From security em unicamp.br Thu Aug 3 09:30:58 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 3 Aug 2006 09:30:58 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA06-214A -- Apple Mac Products Affected by Multiple Vulnerabilities Message-ID: <20060803123058.GA10615@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA06-214A -- Apple Mac Products Affected by Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Wed, 2 Aug 2006 16:25:53 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-214A Apple Mac Products Affected by Multiple Vulnerabilities Original release date: August 02, 2006 Last revised: -- Source: US-CERT Systems Affected * Apple Mac OS X version 10.3.9 and earlier (Panther) * Apple Mac OS X version 10.4.7 and earlier (Tiger) * Apple Mac OS X Server version 10.3.9 and earlier * Apple Mac OS X Server version 10.4.7 and earlier * Apple Safari web browser * Apple Mail Overview Apple has released Security Update 2006-004 to correct multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser, Mail, and other products. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities include bypass of security restrictions and denial of service. I. Description Apple Security Update 2006-004 resolves a number of vulnerabilities affecting Mac OS X, OS X Server, Safari web browser, Mail, and other products. Further details are available in the individual Vulnerability Notes. This security update addresses vulnerabilities in a range of different components, including the handling of a number of different image file formats, ZIP archive files, and HTML web pages, among others. II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service. III. Solution Install an update Install Apple Security Update 2006-004. This and other updates are available via Apple Update. Workaround Disable "Open 'safe' files after downloading" For additional protection, disable the Safari web browser option to "Open 'safe' files after downloading," as specified in "Securing Your Web Browser." Note that this workaround will not mitigate all of the vulnerabilities described in the Apple Security Update, only those which are exacerbated by the default behavior of the Safari web browser. Appendix A. References * Vulnerability Notes for Apple Security Update 2006-004 - * Securing Your Web Browser - * Apple Security Update 2006-004 - * Mac OS X: Updating your software - _________________________________________________________________ The most recent version of this document can be found at: _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA06-214A Feedback VU#566132" in the subject. _________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: _________________________________________________________________ Revision History August 02, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRNEIu+xOF3G+ig+rAQKbvwf+N6TRnpwqcmrlUfA7k1yuRCLCf3yo854x JVy2Uq7Zs5WEqWK1qusPl3thyUS5JYCZzzPQI6pKq5zOOzyu5dqmHLFzstoZAhaz pMTVX4PmMalFEFQV0o4pOi1/pGgu+2PXN8qo2LjSsFwr6xP9FfBQTI8Jov33cLsb WjQyfxj/J8+nMQnCUlL84p7CuK4TdPRwuMVNMGYb8b9pB3SQ1XJ0EFt4UvO8VNqp J32UCJw+LwSKpcBzjQRpw3ZBUpmFgOkZzLux/SiP8+1cyjmbWxxGjW21EfNExOXS C2UpM+CQmoPMLAhTTPbKWs18qSdwcmeRLTeOW4Ao3oUj0QRD5QCFpA== =RByX -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue Aug 8 15:56:54 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 8 Aug 2006 15:56:54 -0300 Subject: [SECURITY-L] [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released Message-ID: <20060808185654.GB51527@unicamp.br> ----- Forwarded message from "William A. Rowe, Jr." ----- From: "William A. Rowe, Jr." Subject: [S] [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released To: announce em apache.org, announce em httpd.apache.org, dev em httpd.apache.org, bugtraq em securityfocus.com, full-disclosure em lists.grok.org.uk Date: Fri, 28 Jul 2006 09:44:41 -0500 Apache HTTP Server 2.2.3 Released The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of version 2.2.3 of the Apache HTTP Server ("Apache"). This version of Apache is principally a bug and security fix release. The following potential security flaws are addressed; CVE-2006-3747: An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. Depending on the manner in which Apache HTTP Server was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team. This flaw does not affect a default installation of Apache HTTP Server. Users who do not use, or have not enabled, the Rewrite module mod_rewrite are not affected by this issue. This issue only affects installations using a Rewrite rule with the following characteristics: * The RewriteRule allows the attacker to control the initial part of the rewritten URL (for example if the substitution URL starts with $1) * The RewriteRule flags do NOT include any of the following flags: Forbidden (F), Gone (G), or NoEscape (NE). Please note that ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler used to compile Apache HTTP Server has added padding to the stack immediately after the buffer being overwritten, it will not be possible to exploit this issue, and Apache HTTP Server will continue operating normally. The Apache HTTP Server project recommends that all users who have built Apache from source apply the patch or upgrade to the latest level and rebuild. Providers of Apache-based web servers in pre-compiled form will be able to determine if this vulnerability applies to their builds. That determination has no bearing on any other builds of Apache HTTP Server, and Apache HTTP Server users are urged to exercise caution and apply patches or upgrade unless they have specific instructions from the provider of their web server. Statements from vendors can be obtained from the US-CERT vulnerability note for this issue at: http://www.kb.cert.org/vuls/id/395412 The Apache HTTP Server project thanks Mark Dowd of McAfee Avert Labs for the responsible reporting of this vulnerability. We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade. Apache HTTP Server 2.2.3 is available for download from: http://httpd.apache.org/download.cgi Apache 2.2 offers numerous enhancements, improvements, and performance boosts over the 2.0 codebase. For an overview of new features introduced since 2.0 please see: http://httpd.apache.org/docs/2.2/new_features_2_2.html Please see the CHANGES_2.2 file, linked from the download page, for a full list of changes. Apache HTTP Server 1.3.37 and 2.0.59 legacy releases are also available with this security fix. See the appropriate CHANGES from the url above. The Apache HTTP Project developers strongly encourage all users to migrate to Apache 2.2, as only limited maintenance is performed on these legacy versions. This release includes the Apache Portable Runtime (APR) version 1.2.7 bundled with the tar and zip distributions. The APR libraries libapr, libaprutil, and (on Win32) libapriconv must all be updated to ensure binary compatibility and address many known platform bugs. This release builds on and extends the Apache 2.0 API. Modules written for Apache 2.0 will need to be recompiled in order to run with Apache 2.2, but no substantial reworking should be necessary. http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING When upgrading or installing this version of Apache, please bear in mind that if you intend to use Apache with one of the threaded MPMs, you must ensure that any modules you will be using (and the libraries they depend on) are thread-safe. ----- End forwarded message ----- From security em unicamp.br Tue Aug 8 15:56:17 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 8 Aug 2006 15:56:17 -0300 Subject: [SECURITY-L] [certbr-anuncios] Inscricoes Abertas: Cursos Fundamentals e Advanced Incident Handling Message-ID: <20060808185617.GA51527@unicamp.br> ----- Forwarded message from "CERT.br" ----- From: "CERT.br" Subject: [certbr-anuncios] Inscricoes Abertas: Cursos Fundamentals e Advanced Incident Handling To: certbr-anuncios em listas.cert.br Date: Fri, 21 Jul 2006 18:46:36 -0300 Organization: Computer Emergency Response Team Brazil Estão abertas as inscrições para os seguintes cursos do CERT.br: * Fundamentals of Incident Handling Turma de 23 a 27 de outubro de 2006; * Advanced Incident Handling for Technical Staff 27 de novembro a 01 de dezembro de 2006. Informações detalhadas e os formulários de inscrição podem ser obtidos na página: Inscrições nos Cursos do CERT/CC ministrados pelo CERT.br http://www.cert.br/cursos/inscricao/ Atenciosamente, CERT.br http://www.cert.br/ _______________________________________________ certbr-anuncios mailing list certbr-anuncios em listas.cert.br https://listas.cert.br/mailman/listinfo/certbr-anuncios ----- End forwarded message ----- From security em unicamp.br Wed Aug 9 10:51:18 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Aug 2006 10:51:18 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Windows Explorer (MS06-045) Message-ID: <20060809135118.GD59350@unicamp.br> --------------------------- Mensagem Original ---------------------------- Assunto: CAIS-Alerta: Vulnerabilidade no Windows Explorer (MS06-045) De: "Centro de Atendimento a Incidentes de Seguranca" Data: Ter, Agosto 8, 2006 5:10 pm Para: rnp-alerta em cais.rnp.br rnp-seg em cais.rnp.br -------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS06-045 - Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)", que trata de uma vulnerabilidade identificada no Windows Explorer capaz de ser explorada remotamente permitindo o controle completo do sistema atacado. A vulnerabilidade deriva de uma falha no Windows ao lidar com eventos de "Drag and Drop". Para ser explorada esta vulnerabilidade precisa da interacao do usuario que e' solicitado a acessar um arquivo compartilhado. Cabe alertar que ja' foram divulgadas provas de conceito que exploram esta falha. Sistemas afetados: . Microsoft Windows 2000 Service Pack 4 . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP Professional x64 Edition . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 Service Pack 1 . Microsoft Windows Server 2003 para sistemas Itanium . Microsoft Windows Server 2003 com SP1 para sistemas Itanium . Microsoft Windows Server 2003 x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=38cee83e-b17a-4c08-90ce-fb836b9615ad . Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=6ef68858-4c91-47fb-ae34-0be556f10ede . Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=6ef68858-4c91-47fb-ae34-0be556f10ede . Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=50935f4e-e383-493e-97c6-599cbb2b87cc . Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=759435a3-98f9-4115-b52e-d7fa9d024f16 . Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=759435a3-98f9-4115-b52e-d7fa9d024f16 . Microsoft Windows Server 2003 para sistemas Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=462131c6-a728-4b3c-94de-85deccc42c3e . Microsoft Windows Server 2003 com SP1 para sistemas Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=462131c6-a728-4b3c-94de-85deccc42c3e . Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=50eef5c5-861d-4802-85a2-6b0627aafc2a Mais informacoes: . MS06-045 - Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) http://www.microsoft.com/technet/security/bulletin/ms06-045.mspx . Internet Explorer Information Disclosure and HTA Application Execution http://secunia.com/advisories/20825 . Microsoft Internet Explorer Information Disclosure and HTA File Execution Vulnerabilities http://www.frsirt.com/english/advisories/2006/2553 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CVE-2006-3281 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iQCVAwUBRNjvoekli63F4U8VAQJTbAP9Evqla2NDy49PRZOClE40hyoeuEd2rsPk NThu47P8pdEOw98oxmvz0u3uwXv9iBjOaMEsZaIs0W61u+moLA5kuELz187uV5cX vOh6e9M3yC0v4mEMwGeWv4mzX+8iD0knue23CV0h+1Ollo3qwsYcZLfZ/WfF6Ife Ga/d6+ZFKNY= =iE68 -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Aug 9 10:52:26 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Aug 2006 10:52:26 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft Windows (MS06-043) Message-ID: <20060809135226.GF59350@unicamp.br> --------------------------- Mensagem Original ---------------------------- Assunto: CAIS-Alerta: Vulnerabilidade no Microsoft Windows (MS06-043) De: "Centro de Atendimento a Incidentes de Seguranca" Data: Ter, Agosto 8, 2006 5:06 pm Para: rnp-alerta em cais.rnp.br rnp-seg em cais.rnp.br -------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS06-043 - Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)", que trata de uma vulnerabilidade recem-descoberta no Microsoft Windows. A vulnerabilidade existe devido ao tratamento incorreto dado ao protocolo MHTML, o que pode permitir a execucao remota de codigo no sistema afetado. Um atacante poderia explorar esta vulnerabilidade construindo uma pagina web ou um e-mail em HTML especialmente preparados, que caso fosse visitada pelo usuario ou o mesmo clicasse em um link dentro da mensagem de e-mail, poderia levar `a execucao remota de codigo no sistema afetado. Caso o usuario esteja registrado no sistema com privilegios administrativos, um atacante que executasse o ataque com sucesso poderia obter o controle completo sobre o sistema afetado. Usuarios com contas configuradas com menos privilegios no sistema podem ser menos afetados do que os que utilizam contas com privilegios totais. O protocolo MHTML e' uma extensao do protocolo HTML, utilizado na insercao de objetos como imagens em um documento HTML. Sistemas afetados: . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP Professional x64 Edition . Microsoft Windows Server 2003 Service Pack 1 . Microsoft Windows Server 2003 com SP1 para Sistemas baseados em Itanium . Microsoft Windows Server 2003 x64 Edition Componentes afetados: . Outlook Express 6 instalado em Microsoft Windows XP Service Pack 2 . Outlook Express 6 instalado em Microsoft Windows XP Professional x64 Edition . Outlook Express 6 instalado em Microsoft Windows Server 2003 Service Pack 1 . Outlook Express 6 instalado em Microsoft Windows Server 2003 com SP1 para Sistemas baseados em Itaninum . Outlook Express 6 instalado em Microsoft Windows Server 2003 x64 Edition Sistemas nao afetados: . Microsoft Windows 2000 Service Pack 4 . Microsoft Windows XP Service Pack 1 . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 para Sistemas baseados em Itaninum Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em : Componentes afetados: . Outlook Express 6 instalado em Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=c9037cdb-3a57-4db7-aa0d-5ad28730303a . Outlook Express 6 instalado em Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?familyid=71f09617-d3cd-45fb-a09b-a9025c1d3f47 . Outlook Express 6 instalado em Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=0c7e507f-2a42-49b5-82b2-84a6ec40b895 . Outlook Express 6 instalado em Microsoft Windows Server 2003 com SP1 para Sistemas baseados em Itaninum http://www.microsoft.com/downloads/details.aspx?familyid=8f062b1c-7b93-4cb2-835a-b58ba29435f2 . Outlook Express 6 instalado em Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=2aa6b4d1-a6eb-425b-ab7e-6cc27124a59e Mais informacoes: . MS06-043 - Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214) http://www.microsoft.com/technet/security/bulletin/ms06-043.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CVE-2006-2766 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. O CAIS Alerta tambem e' oferecido no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iQCVAwUBRNjuvekli63F4U8VAQI/SgQAxMEUoWUJZBzLHecBBZbR1pGAobCRjdj2 8qheH3EzE7a8eRCm84elhU2GpBx5BV3Mhr4zdYBnayiteIqQ0ZAzxdN1g3uCTvIF G8Q50qzfLHC/x2cFKAugl9yaRODgOqRhuXLeUz/4IC8iHQQzBFgJvYvnbO4saBLi Yq4Fg9BMRl8= =UjGb -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Aug 9 10:49:44 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Aug 2006 10:49:44 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidades no Microsoft Windows Hyperlink Object Library (MS06-050) Message-ID: <20060809134944.GA59350@unicamp.br> --------------------------- Mensagem Original ---------------------------- Assunto: CAIS-Alerta: Vulnerabilidades no Microsoft Windows Hyperlink Object Library (MS06-050) De: "Centro de Atendimento a Incidentes de Seguranca" Data: Ter, Agosto 8, 2006 5:22 pm Para: rnp-alerta em cais.rnp.br rnp-seg em cais.rnp.br -------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS06-050 - Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)", que trata de duas vulnerabilidades presentes na biblioteca Hyperlink Object, capazes de permitir a execucao remota de codigo no sistema afetado. A biblioteca Hyperlink Object contem funcoes para auxiliar o desenvolvedor a manusear hyperlinks em documentos HTML. Uma vulnerabilidade na forma como os hyperlinks em um documento sao manuseados pela biblioteca pode permitir `a um atacante executar remotamente codigo malicioso no sistema vulneravel. Para conseguir isto, o atacante deve convencer o usuario a clicar em um link especialmente construido. Sistemas afetados: . Microsoft Windows 2000 Service Pack 4 . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP Professional x64 Edition . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 Service Pack 1 . Microsoft Windows Server 2003 para sistemas baseados em Itanium . Microsoft Windows Server 2003 com SP1 para sistemas baseados em Itanium . Microsoft Windows Server 2003 x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=bfe3f869-08be-4f13-97a1-7274ad44c7fb . Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=2d014bac-f03d-474a-a7ab-49e8ead8edb0 . Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=2d014bac-f03d-474a-a7ab-49e8ead8edb0 . Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=cae094e4-64a0-4577-986b-4d6c131806d9 . Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=21d1e864-4517-4353-8477-b4cd3c6187c0 . Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=21d1e864-4517-4353-8477-b4cd3c6187c0 . Microsoft Windows Server 2003 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=bc60b6c3-ada8-48ab-a63d-b2f1c9320b0d . Microsoft Windows Server 2003 com SP1 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=bc60b6c3-ada8-48ab-a63d-b2f1c9320b0d . Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=9d2ba5d1-6f91-47b4-8cc1-dcd44baaa6ce Mais informacoes: . MS06-050 - Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670) http://www.microsoft.com/technet/security/bulletin/ms06-050.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CVE-2006-3086, CVE-2006-3438 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iQCVAwUBRNjypOkli63F4U8VAQLWOQQAhPH10JPB7QfDwejlz/pNoLLVyGJt0ZGE a0qjMogLWd35mX7a3Gs1cBZL9mxOziaRbB/yuuE/3XgUNINAn4x2r9eY5Jcfp0jU RNOy5i8onu6+ZRfjBLZec7it3rTNMUxvvdANn7b7LDgxABOBXz8WxqaQhxY+nU+K EYLSl4zZ3mA= =TZIv -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Aug 9 10:55:01 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Aug 2006 10:55:01 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidades no Microsoft Office (MS06-048) Message-ID: <20060809135457.GK59350@unicamp.br> --------------------------- Mensagem Original ---------------------------- Assunto: CAIS-Alerta: Vulnerabilidades no Microsoft Office (MS06-048) De: "Centro de Atendimento a Incidentes de Seguranca" Data: Ter, Agosto 8, 2006 5:17 pm Para: rnp-alerta em cais.rnp.br rnp-seg em cais.rnp.br -------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS06-048 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)", que trata de duas vulnerabilidades identificadas no componente PowerPoint do Microsoft Office e que podem ser exploradas remotamente permitindo o controle completo do sistema atacado. As vulnerabilidades, capazes de permitir a execucao remota de codigo no sistema afetado, podem ser exploradas caso um arquivo malicioso especialmente preparado seja aberto pelo PowerPoint. Tal documento pode estar presente em um anexo a um e-mail ou mesmo armazenado em um site na Internet. Conforme informacoes divulgadas, uma das vulnerabilidades foi identificada em arquivos PowerPoint que estavam sendo distribuidos na Internet. Sistemas afetados: . PowerPoint 2000 componente do Microsoft Office 2000 Service Pack 3 . PowerPoint 2002 componente do Microsoft Office XP Service Pack 3 . PowerPoint 2003 componente do Microsoft Office 2003 Service Pack 1 . PowerPoint 2003 componente do Microsoft Office 2003 Service Pack 2 . PowerPoint 2004 componente do Microsoft Office 2004 para Mac . PowerPoint 2004 v. X componente do Microsoft Office v. X para Mac Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . PowerPoint 2000 componente do Microsoft Office 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=B7B5615B-7C20-4C49-892F-7F4CCC2D6006 . PowerPoint 2002 componente do Microsoft Office XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=A9C7E43B-A0A6-4C81-87ED-3F4DED78EAEA . PowerPoint 2003 componente do Microsoft Office 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=DE1CB2A7-5D4C-44B8-BC40-7E0A88CC3081 . PowerPoint 2003 componente do Microsoft Office 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=DE1CB2A7-5D4C-44B8-BC40-7E0A88CC3081 . PowerPoint 2004 componente do Microsoft Office 2004 para Mac http://www.microsoft.com/mac . PowerPoint 2004 v. X componente do Microsoft Office v. X para Mac http://www.microsoft.com/mac Mais informacoes: . MS06-048 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968) http://www.microsoft.com/technet/security/bulletin/ms06-048.mspx . Microsoft PowerPoint Unspecified Code Execution Vulnerability http://secunia.com/advisories/21040 . Microsoft PowerPoint unspecified mso.dll code execution http://xforce.iss.net/xforce/xfdb/27740 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CVE-2006-3590, CVE-2006-3449 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iQCVAwUBRNjxe+kli63F4U8VAQLo6AQAkcrHpIWjZVHcQPYZkE1kZDkp2kWKdpoF dtyqLYEvjS4+Xn5+uqxnVZfjmJGUmkJ2ufq7Gn/2147fnRqqRLrXNl8HShLOGiBb 30JuQ1PDLT0LozdxdRLvYdcPgOaHqUup+tIeTJ27CBb+jjgw0oTlaQyYYBR0bmcp kCLTJMarF1E= =EepE -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Aug 9 10:54:26 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Aug 2006 10:54:26 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Kernel do Windows (MS06-049) Message-ID: <20060809135426.GJ59350@unicamp.br> --------------------------- Mensagem Original ---------------------------- Assunto: CAIS-Alerta: Vulnerabilidade no Kernel do Windows (MS06-049) De: "Centro de Atendimento a Incidentes de Seguranca" Data: Ter, Agosto 8, 2006 5:19 pm Para: rnp-alerta em cais.rnp.br rnp-seg em cais.rnp.br -------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS06-049 - Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)", que trata de uma vulnerabilidade recem-descoberta no Kernel do Windows. Uma vulnerabilidade de elevacao de privilegios existe no Windows devido `a nao checagem de um buffer (area de armazenamento de dados) no Kernel do sistema, capaz de permitir que um usuario comum obtenha o controle completo sobre o sistema afetado. Entretanto, para explorar esta vulnerabilidade, o atacante teria que estar registrado no sistema e assim executar o codigo malicioso apropriado. O Kernel e' a parte principal de um sistema operacional, responsavel pela alocacao de recursos, pelo acesso ao hardware, pela seguranca e estabelecimento de privilegios aos usuarios do sistema, entre outros. Sistemas afetados: . Microsoft Windows 2000 Service Pack 4 Sistemas nao afetados: . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP Professional x64 Edition . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 Service Pack 1 . Microsoft Windows Server 2003 para Sistemas baseados em Itanium . Microsoft Windows Server 2003 com SP1 para Sistemas baseados em Itanium . Microsoft Windows Server 2003 x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em : . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=08806182-6a26-4663-91ea-179817350a91 Mais informacoes: . MS06-049 - Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958) http://www.microsoft.com/technet/security/bulletin/ms06-049.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CVE-2006-3444 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. O CAIS Alerta tambem e' oferecido no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iQCVAwUBRNjx7+kli63F4U8VAQLD2AP/W/iFBqs9dwWwTXuM8j95MKhRHZp4sozn v7fVlG3rxCEYJCkxAFcGieLvu7cCYF830liB7SVAYmPBvTQvPoRK5naU1UjSED4U r+Yie+Oehz4wdBSMQUg8t1N/SNISXgWzES+Us16dXqwGop7CldNuzGvMZLo9Mh59 uMTjeDR+EI4= =fCZf -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Aug 9 10:53:59 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Aug 2006 10:53:59 -0300 Subject: [SECURITY-L] CAIS-Alerta: Correcoes acumulativas para o Internet Explorer (MS06-042) Message-ID: <20060809135359.GI59350@unicamp.br> --------------------------- Mensagem Original ---------------------------- Assunto: CAIS-Alerta: Correcoes acumulativas para o Internet Explorer (MS06-042) De: "Centro de Atendimento a Incidentes de Seguranca" Data: Ter, Agosto 8, 2006 5:02 pm Para: rnp-alerta em cais.rnp.br rnp-seg em cais.rnp.br -------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS06-042 - Cumulative Security Update for Internet Explorer (918899)", que trata de oito vulnerabilidades identificadas no Microsoft Internet Explorer e que podem ser exploradas permitindo desde a divulgacao de informacoes pessoais ate' o controle completo do sistema atacado. O CAIS gostaria de reforcar a importancia da aplicacao das correcoes nos sistemas, uma vez que ja' existem relatos sobre a circulacao de codigo malicioso capaz de explorar as vulnerabilidades mencionadas. Sistemas afetados: . Microsoft Windows 2000 Service Pack 4 . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP Professional x64 Edition . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 Service Pack 1 . Microsoft Windows Server 2003 para sistemas Itanium . Microsoft Windows Server 2003 com SP1 para sistemas Itanium . Microsoft Windows Server 2003 x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Internet Explorer 5.01 Service Pack 4 executado em Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=0DE3F143-19A6-4F22-B53B-B6A7DA33DAF4 . Internet Explorer 6 executado em Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=B5F17679-3AA5-4D66-A81E-F990FD0B48D2 . Internet Explorer 6 executado em Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=B5F17679-3AA5-4D66-A81E-F990FD0B48D2 . Internet Explorer 6 executado em Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=CDB85BCA-0C17-44AA-B74E-F01B5392BB31 . Internet Explorer 6 executado em Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=0CE7F66D-4D83-4090-A034-9BBE286D96FA . Internet Explorer 6 executado em Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=20288DA2-A308-45C6-BD80-C68C997529BD . Internet Explorer 6 executado em Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=20288DA2-A308-45C6-BD80-C68C997529BD . Internet Explorer 6 executado em Microsoft Windows Server 2003 para sistemas Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=663F1E83-BDC0-4EC6-A263-398E7222C9B5 . Internet Explorer 6 executado em Microsoft Windows Server 2003 com SP1 para sistemas Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=663F1E83-BDC0-4EC6-A263-398E7222C9B5 . Internet Explorer 6 executado em Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=5C2A23AC-3F2E-4BEC-BE16-4B45B44C6346 Mais informacoes: . MS06-042 - Cumulative Security Update for Internet Explorer (918899) http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CVE-2006-3280, CVE-2006-3450, CVE-2006-3451, CVE-2006-3637, CVE-2006-3638, CVE-2006-3639, CVE-2006-3640, CVE-2004-1166 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iQCVAwUBRNjt+ukli63F4U8VAQIfRgP/eAT/whgACkqBS+ncDKvBqMxMXdve7PaY mKY7mrQ8OedmNG9Wetv+ZrFzaUpxkrNSxspHfP1CVUevmqig7tCAZfT5l/NBBsQJ 01waN9UooMbLXLCuE1HZ5Cahir5sNrhgyT9uUNWYsltZkluRvZ8uWnq3XAXMtymP gPoKez22QO8= =KZLV -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Aug 9 10:52:50 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Aug 2006 10:52:50 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft Visual Basic for Applications (MS06-047) Message-ID: <20060809135250.GG59350@unicamp.br> --------------------------- Mensagem Original ---------------------------- Assunto: CAIS-Alerta: Vulnerabilidade no Microsoft Visual Basic for Applications (MS06-047) De: "Centro de Atendimento a Incidentes de Seguranca" Data: Ter, Agosto 8, 2006 5:15 pm Para: rnp-alerta em cais.rnp.br rnp-seg em cais.rnp.br -------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS06-047 - Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)", que trata de uma vulnerabilidade presente no Microsoft Visual Basic for Applications, capaz de permitir a execucao remota de codigo no sistema afetado. O Microsoft Visual Basic for Applications (VBA) é uma tecnologia de desenvolvimento de aplicacoes que permite a integracao entre diferentes sistemas e dados. Uma vulnerabilidade na forma como o VBA trata as informacoes sobre o documento, passadas pela aplicacao, pode permitir a execucao de codigo malicioso no sistema afetado. Para explorar esta vulnerabilidade, um atacante precisa forcar um usuario a abrir um documento especialmente montado que utilize as facilidades do VBA. Exemplos de documento que podem ser utilizados para explorar a vulnerabilidade sao documentos Word, Excel, Powerpoint, e-mails em HTML, entre outros. Sistemas afetados: . Microsoft Office 2000 Service Pack 3 . Microsoft Project 2000 Service Release 1 . Microsoft Access 2000 Runtime Service Pack 3 . Microsoft Office XP Service Pack 3 . Microsoft Project 2002 Service Pack 1 . Microsoft Visio 2002 Service Pack 2 . Microsoft Works Suite 2004 . Microsoft Works Suite 2005 . Microsoft Works Suite 2006 . Microsoft Visual Basic for Applications SDK 6.0 . Microsoft Visual Basic for Applications SDK 6.2 . Microsoft Visual Basic for Applications SDK 6.3 . Microsoft Visual Basic for Applications SDK 6.4 Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Office 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=837A4FA9-FABC-4119-9AAF-2C8663029D2B . Microsoft Project 2000 Service Release 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=744DD25D-B9A7-4E30-B64E-1C9BB0F87D90 . Microsoft Access 2000 Runtime Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=ED5A8C40-C592-4299-AFB2-5F0F6E2B1DCD . Microsoft Office XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C . Microsoft Project 2002 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=62EF50AA-6061-4185-9713-F8C31B195103 . Microsoft Visio 2002 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=43525B6A-58B7-49C7-88D8-4983D1614A96 . Microsoft Works Suite 2004 http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C . Microsoft Works Suite 2005 http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C . Microsoft Works Suite 2006 http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C . Microsoft Visual Basic for Applications SDK 6.0 http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 . Microsoft Visual Basic for Applications SDK 6.2 http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 . Microsoft Visual Basic for Applications SDK 6.3 http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 . Microsoft Visual Basic for Applications SDK 6.4 http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 Mais informacoes: . MS06-047 - Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645) http://www.microsoft.com/technet/security/bulletin/ms06-047.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CVE-2006-3649 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iQCVAwUBRNjw7ukli63F4U8VAQI3ewQAuZL6JlxjHs0JPb1Y7ky8bEQ091Zqcelb o4l61FoYVyQh9LAfYyyhT7P6pmxITxJ+g3N+yfecIRj2wqrFaGQVU8LWqLJ0CK9X eFwwevBsPwN1VNwYpJO0Q75k5I5B1kiFu16eP/VsEc9cG6ZKWGXRdyRv1hMF3xXC RMDVCVUZpFw=fq5H -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Aug 9 10:50:50 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Aug 2006 10:50:50 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidades no Kernel do Windows (MS06-051) Message-ID: <20060809135050.GC59350@unicamp.br> --------------------------- Mensagem Original ---------------------------- Assunto: CAIS-Alerta: Vulnerabilidades no Kernel do Windows (MS06-051) De: "Centro de Atendimento a Incidentes de Seguranca" Data: Ter, Agosto 8, 2006 5:28 pm Para: rnp-alerta em cais.rnp.br rnp-seg em cais.rnp.br -------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS06-051 - Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)", que trata de duas vulnerabilidades identificadas no Kernel do Microsoft Windows e que podem ser exploradas remotamente, permitindo o controle completo do sistema atacado. A primeira vulnerabilidade esta' relacionada com a forma que o Windows 2000 inicia as aplicacoes, permitindo que um usuario registrado no sistema escale privilegios e tome controle total do sistema afetado. A segunda vulnerabilidade ocorre pela forma que o Windows lida com excecoes de multiplas aplicacoes que estao residentes em memoria. Sistemas afetados: . Microsoft Windows 2000 Service Pack 4 . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP Professional x64 Edition . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 Service Pack 1 . Microsoft Windows Server 2003 para sistemas Itanium . Microsoft Windows Server 2003 com SP1 para sistemas Itanium . Microsoft Windows Server 2003 x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=83e0c6fb-a542-463a-88fd-dc388605a8ae . Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=71e96afc-bc4d-4666-998b-49857007e539 . Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=71e96afc-bc4d-4666-998b-49857007e539 . Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=a6fe5b95-11d1-42cd-995c-c8cef8a27aef . Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=7d0f888b-df35-40df-baff-0bae2b921aef . Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=7d0f888b-df35-40df-baff-0bae2b921aef . Microsoft Windows Server 2003 para sistemas Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=df365b0b-f97f-4df1-9105-d81b68a110eb . Microsoft Windows Server 2003 com SP1 para sistemas Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=df365b0b-f97f-4df1-9105-d81b68a110eb . Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=3f750ad5-5bfb-4421-a316-ae66f0557eac Mais informacoes: . MS06-051 - Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422) http://www.microsoft.com/technet/security/bulletin/ms06-051.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CVE-2006-3443, CVE-2006-3648 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iQCVAwUBRNjz2ukli63F4U8VAQIcfQQAvtfbj9fKKCZ6oFFPkjCMxH43SogZsekk nK1FO9PtzNyGEd1UTQGRi9itp6PXr7q6ns+2G+j87nQGMQn4IV0lo2gB14005pcw K1bsps8jMtceFErnjouXxmbTA9fBlY7JKX38jTuVPXJ498k19zTWCgQVynEKVKPv SlazoepSZwo= =H4Oa -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Aug 9 09:21:59 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Aug 2006 09:21:59 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA06-220A -- Microsoft Windows, Office, and Internet Explorer Vulnerabilities Message-ID: <20060809122158.GA59216@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA06-220A -- Microsoft Windows, Office, and Internet Explorer Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 8 Aug 2006 17:07:13 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-220A Microsoft Windows, Office, and Internet Explorer Vulnerabilities Original release date: August 08, 2006 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Office (Windows and Mac) * Microsoft Internet Explorer Overview Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Note that one of the updates released today addresses a critical vulnerability in the Microsoft Server Service (MS06-040). We have received reports that this vulnerability is actively being exploited. The most recent version of this document can be found at: I. Description Microsoft Security Bulletin Summary for August 2006 addresses vulnerabilities in Microsoft products including Windows, Office, and Internet Explorer. One of the updates released today addresses a critical vulnerability in the Microsoft Server Service (MS06-040). More details are available in Vulnerability Note VU#650769. Note that we have received reports that VU#650769 is actively being exploited. II. Impact A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system. An attacker may also be able to cause a denial of service. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the Security Bulletins released on August 8, 2006. When prioritizing, it is strongly encouraged that the update for VU#650769 be applied first. Updates for Microsoft Windows and Microsoft Office XP and later are available on the Microsoft Update site. Microsoft Office 2000 updates are available on the Microsoft Office Update site. Apple Mac OS X users should obtain updates from the Mactopia web site. System administrators may wish to consider using Windows Server Update Services (WSUS). Appendix B. References * Microsoft Security Bulletin Summary for August 2006 - * US-CERT Vulnerability Note VU#650769 - * US-CERT Vulnerability Notes - * Microsoft Update - * Microsoft Office Update - * Mactopia - * Windows Server Update Services - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA06-220A Feedback VU#650769" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History Aug 8, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRNj76+xOF3G+ig+rAQK5wwf/Z1yrHq03IODWL747llDlE6qz4vyg9cYa DZdlRuc7q7kho0fw2lOFXJluuo6V65+n4cWo4ySS5dr+YJLXkr6g8XY/4tR/l/s4 +NJgXN8u8Gd9c3xNSLtpHaPC7ZaIPe092cIuuDV7xV4ktpi3FiAmJ2nAfCEvvaht djnVQ/OHI7Vh1eFHarcqP0p56FKeTph3qGzaP8nNQexArgyoO6wda6oBt+uuJe3k 3rFr6+JkJ+sqgm5v3pnNqboHXkXyywx8jLZK14KMl7pxIVyXMEgpUg4no5PlyQck Ny5N4bXzu4y7RvAS17BLrthFTa0PgBkalRJ8y68uxLvYK3ahKXFfiQ== =h9ZT -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Aug 9 10:53:22 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Aug 2006 10:53:22 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Console de Gerenciamento Microsoft (MS06-044) Message-ID: <20060809135321.GH59350@unicamp.br> --------------------------- Mensagem Original ---------------------------- Assunto: CAIS-Alerta: Vulnerabilidade no Console de Gerenciamento Microsoft (MS06-044) De: "Centro de Atendimento a Incidentes de Seguranca" Data: Ter, Agosto 8, 2006 5:08 pm Para: rnp-alerta em cais.rnp.br rnp-seg em cais.rnp.br -------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS06-044 - Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)", que trata de uma vulnerabilidade presente no Console de Gerenciamento Microsoft, capaz de permitir a execucao remota de codigo no sistema afetado. O Console de Gerenciamento Microsoft e' uma interface de gerenciamento e administracao integrada para plataforma Windows. Uma vulnerabilidade existente nas bibliotecas utilizadas pela ferramenta podem permitir a um atacante executar codigo malicioso inserido em uma pagina HTML especialmente construida. Para que a vulnerabilidade possa ser explorada, o usuario deve ser conduzido a abrir esta pagina. Sistemas afetados: . Microsoft Windows 2000 Service Pack 4 Sistemas nao afetados: . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP Professional x64 Edition . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 Service Pack 1 . Microsoft Windows Server 2003 para sistemas baseados em Itanium . Microsoft Windows Server 2003 com SP1 para sistemas baseados em Itanium . Microsoft Windows Server 2003 x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=87fe4c18-21dc-4d83-a1d8-503b92fdba2b Mais informacoes: . MS06-044 - Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008) http://www.microsoft.com/technet/security/bulletin/ms06-044.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CVE-2006-3643 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iQCVAwUBRNjvP+kli63F4U8VAQLxYwP/f49OzLa4RqSw63pECQzUh2nxP47ssZZk m1xKJxUWLPzLWDL2EzjJRer9vkfmI07hhaw1iMMbKDjHsu5jy3KEdypVnmy2pvCk vRao5v0B23FxvGyIppm2Letwmh7+mc4BVnL1PxUGZyahjBuXdOZRVPdXfT7E00cT dD5Rt4Y5ek4= =YCm1 -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Aug 9 10:50:20 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Aug 2006 10:50:20 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Servico DNS (MS06-041) Message-ID: <20060809135020.GB59350@unicamp.br> --------------------------- Mensagem Original ---------------------------- Assunto: CAIS-Alerta: Vulnerabilidade no Servico DNS (MS06-041) De: "Centro de Atendimento a Incidentes de Seguranca" Data: Ter, Agosto 8, 2006 5:00 pm Para: rnp-alerta em cais.rnp.br rnp-seg em cais.rnp.br -------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS06-041 - Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)", que trata de duas vulnerabilidades presentes no servico de resolucao de nomes DNS, capazes de permitir a execucao remota de codigo no sistema afetado. As vulnerabilidades afetam a API Winsock e o servico Cliente DNS. Ambos servicos sao utilizados pelos aplicativos e pelo sistema operacional para efetuar a resolucao de nomes utilizando o servico DNS. No primeiro caso a vulnerabilidade pode ser explorada convencendo-se o usuario a abrir um arquivo ou visitar um site que force o Windows a executar a funcao vulneravel na biblioteca Winsock. No segundo caso, o atacante deve forcar o computador vulneravel a receber uma resposta do servico DNS, especialmente montada para explorar a vulnerabilidade. Sistemas afetados: . Microsoft Windows 2000 Service Pack 4 . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP Professional x64 Edition . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 Service Pack 1 . Microsoft Windows Server 2003 para sistemas baseados em Itanium . Microsoft Windows Server 2003 com SP1 para sistemas baseados em Itanium . Microsoft Windows Server 2003 x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=144408a7-3011-458a-bc79-49b1658aa25d . Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=c332b95a-2956-406b-9e06-07c5e96b02e3 . Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=c332b95a-2956-406b-9e06-07c5e96b02e3 . Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=1be5310b-1995-4ef9-a462-04da9833f50b . Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=6d027e72-1f94-44de-95f9-f52000a991cc . Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=6d027e72-1f94-44de-95f9-f52000a991cc . Microsoft Windows Server 2003 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=18477016-0b70-4c86-90c7-3535d365b7c1 . Microsoft Windows Server 2003 com SP1 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=18477016-0b70-4c86-90c7-3535d365b7c1 . Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=583b741c-47e2-429d-9d50-44670bb2f452 Mais informacoes: . MS06-041 - Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683) http://www.microsoft.com/technet/security/bulletin/ms06-041.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CVE-2006-3440, CVE-2006-3441 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iQCVAwUBRNjteOkli63F4U8VAQJIdAP+PxIsKXMleLs2PP1CrXd8fQ4IRHxr16mH R60Mw6+FtvBm1tFv/WRVrvJYWit3gqjIZAkoTVkFXraOqzctMhLQxn6tvz51jtv0 HV5CxWNj2D/qSUSmRrDZrMwFbg6XT6xfTXePuS6OJyrbLRpCfB2Ra7w+xup66vDN lyguVqj6STg= =RgBg -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Aug 9 10:55:35 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Aug 2006 10:55:35 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft HTML Help (MS06-046) Message-ID: <20060809135535.GL59350@unicamp.br> --------------------------- Mensagem Original ---------------------------- Assunto: CAIS-Alerta: Vulnerabilidade no Microsoft HTML Help (MS06-046) De: "Centro de Atendimento a Incidentes de Seguranca" Data: Ter, Agosto 8, 2006 5:13 pm Para: rnp-alerta em cais.rnp.br rnp-seg em cais.rnp.br -------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS06-046 - Vulnerability in HTML Help Could Allow Remote Code Execution (922616)",que trata de uma vulnerabilidade no sistema de ajuda HTML do Microsoft Windows. A vulnerabilidade existe em um buffer (area de armazenamento de dados) utilizado para armazenar uma sequencia de caracteres, dentro do controle ActiveX do sistema de ajuda HTML. Um atacante poderia explorar esta vulnerabilidade construindo uma pagina Web maliciosa potencialmente capaz de permitir a execucao remota de codigo no sistema afetado. Um atacante que conseguisse explorar esta vulnerabilidade com sucesso poderia obter o controle total sobre o sistema afetado. Sistemas afetados: . Microsoft Windows 2000 Service Pack 4 . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP Professional x64 Edition . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 Service Pack 1 . Microsoft Windows Server 2003 para Sistemas baseados em Itanium . Microsoft Windows Server 2003 com SP1 para Sistemas baseados em Itanium . Microsoft Windows Server 2003 x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em : . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=34ebe5d3-40c9-41dc-aaff-64608d3ac7b1 . Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=a6e2cb0a-146f-4300-95cb-7078ce9f9844 . Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=a6e2cb0a-146f-4300-95cb-7078ce9f9844 . Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=997a633a-8836-4c0f-98f9-1fd378de4b0c . Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=5132c3bc-f3af-464e-a615-60f72677bd4b . Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=5132c3bc-f3af-464e-a615-60f72677bd4b . Microsoft Windows Server 2003 para Sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=527cc785-e69e-4ade-aaf7-61f96ac3ca7a . Microsoft Windows Server 2003 com SP1 para Sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=527cc785-e69e-4ade-aaf7-61f96ac3ca7a . Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=fd1253b0-f4db-4808-a381-98ff9870ebb3 Mais informacoes: . MS06-046 - Vulnerability in HTML Help Could Allow Remote Code Execution (922616) http://www.microsoft.com/technet/security/bulletin/ms06-046.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CVE-2006-3357 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. O CAIS Alerta tambem e' oferecido no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iQCVAwUBRNjwcOkli63F4U8VAQIQRQQAk5Ji64i55bqmXio1mE1UxnssLpIHOdV4 YybIMKxiPMxrIfl1Qye4bpToprFfd00Ei9aa6Szd+AEKOcsXdrWevm0odBYUTrjS SkHmFhfAnMUrGripeNFnsysBfCu2hMlJCSDphf6Iw/2uYEogGZFWw78vBk2KhScK JgqZyqyaXwg= =/5Yk -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Aug 9 10:51:47 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Aug 2006 10:51:47 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no servico "Servidor" (MS06-040) Message-ID: <20060809135147.GE59350@unicamp.br> --------------------------- Mensagem Original ---------------------------- Assunto: CAIS-Alerta: Vulnerabilidade no servico "Servidor" (MS06-040) De: "Centro de Atendimento a Incidentes de Seguranca" Data: Ter, Agosto 8, 2006 4:58 pm Para: rnp-alerta em cais.rnp.br rnp-seg em cais.rnp.br -------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prezados, O CAIS esta repassando o alerta da Microsoft, intitulado "MS06-040 - Vulnerability in Server Service Could Allow Remote Code Execution (921883)", que trata de uma vulnerabilidade recem-descoberta no servico "Servidor", presente em sistemas operacionais da familia Windows. A vulnerabilidade existe devido `a nao checagem de um buffer (area de armazenamento de dados) no servico "Servidor", o que pode permitir a execucao remota de codigo no sistema afetado. Caso um atacante consiga explorar esta vulnerabilidade com sucesso, ele podera obter o controle total sobre o sistema afetado. O servico "Servidor" e' um componente do sistema operacional Windows, responsavel pelo compartilhamento de arquivos e impressoras, alem de possuir outras funcionalidades. Sistemas afetados: . Microsoft Windows 2000 Service Pack 4 . Microsoft Windows XP Service Pack 1 . Microsoft Windows XP Service Pack 2 . Microsoft Windows XP Professional x64 Edition . Microsoft Windows Server 2003 . Microsoft Windows Server 2003 Service Pack 1 . Microsoft Windows Server 2003 para Sistemas baseados em Itanium . Microsoft Windows Server 2003 com SP1 para Sistemas baseados em Itanium . Microsoft Windows Server 2003 x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em : . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=3b61153d-359f-4441-a448-24062cb2387c . Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=2996b9b6-03ff-4636-861a-46b3eac7a305 . Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=2996b9b6-03ff-4636-861a-46b3eac7a305 . Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=314c7c2c-9a02-4e56-98cf-97703fecf0be . Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=a0058f39-6dea-4dfc-9dd6-4cb45b305dec . Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=a0058f39-6dea-4dfc-9dd6-4cb45b305dec . Microsoft Windows Server 2003 para Sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=af970833-2044-4284-937d-3beb2e2f286d . Microsoft Windows Server 2003 com SP1 para Sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=af970833-2044-4284-937d-3beb2e2f286d . Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=3b0c1954-fca5-4e95-abb2-6066a9d6bc76 Mais informacoes: . MS06-040 - Vulnerability in Server Service Could Allow Remote Code Execution (921883) http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca Identificador CVE (http://cve.mitre.org): CVE-2006-3439 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. O CAIS Alerta tambem e' oferecido no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iQCVAwUBRNjs1Okli63F4U8VAQJEBgQAjWecvPDII6EyEFU3LP+yil3+VAUtVXYL OgL2LgiNWDXwB3vNc+K2s/ivrujvapQINUt1pVqkmdmxOTpIrqc33jSSLmNuq6Iv WVmEDRvP9vypy05CWZ5U71CVdaCiAtoBA4jkn+WRJK4wrYnBUKOkmTf3fQkCXjJz BazlOtWFnjU= =up0D -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Aug 23 08:59:57 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 23 Aug 2006 08:59:57 -0300 Subject: [SECURITY-L] DIVULGACAO: II SegInfo, SBSeg2006 Message-ID: <20060823115957.GB12429@unicamp.br> ----- Forwarded message from Rodrigo Fernandez ----- From: Rodrigo Fernandez Subject: II SegInfo, SBSeg2006 To: security em unicamp.br Cc: gris em gris.dcc.ufrj.br Date: Tue, 22 Aug 2006 14:34:43 -0300 Organization: GRIS X-Mailer: PHPMailer [version 1.71] X-Mailer: FeLaMiMail version 0.9.5 Caros, Em anexo segue um release sobre o SegInfo (Workshop em segurança da Informação organizado pelo GRIS-DCC-UFRJ) que este ano será realizado dentro do SBSEG2006 (Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais). Este evento será realizado em Santos, São Paulo. Pedimos, se possível, que divulguem este release em listas de discussão via email, site e demais locais em que tenham contato, convidando todos interessados para participarem deste evento. GRATO! Estamos disponiveis para qualquer dúvida e/ou sugestão. Atenciosamente, Rodrigo Fernandez -- ================================================== GRIS-DCC-UFRJ Grupo de Resposta a Incidentes de Segurança (GRIS) Departamento de Ciência da Computação (DCC) Instituto de Matemática (IM) Universidade Federal do Rio de Janeiro (UFRJ) http://www.gris.dcc.ufrj.br Contato:gris em gris.dcc.ufrj.br ================================================== Subject: SBSEG2006, II SegInfo e cursos RNP. SBSEG2006 - Simp?sio Brasileiro em Seguran?a da Informa??o e de Sistemas Computacionais --------------------------------------------------------------------------------------- Est?o abertas as inscri??es para o 6o. Simp?sio Brasileiro de Seguran?a da Informa??o e de Sistemas Computacionais, SBSeg 2006, evento promovido pela SBC e que se realizar? de 28 de agosto a 1 de setembro pr?ximos no Mendes Convention Center, em SANTOS. Esse ano o evento contar? com diversas atividades, como sess?es t?cnicas, palestras de convidados estrangeiros e brasileiros, pain?is de discuss?o, mini-cursos, cursos da RNP (Rede Nacional de Ensino e Pesquisa). Informa??es e inscri??es pelo site http://www.unisantos.br/sbseg2006/ II SegInfo - Workshop de Seguran?a da Informa??o --------------------------------------------------------------------------------------- Est?o abertas tamb?m as inscri??es para o Segundo SegInfo ? Workshop de Seguran?a da Informa??o ? que acontece este ano juntamente ao SBSEG 2006 ? Simp?sio Brasileiro em Seguran?a da Informa??o e de Sistemas Computacionais ? da SBC, em Santos, S?o Paulo, entre os dias 29 e 31 de agosto. O SegInfo abre espa?o para a discuss?o do tema Seguran?a da Informa??o nos ?mbitos t?cnico-cient?fico, jur?dico, empresarial e social. J? est?o confirmadas as presen?as dos seguintes palestrantes (em ordem de apresenta??o): Luis Carlos de Almeida Serpa (Pol?cia Federal) Renato Opice Blum (Opice Blum Advogados Associados) Mauricio Gaud?ncio (Cisco Systems) Ivo Peixinho (CAIS/RNP) Marin?s Gomes (Microsoft) Marcio Moreira da Silva (Marinha do Brasil) Guilherme V?nere (CAIS/RNP) Ricardo Kl?ber Martins Galv?o (NARIS/UFRN) Danilo Dias (Banco Central) Wilmar Ant?nio C. Peixoto (TV GLOBO) Francimara Teixeira G. Viotti (Banco do Brasil) Maiores informa??es sobre o evento, palestrantes e suas palestras poder?o ser encontradas no site: www.seginfo.ufrj.br. As inscri??es tamb?m podem ser feitas pela internet. Mais informa??es podem ser encontradas em www.unisantos.br/sbseg2006 O SegInfo ? organizado pelo Grupo de Resposta a Incidentes de Seguran?a do Departamento de Ci?ncia da Computa??o do Instituto de Matem?tica da Universidade Federal do Rio de Janeiro- GRIS, pelo Departamento de Ci?ncia da Computa??o da Universidade Federal do Rio de Janeiro, pelo N?cleo de Computa??o Eletr?nica da Universidade Federal do Rio de Janeiro, pela Universidade Cat?lica de Santos ? Unisantos, pelo Simp?sio Brasileiro em Seguran?a da Informa??o e de Sistemas Computacionais da Sociedade Brasileira de Computa??o e pela Clavis Seguran?a da Informa??o. O SegInfo conta com o patroc?nio do Banco do Brasil e da Cisco Systems, e conta com o apoio do Centro de Atendimento e Tratamento de Incidentes de Seguran?a da Universidade Federal do Rio de Janeiro - Cenatis/UFRJ, e conta com o apoio da Universidade Federal do Rio de Janeiro - UFRJ. Cursos Rede Nacional de Ensino e Pesquisa -RNP ----------------------------------------------------------------------------------------- Est?o tamb?m abertas as inscri??es para o cursos da RNP a serem realizados no SBSeg2006 no dia 29 de agosto de 2006. Os cursos ser?o ministrados pelos analistas de seguran?a do CAIS/RNP, Guilherme V?nere e Ivo Peixinho. T?tulo I: "An?lise Forense em Sistemas Windows" Este curso visa familiarizar o aluno com os conceitos de an?lise forense, e apresentar as v?rias metodologias e ferramentas utilizadas no processo de coleta de evid?ncias. O curso ? eminentemente pr?tico incluindo atividades laboratoriais, com dura??o de 4 horas. T?tulo II: "An?lise de Malware" Curso introdut?rio ao processo de an?lise de c?digo malicioso ("malware"). Os alunos s?o apresentados a um sistema comprometido a fim de identificar a presen?a de arquivos maliciosos e realizar o processo completo de an?lise dos mesmos, incluindo a identifica??o das suas funcionalidades b?sicas. Para tal, dever?o utilizar os conceitos adquiridos no curso de An?lise Forense em Sistemas Windows, previamente ministrado. Mais informa??es poder?o ser encontradas em http://www.unisantos.br/sbseg2006/?arquivo=cursosrnp.php ----- End forwarded message -----