao de informacoes (MS05-007) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 11 Feb 2005 14:50:12 -0200 (BRDT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS05-007 - Vulnerability in Windows Could Allow Information Disclosure (888302)", que trata de uma vulnerabilidade no Windows capaz de permitir a divulgacao de informacoes do sistema. Se explorada, esta vulnerabilidade pode permitir a um atacante ler remotamente os nomes de usuarios que possuirem uma conexao aberta a um recurso com compartilhamento disponivel. A vulnerabilidade e' classificada pela Microsoft como importante para Windows XP Service Pack 1 e moderada para Windows XP Service Pack 2. Sistemas afetados: . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=B8C867C2-B7CD-4E2F-90E0-169B2C7125DC . Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=B8C867C2-B7CD-4E2F-90E0-169B2C7125DC . Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=2F68945E-EEB8-42BC-A8AD-0D3991204889 Mais informacoes: . MS05-007 - Vulnerability in Windows Could Allow Information Disclosure (888302) http://www.microsoft.com/technet/security/bulletin/ms05-007.mspx . Vulnerability Note VU#939074 - Microsoft Windows XP named pipe fails to restrict anonymous access http://www.kb.cert.org/vuls/id/939074 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CAN-2005-0051 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQgziTekli63F4U8VAQH3EAP6AnFwZ5ZiaQcomgQ1YQ1DO7zHW090sks5 0k+l3Ec1eF0ZCXEU5VwU3ire7dqQ20ifK4V506VpJmGZp74EE4+x4uMdBArD6xDL /m8iLoRQXs99VbR2EpQIzg1oQoHdwViwLLt9i27VDDCei0NOOlLPIXW/LWGFr1ha aCVg2U3tLok= =ESls -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue Feb 15 08:59:04 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 15 Feb 2005 08:59:04 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft Windows Shell (MS05-008) Message-ID: <20050215105904.GE7702@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Microsoft Windows Shell (MS05-008) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 11 Feb 2005 14:51:50 -0200 (BRDT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS05-008 - Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)", que trata de uma vulnerabilidade de elevacao de privilegios presente no Windows, devido `a maneira como ele gerencia eventos de arrastar-e-soltar (drag-and-drop). Um atacante seria capaz explorar esta vulnerabilidade construindo uma pagina de web maliciosa que poderia potencialmente permitir ao atacante salvar um arquivo no sistema do usuario, caso este acessasse um web site malicioso ou abrisse uma mensagem de e-mail maliciosa. Caso o usuario estivesse registrado no sistema com permissoes de usuario administrativo, o atacante que explorasse essa vulnerabilidade poderia obter controle completo sobre o sistema vulneravel. Entretanto, a interacao com o usuario e' necessaria para a exploracao desta vulnerabilidade. Atencao ao fato de que a correcao da vulnerabilidade de arrastar-e-soltar (drag-and-drop) ocorre em duas partes distintas. A primeira e' composta por este boletim, e as atualizacoes recomendadas por ele. O boletim MS05-014 compoe a segunda etapa para a resolucao completa da vulnerabilidade de arrastar-e-soltar, sendo necessario que as atualizacoes propostas nos dois boletins sejam aplicadas. Sistemas afetados: . Microsoft Windows 2000 Service Pack 3 . Microsoft Windows 2000 Service Pack 4 . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) . Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 for Itanium-based Systems . Microsoft Windows 98 . Microsoft Windows 98 Second Edition (SE) . Microsoft Windows Millennium Edition (ME) Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=3B6A6CC1-CCE4-4462-A0D2-E88D38DEF807 . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=3B6A6CC1-CCE4-4462-A0D2-E88D38DEF807 . Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=865B5D9D-FC5B-4F91-A860-2C35A025A907 . Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=865B5D9D-FC5B-4F91-A860-2C35A025A907 . Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=B6DAA99A-6E0B-477D-99E9-5237BCF57762 . Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=9EE7FF53-20EC-4B75-A255-72DD0AB52FF3 . Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=80AA33F4-E5B0-42A6-844B-F80D6168E25E . Microsoft Windows Server 2003 for Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=9EE7FF53-20EC-4B75-A255-72DD0AB52FF3 . Microsoft Windows 98 Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. . Microsoft Windows 98 Second Edition (SE) Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. . Microsoft Windows Millennium Edition (ME) Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. Mais informacoes: . MS05-008 - Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) http://www.microsoft.com/technet/security/bulletin/ms05-008.mspx . Vulnerability Note VU#698835 - Microsoft DHTML Drag-and-Drop events insufficiently validated http://www.kb.cert.org/vuls/id/698835 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CAN-2005-0053 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQgzirOkli63F4U8VAQFiVwP/c9cUSkHC0xxAysHgSwRqIiUbD3ticV+1 C8uIOyd3hgwIRJcO9a5gid+PeIm38MiVn0RyGAD8RLpZqfhoOlXi4EhnFRm94VXw 4kr36UQJGwcorirY3wMGWvTxfmcjGhhvvkhSvxGywMZTUVeZS/yN6KI/5xwaWFFX +0OEz49DCxs= =Cj/1 -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue Feb 15 08:59:20 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 15 Feb 2005 08:59:20 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no processamento de arquivos PNG (MS05-009) Message-ID: <20050215105920.GF7702@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no processamento de arquivos PNG (MS05-009) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 11 Feb 2005 14:54:57 -0200 (BRDT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS05-009 - Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)", que trata de uma vulnerabilidade recem-descoberta no processamento de imagens do formato PNG. Atraves de execucao remota de codigo, um atacante que conseguir explorar esta vulnerabilidade pode obter controle completo sob o sistema afetado, sendo capaz de instalar programas, criar novas contas de usuarios com totais privilegios no sistema ou ate' mesmo visualizar, modificar ou apagar dados do sistema vulneravel. Sistemas afetados: . Microsoft Windows Media Player 9 Series instalado em Windows 2000 . Microsoft Windows Media Player 9 Series instalado em Windows XP Service Pack 1 . Microsoft Windows Media Player 9 Series instalado em Windows Server 2003 . Microsoft Windows Messenger version 5.0 (versao autonoma instalada em qualquer sistema operacional suportado) . Microsoft MSN Messenger 6.1 . Microsoft MSN Messenger 6.2 . Microsoft Windows 98 . Microsoft Windows 98 Second Edition (SE) . Microsoft Windows Millennium Edition (ME) Componentes afetados: . Microsoft Windows Messenger version 4.7.0.2009 (quando instalado em Windows XP Service Pack 1 ) . Microsoft Windows Messenger version 4.7.0.3000 (quando instalado em Windows XP Service Pack 2) Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows Media Player 9 Series instalado em Windows 2000 http://www.microsoft.com/downloads/details.aspx?FamilyId=A52279DC-3B6C-4720-8192-45657EDBB14F . Microsoft Windows Media Player 9 Series instalado em Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=A52279DC-3B6C-4720-8192-45657EDBB14F . Microsoft Windows Media Player 9 Series instalado em Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=A52279DC-3B6C-4720-8192-45657EDBB14F . Microsoft Windows Messenger version 5.0 (versao autonoma instalada em qualquer sistema operacional suportado) http://www.microsoft.com/downloads/details.aspx?FamilyID=A8D9EB73-5F8C-4B9A-940F-9157A3B3D774 . Microsoft MSN Messenger 6.1 http://www.microsoft.com/downloads/details.aspx?FamilyId=EBE898D8-FE1C-4A5E-993C-5FAB3E62C925 . Microsoft MSN Messenger 6.2 http://www.microsoft.com/downloads/details.aspx?FamilyId=EBE898D8-FE1C-4A5E-993C-5FAB3E62C925 . Microsoft Windows 98 Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. . Microsoft Windows 98 Second Edition (SE) Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. . Microsoft Windows Millennium Edition (ME) Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. . Microsoft Windows Messenger version 4.7.0.2009 (quando instalado em Windows XP Service Pack 1) http://www.microsoft.com/downloads/details.aspx?FamilyId=E3DC209B-AD57-49E1-BB90-6FA2CA8763A6 . Microsoft Windows Messenger version 4.7.0.3000 (quando instalado em Windows XP Service Pack 2) http://www.microsoft.com/downloads/details.aspx?FamilyId=1DCC9628-E2D0-496F-B4F2-3AFEFA0A0156 Mais informacoes: . MS05-009 - Vulnerability in PNG Processing Could Allow Remote Code Execution (890261) http://www.microsoft.com/technet/security/bulletin/ms05-009.mspx . Vulnerability Note VU#259890 - Windows Media Player does not properly handle PNG images with excessive width or height values http://www.kb.cert.org/vuls/id/259890 . Vulnerability Note VU#817368 - libpng png_handle_sBIT() performs insufficient bounds checking http://www.kb.cert.org/vuls/id/817368 . Vulnerability Note VU#388984 - libpng fails to properly check length of transparency chunk (tRNS) data http://www.kb.cert.org/vuls/id/388984 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CAN-2004-1244, CAN-2004-0597, CAN-2004-0597 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQgzjaOkli63F4U8VAQFZWQP/W2aNiXg/NAgfm/SV6JUcwGfv6ivYaeE4 kKGVE8xotXGrdOfFgvIs26c50BLtqiU+1FzVNMJacLHGVDb5Ivp9B3Zhs+ZDzV4K o6gWvhBiJ6eZjlDoDYBG8685I2V/Tx/NhCllM4loIUh8HqWE1/SSLtWT3V8YrKeB I1gycPuNZvI= =OvwR -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue Feb 15 08:59:37 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 15 Feb 2005 08:59:37 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Servico de Log de Licensa (MS05-010) Message-ID: <20050215105936.GG7702@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Servico de Log de Licensa (MS05-010) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 11 Feb 2005 14:56:09 -0200 (BRDT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS05-010 - Vulnerability in the License Logging Service Could Allow Code Execution (885834)", que trata de uma vulnerabilidade recem-descoberta no servico de log de licensas. Um atacante que explorar esta vulnerabilidade pode obter controle completo sobre o sistema afetado, podendo instalar programas, criar novas contas de usuarios com privilegios totais do sistema ou ate' mesmo visualizar, modificar ou apagar dados no sistema vulneravel. Sistemas afetados: . Microsoft Windows NT Server 4.0 Service Pack 6a . Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 . Microsoft Windows 2000 Server Service Pack 3 . Microsoft Windows 2000 Server Service Pack 4 . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 for Itanium-based Systems Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows NT Server 4.0 Service Pack 6a http://www.microsoft.com/downloads/details.aspx?FamilyId=817FDC2D-AEE2-4FAF-908B-197B65A471F2 . Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 http://www.microsoft.com/downloads/details.aspx?FamilyId=F7B0934C-3049-4B01-956A-B116F69A667E . Microsoft Windows 2000 Server Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=E9983AA2-2CEC-4B62-80D6-8E966A83A5D1 . Microsoft Windows 2000 Server Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=E9983AA2-2CEC-4B62-80D6-8E966A83A5D1 . Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=06EAF8E3-CCB7-482B-8B68-340521150113 . Microsoft Windows Server 2003 for Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=EC25EC00-9C08-4555-94C7-21D5A521FDB6 Mais informacoes: . MS05-010 - Vulnerability in the License Logging Service Could Allow Code Execution (885834) http://www.microsoft.com/technet/security/bulletin/ms05-010.mspx . Vulnerability Note VU#130433 - Microsoft License Logging Service buffer overflow http://www.kb.cert.org/vuls/id/130433 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CAN-2005-0050 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQgzjr+kli63F4U8VAQHCcQQAwBZs8gg+3PzTY/DxXffWckaIeAqvnRrR 2TqmMx43AP2DDMAaPeh4Yaz7WaoEQvhLDVw/vCemznewOJfaYl/hY79TF0B8t7d7 HOd+NgGVhZE3o1RoWxmvUCHXT5hQzrLqYxMiKMxX9qrZ08zZtbtTKabmxJwqcVqn mnVCn1Sc59Y= =xbio -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue Feb 15 08:59:53 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 15 Feb 2005 08:59:53 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no protocolo SMB do Windows (MS05-011) Message-ID: <20050215105953.GH7702@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no protocolo SMB do Windows (MS05-011) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 11 Feb 2005 14:57:12 -0200 (BRDT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS05-011 - Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)", que trata de uma vulnerabilidade recem-descoberta de execucao remota de codigo no protocolo SMB do Windows, responsavel pelo compartilhamento de arquivos e impressoras. Se explorada, esta vulnerabilidade pode permitir ao atacante obter controle completo sobre o sistema afetado, sendo capaz de instalar programas, criar novas contas de usuarios com privilegios totais no sistema ou ate' mesmo visualizar, modificar ou apagar dados no sistema vulneravel. Sistemas afetados: . Microsoft Windows 2000 Service Pack 3 . Microsoft Windows 2000 Service Pack 4 . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) . Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 for Itanium-based Systems Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=656BDDA5-672B-4A6B-B192-24A2171C7355 . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=656BDDA5-672B-4A6B-B192-24A2171C7355 . Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=6DF9B2D9-B86E-4924-B677-978EC6B81B54 . Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=6DF9B2D9-B86E-4924-B677-978EC6B81B54 . Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=E5043926-0B79-489B-8EA1-85512828C6F4 . Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=8DA45DD0-882E-417C-A7F2-4AABAD675129 . Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=1B703115-54C0-445C-B5CE-E9A53C45B36A . Microsoft Windows Server 2003 for Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=8DA45DD0-882E-417C-A7F2-4AABAD675129 Mais informacoes: . MS05-011 - Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) http://www.microsoft.com/technet/security/bulletin/ms05-011.mspx . Vulnerability Note VU#652537 - Microsoft Windows SMB packet validation vulnerability http://www.kb.cert.org/vuls/id/652537 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CAN-2005-0045 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQgzj8+kli63F4U8VAQFePQP9FtXUylrv6SImoMggO2CaPV9CT1CxKCoD tfoZfVibBmsV9kTtRisDrCotJ423T2qovElrC/kx+5SKezRQf+O65fbYTJ+FP6rn leXDF8XYxJgm5doU3BVHrAzjBRuZ2zuf8hjQRtlvbxZwjoc/TG1WS/k4oVJsq6+T o1jvJABHwaA= =pGNS -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue Feb 15 09:00:08 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 15 Feb 2005 09:00:08 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft OLE e COM (MS05-012) Message-ID: <20050215110008.GI7702@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Microsoft OLE e COM (MS05-012) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 11 Feb 2005 14:59:22 -0200 (BRDT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS05-012 - Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)", que trata de duas vulnerabilidades recem-descobertas, sendo uma relativa a Armazanamento Estruturado COM e a outra em relacao a validacao de entrada em OLE. Uma vulnerabilidade de elevacao de privilegios existe na maneira como sistemas Windows vulneraveis e seus programas acessam a memoria quando processam arquivos do armazenamento estruturado COM. A mesma vulnerabilidade (elevacao de privilegios) pode ser encontrada em OLE devido a maneira como ele gerencia a validacao de entrada de dados. Um atacante poderia explorar esta vulnerabilidade construindo um documento malicioso que, potencialmente, permitiria a execucao remota de codigo. Se explorada, esta vulnerabilidade poderia permitir ao atacante obter controle completo do sistema vulneravel. Entretanto, a interacao com o usuario e' necessaria para a exploracao desta vulnerabilidade em sistemas Windows 2000, Windows XP, and Windows Server 2003. O Microsoft COM e' uma representacao de dados que permite diferentes tipos de objetos serem armazenados em um unico documento. O Microsoft OLE e' uma tecnologia que permite aos aplicativos criarem e editarem documentos compostos, ou seja, documentos de um formato especifico que trazem consigo documentos de outros formatos (embedded). Sistemas afetados: . Microsoft Windows 2000 Service Pack 3 . Microsoft Windows 2000 Service Pack 4 . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) . Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 for Itanium-based Systems . Microsoft Exchange 2000 Server Service Pack 3 (utiliza o componente Windows OLE) . Microsoft Exchange Server 2003 . Microsoft Exchange Server 2003 Service Pack 1 (utiliza o componente Windows OLE) . Microsoft Exchange Server 5.0 Service Pack 2 (utiliza o componente Windows OLE) . Microsoft Exchange Server 5.5 Service Pack 4 (utiliza o componente Windows OLE) . Microsoft Windows 98 . Microsoft Windows 98 Second Edition (SE) . Microsoft Windows Millennium Edition (ME) . Microsoft Office XP Service Pack 3 (utiliza o componente Windows OLE) . Microsoft Office XP Service Pack 2 (utiliza o componente Windows OLE) . Microsoft Office XP Software: Outlook 2002 Word 2002 Excel 2002 PowerPoint 2002 FrontPage 2002 Publisher 2002 Access 2002 . Microsoft Office 2003 Service Pack 1 (utiliza o componente Windows OLE) . Microsoft Office 2003 (utiliza o componente Windows OLE) . Microsoft Office 2003 Software: Outlook 2003 Word 2003 Excel 2003 PowerPoint 2003 FrontPage 2003 Publisher 2003 Access 2003 InfoPath 2003 OneNote 2003 Nota: Qualquer aplicativo que utilize o componente Windows OLE pode tambem ser vulneravel a este problema. Esta lista de softwares vulneraveis documenta os vetores de ataques mais comuns. E' recomendado que sejam instaladas imediatamente as atualizacoes de seguranca recomendadas. Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=84B4F65E-39D5-4521-B692-051F76F2492E . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=84B4F65E-39D5-4521-B692-051F76F2492E . Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=A0E59D77-8AC1-4AC0-9572-A7E1C2E4A66A . Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=A0E59D77-8AC1-4AC0-9572-A7E1C2E4A66A . Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=F80EABC3-6D39-4532-9178-7967626977EE . Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=A2C9E842-551C-458E-BF19-1C2BA9F21A06 . Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=83B97ECE-0010-443E-9353-82FFCAF73771 . Microsoft Windows Server 2003 for Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=A2C9E842-551C-458E-BF19-1C2BA9F21A06 . Microsoft Exchange 2000 Server Service Pack 3 (utiliza o componente Windows OLE) . Microsoft Exchange Server 2003 . Microsoft Exchange Server 2003 Service Pack 1 (utiliza o componente Windows OLE) . Microsoft Exchange Server 5.0 Service Pack 2 (utiliza o componente Windows OLE) . Microsoft Exchange Server 5.5 Service Pack 4 (utiliza o componente Windows OLE) . Microsoft Windows 98 Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. . Microsoft Windows 98 Second Edition (SE) Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. . Microsoft Windows Millennium Edition (ME) Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. . Microsoft Office XP Service Pack 3 (utiliza o componente Windows OLE) . Microsoft Office XP Service Pack 2 (utiliza o componente Windows OLE) . Microsoft Office XP Software: Outlook 2002 Word 2002 Excel 2002 PowerPoint 2002 FrontPage 2002 Publisher 2002 Access 2002 . Microsoft Office 2003 Service Pack 1 (utiliza o componente Windows OLE) . Microsoft Office 2003 (utiliza o componente Windows OLE) . Microsoft Office 2003 Software: Outlook 2003 Word 2003 Excel 2003 PowerPoint 2003 FrontPage 2003 Publisher 2003 Access 2003 InfoPath 2003 OneNote 2003 Mais informacoes: . MS05-012 - Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) http://www.microsoft.com/technet/security/bulletin/ms05-012.mspx . Vulnerability Note VU#927889 - Microsoft OLE buffer overflow http://www.kb.cert.org/vuls/id/927889 . Vulnerability Note VU#597889 - Microsoft COM Structured Storage Vulnerability http://www.kb.cert.org/vuls/id/597889 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CAN-2005-0044, CAN-2005-0047 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQgzkdOkli63F4U8VAQHIAQQAse9OteXD21ROwXOY7jfNnuN6ovs9RhDj 9PPnS0fTuNKiYOMnqxz8YEbQnB1t5AgW62dP5+SYGt/mWWBuRpijn8zWqE+zFtTw O/k4bFIj/3eAUtOO4ud6idHgV5GYqeXsDTY+otxYucJD1Kq2yv2WIDcSE2Gxmk6O o3RcDrPhBdU= =eBnU -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue Feb 15 09:00:23 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 15 Feb 2005 09:00:23 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Componente de Edicao DHTML (MS05-013) Message-ID: <20050215110023.GJ7702@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Componente de Edicao DHTML (MS05-013) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 11 Feb 2005 15:00:50 -0200 (BRDT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS05-013 - Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)", que trata de uma recem-descoberta vulnerabilidade presente no Componente de Edicao DHTML do Controle ActiveX. A vulnerabilidade existente no Componente de Edicao de DHTML Dinamico do Controle ActiveX da Microsoft pode permitir a divulgacao de informacoes ou a execucao remota de codigo no sistema afetado. Um atacante poderia explorar esta vulnerabilidade construindo uma pagina web maliciosa capaz de executar remotamente um codigo malicioso no sistema afetado, no momento em que um usuario acessasse a pagina em questao. O atacante poderia obter assim o controle completo sobre o sistema vulneravel. Sistemas afetados: . Microsoft Windows 2000 Service Pack 3 . Microsoft Windows 2000 Service Pack 4 . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) . Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 for Itanium-based Systems . Microsoft Windows 98 . Microsoft Windows 98 Second Edition (SE) . Microsoft Windows Millennium Edition (ME) Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=AEA07CBA-0E2B-4A22-91ED-1D23BB012C04 . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=AEA07CBA-0E2B-4A22-91ED-1D23BB012C04 . Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=9490E7D2-03C2-463A-B3D0-B949F5295208 . Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=9490E7D2-03C2-463A-B3D0-B949F5295208 . Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=9E0247B8-240E-416C-9586-ACD5EF8578DE . Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=2CE98263-2AB4-4FE3-8B0B-5B3155119730 . Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=E99F5BDD-8EA8-4837-960E-0D20DEA9AC4D . Microsoft Windows Server 2003 for Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=2CE98263-2AB4-4FE3-8B0B-5B3155119730 . Microsoft Windows 98 Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. . Microsoft Windows 98 Second Edition (SE) Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. . Microsoft Windows Millennium Edition (ME) Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. Mais informacoes: . MS05-013 - Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) http://www.microsoft.com/technet/security/bulletin/ms05-013.mspx . Vulnerability Note VU#356600 - Microsoft Internet Explorer DHTML Editing ActiveX control contains a cross-domain vulnerability http://www.kb.cert.org/vuls/id/356600 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CAN-2004-1319 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQgzkx+kli63F4U8VAQFm4QP+P160qpGT42KGdwZ1N6xyAz8WcLz0zu4Q of0/2WrWKXUYsKiCKkV0Mf82O/3cWIUfFAfDeOWt0W+7BH2ByqUN/UI11WdPvdga QGeiDNbTGkgmGpleAcRvHonNMkPkFGI9WLL2kp2Wu26Eto9KkQM8uxRDXzA1BRqK xZ7My0XidKE= =rksK -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue Feb 15 09:00:38 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 15 Feb 2005 09:00:38 -0200 Subject: [SECURITY-L] CAIS-Alerta: Correcoes de seguranca acumulativas para Internet Explorer (MS05-014) Message-ID: <20050215110038.GK7702@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Correcoes de seguranca acumulativas para Internet Explorer (MS05-014) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 11 Feb 2005 15:02:55 -0200 (BRDT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS05-014 - Cumulative Security Update for Internet Explorer (867282)", que trata de um conjunto de correcoes de vulnerabilidades para o Microsoft Internet Explorer. Caso um usuario esteja registrado no sistema com privilegios administrativos, um atacante que consiga explorar alguma destas vulnerabilidades podera obter o controle completo sobre o sistema afetado, sendo capaz de instalar programas, adicionar novas contas de usuarios com privilegios totais no sistema e ate' mesmo ver, modificar ou apagar dados no sistema vulneravel. Sistemas afetados: . Microsoft Windows 2000 Service Pack 3 . Microsoft Windows 2000 Service Pack 4 . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) . Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 for Itanium-based Systems . Microsoft Windows 98 . Microsoft Windows 98 Second Edition (SE) . Microsoft Windows Millennium Edition (ME) Componentes afetados: . Internet Explorer 5.01 Service Pack 3 (SP3) instalado em Windows 2000 Service Pack 3 . Internet Explorer 5.01 Service Pack 4 instalado em Windows 2000 Service Pack 4 . Internet Explorer 5.5 Service Pack 2 instalado em Microsoft Windows Millennium Edition . Internet Explorer 6 Service Pack 1 instalado em Microsoft Windows 2000 Service Pack 3 . Internet Explorer 6 Service Pack 1 instalado em Microsoft Windows 2000 Service Pack 4 . Internet Explorer 6 Service Pack 1 instalado em Microsoft Windows XP Service Pack 1 . Internet Explorer 6 Service Pack 1 instalado em Microsoft Windows 98 . Internet Explorer 6 Service Pack 1 instalado em Microsoft Windows 98 SE . Internet Explorer 6 Service Pack 1 instalado em Microsoft Windows Millennium Edition . Internet Explorer 6 para Windows XP Service Pack 1 (64-Bit Edition) . Internet Explorer 6 para Windows Server 2003 . Internet Explorer 6 para Windows Server 2003 64-Bit Edition . Internet Explorer 6 para Windows XP 64-Bit Edition Version 2003 . Internet Explorer 6 para Windows XP Service Pack 2 Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Internet Explorer 5.01 Service Pack 3 (SP3) instalado em Windows 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=34F5BCDE-4EE2-4EFD-BB60-F5A6BC5F56D1 . Internet Explorer 5.01 Service Pack 4 instalado em Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=4C2CBB4B-2F00-4CD6-BB98-AD14A48B53C0 . Internet Explorer 5.5 Service Pack 2 instalado em Microsoft Windows Millennium Edition Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. . Internet Explorer 6 Service Pack 1 instalado em Microsoft Windows 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=E473CD05-3320-4322-B437-F3A61E62F567 . Internet Explorer 6 Service Pack 1 instalado em Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=E473CD05-3320-4322-B437-F3A61E62F567 . Internet Explorer 6 Service Pack 1 instalado em Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=E473CD05-3320-4322-B437-F3A61E62F567 . Internet Explorer 6 Service Pack 1 instalado em Microsoft Windows 98 Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. . Internet Explorer 6 Service Pack 1 instalado em Microsoft Windows 98 SE Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. . Internet Explorer 6 Service Pack 1 instalado em Microsoft Windows Millennium Edition Veja a sessao FAQ do boletim original, encontrado na sessao "Mais Informacoes", para detalhes sobre este sistema operacional. . Internet Explorer 6 para Windows XP Service Pack 1 (64-Bit Edition) http://www.microsoft.com/downloads/details.aspx?FamilyId=7EAE62C0-3DA0-4BAC-B2FE-ECE89959053D . Internet Explorer 6 para Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=4DC0FE8A-9D03-4AB8-8EAF-C85FF25CB1A2 . Internet Explorer 6 para Windows Server 2003 64-Bit Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=E3C4DA1F-6FA2-4A2B-A6D9-24B599C353B3 . Internet Explorer 6 para Windows XP 64-Bit Edition Version 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=E3C4DA1F-6FA2-4A2B-A6D9-24B599C353B3 . Internet Explorer 6 para Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=82056EAB-8367-4B04-A11A-1002D14EB55B Mais informacoes: . MS05-014 - Cumulative Security Update for Internet Explorer (867282) http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx . Vulnerability Note VU#823971 - Microsoft Internet Explorer contains a Channel Definition Format (CDF) cross-domain vulnerability http://www.kb.cert.org/vuls/id/823971 . Vulnerability Note VU#843771 - Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability http://www.kb.cert.org/vuls/id/843771 . Vulnerability Note VU#580299 - Microsoft Internet Explorer contains URL decoding zone spoofing vulnerability http://www.kb.cert.org/vuls/id/580299 . Vulnerability Note VU#698835 - Microsoft DHTML Drag-and-Drop events insufficiently validated http://www.kb.cert.org/vuls/id/698835 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CAN-2005-0053, CAN-2005-0054, CAN-2005-0055, CAN-2005-0056 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQgzlROkli63F4U8VAQG3NQP7BCWkkG0J12qC4+Qnvx8SVbT6iO9q8mdb HknEJhNrq1sjH/tO6pZctgcgXcfMX5WSwYrruxcNM0G3yXannk3zHjFsbghDBvoK sl6PsE5AsYYw9TkYt51yuiFdcnBeqHVulDxhkk65TI5NVtRBkoiwlpwoBfoINCTH Lo/RC7wBXKE= =lHGO -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue Feb 15 09:01:03 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 15 Feb 2005 09:01:03 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade na Biblioteca de Objetos Hyperlink (MS05-015) Message-ID: <20050215110102.GL7702@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade na Biblioteca de Objetos Hyperlink (MS05-015) To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 11 Feb 2005 15:04:19 -0200 (BRDT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS05-015 - Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)", que trata de uma recem-descoberta vulnerabilidade encontrada no Biblioteca de Objetos de Hyperlink. A vulnerabilidade, de execucao remota de codigo, existe nesta biblioteca devido `a ausencia de checagem de uma area de memoria durante a manipulacao de hyperlinks. Um atacante poderia explorar esta vulnerabilidade construindo um endereco de web malicioso (hyperlink) levando `a execucao remota de codigo, caso um usuario seja manipulado de forma a clicar neste endereco dentro de um site web ou em uma mensagem de e-mail. Caso um atacante consiga explorar esta vulnerabilidade, ele podera obter o controle completo do sistema vulneravel. Entretanto, a interacao com o usuario e' necessaria para a exploracao desta falha. Sistemas afetados: . Microsoft Windows 2000 Service Pack 3 . Microsoft Windows 2000 Service Pack 4 . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) . Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 para Itanium-based Systems . Microsoft Windows 98 . Microsoft Windows 98 Second Edition (SE) . Microsoft Windows Millennium Edition (ME) Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=9DC37971-9268-4CED-85A3-2CF487EAE378 . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=9DC37971-9268-4CED-85A3-2CF487EAE378 . Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=6005C5A3-AFF2-4765-B26F-BE47ED408E0B . Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=6005C5A3-AFF2-4765-B26F-BE47ED408E0B . Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=84712902-1C6B-4402-9959-7A51EE319D7F . Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=558AB19E-A5A3-44A6-99A3-F0D9E7C1F714 . Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=68C55E18-3A3F-455B-A6C3-BB87B33CFD8E . Microsoft Windows Server 2003 para Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=558AB19E-A5A3-44A6-99A3-F0D9E7C1F714 Mais informacoes: . MS05-015 - Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) http://www.microsoft.com/technet/security/bulletin/ms05-015.mspx . Vulnerability Note VU#820427 - Microsoft Hyperlink Object Library buffer overflow http://www.kb.cert.org/vuls/id/820427 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CAN-2005-0057 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQgzlmOkli63F4U8VAQH4qAP/bw/qLESoXrbYP6iB+Z0Uaw+r9w3Y8Bmu rBnymwRcKree16gjGhZht6ixOiGqhhTJZx3NarFC67OVn2tXB6UW32+IKp3sTeZY glpW+YDXLhMKdDNCco5+HrKtilOshM9fP26/E3eYvJUY/TFCmqPzMYCiY0hE6ykn hI9Ezt0I1XY= =//dS -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 16 14:01:06 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 16 Feb 2005 14:01:06 -0200 Subject: [SECURITY-L] CAIS-Alerta: Termino do Horario de Verao 2004/2005 Message-ID: <20050216160106.GA10611@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Termino do Horario de Verao 2004/2005 To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br, ntp-users em cais.rnp.br Date: Tue, 15 Feb 2005 18:20:53 -0200 (BRDT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS gostaria de alertar a todos que, de acordo com o Decreto 5.223 de 01 de Outubro de 2004, o horario de verao 2004/2005 terminara 'a zero hora (00:00) do dia 20 de fevereiro de 2005. Assim, o horario do sistema de maquinas devidamente configuradas passara: De 00h00 de 20 de Fevereiro Para 23h00 de 19 de Fevereiro Para tanto, nos estados que participaram do horario de verao, sera necessario atrasar os relogios em 1 hora. Sao eles: Distrito Federal, Espirito Santo, Goias, Mato Grosso, Mato Grosso do Sul, Minas Gerais, Parana, Rio de Janeiro, Rio Grande do Sul, Santa Catarina e Sao Paulo. Ressaltamos que, se tratando de incidentes de seguranca, a precisao dos relogios dos sistemas e' fundamental para que haja consistencia nos logs, alem de ser imprescindivel na investigacao e identificacao de responsaveis. Vale ressaltar que, apos o termino do horario de verao, os logs reportados retornarao ao timezone GMT-3. A copia do Decreto 5.223, que instituiu o horario de verao 2004/2005 no territorio nacional, esta disponivel no seguinte endereco: http://pcdsh01.on.br/DecHV5223.gif Mais informacoes sobre o horario de verao podem ser obtidos nos seguintes Alertas do CAIS: . Horario de Verao - Retificacao para servidores AIX e esclarecimentos http://www.rnp.br/cais/alertas/2004/cais-alr-19102004.html . Alteracoes de configuracao necessarias para o Horario de Verao 2004/2005 http://www.rnp.br/cais/alertas/2004/cais-alr-05102004a.html . Inicio do Horario de Verao 2004/2005 http://www.rnp.br/cais/alertas/2004/cais-alr-05102004.html Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBQhJZr+kli63F4U8VAQGnwwP+PhZ3qER8eFiOwr2azYzPgy68dN8XsFWe Sy3f5or2O3gnu8xM6F83ZjcWhk+ma63SRPb5MeEpkd5+jQ1bUcS3cM5O0/O/tbpr U+Fz3YXkA8Pf2PtRNQSSFecCBdUFLbesc4NhTeiLAeVJQ1t94sXU2A2GghcX19wp 0eq3Gtf+4MA= =IxwF -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 16 14:01:37 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 16 Feb 2005 14:01:37 -0200 Subject: [SECURITY-L] [S] linux kernel 2.6 fun. windoze is a joke Message-ID: <20050216160137.GB10611@unicamp.br> ----- Forwarded message from Nelson Murilo ----- From: Nelson Murilo Subject: [S] linux kernel 2.6 fun. windoze is a joke To: seguranca em pangeia.com.br Date: Tue, 15 Feb 2005 19:53:47 -0200 [http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html] Georgi Guninski security advisory #73, 2005 linux kernel 2.6 fun. windoze is a joke Systems affected: linux kernel 2.6.10, probably earlier 2.6. 2.4 not tested Date: 15 February 2005 Legal Notice: This Advisory is Copyright (c) 2005 Georgi Guninski. You may not modify it and distribute it or distribute parts of it without the author's written permission - this especially applies to so called "vulnerabilities databases" and securityfocus, microsoft, cert and mitre. If you want to link to this content use the URL: http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html Anything in this document may change without notice. Disclaimer: The information in this advisory is believed to be true though it may be false. The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski is not liable for any damages caused by direct or indirect use of the information or functionality provided by this advisory or program. Georgi Guninski bears no responsibility for content or misuse of this advisory or program or any derivatives thereof. Description: There is misuse of signed types in 2.6, leading to buffer overflow and reading kernel memory. Details: WDYBTGT3-1: there is heap overflow in /proc in at least 2.6.10 and 2.6.11rc1-bk6 ( have not tested 2.4) on i386. [...] ----- End forwarded message ----- From security em unicamp.br Wed Feb 16 14:01:56 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 16 Feb 2005 14:01:56 -0200 Subject: [SECURITY-L] [S] Hacker invades =?iso-8859-1?q?=B4War_of_the_Worlds=B4?= Web site Message-ID: <20050216160156.GC10611@unicamp.br> ----- Forwarded message from Nelson Murilo ----- From: Nelson Murilo Subject: [S] Hacker invades �War of the Worlds� Web site To: seguranca em pangeia.com.br Date: Tue, 15 Feb 2005 22:22:33 -0200 [http://www.crime-research.org/news/02.15.2005/964/] Hacker invades 'War of the Worlds' Web site Date: February 15, 2005 Source: CNET News.com By: Dan Ilett hack/1018031491.jpg A Brazilian hacker has defaced the Web site of Steven Spielberg's "War of the Worlds," which is set to be released in cinemas this summer, according to a security group. Zone-H.org, a Web site that records defacements, reported that the hacker broke into the Paramount Pictures-owned Web site on Sunday. The content, including a trailer for the movie featuring Tom Cruise, was replaced by black-and-white graphics and a message from the hacker. The defacer, who goes by the nickname "Un-root," apparently hacked the Linux system through a vulnerability in an Apache Web server. "That is embarrassing for them," said Jason Hart, director of security for WhiteHat UK. "If you look at Zone-H, there are a lot of hackers coming out of Brazil. It may be the increase in broadband or wireless access points. But there are certainly more." Hart added that poorly patched servers were often the cause of many defacements. "People are becoming more relaxed about security," Hart said. "It's about basic steps--just keep testing and have simple security frameworks. People think you need sophisticated answers, but you don't. Just make sure you have patch management." The site for "War of the Worlds," the film version of H.G. Wells' novel, had been restored by Monday lunchtime in the United Kingdom. Paramount Pictures was unable to comment on the incident at the time of writing. Last year, Brazilian federal police arrested 53 suspects on charges of stealing $93 million from online banking customers. Security experts have said that Brazil is a hacking hot spot of the world. ----- End forwarded message ----- From security em unicamp.br Wed Feb 16 14:02:18 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 16 Feb 2005 14:02:18 -0200 Subject: [SECURITY-L] [S] SHA-1 Broken Message-ID: <20050216160217.GD10611@unicamp.br> ----- Forwarded message from Cristine Hoepers ----- From: Cristine Hoepers Subject: [S] SHA-1 Broken To: seguranca em pangeia.com.br Date: Wed, 16 Feb 2005 12:04:40 -0200 [http://www.schneier.com/blog/archives/2005/02/sha1_broken.html] SHA-1 Broken SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper announcing their results: * collisions in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length. * collisions in SHA-0 in 2**39 operations. * collisions in 58-round SHA-1 in 2**33 operations. This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn't affect applications such as HMAC where collisions aren't important). The paper isn't generally available yet. At this point I can't tell if the attack is real, but the paper looks good and this is a reputable research team. More details when I have them. Posted on February 15, 2005 at 07:15 PM ----- End forwarded message ----- From security em unicamp.br Wed Feb 16 15:27:02 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 16 Feb 2005 15:27:02 -0200 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20050216172656.GE10611@unicamp.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Srs. Assinantes, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Debian Security Advisory: - ------------------------- 15/02/2005 - DSA 683-1 Assunto: vulnerabilidade de seguranca no pacote postgresql. http://www.security.unicamp.br/docs/bugs/2005/02/v51.txt 15/02/2005 - DSA 682-1 Assunto: vulnerabilidade de seguranca no pacote awstats. http://www.security.unicamp.br/docs/bugs/2005/02/v50.txt 14/02/2005 - DSA 681-1 Assunto: vulnerabilidade de seguranca no pacote synaesthesia. http://www.security.unicamp.br/docs/bugs/2005/02/v49.txt 14/02/2005 - DSA 680-1 Assunto: vulnerabilidade de seguranca no pacote htdig. http://www.security.unicamp.br/docs/bugs/2005/02/v48.txt 14/02/2005 - DSA 679-1 Assunto: vulnerabilidade de seguranca no pacote toolchain-source. http://www.security.unicamp.br/docs/bugs/2005/02/v47.txt 11/02/2005 - DSA 678-1 Assunto: vulnerabilidade de seguranca no pacote netkit-rwho. http://www.security.unicamp.br/docs/bugs/2005/02/v46.txt 11/02/2005 - DSA 677-1 Assunto: vulnerabilidade de seguranca no pacote sympa. http://www.security.unicamp.br/docs/bugs/2005/02/v45.txt 11/02/2005 - DSA 676-1 Assunto: vulnerabilidade de seguranca no pacote xpcd. http://www.security.unicamp.br/docs/bugs/2005/02/v44.txt 10/02/2005 - DSA 674-2 Assunto: vulnerabilidade de seguranca no pacote mailman. http://www.security.unicamp.br/docs/bugs/2005/02/v43.txt 10/02/2005 - DSA 675-1 Assunto: vulnerabilidade de seguranca no pacote hztty. http://www.security.unicamp.br/docs/bugs/2005/02/v42.txt 10/02/2005 - DSA 674-1 Assunto: vulnerabilidade de seguranca no pacote mailman. http://www.security.unicamp.br/docs/bugs/2005/02/v28.txt 10/02/2005 - DSA 673-1 Assunto: vulnerabilidade de seguranca no pacote evolution. http://www.security.unicamp.br/docs/bugs/2005/02/v27.txt 09/02/2005 - DSA 672-1 Assunto: vulnerabilidade de seguranca no pacote xview. http://www.security.unicamp.br/docs/bugs/2005/02/v26.txt 08/02/2005 - DSA 671-1 Assunto: vulnerabilidade de seguranca no pacote xemacs21. http://www.security.unicamp.br/docs/bugs/2005/02/v25.txt 08/02/2005 - DSA 670-1 Assunto: vulnerabilidade de seguranca no pacote emacs20. http://www.security.unicamp.br/docs/bugs/2005/02/v24.txt 07/02/2005 - DSA 669-1 Assunto: vulnerabilidade de seguranca no pacote php3. http://www.security.unicamp.br/docs/bugs/2005/02/v23.txt 04/02/2005 - DSA 668-1 Assunto: vulnerabilidade de seguranca no pacote postgresql. http://www.security.unicamp.br/docs/bugs/2005/02/v22.txt 04/02/2005 - DSA 667-1 Assunto: vulnerabilidade de seguranca no pacote squid. http://www.security.unicamp.br/docs/bugs/2005/02/v21.txt 04/02/2005 - DSA 666-1 Assunto: vulnerabilidade de seguranca no pacote python 2.2. http://www.security.unicamp.br/docs/bugs/2005/02/v20.txt Fedora Update Notification: - --------------------------- 14/02/2005 - FEDORA-2005-146 Assunto: Fedora Core 3: xemacs. http://www.security.unicamp.br/docs/bugs/2005/02/v72.txt 14/02/2005 - FEDORA-2005-145 Assunto: Fedora Core 2: xemacs. http://www.security.unicamp.br/docs/bugs/2005/02/v71.txt 10/02/2005 - FEDORA-2005-140 Assunto: Fedora Core 3: mod_python. http://www.security.unicamp.br/docs/bugs/2005/02/v70.txt 10/02/2005 - FEDORA-2005-139 Assunto: Fedora Core 2: mod_python. http://www.security.unicamp.br/docs/bugs/2005/02/v69.txt 10/02/2005 - FEDORA-2005-131 Assunto: Fedora Core 2: mailman. http://www.security.unicamp.br/docs/bugs/2005/02/v68.txt 10/02/2005 - FEDORA-2005-132 Assunto: Fedora Core 3: mailman. http://www.security.unicamp.br/docs/bugs/2005/02/v67.txt 09/02/2005 - FEDORA-2005-134 Assunto: Fedora Core 2: kdegraphics. http://www.security.unicamp.br/docs/bugs/2005/02/v66.txt 09/02/2005 - FEDORA-2005-133 Assunto: Fedora Core 3: kdegraphics. http://www.security.unicamp.br/docs/bugs/2005/02/v65.txt 09/02/2005 - FEDORA-2005-136 Assunto: Fedora Core 3: xpdf. http://www.security.unicamp.br/docs/bugs/2005/02/v64.txt 09/02/2005 - FEDORA-2005-135 Assunto: Fedora Core 2: xpdf. http://www.security.unicamp.br/docs/bugs/2005/02/v63.txt 08/02/2005 - FEDORA-2005-116 Assunto: Fedora Core 3: emacs. http://www.security.unicamp.br/docs/bugs/2005/02/v62.txt 08/02/2005 - FEDORA-2005-115 Assunto: Fedora Core 2: emacs. http://www.security.unicamp.br/docs/bugs/2005/02/v61.txt 08/02/2005 - FEDORA-2005-123 Assunto: Fedora Core 3: cups. http://www.security.unicamp.br/docs/bugs/2005/02/v60.txt 08/02/2005 - FEDORA-2005-122 Assunto: Fedora Core 2: cups. http://www.security.unicamp.br/docs/bugs/2005/02/v59.txt 07/02/2005 - FEDORA-2005-125 Assunto: Fedora Core 2: postgresql. http://www.security.unicamp.br/docs/bugs/2005/02/v58.txt 07/02/2005 - FEDORA-2005-124 Assunto: Fedora Core 3: postgresql. http://www.security.unicamp.br/docs/bugs/2005/02/v57.txt Gentoo Linux Security Advisory: - ------------------------------- 14/02/2005 - GLSA 200502-19 Assunto: PostgreSQL: Buffer overflows in PL/PgSQL parser. http://www.security.unicamp.br/docs/bugs/2005/02/v41.txt 14/02/2005 - GLSA 200502-17 Assunto: Opera: Multiple vulnerabilities. http://www.security.unicamp.br/docs/bugs/2005/02/v40.txt 13/02/2005 - GLSA 200502-16 Assunto: ht://Dig: Cross-site scripting vulnerability. http://www.security.unicamp.br/docs/bugs/2005/02/v39.txt 13/02/2005 - GLSA 200502-15 Assunto: PowerDNS: Denial of Service vulnerability. http://www.security.unicamp.br/docs/bugs/2005/02/v38.txt 13/02/2005 - GLSA 200502-14 Assunto: mod_python: Publisher Handler vulnerability. http://www.security.unicamp.br/docs/bugs/2005/02/v37.txt 11/02/2005 - GLSA 200502-13 Assunto: Perl: Vulnerabilities in perl-suid wrapper. http://www.security.unicamp.br/docs/bugs/2005/02/v36.txt 11/02/2005 - GLSA 200502-12 Assunto: Webmin: Information leak in Gentoo binary package. http://www.security.unicamp.br/docs/bugs/2005/02/v35.txt 10/02/2005 - GLSA 200502-11 Assunto: Mailman: Directory traversal vulnerability. http://www.security.unicamp.br/docs/bugs/2005/02/v34.txt 09/02/2005 - GLSA 200502-10 Assunto: pdftohtml: Vulnerabilities in included Xpdf. http://www.security.unicamp.br/docs/bugs/2005/02/v33.txt 08/02/2005 - GLSA 200502-09 Assunto: Python: Arbitrary code execution through SimpleXMLRPCServer. http://www.security.unicamp.br/docs/bugs/2005/02/v32.txt 07/02/2005 - GLSA 200502-08 Assunto: PostgreSQL: Local privilege escalation. http://www.security.unicamp.br/docs/bugs/2005/02/v31.txt 07/02/2005 - GLSA 200502-07 Assunto: OpenMotif: Multiple vulnerabilities in libXpm. http://www.security.unicamp.br/docs/bugs/2005/02/v30.txt 06/02/2005 - GLSA 200502-06 Assunto: LessTif: Multiple vulnerabilities in libXpm. http://www.security.unicamp.br/docs/bugs/2005/02/v29.txt SCO Security Advisory: - ---------------------- 07/02/2005 - SCOSA-2005.12 Assunto: UnixWare 7.1.4 : vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands. http://www.security.unicamp.br/docs/bugs/2005/02/v56.txt 07/02/2005 - SCOSA-2005.13 Assunto: OpenServer 5.0.6 OpenServer 5.0.7 : enable command line buffer overflows. http://www.security.unicamp.br/docs/bugs/2005/02/v55.txt 07/02/2005 - SCOSA-2005.10 Assunto: UnixWare 7.1.4 : racoon multilple security issues. http://www.security.unicamp.br/docs/bugs/2005/02/v54.txt 07/02/2005 - SCOSA-2005.14 Assunto: UnixWare 7.1.3 UnixWare 7.1.1 : Vulnerabilities in long-lived TCP connections / Rose attack. http://www.security.unicamp.br/docs/bugs/2005/02/v53.txt 07/02/2005 - SCOSA-2005.9 Assunto: OpenServer 5.0.6 OpenServer 5.0.7 : Vulnerabilities in long-lived TCP connections / Rose attack. http://www.security.unicamp.br/docs/bugs/2005/02/v52.txt - -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security at unicamp.br http://www.security.unicamp.br GnuPG Public Key: http://www.security.unicamp.br/security.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFCE4IT/UMb1l3gm8IRAoXxAKCalVP1QLIxj9ArDSUcM0B9M/MFngCdG7ki lOfOEcZF5JT/V5/0NOZOXCM= =sA3g -----END PGP SIGNATURE----- From security em unicamp.br Thu Feb 17 15:24:47 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 17 Feb 2005 15:24:47 -0200 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20050217172447.GF10611@unicamp.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Srs. Assinantes, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: An�ncio de Seguran�a do Conectiva Linux: ======================================== 16/02/2005 - CLA-2005:925 Assunto: Corre��o para vulnerabilidade do Evolution. http://www.security.unicamp.br/docs/bugs/2005/02/v102.txt 14/02/2005 - CLA-2005:924 Assunto: Corre��es para a libXpm do pacote XFree86. http://www.security.unicamp.br/docs/bugs/2005/02/v101.txt CAIS-Alerta: ============ 11/02/2005 Assunto: Termino do Horario de Verao 2004/2005 http://www.security.unicamp.br/docs/bugs/2005/02/v120.txt Assunto: Vulnerabilidade na Biblioteca de Objetos Hyperlink (MS05-015). http://www.security.unicamp.br/docs/bugs/2005/02/v119.txt Assunto: Correcoes de seguranca acumulativas para Internet Explorer (MS05-014). http://www.security.unicamp.br/docs/bugs/2005/02/v118.txt Assunto: Vulnerabilidade no Componente de Edicao DHTML (MS05-013). http://www.security.unicamp.br/docs/bugs/2005/02/v117.txt Assunto: Vulnerabilidade no Microsoft OLE e COM (MS05-012). http://www.security.unicamp.br/docs/bugs/2005/02/v116.txt Assunto:Vulnerabilidade no protocolo SMB do Windows (MS05-011). http://www.security.unicamp.br/docs/bugs/2005/02/v115.txt Assunto: Vulnerabilidade no Servico de Log de Licensa (MS05-010). http://www.security.unicamp.br/docs/bugs/2005/02/v114.txt Assunto: Vulnerabilidade no processamento de arquivos PNG (MS05-009). http://www.security.unicamp.br/docs/bugs/2005/02/v113.txt Assunto: Vulnerabilidade no Microsoft Windows Shell (MS05-008). http://www.security.unicamp.br/docs/bugs/2005/02/v112.txt Assunto: Vulnerabilidade no Windows pode permitir divulgacao de informacoes (MS05-007). http://www.security.unicamp.br/docs/bugs/2005/02/v111.txt Assunto: Vulnerabilidade no Windows SharePoint Services e SharePoint Team Services (MS05-006). http://www.security.unicamp.br/docs/bugs/2005/02/v110.txt Assunto: Vulnerabilidade no Microsoft Office XP (MS05-005). http://www.security.unicamp.br/docs/bugs/2005/02/v109.txt Assunto: Vulnerabilidade na validacao de enderecos do ASP.NET (MS05-004). http://www.security.unicamp.br/docs/bugs/2005/02/v108.txt Debian Security Advisory: ========================= 16/02/2005 - DSA 684-1 Assunto: vulnerabilidade de seguranca no pacote typespeed. http://www.security.unicamp.br/docs/bugs/2005/02/v107.txt Fedora Legacy Update Advisory: ============================== 10/02/2005 - FLSA:2188 Assunto: Updated gaim package resolves security issues. http://www.security.unicamp.br/docs/bugs/2005/02/v90.txt 10/02/2005 - FLSA:2352 Assunto: Updated Xpdf package fixes security issues. http://www.security.unicamp.br/docs/bugs/2005/02/v89.txt 10/02/2005 - FLSA:2252 Assunto: Updated iptables packages resolve security issues. http://www.security.unicamp.br/docs/bugs/2005/02/v88.txt 10/02/2005 - FLSA:2353 Assunto: Updated gpdf package fixes security issues. http://www.security.unicamp.br/docs/bugs/2005/02/v87.txt 08/02/2005 - FLSA:1906 Assunto: Updated abiword resolves security vulnerabilities. http://www.security.unicamp.br/docs/bugs/2005/02/v86.txt 08/02/2005 - FLSA:1943 Assunto: Updated libpng resolves security vulnerabilities. http://www.security.unicamp.br/docs/bugs/2005/02/v85.txt Fedora Update Notification: =========================== 17/02/2005 - FEDORA-2005-148 Assunto: Fedora Core 3: kdeedu. http://www.security.unicamp.br/docs/bugs/2005/02/v121.txt Gentoo Linux Security Advisory: =============================== 16/02/2005 - GLSA 200502-23 Assunto: KStars: Buffer overflow in fliccd. http://www.security.unicamp.br/docs/bugs/2005/02/v99.txt 16/02/2005 - GLSA 200502-22 Assunto: wpa_supplicant: Buffer overflow vulnerability. http://www.security.unicamp.br/docs/bugs/2005/02/v98.txt 15/02/2005 - GLSA 200502-21 Assunto: lighttpd: Script source disclosure. http://www.security.unicamp.br/docs/bugs/2005/02/v97.txt 15/02/2005 - GLSA 200502-20 Assunto: Emacs, XEmacs: Format string vulnerabilities in movemail. http://www.security.unicamp.br/docs/bugs/2005/02/v96.txt 14/02/2005 - GLSA 200501-36:03 Assunto: AWStats: Remote code execution. http://www.security.unicamp.br/docs/bugs/2005/02/v95.txt 14/02/2005 - GLSA 200502-18 Assunto: VMware Workstation: Untrusted library search path. http://www.security.unicamp.br/docs/bugs/2005/02/v94.txt 10/02/2005 - UPDATE: GLSA 200501-45:03 Assunto: Gallery: Cross-site scripting vulnerability. http://www.security.unicamp.br/docs/bugs/2005/02/v93.txt HP Security Bulletin: ===================== 16/02/2005 - HPSBMA01116 Assunto: SSRT5893 rev.0 - HP Web-enabled Management Software Remote Buffer Overflow. http://www.security.unicamp.br/docs/bugs/2005/02/v106.txt 10/02/2005 - HPSBUX01117 Assunto: SSRT4861 rev.0 - HP-UX BIND 9.2.0 remote Denial of Service (DoS). http://www.security.unicamp.br/docs/bugs/2005/02/v92.txt 09/02/2005 - HPSBUX01118 Assunto: SSRT4883 rev.0 - HP-UX ftpd remote privileged access. http://www.security.unicamp.br/docs/bugs/2005/02/v84.txt KDE Security Advisories: ======================== 15/02/2005 Assunto: Buffer overflow in fliccd of kdeedu/kstars/indi. http://www.security.unicamp.br/docs/bugs/2005/02/v104.txt Mandrakelinux Security Update Advisory: ======================================= 15/02/2005 - MDKSA-2005:038 Assunto: vulnerabilidade de seguranca no pacote emacs. http://www.security.unicamp.br/docs/bugs/2005/02/v103.txt 14/02/2005 - MDKSA-2005:037 Assunto: vulnerabilidade de seguranca no pacote mailman. http://www.security.unicamp.br/docs/bugs/2005/02/v80.txt 11/02/2005 - MDKSA-2005:032-1 Assunto: vulnerabilidade de seguranca no pacote cpio. http://www.security.unicamp.br/docs/bugs/2005/02/v79.txt 10/02/2005 - MDKSA-2005:036 Assunto: vulnerabilidade de seguranca no pacote MySQL. http://www.security.unicamp.br/docs/bugs/2005/02/v78.txt 10/02/2005 - MDKSA-2005:035 Assunto: vulnerabilidade de seguranca no pacote python. http://www.security.unicamp.br/docs/bugs/2005/02/v77.txt 10/02/2005 - MDKSA-2005:034 Assunto: vulnerabilidade de seguranca no pacote squid. http://www.security.unicamp.br/docs/bugs/2005/02/v76.txt 10/02/2005 - MDKSA-2005:033 Assunto: vulnerabilidade de seguranca no pacote enscript. http://www.security.unicamp.br/docs/bugs/2005/02/v75.txt 10/02/2005 - MDKSA-2005:032 Assunto: vulnerabilidade de seguranca no pacote cpio. http://www.security.unicamp.br/docs/bugs/2005/02/v74.txt 08/02/2005 - MDKSA-2005:031 Assunto: vulnerabilidade de seguranca no pacote perl. http://www.security.unicamp.br/docs/bugs/2005/02/v73.txt Microsoft Security Bulletins: ============================= 08/02/2005 Assunto: Microsoft Security Bulletin Re-Releases, February 2005 - - Version Number: 1.0 http://www.security.unicamp.br/docs/bugs/2005/02/v82.txt 08/02/2005 Assunto: Microsoft Security Bulletin Re-Releases, February 2005. http://www.security.unicamp.br/docs/bugs/2005/02/v81.txt SUSE Security Announcement: =========================== 10/02/2005 - SUSE-SA:2005:006 Assunto: vulnerabilidade de seguranca no pacote squid. http://www.security.unicamp.br/docs/bugs/2005/02/v91.txt Trustix Secure Linux Security Advisory: ======================================= 11/02/2005 - #2005-0003 Assunto: vulnerabilidade de seguranca nos pacotes: bind, clamav, cpio, cups, mod_python, perl, postgresql, python e squid. http://www.security.unicamp.br/docs/bugs/2005/02/v100.txt US-CERT Technical Cyber Security Alert: ======================================= 08/02/2005 - TA05-039A Assunto: Multiple Vulnerabilities in Microsoft Windows Components. http://www.security.unicamp.br/docs/bugs/2005/02/v83.txt - -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security at unicamp.br http://www.security.unicamp.br GnuPG Public Key: http://www.security.unicamp.br/security.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFCFNLp/UMb1l3gm8IRAu0AAJwL1CeUlIA4IN3VBnh1Oy+rZHjy+wCgtahZ OOGy0VgXykydUPE9/0cMHK4= =exBu -----END PGP SIGNATURE----- From security em unicamp.br Fri Feb 18 10:39:10 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 18 Feb 2005 10:39:10 -0200 Subject: [SECURITY-L] [S] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability Message-ID: <20050218123910.GD14079@unicamp.br> ----- Forwarded message from Nelson Murilo ----- From: Nelson Murilo Subject: [S] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability To: seguranca em pangeia.com.br Date: Fri, 18 Feb 2005 09:24:35 -0200 [http://www.securityfocus.com/bid/11781/info/] It is reported that OpenSSH contains an information disclosure vulnerability. This issue exists in the portable version of OpenSSH. The portable version is the version that is distributed for operating systems other than its native OpenBSD platform. This issue is related to BID 7467. It is reported that the previous fix for BID 7476 was insufficient to completely fix the issue. It is not confirmed at this time, but this current issue may involve differing code paths in PAM, resulting in a new vulnerability. This vulnerability allows remote users to test for the existence of valid usernames. Knowledge of usernames may aid them in further attacks. ----- End forwarded message ----- From security em unicamp.br Fri Feb 18 10:39:42 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 18 Feb 2005 10:39:42 -0200 Subject: [SECURITY-L] [nbso-anuncios] Inscricoes Abertas: Creating a Computer Security Incident Response Team (turma 04 de abril de 2005) Message-ID: <20050218123937.GE14079@unicamp.br> ----- Forwarded message from NIC BR Security Office ----- From: NIC BR Security Office Subject: [nbso-anuncios] Inscricoes Abertas: Creating a Computer Security Incident Response Team (turma 04 de abril de 2005) To: nbso-anuncios em listas.nbso.nic.br Cc: nbso em nic.br Date: Fri, 18 Feb 2005 09:49:01 -0200 Organization: NIC BR Security Office Est�o abertas as inscri��es para a turma de 04 de abril de 2005, do Curso Creating a Computer Security Incident Response Team. As inscri��es estar�o abertas at� dia 24 de mar�o de 2005, podendo ser encerradas assim que a lota��o da turma for atingida. Informa��es detalhadas e os formul�rios de inscri��o podem ser obtidos na p�gina: Inscri��es nos Cursos do CERT�/CC ministrados pelo NBSO http://www.nbso.nic.br/cursos/inscricao/ Atenciosamente, NBSO -- NIC BR Security Office Brazilian Computer Emergency Response Team http://www.nbso.nic.br/ _______________________________________________ nbso-anuncios mailing list nbso-anuncios em listas.nbso.nic.br https://listas.nbso.nic.br/mailman/listinfo/nbso-anuncios ----- End forwarded message ----- From security em unicamp.br Mon Feb 21 15:42:06 2005 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 21 Feb 2005 15:42:06 -0300 Subject: [SECURITY-L] Vulnerabilidades de seguranca Message-ID: <20050221184206.GC3864@unicamp.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Srs. Assinantes, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Debian Security Advisory: ========================= 21/02/2005 - DSA 674-3 Assunto: vulnerabilidade de seguranca no pacote mailman. http://www.security.unicamp.br/docs/bugs/2005/02/v132.txt 18/02/2005 - DSA 687-1 Assunto: vulnerabilidade de seguranca no pacote bidwatcher. http://www.security.unicamp.br/docs/bugs/2005/02/v131.txt 17/02/2005 - DSA 686-1 Assunto: vulnerabilidade de seguranca no pacote gftp. http://www.security.unicamp.br/docs/bugs/2005/02/v130.txt 17/02/2005 - DSA 685-1 Assunto: vulnerabilidade de seguranca no pacote emacs21. http://www.security.unicamp.br/docs/bugs/2005/02/v129.txt Fedora Legacy Update Advisory: ============================== 17/02/2005 - FLSA:2137 Assunto: Updated cyrus-sasl resolves security vulnerabilities. http://www.security.unicamp.br/docs/bugs/2005/02/v133.txt Gentoo Linux Security Advisory: =============================== 19/02/2005 - GLSA 200502-27 Assunto: gFTP: Directory traversal vulnerability. http://www.security.unicamp.br/docs/bugs/2005/02/v137.txt 18/02/2005 - GLSA 200502-26 Assunto: GProFTPD: gprostats format string vulnerability. http://www.security.unicamp.br/docs/bugs/2005/02/v136.txt 18/02/2005 - GLSA 200502-25 Assunto: Squid: Denial of Service through DNS responses. http://www.security.unicamp.br/docs/bugs/2005/02/v135.txt 17/02/2005 - GLSA 200502-24 Assunto: Midnight Commander: Multiple vulnerabilities. http://www.security.unicamp.br/docs/bugs/2005/02/v134.txt Mandrakelinux Security Update Advisory: ======================================= 17/02/2005 - MDKSA-2005:044 Assunto: vulnerabilidade de seguranca no pacote tetex. http://www.security.unicamp.br/docs/bugs/2005/02/v127.txt 17/02/2005 - MDKSA-2005:043 Assunto: vulnerabilidade de seguranca no pacote xpdf. http://www.security.unicamp.br/docs/bugs/2005/02/v126.txt 17/02/2005 - MDKSA-2005:042 Assunto: vulnerabilidade de seguranca no pacote gpdf. http://www.security.unicamp.br/docs/bugs/2005/02/v125.txt 17/02/2005 - MDKSA-2005:041 Assunto: vulnerabilidade de seguranca no pacote cups. http://www.security.unicamp.br/docs/bugs/2005/02/v124.txt 17/02/2005 - MDKSA-2005:040 Assunto: vulnerabilidade de seguranca no pacote postgresql. http://www.security.unicamp.br/docs/bugs/2005/02/v123.txt 16/02/2005 - MDKSA-2005:039 Assunto: vulnerabilidade de seguranca no pacote rwho. http://www.security.unicamp.br/docs/bugs/2005/02/v122.txt - -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security at unicamp.br http://www.security.unicamp.br GnuPG Public Key: http://www.security.unicamp.br/security.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFCGitX/UMb1l3gm8IRArjiAKDNkosYOd1Y4SWpIXBdZJPtoj3yvgCgiH8d QQ2iGrC0KLL++jTY1sVW77A= =j6zK -----END PGP SIGNATURE-----