From security em unicamp.br Wed Sep 6 14:42:49 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 6 Sep 2006 14:42:49 -0300 Subject: [SECURITY-L] IMPORTANTE: Bind vulnerable to an assertion failure whtn querying for SIG records Message-ID: <20060906174249.GA12765@unicamp.br> ----- Forwarded message from Nelson Murilo ----- From: Nelson Murilo Subject: [S] Bind vulnerable to an assertion failure whtn querying for SIG records To: seguranca em pangeia.com.br Date: Wed, 6 Sep 2006 12:31:25 -0300 [http://www.isc.org/index.pl?/sw/bind/] Vulnerability Note VU#915404 BIND vulnerable to an assertion failure when querying for SIG records Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. I. Description The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). A flaw exists in the way that some versions of BIND handle DNS Security Extensions (DNSSEC) signed Resource Record Sets (RRsets). The specific impact of this vulnerability is slightly different depending on the type of DNS server involved. For recursive servers, queries for SIG records will trigger a assertion failure if more than one SIG(covered) RRset is returned. For authoritative servers, if a nameserver is serving a RFC 2535 DNSSEC zone and is queried for the SIG records where there are multiple SIG(covered) RRsets (e.g. a zone apex) then the name server daemon will trigger a assertion failure when it tries to construct the response. This vulnerability affects BIND 9.3.x versions 9.3.0, 9.3.1, 9.3.2, 9.3.3b, and 9.3.3rc1 and BIND 9.4.x versions 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6 and 9.4.0b1. II. Impact A remote attacker may be able to cause the name server daemon to crash, thereby causing a denial of service for DNS operations. III. Solution Apply a patch from the vendor Patches have been released in response to this issue. Please see the Systems Affected section of this document. Upgrade Users who compile their own versions of BIND from the original ISC source code are encouraged to upgrade to BIND 9.3.2-P1. Patches for this issue are also included in BIND versions 9.3.3rc2 and 9.4.0b2. Patched versions of the software are available from the BIND download page. Restrict Access Administrators, particularly those who are unable to apply a patch, can limit exposure to this vulnerability by restricting sources that can ask for recursion. Systems Affected Vendor Status Date Updated Apple Computer, Inc. Unknown 23-Aug-2006 BlueCat Networks, Inc. Unknown 23-Aug-2006 Check Point Software Technologies Unknown 23-Aug-2006 Conectiva Inc. Unknown 23-Aug-2006 Cray Inc. Unknown 23-Aug-2006 Debian GNU/Linux Unknown 23-Aug-2006 EMC, Inc. (formerly Data General Corporation) Unknown 23-Aug-2006 Engarde Secure Linux Unknown 23-Aug-2006 F5 Networks, Inc. Unknown 23-Aug-2006 Fedora Project Unknown 23-Aug-2006 FreeBSD, Inc. Unknown 23-Aug-2006 Fujitsu Unknown 23-Aug-2006 Gentoo Linux Unknown 23-Aug-2006 Gnu ADNS Unknown 23-Aug-2006 GNU glibc Unknown 23-Aug-2006 Hewlett-Packard Company Unknown 23-Aug-2006 Hitachi Not Vulnerable 5-Sep-2006 IBM Corporation Unknown 23-Aug-2006 IBM Corporation (zseries) Unknown 23-Aug-2006 IBM eServer Unknown 23-Aug-2006 Immunix Communications, Inc. Unknown 23-Aug-2006 Infoblox Unknown 23-Aug-2006 Ingrian Networks, Inc. Unknown 23-Aug-2006 Internet Software Consortium Vulnerable 6-Sep-2006 Juniper Networks, Inc. Not Vulnerable 5-Sep-2006 Lucent Technologies Unknown 23-Aug-2006 Mandriva, Inc. Unknown 23-Aug-2006 Men & Mice Unknown 23-Aug-2006 Metasolv Software, Inc. Unknown 23-Aug-2006 Microsoft Corporation Unknown 23-Aug-2006 MontaVista Software, Inc. Unknown 23-Aug-2006 NEC Corporation Unknown 23-Aug-2006 NetBSD Unknown 23-Aug-2006 Nokia Unknown 23-Aug-2006 Nortel Networks, Inc. Unknown 23-Aug-2006 Novell, Inc. Unknown 23-Aug-2006 OpenBSD Unknown 23-Aug-2006 Openwall GNU/*/Linux Unknown 23-Aug-2006 QNX, Software Systems, Inc. Unknown 23-Aug-2006 Red Hat, Inc. Unknown 23-Aug-2006 Shadowsupport Unknown 23-Aug-2006 Silicon Graphics, Inc. Unknown 23-Aug-2006 Slackware Linux Inc. Unknown 23-Aug-2006 Sony Corporation Unknown 23-Aug-2006 Sun Microsystems, Inc. Unknown 23-Aug-2006 SUSE Linux Unknown 23-Aug-2006 The SCO Group Unknown 23-Aug-2006 Trustix Secure Linux Unknown 23-Aug-2006 Turbolinux Unknown 23-Aug-2006 Ubuntu Unknown 23-Aug-2006 Unisys Unknown 23-Aug-2006 Wind River Systems, Inc. Unknown 23-Aug-2006 References http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en http://jvn.jp/cert/JVNVU%23915404/index.html http://secunia.com/advisories/21752/ Credit Thanks to Joao Damas of the Internet Software Consortium for reporting this vulnerability. This document was written by Chad R Dougherty. Other Information Date Public 09/05/2006 Date First Published 09/05/2006 03:34:20 PM Date Last Updated 09/06/2006 CERT Advisory CVE Name CVE-2006-4095 Metric 7.83 Document Revision 10 If you have feedback, comments, or additional information about this vulnerability, please send us email. ----- End forwarded message ----- From security em unicamp.br Thu Sep 14 09:00:48 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 14 Sep 2006 09:00:48 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA06-255A -- Microsoft Windows and Publisher Vulnerabilities Message-ID: <20060914120048.GA63252@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA06-255A -- Microsoft Windows and Publisher Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 12 Sep 2006 15:42:18 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-255A Microsoft Windows and Publisher Vulnerabilities Original release date: September 12, 2006 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Publisher Overview Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Microsoft Publisher. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. I. Description Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Publisher as part of the Microsoft Security Bulletin Summary for September 2006. Further information will be available in the following Vulnerability Notes. II. Impact A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system. An attacker may also be able to cause a denial of service. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the September 2006 Security Bulletins. The security bulletins describe any known issues related to the updates. Note any known issues described in the bulletins and test for any potentially adverse affects in your environment. Updates for Microsoft Windows and Microsoft Office XP and later are available on the Microsoft Update site. Microsoft Office 2000 updates are available on the Microsoft Office Update site. System administrators may wish to consider using Windows Server Update Services (WSUS). References * US-CERT Vulnerability Notes for Microsoft September 2006 updates - * Microsoft Security Bulletin Summary for September 2006 - * Microsoft Update - * Microsoft Office Update - * Windows Server Update Services - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA06-255A Feedback VU#406236" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History Sep 12, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRQcLhuxOF3G+ig+rAQKohQf/TA/ls8b3CSMAhtYynnHY38ZLT5M7Cahi YkZHH5ZdoSqaDPa3qsLJfzUxN9qKCp9QMAGT0F2/tZJe8OfipFY8VQBTpzz7c+Pp 9YFF4IFZAKFCAsFyIdAVEmI5KbmcZmErQO8j7131e1rNq2IfkZK4q9eOUxeJ8rXX VT21RBeAHquav2pWL1HKKWcHoMKXry3g4w3tp+AggxU+GieGN0ThKk+Bh3Ed45aZ 0H2LxBIuQzfZ2bYFNVULZHWepqJhH94OaUq6ia8GMJCxsjYEYWeidHLsABFgTndB jF89adkO1ayjH9D73M6pBX1JahLk4D48KNLhwTonibu7vrSFE79P6Q== =pl/O -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Sep 14 09:01:11 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 14 Sep 2006 09:01:11 -0300 Subject: [SECURITY-L] Microsoft Security Bulletin Re-Releases Message-ID: <20060914120111.GB63252@unicamp.br> ----- Forwarded message from Microsoft ----- From: "Microsoft" Subject: Microsoft Security Bulletin Re-Releases To: Date: Tue, 12 Sep 2006 20:37:10 -0700 X-Mailer: Microsoft CDO for Windows 2000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ******************************************************************** Title: Microsoft Security Bulletin Re-Releases Issued: September 12, 2006 ******************************************************************** Summary ======= The following bulletins have undergone a major revision increment. Please see the appropriate bulletin for more details. * MS06-042 * MS06-040 Bulletin Information: ===================== * MS06-042 - http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx - Reason for Revision: This Security Bulletin and Internet Explorer 6 Service Pack 1, Internet Explorer 5.01 Service Pack 4, and Internet Explorer 6 for Microsoft Windows Server 2003 security updates have been re-released to address a vulnerability documented in the Vulnerability Details section as Long URL Buffer Overflow - CVE-2006-3873. Customers using these versions of Internet Explorer should apply the new update immediately. - Originally posted: August 8, 2006 - Updated: September 12, 2006 - Bulletin Severity Rating: Critical - Version: 3.0 * MS06-040 - http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx - Reason for Revision: The update has been revised and re-released for Microsoft Windows 2003 and Microsoft Windows XP Professional x64 Edition to address the issues identified in Microsoft Knowledge Base Article 921883. - Originally posted: August 8, 2006 - Updated: September 12, 2006 - Bulletin Severity Rating: Critical - Version: 2.0 ******************************************************************** Support: ======== Technical support resources can be found at: http://go.microsoft.com/fwlink/?LinkId=21131 International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found at: http://support.microsoft.com/common/international.aspx Microsoft Support Lifecycle for Business and Developer Software =============================================================== The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager. Additional Resources: ===================== * Microsoft has created a free monthly e-mail newsletter containing valuable information to help you protect your network. This newsletter provides practical security tips, topical security guidance, useful resources and links, pointers to helpful community resources, and a forum for you to provide feedback and ask security-related questions. You can sign up for the newsletter at: http://www.microsoft.com/technet/security/secnews/default.mspx * Microsoft has created a free e-mail notification service that serves as a supplement to the Security Notification Service (this e-mail). The Microsoft Security Notification Service: Comprehensive Version. It provides timely notification of any minor changes or revisions to previously released Microsoft Security Bulletins and Security Advisories. This new service provides notifications that are written for IT professionals and contain technical information about the revisions to security bulletins. To register visit the following Web site: http://www.microsoft.com/technet/security/bulletin/notify.mspx * Protect your PC: Microsoft has provided information on how you can help protect your PC at the following locations: http://www.microsoft.com/security/protect/ If you receive an e-mail that claims to be distributing a Microsoft security update, it is a hoax that may be distributing a virus. Microsoft does not distribute security updates through e-mail. You can learn more about Microsoft's software distribution policies here: http://www.microsoft.com/technet/security/topics/policy/swdist.mspx ******************************************************************** THE INFORMATION PROVIDED IN THE THIS EMAIL IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQIVAwUBRQcN0xCvwTv3q93mAQKftRAAq/lJeAUDvpyDsUlgBjx0dAF5MN2bPDGw NJH6X2/ytBMJJEehy+p4IxV1h2Q25RQYeu07MyfLqOFDGxzihteB/JNgyfQFF9w2 Uxsme4gjBHeOVSS0FspEexsLT07QORHJ1MjQByWZGW6idSs43dnpJ99ONA+NveCW CINqZaCChi1pIABsTWUgd2f11LHBfOg07+WTgoELM2BKlaEbtkj8O2WspO2ikmi0 S50VQhw2QHLgBCnyg4VFnZaJqYWOA3qIkwI8NC2ogzadeY1wca5DQdYoRX6TwVpC TwmQQL2aym68uXvLxeqFeRIZ2ik4uFWDX3tIm4+HQPjiozX9D/58DZ4OvHfKtfPH xZxhdX8xE1McvKaYHwjXfAw09apwUoG0SRuZ9UD3cPQWANg4atz1MGNpyI1Th/DE 3bTNGQk8P7EetLjx1jE3BO3nRuVdPS03CJEjI/HeYz/yIHhWss/PZBZFky1cJFwl B14seYmUjq+JF30G58kGVcr5ms5Q9N3Wiyc9JMsDaUKlfbBhW72JsLWEKrn2KfbW UUPJTacXRG+C8d45cYUd+03rJpsSIcc2aKyk7whnKw/lNI3gdy0uXo7pBaMaL/EK 2OQCBFvNAplM4hqCaPXqgjHHd3YpCIXjpvN1t3BPs4F2mrDlG6BkwVk3uBip+fLn cJhSVG08t/I= =bHPM -----END PGP SIGNATURE----- To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at the Microsoft.com web site . You can manage all your Microsoft.com communication preferences at this site. Legal Information . This newsletter was sent by the Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 ----- End forwarded message ----- From security em unicamp.br Thu Sep 14 09:01:36 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 14 Sep 2006 09:01:36 -0300 Subject: [SECURITY-L] Microsoft Security Bulletin Summary for September 12, 2006 Message-ID: <20060914120136.GC63252@unicamp.br> ----- Forwarded message from Microsoft ----- From: "Microsoft" Subject: Microsoft Security Bulletin Summary for September 12, 2006 To: Date: Wed, 13 Sep 2006 00:19:54 -0700 X-Mailer: Microsoft CDO for Windows 2000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ******************************************************************** Title: Microsoft Security Bulletin Summary for September 12, 2006 Issued: September 12, 2006 Version Number: 1.0 Bulletin: http://go.microsoft.com/fwlink/?LinkId= 73525 ******************************************************************** Summary: ======== This advisory contains information about all security updates released this month. It is broken down by security bulletin severity. Critical Security Bulletins =========================== MS06-054 - Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729) - Affected Software: - Office 2000 Service Pack 3 - Publisher 2000 - Office XP Service Pack 3 - Publisher 2002 - Office 2003 Service Pack 1 and/or 2 - Publisher 2003 - Impact: Remote Code Execution - Version Number: 1.0 Important Security Bulletins ============================ MS06-052 - Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007) - Affected Software: - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Impact: Remote Code Execution - Version Number: 1.0 Moderate Security Bulletins =========================== MS06-053 - Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685) - Affected Software: - Windows 2000 Service Pack 4 - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows Server 2003 - Windows Server 2003 for Itanium-based Systems - Windows Server 2003 with SP1 for Itanium-based Systems - Windows Server 2003 x64 Edition - Impact: Information Disclosure - Version Number: 1.0 Update Availability: =================== Updates are available to address these issues. For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=73525 Support: ======== Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates. International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found at: http://support.microsoft.com/common/international.aspx Microsoft Support Lifecycle for Business and Developer Software =============================================================== The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager. Additional Resources: ===================== * Microsoft has created a free monthly e-mail newsletter containing valuable information to help you protect your network. This newsletter provides practical security tips, topical security guidance, useful resources and links, pointers to helpful community resources, and a forum for you to provide feedback and ask security-related questions. You can sign up for the newsletter at: http://www.microsoft.com/technet/security/secnews/default.mspx * Microsoft has created a free e-mail notification service that serves as a supplement to the Security Notification Service (this e-mail). The Microsoft Security Notification Service: Comprehensive Version. It provides timely notification of any minor changes or revisions to previously released Microsoft Security Bulletins and Security Advisories. This new service provides notifications that are written for IT professionals and contain technical information about the revisions to security bulletins. To register visit the following Web site: http://www.microsoft.com/technet/security/bulletin/notify.mspx * Join Microsoft's webcast for a live discussion of the technical details of these security bulletins and steps you can take to protect your environment. Details about the live webcast can be found at: www.microsoft.com/technet/security/bulletin/summary.mspx The on-demand version of the webcast will be available 24 hours after the live webcast at: www.microsoft.com/technet/security/bulletin/summary.mspx * Protect your PC: Microsoft has provided information on how you can help protect your PC at the following locations: http://www.microsoft.com/security/protect/ If you receive an e-mail that claims to be distributing a Microsoft security update, it is a hoax that may be distributing a virus. Microsoft does not distribute security updates through e-mail. You can learn more about Microsoft's software distribution policies here: http://www.microsoft.com/technet/security/topics/policy/swdist.mspx Acknowledgments: ================ Microsoft thanks the following for working with us to protect customers: - - David Warden of NuPaper Inc. for reporting the issue described in MS06-052. - - Eiji James Yoshida for reporting the issue described in MS06-053. - - Stuart Pearson of Computer Terrorism. (http://www.computerterrorism.com/) for reporting the issue described in MS06-054 ******************************************************************** THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQIVAwUBRQcOnhCvwTv3q93mAQKmpg/+OVEtb6SqlDTlS2bdrlsrGKu4QvKSXB+7 zMMA9CwYgBfkqS5h0rQD9jBkshAfTfGjaeOcQA3gGEJdcsBOWPhsg7dSzhomi+pR ND4xexTgOcoZbXbuEUGjp/9coinYsv60My2jSUrUnTnuS+PKrVX0S2oIbdc5q6s7 oHUNQ/flTtFH3RrojwNikjyO3s2Rj7UxIJGhilAu490Z1IqUfTAmCEUk9/68gNY6 Wjgf4naWuyBKGPuDmAtqM/tGtbtVprK6Z1chTHYovLNk/aA7ua0KvWtOCSVcNzen X21mwSkpd2kslws0lMl0IiF37sFnPT2mQpnfB6MAQ0Ezm3usmT1gqaPfJAuUGol3 j3T+7FSlxMwMaZr89Zz/zbxGaaTMC6f1uBcAPF/e1vnqL9fLa27YS7/T/Patt0JF br7IOMAW4fHRBvV93CVFcrQ6tPZpmzpVPrnIy5sEdH3QmFGcDZv+hbIVaMaqtcRL UlWSknqoSEblq5vTr9qVGweTJ7e2YkvBWoJ//1z1lgrGGztubciXB3ICMOcZnr2x cUejJsAN+R6bklNKhku+TIoFSZN7OHPfaAvGTnBffmHv5LHATuG29T08NjMMwpi7 DvpOWwVrfBTqa/eygHHTnHB6n+wN2LG1zrSiKKFULOzZPyyzwsGA3UoVV37jJgbH Z3JZQT+cxSE= =lb8v -----END PGP SIGNATURE----- To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at the Microsoft.com web site . You can manage all your Microsoft.com communication preferences at this site. Legal Information . This newsletter was sent by the Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 ----- End forwarded message ----- From security em unicamp.br Thu Sep 14 09:01:59 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 14 Sep 2006 09:01:59 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA06-256A -- Apple QuickTime Vulnerabilities Message-ID: <20060914120159.GD63252@unicamp.br> ----- Forwarded message from CERT Advisory ----- From: CERT Advisory Subject: US-CERT Technical Cyber Security Alert TA06-256A -- Apple QuickTime Vulnerabilities To: cert-advisory em cert.org Date: Wed, 13 Sep 2006 13:02:41 -0400 Organization: CERT(R) Coordination Center - +1 412-268-7090 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-256A Apple QuickTime Vulnerabilities Original release date: September 13, 2006 Last revised: -- Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows Overview Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. I. Description Apple QuickTime 7.1.3 resolves multiple vulnerabilities in the way different types of image and media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page. Note that QuickTime ships with Apple iTunes. For more information, please refer to the Vulnerability Notes. II. Impact These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or commands and cause a denial-of-service condition. For further information, please see the Vulnerability Notes. III. Solution Upgrade QuickTime Upgrade to QuickTime 7.1.3. This and other updates for Mac OS X are available via Apple Update. Disable QuickTime in your web browser An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document. References * Vulnerability Notes for QuickTime 7.1.3 - * About the security content of the QuickTime 7.1.3 Update - * Apple QuickTime 7.1.3 - * Standalone Apple QuickTime Player - * Mac OS X: Updating your software - * Securing Your Web Browser - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA06-256A Feedback VU#540348" in the subject. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History September 13, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRQg23exOF3G+ig+rAQK7LggAt0RUIz3jewgQYrRYp9bMDBkS61Bvh2OO 8Gp2H472UXA0ucElK/1hAXtPXU2Pmf/EjrCqSImO+srV4i0x5QIFJDo41HtbDo9s FzQC/rmJ3YWl15L+uIjG0S1wxWwH5GyzQj4xaZCMdNLYEN7LVe31ETDsXJ3kEMMa m19M4GLOXAFfmjyGgky4Nux0RJU1UE/0w9pZESOXg+7WXFY8skOZ8YfqBvunjqtE pZa3LWoOcDtP/ORoEn7GY83v/uQqkX8uoAxwe9nuGXbyssvj7BQxDPvnwSWrXzUG R59/r1NA4i/EtYNV1ONW2Pntqc5/vv0OGcs1JFM9tazV3aRbgHfCVg== =nQVd -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Mon Sep 18 09:19:24 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 18 Sep 2006 09:19:24 -0300 Subject: [SECURITY-L] Sandia fingerprinting technique demonstrates wireless device driver vulnerabilities Message-ID: <20060918121923.GA87874@unicamp.br> ----- Forwarded message from Cristine Hoepers ----- From: Cristine Hoepers Subject: [S] Sandia fingerprinting technique demonstrates wireless device driver vulnerabilities To: seguranca em pangeia.com.br Date: Thu, 14 Sep 2006 09:16:25 -0300 [http://www.sandia.gov/news/resources/releases/2006/wireless-fingerprinting.html] NEWS RELEASES FOR IMMEDIATE RELEASE September 12, 2006 Sandia fingerprinting technique demonstrates wireless device driver vulnerabilities LIVERMORE, Calif. -- The next time you're sipping a latte and surfing the Net at your favorite neighborhood wireless caf�, someone just a few seats away could be breaking into your laptop and causing irreparable damage to your computer's operating system by secretly tapping into your network card's unique device driver, researchers at Sandia National Laboratories in have concluded. There is, however, some cheerful news. By role-playing the position of an adversary (also known as red teaming), Sandia researchers have demonstrated a unique "fingerprinting" technique that allows hackers with ill intent to identify a wireless driver without modification to or cooperation from a wireless device. Revealing this technique publicly, Sandia researchers hope, can aid in improving the security of wireless communications for devices that employ 802.11 networking. Sandia is a National Nuclear Security Administration laboratory. Wireless device drivers fraught with vulnerabilities Device drivers, according to Sandia security researcher Jamie Van Randwyk, are becoming a primary source of security holes in modern operating systems. Through a laboratory-directed research grant, Van Randwyk and a team of college interns set out last year to design, implement, and evaluate a technique that has proved capable of passively identifying a wireless driver used by 802.11 wireless devices without specialized equipment and in realistic network conditions. Van Randwyk presented his team's findings last month at the USENIX Security Symposium in Vancouver, B.C. Video and keyboard drivers are generally not exploited because of the difficulty in attaining physical access to those systems, leading some to believe that device drivers are immune to vulnerabilities. However, Van Randwyk points out, physical access is not necessary with some classes of drivers, including wireless cards, Ethernet cards, and modems. "Wireless network drivers, in particular, are easy to interact with and potentially exploit if the attacker is within transmission range of the wireless device," says Van Randwyk. Because the IEEE 802.11 standard is the most common among today's wireless devices, he and his team chose to evaluate the ability of an attacker to launch a driver-specific exploit by first fingerprinting the device driver. Fingerprinting is a process by which a device or the software it is running is identified by its externally observable characteristics. "Passive" approach and "probe request frames" are key The passive approach used by Van Randwyk and his colleagues demonstrates that a fingerprinter (attacker) need only be in relatively close physical proximity of a target (victim) in order to monitor his or her wireless traffic. Anyone within transmission range of a wireless device, therefore, can conceivably fingerprint the device's wireless driver. Reconnaissance of this type is difficult to prevent since the attacker is not transmitting data, making the attack "invisible" and hard to detect. Sandia's fingerprinting technique relies on the fact that computers with wireless configurations actively scan for access points to connect to by periodically sending out "probe request frames," of which there are no standard 802.11 specifications. Consequently, developers have created a multitude of wireless device drivers that each performs the "probe request" function differently than other wireless device drivers. Sandia's fingerprinting technique demonstrates the inherent vulnerabilities in this situation through statistical analysis of the inter-frame timing of transmitted probe requests. Fingerprinting not a new concept Fingerprinting an 802.11 network interface card (NIC) is not a new concept, says Van Randwyk, and many tools exist that can help identify card manufacturers and model numbers via a wireless device's Media Access Control (MAC) address. Sandia's approach, however, is more advantageous in that it fingerprints the device driver, where most exploits rest due to the driver's placement within the operating system. Additionally, the features used by the Sandia passive technique are not a configurable option in any of the drivers tested, unlike the MAC address in most operating systems. Sandia's fingerprinting technique has proven to be highly reliable, achieving an accuracy rate ranging from 77 percent to 96 percent, depending on the network setting. Furthermore, the technique requires that only a few minutes worth of network data be collected, and tests confirm that it can withstand realistic network conditions. The complete research paper prepared by Van Randwyk and his colleagues, "Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting," discusses the technique in detail and can be found here (132KB PDF). ------------------------------------------------------------------------ Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin company, for the U.S. Department of Energy's National Nuclear Security Administration. Sandia has major R&D responsibilities in national security, energy and environmental technologies, and economic competitiveness. Sandia news media contact: Mike Janes, mejanes em sandia.gov, (925) 294-2447 ----- End forwarded message ----- From security em unicamp.br Wed Sep 20 09:34:34 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 20 Sep 2006 09:34:34 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA06-262A -- Microsoft Internet Explorer VML Buffer Overflow Message-ID: <20060920123433.GA98638@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA06-262A -- Microsoft Internet Explorer VML Buffer Overflow To: technical-alerts em us-cert.gov Date: Tue, 19 Sep 2006 18:30:37 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-262A Microsoft Internet Explorer VML Buffer Overflow Original release date: September 19, 2006 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer Overview Microsoft Internet Explorer (IE) fails to properly handle Vector Markup Language (VML) tags. This creates a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code. I. Description Microsoft Internet Explorer contains a stack buffer overflow in code that handles VML. More information is available in Vulnerability Note VU#416092 and Microsoft Security Advisory (925568). Note that this vulnerability is being exploited. II. Impact By convincing a user to open a specially crafted HTML document, such as a web page or HTML email message, a remote attacker could execute arbitrary code with the privileges of the user running IE. III. Solution We are currently unaware of a complete solution to this problem. Until an update is available, consider the following workarounds. Disable VML support in IE Microsoft Security Advisory (925568) suggests the following techinques to disable VML support in IE: * Un-register Vgx.dll on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1 * Modify the Access Control List on Vgx.dll to be more restrictive * Configure Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable Binary and Script Behaviors in the Internet and Local Intranet security zone Disabling VML support may cause web sites that use VML to function improperly. Render email as plain text Microsoft Security Advisory (925568) suggests configuring Microsoft Outlook and Outlook Express to render email messages in plain text format. Do not follow unsolicited links In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting. IV. References * Vulnerability Note VU#416092 - * Securing Your Web Browser- * Microsoft Security Advisory (925568) - * CVE-2006-3866 - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA06-262A Feedback VU#416092" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History Sep 19, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRRBphexOF3G+ig+rAQKjKwf/SqhuYNpSDw7n677sSaIPQArefSWbVZOy oTDVz6Xg9bJ5mMiueAQY+OYDn/kHo3WepBdRjx+Cj36Js+9l2lTF+MO5S3k4AFWW vG8RHLAvpaxCGWAupy8HjMW3MG+1unioJZYd8Xu916RUjgyVq36V0uSsAhaaBv2h oRA7fft30VtTlOQ0TQFd+cJSH7uyfXA31e3tVTzDpclXvskm8Rb5h/KFP56i52ld Uz/SSXPIIoFM0GTMknOSPh32Itp+MJj7ZDKQ2E2GR1GurUC33MObOUeRINrLndfX 9I2bbDcTw5vVnWFWqm45KRZTEvbBXNOXhAtgZmYje2NF4IxxvMiGhw== =I3e8 -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Sep 27 09:36:45 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 27 Sep 2006 09:36:45 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA06-262A -- Microsoft Internet Explorer VML Buffer Overflow (Update) Message-ID: <20060927123645.GB17732@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA06-262A -- Microsoft Internet Explorer VML Buffer Overflow (Update) To: technical-alerts em us-cert.gov Date: Tue, 26 Sep 2006 19:04:47 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-262A Microsoft Internet Explorer VML Buffer Overflow Original release date: September 19, 2006 Last revised: September 26, 2006 Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer Overview Microsoft Internet Explorer (IE) fails to properly handle Vector Markup Language (VML) tags. This creates a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code. I. Description Microsoft Internet Explorer contains a stack buffer overflow in code that handles VML. More information is available in Vulnerability Note VU#416092, Microsoft Security Advisory (925568), and Microsoft Security Bulletin MS06-055. Note that this vulnerability is being exploited. II. Impact By convincing a user to open a specially crafted HTML document, such as a web page or HTML email message, a remote attacker could execute arbitrary code with the privileges of the user running IE. III. Solution Apply update from Microsoft Microsoft has provided an update to correct this vulnerability in Microsoft Security Bulletin MS06-055. This update is available on the Microsoft Update site. System administrators may wish to consider using Windows Server Update Services (WSUS). Disable VML support Microsoft Security Advisory (925568) suggests the following techniques to disable VML support: * Un-register Vgx.dll on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1 * Modify the Access Control List on Vgx.dll to be more restrictive * Configure Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable Binary and Script Behaviors in the Internet and Local Intranet security zone Disabling VML support may cause web sites and applications that use VML to function improperly. Render email as plain text Microsoft Security Advisory (925568) suggests configuring Microsoft Outlook and Outlook Express to render email messages in plain text format. Do not follow unsolicited links In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting. IV. References * Vulnerability Note VU#416092 - * Microsoft Security Bulletin MS06-055- * Microsoft Security Advisory (925568) - * Securing Your Web Browser- * Microsoft Update - * CVE-2006-3866 - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA06-262A Feedback VU#416092" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History September 19, 2006: Initial release September 21, 2006: Fixed misspelling and removed IE-specific language from Solution section September 26, 2006: Added update information and added a reference to Microsoft Update -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRRmv0exOF3G+ig+rAQIdWggAq2T6Bj+3EWc2nlkr4bibfzZ1E9n+rluo +76A1YO0EbV0NjRkj4u12nofUu0XfaGAo/V3R00SjfEYH3OWMky6zyf+PCq7v3NQ tOUCtwo0gzxRZDeTsiOqmMdY57kbfdeJ+lFYF5Tr07IEMB/gmZjkEqiNPLhyJC5w zHc51Jo1Favq3XHw5W0x5wd41jTNjt2BkFz44daNIR244HtraMsgK9tiaod8krnF E8V74cBnTV7Rhhxw+icNANp7CdluriKmh/lemTHU+vKASzpL8QRM18a/Y2zqKL7A p3Jzns5WzWkYDYkCOrwLFbQGWPlUEMHIR+eOmWdgCyKpEG0OW7H0Qg== =xk4s -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Sep 27 09:37:09 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 27 Sep 2006 09:37:09 -0300 Subject: [SECURITY-L] Microsoft Security Bulletin Summary Update for September, 2006 Message-ID: <20060927123707.GC17732@unicamp.br> ----- Forwarded message from Microsoft ----- From: "Microsoft" Subject: Microsoft Security Bulletin Summary Update for September, 2006 To: Date: Tue, 26 Sep 2006 17:03:42 -0700 X-Mailer: Microsoft CDO for Windows 2000 ******************************************************************** Title: Microsoft Security Bulletin Summary for September 26, 2006 Issued: September 26, 2006 Version Number: 2.0 Bulletin: http://go.microsoft.com/fwlink/?LinkId= 73525 ******************************************************************** Summary: ======== This advisory contains information about all security updates released this month. It is broken down by security bulletin severity. Critical Security Bulletins =========================== MS06-054 - Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729) - Affected Software: - Office 2000 Service Pack 3 - Publisher 2000 - Office XP Service Pack 3 - Publisher 2002 - Office 2003 Service Pack 1 and/or 2 - Publisher 2003 - Impact: Remote Code Execution - Version Number: 1.0 MS06-055 - Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486) - Affected Software: - Windows 2000 Service Pack 4 - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows Server 2003 - Windows Server 2003 for Itanium-based Systems - Windows Server 2003 with SP1 for Itanium-based Systems - Windows Server 2003 x64 Edition - Impact: Remote Code Execution - Version Number: 1.0 Important Security Bulletins ============================ MS06-052 - Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007) - Affected Software: - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Impact: Remote Code Execution - Version Number: 1.0 Moderate Security Bulletins =========================== MS06-053 - Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685) - Affected Software: - Windows 2000 Service Pack 4 - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows Server 2003 - Windows Server 2003 for Itanium-based Systems - Windows Server 2003 with SP1 for Itanium-based Systems - Windows Server 2003 x64 Edition - Impact: Information Disclosure - Version Number: 1.0 Update Availability: =================== Updates are available to address these issues. For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=73525 Support: ======== Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates. International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found at: http://support.microsoft.com/common/international.aspx Microsoft Support Lifecycle for Business and Developer Software =============================================================== The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager. Additional Resources: ===================== * Microsoft has created a free monthly e-mail newsletter containing valuable information to help you protect your network. This newsletter provides practical security tips, topical security guidance, useful resources and links, pointers to helpful community resources, and a forum for you to provide feedback and ask security-related questions. You can sign up for the newsletter at: http://www.microsoft.com/technet/security/secnews/default.mspx * Microsoft has created a free e-mail notification service that serves as a supplement to the Security Notification Service (this e-mail). The Microsoft Security Notification Service: Comprehensive Version. It provides timely notification of any minor changes or revisions to previously released Microsoft Security Bulletins and Security Advisories. This new service provides notifications that are written for IT professionals and contain technical information about the revisions to security bulletins. To register visit the following Web site: http://www.microsoft.com/technet/security/bulletin/notify.mspx * Join Microsoft's webcast for a live discussion of the technical details of these security bulletins and steps you can take to protect your environment. Details about the live webcast can be found at: www.microsoft.com/technet/security/bulletin/summary.mspx The on-demand version of the webcast will be available 24 hours after the live webcast at: www.microsoft.com/technet/security/bulletin/summary.mspx * Protect your PC: Microsoft has provided information on how you can help protect your PC at the following locations: http://www.microsoft.com/security/protect/ If you receive an e-mail that claims to be distributing a Microsoft security update, it is a hoax that may be distributing a virus. Microsoft does not distribute security updates through e-mail. You can learn more about Microsoft's software distribution policies here: http://www.microsoft.com/technet/security/topics/policy/swdist.mspx Acknowledgments: ================ Microsoft thanks the following for working with us to protect customers: - David Warden of NuPaper Inc. for reporting the issue described in MS06-052. - Eiji James Yoshida for reporting the issue described in MS06-053. - Stuart Pearson of Computer Terrorism. (http://www.computerterrorism.com/) for reporting the issue described in MS06-054 - ISS X-Force (http://www.iss.net/) for working with us on an issue described in MS06-055. - iDEFENSE (http://www.idefense.com/) for working with us on an issue described in MS06-055. - Dan Hubbard of Websense Security Labs (http://www.websense.com/securitylabs/) for reporting an issue described in MS06-055. ******************************************************************** THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at the Microsoft.com web site . You can manage all your Microsoft.com communication preferences at this site. Legal Information . This newsletter was sent by the Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 ----- End forwarded message ----- From security em unicamp.br Wed Sep 27 09:37:29 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 27 Sep 2006 09:37:29 -0300 Subject: [SECURITY-L] Microsoft Security Bulletin Re-Release Message-ID: <20060927123729.GD17732@unicamp.br> ----- Forwarded message from Microsoft ----- From: "Microsoft" Subject: Microsoft Security Bulletin Re-Release To: Date: Tue, 26 Sep 2006 18:54:55 -0700 X-Mailer: Microsoft CDO for Windows 2000 ******************************************************************** Title: Microsoft Security Bulletin Re-Releases Issued: September 26, 2006 ******************************************************************** Summary ======= The following bulletins have undergone a major revision increment. Please see the appropriate bulletin for more details. * MS06-049 Bulletin Information: ===================== * MS06-049 - http://www.microsoft.com/technet/security/bulletin/ms06-049.mspx - Reason for Revision: The update has been revised and re-released for Microsoft Windows 2000 Service Pack 4 to address issues identified in Microsoft Knowledge Base Article 920958. - Originally posted: August 8, 2006 - Updated: September 26, 2006 - Bulletin Severity Rating: Important - Version: 2.0 ******************************************************************** Support: ======== Technical support resources can be found at: http://go.microsoft.com/fwlink/?LinkId=21131 International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found at: http://support.microsoft.com/common/international.aspx Microsoft Support Lifecycle for Business and Developer Software =============================================================== The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager. Additional Resources: ===================== * Microsoft has created a free monthly e-mail newsletter containing valuable information to help you protect your network. This newsletter provides practical security tips, topical security guidance, useful resources and links, pointers to helpful community resources, and a forum for you to provide feedback and ask security-related questions. You can sign up for the newsletter at: http://www.microsoft.com/technet/security/secnews/default.mspx * Microsoft has created a free e-mail notification service that serves as a supplement to the Security Notification Service (this e-mail). The Microsoft Security Notification Service: Comprehensive Version. It provides timely notification of any minor changes or revisions to previously released Microsoft Security Bulletins and Security Advisories. This new service provides notifications that are written for IT professionals and contain technical information about the revisions to security bulletins. To register visit the following Web site: http://www.microsoft.com/technet/security/bulletin/notify.mspx * Protect your PC: Microsoft has provided information on how you can help protect your PC at the following locations: http://www.microsoft.com/security/protect/ If you receive an e-mail that claims to be distributing a Microsoft security update, it is a hoax that may be distributing a virus. Microsoft does not distribute security updates through e-mail. You can learn more about Microsoft's software distribution policies here: http://www.microsoft.com/technet/security/topics/policy/swdist.mspx ******************************************************************** THE INFORMATION PROVIDED IN THE THIS EMAIL IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at the Microsoft.com web site . You can manage all your Microsoft.com communication preferences at this site. Legal Information . This newsletter was sent by the Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 ----- End forwarded message ----- From security em unicamp.br Thu Sep 28 09:05:47 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 28 Sep 2006 09:05:47 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA06-270A -- Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability Message-ID: <20060928120547.GA29922@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA06-270A -- Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability To: technical-alerts em us-cert.gov Date: Wed, 27 Sep 2006 18:49:22 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-270A Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability Original release date: September 27, 2006 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer Overview The Microsoft Windows WebViewFolderIcon ActiveX control contains an integer overflow vulnerability that could allow a remote attacker to execute arbitrary code. I. Description The Microsoft Windows WebViewFolderIcon ActiveX control contains an integer overflow vulnerability. An attacker could exploit this vulnerability through Microsoft Internet Explorer (IE) or any other application that hosts the WebViewFolderIcon control. More information is available in Vulnerability Note VU#753044. Exploit code for this vulnerability is publicly available. II. Impact By convincing a user to open a specially crafted HTML document, such as a web page or HTML email message, a remote attacker could execute arbitrary code with the privileges of the user who is running the program that hosts the WebViewFolderIcon control. III. Solution Microsoft has not released an update for this vulnerability. Consider the following workarounds and best practices: Disable the WebViewFolderIcon ActiveX control To protect against this specific vulnerability, disable the WebViewFolderIcon control by setting the kill bit for the following CLSID: {844F4806-E8A8-11d2-9652-00C04FC30871} More information about how to set the kill bit is available in Microsoft Support Document 240797. Disable ActiveX To protect against this and other ActiveX and COM vulnerabilities, disable ActiveX in the Internet Zone and any other zone that might be used by an attacker. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document and the Malicious Web Scripts FAQ. Render email as plain text To protect against this and other vulnerabilities that require a victim to load a malicious HTML document, configure email clients to render email as plain text. Do not follow unsolicited links To protect against this and other vulnerabilities that require a victim to load a malicious HTML document, do not follow unsolicited or untrusted links. In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages (IMs), web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting. IV. References * Vulnerability Note VU#753044 - * Securing Your Web Browser - * Malicious Web Scripts FAQ - * CVE-2006-3730 - * Microsoft Support Document 240797 - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA06-270A Feedback VU#753044" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History September 27, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRRr/eexOF3G+ig+rAQIhyAf/fQEq6CeRusvnGxVXAq3DlDtStv2bKOAX aL7ynLjuyiMk6/oqOmzhuY9hu8zLaTXo2O3KhUpt+27KuxSEf+Kc1I9K2d19IP/P vgNxQaqh2wzdW+iXv18c8sYU4SA+bTXdvpQp1oVmJ1oZiyBYrQjSGFxjZ4PJXD5k 02YUoQNk6tWWDvA4Fe3bDhx3J8NqTcht/+mcJkAzL0TmE7bYDE+cNkqLLbQ7BTa6 M8RkH/DMkOM9mSoFIFAszSbTcMJJmH0yM3948+rrL0Wr/rAC4h9pCKMWA8w4k0bp enXfYh2B1utRJs/AZSz83wRGO/DdD5x4xQ0OWsMYDAzGudYr6MycfQ== =2nCt -----END PGP SIGNATURE----- ----- End forwarded message -----