From security em unicamp.br Thu Oct 4 16:03:10 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 4 Oct 2007 16:03:10 -0300 Subject: [SECURITY-L] Inicio do Horario de Verao 2007/2008 (Alerta do CAIS 20070927) Message-ID: <20071004190310.GD58077@unicamp.br> ------------------------------------------------------------------------- Início do Horário de Verão 2007/2008 Alerta do CAIS 20070927 [CAIS, 27.09.2007-17:59] O CAIS gostaria de trazer à atenção de todos que, de acordo com o Decreto 6.212 de 26 de Setembro de 2007, o horário de verão 2007/2008 terá início à zero hora (00:00) do dia 14 de Outubro de 2007, com término à zero hora (00:00) do dia 17 de Fevereiro de 2008. Para tanto, no próximo dia 14 de Outubro, será preciso adiantar os relógios em 1 hora nos estados que participam do horário de verão. São eles: * Rio Grande do Sul * Santa Catarina * Paraná * São Paulo * Rio de Janeiro * Espírito Santo * Minas Gerais * Goiás * Mato Grosso * Mato Grosso do Sul * Distrito Federal Lembramos a todos que, tratando-se de incidentes de segurança, a precisão dos relógios dos sistemas é fundamental para manter a consistência dos logs, além de ser imprescindível nas investigações e identificação de responsáveis. Lembramos ainda que os logs reportados durante a vigência do horário de verão estarão no timezone GMT-2. O Decreto 6.212, que institui o horário de verão 2007/2008 no território nacional, está disponível em formato pdf no seguinte endereço: * https://www.in.gov.br/imprensa/jsp/jsp/jornaiscompletos/visualizacao/pdf/visualiza_pdf.jsp?jornal=do&secao=1&pagina=01&data=27/09/2007 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as últimas versões e correções oferecidas pelos fabricantes. ------------------------------------------------------------------------- From security em unicamp.br Mon Oct 8 10:52:13 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 8 Oct 2007 10:52:13 -0300 Subject: [SECURITY-L] CAIS-Alerta: Alteracoes de configuracao necessarias para o Horario de Verao 2007/2008 Message-ID: <20071008135213.GB8277@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Alteracoes de configuracao necessarias para o Horario de Verao 2007/2008 To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 5 Oct 2007 14:59:40 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, Como foi devidamente anunciado pelo CAIS, o horario de verao 2007/2008 tera´ inicio em 14 de Outubro de 2007 e terminara´ em 17 de Fevereiro de 2008. Com isto, algumas configuracoes nos sistemas sao necessarias. O horario de verao esta relacionado ao TIMEZONE adotado no sistema. Ou seja, o timezone funciona como uma "mascara" sobre o relogio do sistema, adequando o horario mostrado ao usuario e utilizado pelos programas (localtime) `a localidade em que o sistema se encontra, mas deixando intacto o relogio do sistema (horario absoluto), sempre em UTC (GMT 0). Se o relogio do sistema (horario absoluto) marca 16:00h UTC, ajustado sempre por NTP, entao temos que: . Para o timezone do Brasil (GMT-3), o horario mostrado ao usuario sera' 13:00h - GMT-3 (localtime) . Para o timezone de Paris (Franca - GMT+1), por exemplo, o horario mostrado ao usuario seria 17:00h - GMT+1 (localtime) Assim, nenhuma modificacao na configuracao do servico de NTP e' necessaria. Entretanto, deve-se tomar um cuidado especial com os *servidores* NTP (Stratum 1, Stratum 2 e outros) quando das modificacoes de configuracao para o horario de verao. Caso o servidor NTP detecte uma diferenca maior que 20 minutos entre o horario do sistema (horario absoluto) e o horario registrado pelo servidor NTP (ntpd, OpenNTPD), o servico NTPD podera' parar. Assim, deve-se redobrar a atencao durante o processo de configuracao do horario de verao em hosts que proveem este servico. Lembramos tambem que para algumas versoes de Linux/Unix podera' ser necessario reiniciar o daemon "cron" apos o inicio do horario de verao, de forma que as tarefas agendadas atraves do Cron possam continuar a ser executadas no horario correto. Para mais informacoes, verifique o manual do "cron" e "crontab" do seu sistema. A seguir sao descritos os procedimentos de atualizacao do localtime em sistemas FreeBSD, GNU/Linux, Solaris, AIX e Windows, bem como em alguns equipamentos Cisco que usam o IOS. Antes de prosseguir com estes procedimentos e' preciso que se saiba de antemao o timezone da sua regiao. DICA: Consulte o site da Agencia Nacional de Energia Eletrica (http://www.aneel.gov.br/65.htm) para saber qual timezone se aplica 'a regiao do Brasil na qual seus sistemas estao. 1. CISCO IOS 2. GNU/Linux 3. FreeBSD 4. OpenBSD 5. Solaris 6. AIX 7. MS Windows 1. Cisco IOS ============ Nos arquivos de configuracao dos roteadores Cisco sera' preciso incluir (ou atualizar) as seguintes linhas: clock timezone GMT-3 -3 clock summer-time GMT-2 date Oct 14 2007 0:00 Feb 17 2008 0:00 *OBS: Os logs gerados pelo Cisco passarao a informar a hora como GMT-2, que e' a nova configuracao do timezone. 2. GNU/Linux ============ Usuarios de sistemas baseados em GNU/Linux devem seguir o procedimento abaixo: 1. Verificar a existencia do arquivo '/etc/localtime' e se este arquivo e' um link simbolico ou nao. Nao e' recomendado possuir o arquivo /etc/localtime como link simbolico, pois em sistemas que o diretorio /usr nao estiver acessivel (nao tiver sido montado, por exemplo) no momento de inicializacao da maquina, as informacoes contidas no arquivo localtime nao serao carregadas. 2. Verificar se existe no diretorio /usr/share/zoneinfo/Brazil algum arquivo que contenha informacoes relativas a outros horarios de verao (DICA: geralmente um arquivo com extensao .zic). a) Se nao existir nenhum arquivo com tais informacoes entao crie um novo, de nome 'verao.2007.zic' por exemplo, no diretorio /usr/share/zoneinfo/Brazil/. Este arquivo devera' conter as seguintes linhas: Rule Brazil 2007 only - Oct 14 00:00 1 S Rule Brazil 2008 only - Feb 17 00:00 0 - Zone Brazil/East -3:00 Brazil BR%sT b) Se existir algum arquivo com informacoes de horario de verao de outros anos, basta inserir as linhas acima ao final do arquivo existente. As duas primeiras linhas de configuracao acima informam quando se inicia o horario de verao, quando termina, e qual a acao a ser tomada. Lembre-se de que no inicio do horario de verao deve ser adicionada uma hora ao horario mostrado ao usuario (localtime). A ultima linha diz qual arquivo sera' modificado pelo comando 'zic'. No exemplo acima, sera' o arquivo 'East' (dentro do diretorio Brazil). Esta linha tambem informa qual o timezone original da regiao - no caso de Sao Paulo (East) temos UTC-3. Caso voce esteja utilizando um timezone diferente do adotado em Sao Paulo (East), modifique estes parametros para o timezone de sua regiao: #Cidades que seguem o timezone definido para Fernando de Noronha: Zone Brazil/DeNoronha -2:00 Brazil FN%sT #Cidades que seguem o timezone definido para Brasilia: Zone Brazil/East -3:00 Brazil BR%sT #Cidades que seguem o timezone definido para o Amazonas: Zone Brazil/West -4:00 Brazil AM%sT #Cidades que seguem o timezone definido para o Acre: Zone Brazil/Acre -5:00 Brazil AC%sT * Parametros definidos pela glibc presente em sistemas Linux, disponivel para download em http://www.gnu.org/ 3. Uma vez feitos os devidos ajustes no arquivo 'verao.2007.zic' execute o comando 'zic': # zic verao.2007.zic Neste caso em particular o comando atualizara' o arquivo East. 4. Para verificar se as configuracoes corretas foram feitas, execute o comando 'zdump', conforme segue abaixo (troque East pelo timezone de sua regiao): # zdump -v Brazil/East |grep 200[78] Voce devera obter uma resposta como a que segue abaixo: Brazil/East Sun Oct 14 02:59:59 2007 UTC = Sat Oct 13 23:59:59 2007 BRT isdst=0 gmtoff=-10800 Brazil/East Sun Oct 14 03:00:00 2007 UTC = Sun Oct 14 01:00:00 2007 BRST isdst=1 gmtoff=-7200 Brazil/East Sun Feb 17 01:59:59 2008 UTC = Sat Feb 16 23:59:59 2008 BRST isdst=1 gmtoff=-7200 Brazil/East Sun Feb 17 02:00:00 2008 UTC = Sat Feb 16 23:00:00 2008 BRT isdst=0 gmtoff=-10800 Note que em "Sat Oct 13 23:59:59 2007 BRT" o sistema ainda nao esta no horario de verao (indicacao 'BRT'). No segundo seguinte as modificacoes do horario de verao entram em vigor, adiantando o localtime em uma hora: "Sun Oct 14 01:00:00 2007 BRST" (O horario mostrado ao usuario passara' para 1 da manha, e nao para meia-noite, mostrando o adiantamento do horario). Em "Sat Feb 16 23:59:59 2008 BRST", o horario de verao terminara' no segundo seguinte, com o localtime sendo entao atrasado em 1 hora: "Sat Feb 16 23:00:00 2008 BRT" (o horario mostrado ao usuario voltara' para as 23:00). 5. Por ultimo, se o arquivo /etc/localtime NAO for um link para o arquivo /usr/share/zoneinfo/Brazil/East, deve-se copiar o arquivo East para /etc/localtime # cp East /etc/localtime 3. FreeBSD ========== Usuarios do sistema FreeBSD devem proceder da mesma forma que usuarios GNU/Linux. A unica diferenca esta' no diretorio onde devera' ser criado o arquivo 'verao.2007.zic' - /usr/share/zoneinfo. As linhas a serem incluidas neste arquivo, assim como em sistemas GNU/Linux, sao: Rule Brazil 2007 only - Oct 14 00:00 1 S Rule Brazil 2008 only - Feb 17 00:00 0 - Zone hv2007 -3:00 Brazil BR%sT No exemplo acima, o nome 'hv2007' representa o arquivo que sera' criado ao executar o comando: # zic verao.2007.zic O arquivo contera' as informacoes do horario de verao e devera' ser copiado sobre /etc/localtime, lembrando que sera' preciso fazer uma copia de seguranca do arquivo /etc/localtime antes de sobrescreve-lo. 4. OpenBSD ========== Usuarios do sistema OpenBSD devem proceder da mesma forma que usuarios GNU/Linux. 5. Solaris ========== Usuarios de Solaris devem seguir o procedimento abaixo: 1. Verificar o zoneinfo respectivo. O arquivo /etc/TIMEZONE contem as informacoes relativas a qual arquivo sera' consultado para verificar o zoneinfo. # more /etc/TIMEZONE TZ=Brazil/East No exemplo acima, devera' ser consultado o arquivo East, no diretorio Brazil. Por padrao, este diretorio deve estar em /usr/share/lib/zoneinfo. 2. Verificar se existe no diretorio /usr/share/lib/zoneinfo algum arquivo em formato texto que contenha informacoes relativas a outros horarios de verao (DICA: geralmente um arquivo com extensao .zic) a) Se nao existir nenhum arquivo com tais informacoes, devera' ser criado um novo arquivo, de nome 'brazil.zic' por exemplo, e inserir as seguintes linhas. Rule Brazil 2007 only - Oct 14 00:00 1 S Rule Brazil 2008 only - Feb 17 00:00 0 - Zone Brazil/East -3:00 Brazil BR%sT b) Se existir um arquivo com informacoes de horario de verao de outros anos basta inserir as linhas acima. As duas primeiras linhas informam quando inicia o horario de verao, quando termina e qual a acao a ser tomada. Lembre-se de que no inicio do horario de verao deve ser adicionada uma hora. A ultima linha diz qual arquivo sera' gerado pelo comando 'zic' - no exemplo sera' o arquivo 'East' (dentro do diretorio Brazil). Esta linha tambem informa o timezone da regiao, no caso o de Sao Paulo, UTC-3. No exemplo que se segue existe um diretorio 'Brazil' dentro de /usr/share/lib/zoneinfo que contem um arquivo brazil.zic, que deve ser atualizado com as linhas mencionadas acima. 3. Deve-se entao gerar o novo arquivo (em formato binario) como segue: # zic brazil.zic 4. Para verificar se as configuracoes foram feitas corretamente, execute o comando 'zdump' conforme segue abaixo (troque East pelo timezone de sua regiao): # zdump -v Brazil/East |grep 200[78] Voce devera obter uma resposta como a que segue abaixo: Brazil/East Sun Oct 14 02:59:59 2007 UTC = Sat Oct 13 23:59:59 2007 BRT isdst=0 Brazil/East Sun Oct 14 03:00:00 2007 UTC = Sun Oct 14 01:00:00 2007 BRST isdst=1 Brazil/East Sun Feb 17 01:59:59 2008 UTC = Sat Feb 16 23:59:59 2008 BRST isdst=1 Brazil/East Sun Feb 17 02:00:00 2008 UTC = Sat Feb 16 23:00:00 2008 BRT isdst=0 6. AIX ====== Usuarios de AIX devem alterar o arquivo /etc/environment colocando a diretiva: 2007: TZ=GRNLNDST3GRNLNDDT,M10.2.0/00:00:00,M2.3.0/00:00:00 Isto indica que o horario de verao se inicia `as 00:00 do segundo domingo do mes 10 (14 de Outubro) e finaliza `as 00:00 do terceiro domingo do mes 2 (17 de Fevereiro) , seguindo a seguinte sintaxe: 2007: TZ=GRNLNDST3GRNLNDDT,Mm.w.wd/00:00:00,Mm.w.wd/00:00:00 * m - mês ( 1 < m < 12 ) * w - ocorrencia do dia da semana no mes contados a partir do dia 1o. (1 < d < 5) * wd - dia da semana ( 0 < n < 5 : Domingo corresponde a 0) * hh:mm - horário 7. Windows ========== Para sistemas Windows 9*/NT/2000/XP recomenda-se o uso do utilitario TZEDIT (tzedit.exe), incluido no CD do Resource Kit que acompanha a distribuicao do sistema. Nao existe URL oficial para download deste programa no site da Microsoft, mas ele pode ser facilmente encontrado na Internet, lembrando que neste ultimo caso *nao* se garante a integridade do programa. Uma segunda opcao para modificacao do timezone em Windows XP e' a utilizacao do utilitario 'timezone.exe', disponivel para download em: Microsoft Download Center - Windows XP Service Pack 2 Support Tools http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en OBS: O download e' precedido de um processo de validacao, que verifica se sua copia de Microsoft Windows e' genuina. Administradores que queiram automatizar a atualizacao do horario de verao em redes com elevado numero de maquinas Windows podem encontrar mais informacoes em: . Microsoft Support Knowledge Base - How to configure daylight saving time dates for Brazil http://support.microsoft.com/?kbid=317211 Para a configuracao de timezone do seu sistema utilizando o comando 'timezone.exe' siga os seguintes passos: 1. Faca o download do "Windows XP Service Pack 2 Support Tools" e instale-o no seu sistema, caso voce nao possua o utilitario 'timezone.exe'. 2. Em um prompt de comando (cmd.exe) execute, a partir do diretorio "Program Files\Support Tools" se foi utilizada a instalacao padrao, o seguinte comando: C:\Program Files\Support Tools>timezone.exe /s 00:0:2:10 00:0:3:02 As configuracoes acima seguem o formato: Hora:DiaDaSemana:Dia:Mes Hora:DiaDaSemana:Dia:Mes (Inicio horario de verao) (Fim horario de verao) Hora: Hora (00 ate 23) DiaDaSemana: Dia da semana (0 - 6 : 0 = Domingo, 1 = Segunda, etc) Dia: Ocorrencia do dia da semana no mes ( 1 - 5 : Exemplo -> no caso do dia da semana ser Terca-Feira: 1 - primeira terca do mes, 2 - segunda terca do mes, etc) Mes: Mes do ano (01 - 12) 3. Execute o seguinte comando para verificar se as modificacoes foram corretamente executadas: C:\Program Files\Support Tools>timezone.exe /g Current Timezone is : Daylight Saving Time begins at 00:0:2:10 Daylight Saving Time ends at 00:0:3:02 4. Configure o sistema para utilizar automaticamente as configuracoes do horario de verao: . Va' em Start -> Settings -> Control Panel -> Date and Time -> Timezone; . Certifique-se que voce esta' utilizando o timezone de Brasilia (UTC-0300) Brasilia; . Certifique-se que a caixa "Automaticamente ajuste o relogio para o horario de verao" esta marcada. O CAIS esta' a disposicao para maiores esclarecimentos. Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBRwZ7lekli63F4U8VAQFH3QP/UMHuYRzGSMOkSL/Crat/VufJ6gfSqPEn xZQZjThdD0V75UUpBXNNkHJU2H2JOzf/Kzy1hOaWVKyV5dIYIOkCkfsR55J2xJnR PaZMoA0nBnQZwhpCNpi8JmCUW7s2VWnLZHUvNozQBeE+rRoqu1OpBev0YH0OtcYq Lcl61vlJP5s= =ktoe -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Mon Oct 8 10:53:32 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 8 Oct 2007 10:53:32 -0300 Subject: [SECURITY-L] CAIS-Alerta: Multiplas Vulnerabilidades no Sun Java JRE (SA27009) Message-ID: <20071008135327.GC8277@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Multiplas Vulnerabilidades no Sun Java JRE (SA27009) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 5 Oct 2007 15:00:28 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Secunia, intitulado "SA27009 - Sun Java JRE Multiple Vulnerabilities", que trata de multiplas vulnerabilidades que afetam diversas versoes do Sun Java JRE. As 11 vulnerabilidades diferentes corrigidas pela Sun afetam as versoes 6, 5, 1.4 e 1.3 do Sun Java JRE, um pacote de software da Sun disponivel para varios sistemas, que permite a execucao de aplicacoes Java. Caso um atacante consiga explorar com sucesso estas vulnerabilidades, ele podera ler ou alterar dados armazenados em um sistema vulneravel, contornando mecanismos de seguranca e comprometendo estes sistemas. Uma vez que uma das principais caracteristicas de aplicacoes Java e' a portabilidade, a capacidade de executar aplicacoes em diversos sistemas operacionais (Windows, distribuicoes Linux) e classes de dispositivos (PCs, celulares) torna estas vulnerabilidades ainda mais criticas e devem ser corrigidas por meio de atualizacao o mais breve possivel. Sistemas afetados: . Sun Java JDK 1.5.x . Sun Java JDK 1.6.x . Sun Java JRE 1.3.x . Sun Java JRE 1.4.x . Sun Java JRE 1.5.x / 5.x . Sun Java JRE 1.6.x / 6.x . Sun Java SDK 1.3.x . Sun Java SDK 1.4.x Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . JDK and JRE 6 Update 3 http://java.sun.com/javase/downloads/index.jsp . JDK and JRE 5.0 Update 13 http://java.sun.com/javase/downloads/index_jdk5.jsp . SDK and JRE 1.4.2_16 http://java.sun.com/j2se/1.4.2/download.html . SDK and JRE 1.3.1 for Solaris 8 http://java.sun.com/j2se/1.3/download.html Mais informacoes: . SA27009 - Sun Java JRE Multiple Vulnerabilities http://secunia.com/advisories/27009/ . Sun Security Community Blog - Alerts http://blogs.sun.com/security/category/alerts . #103079: Security Vulnerability in Java Runtime Environment With Applet Caching May Allow Network Access Restrictions to be Circumvented http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1 . #103078: Security Vulnerabilities in Java Runtime Environment May Allow Network Access Restrictions to be Circumvented http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1 . #103073: Multiple Security Vulnerabilities in Java Web Start Relating to Local File Access http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1 . #103072: An Untrusted Java Web Start Application or Java Applet May Move or Copy Arbitrary Files by Requesting the User to Drag and Drop a File from Application or Applet Window to a Desktop Application http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBRwZ7xOkli63F4U8VAQFZ0AP8Da2pqQDQnaX4wcX5a4CZBU6JPiiDQAWH fG9CzaxQwU2gRi5h1bjo0GyZELOmNIK+btkzqn7Eq/hotgiNqAqdiNmfluB82rSa qESPYRndo4ftAUCru6W7jee3UDLQp10qs34tBXGdMRkXkevTYO8lQYBG/7ucbrkr bgqCmQGQeGI= =gRaM -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Oct 10 08:53:52 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 10 Oct 2007 08:53:52 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA07-282A -- Microsoft Updates for Multiple Vulnerabilities Message-ID: <20071010115352.GA50661@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA07-282A -- Microsoft Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 9 Oct 2007 15:15:48 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-282A Microsoft Updates for Multiple Vulnerabilities Original release date: October 9, 2007 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer * Microsoft Outlook Express and Windows Mail * Microsoft Office * Microsoft Office for Mac * Microsoft SharePoint Overview Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Outlook Express and Windows Mail, Microsoft Office, Microsoft Office for Mac, and Microsoft SharePoint. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. I. Description Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Microsoft Internet Explorer, Microsoft Outlook Express and Windows Mail, Microsoft Office, Microsoft Office for Mac, and Microsoft SharePoint as part of the Microsoft Security Bulletin Summary for October 2007. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Further information about the vulnerabilities addressed by these updates is available in the Vulnerability Notes Database. II. Impact A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system. An attacker may also be able to cause a denial of service. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the October 2007 security bulletins. The security bulletins describe any known issues related to the updates. Administrators are encouraged to note any known issues that are described in the bulletins and test for any potentially adverse effects. System administrators should consider using an automated patch distribution system such as Windows Server Update Services (WSUS). IV. References * US-CERT Vulnerability Notes for Microsoft October 2007 updates - * Microsoft Security Bulletin Summary for October 2007 - * Microsoft Update - * Windows Server Update Services - * Securing Your Web Browser - * Mactopia - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-282A Feedback VU#569041" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History October 9, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRwvTGvRFkHkM87XOAQL0ZQgAhIOH3izST8xU1Xm3NQ65FRJumacpXdOl OtDoysTaQBZcQN+4OikFztqNZuJHVUVRLvRZKO6k6cOfYq8oaaDDzlGiJP3yfl/u byveiGWdgCnr1RlQdM/GG7Wz2JGK/4WsXc1K1dvHclswyFSC9/sYV7Gmj/aPo6aW T7fJBlQFE+ffy3/6sQ8fhtXP2dwJgQ2uT+UyaFvZiG65efH+qOXXmSBy2CkyV2zJ rdTSUqhp5nVUChwl/jYjywUVAUUqEM69P0E4t5VtOdhNYIz5fZH4uuJ4M+HM451Z T9kGF4wi94QM9xPZzcb0+mthBXa/zzQNT5mV5GcorKTzJpSIGmCZUQ== =Xij6 -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Oct 10 08:55:17 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 10 Oct 2007 08:55:17 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Kodak Image Viewer (MS07-055) Message-ID: <20071010115517.GB50661@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Kodak Image Viewer (MS07-055) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 9 Oct 2007 18:11:33 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS07-055 - Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)", que trata de uma vulnerabilidade critica no Kodak Image Viewer. Foi descoberta uma vulnerabilidade de execucao remota de codigo no Kodak Image Viewer, especificamente na maneira como esta aplicacao manipula arquivos de imagem especialmente criados para a exploracao desta vulnerabilidade. Caso um atacante consiga explorar com sucesso esta vulnerabilidade ele podera' obter controle total sobre o sistema afetado. Sistemas afetados: . Microsoft Windows 2000 Service Pack 4 . Windows XP Service Pack 2 . Windows Server 2003 Service Pack 1 . Windows Server 2003 Service Pack 2 Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=29763117-c2dc-4746-b31e-0b27350118e6 . Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=be52f740-e9c9-4228-95c0-00995213bbd0 . Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=9a5c9e5d-4908-48bf-9346-745b4c6f6d4e . Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=9a5c9e5d-4908-48bf-9346-745b4c6f6d4e Mais informacoes: . MS07-055 - Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810) http://www.microsoft.com/technet/security/Bulletin/MS07-055.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2007-2217 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBRwvujOkli63F4U8VAQEg/gQApV4DUZHs+IY+0G9epgssYkff9hg0ukGt dta5OyzPG9MCy3cIqImas7jUsjsRkzMID7QNBx2sEiqXxxixr9cDHZtljve31TjE w4KkdA2HLwQBuFU6uV4aMW87mUtCyreNH96z+fo6ILdi3m3spAzKjqJkoP6dZdzy aQpw8Y7NHXw= =wb6q -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Oct 10 08:55:46 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 10 Oct 2007 08:55:46 -0300 Subject: [SECURITY-L] CAIS-Alerta: Atualizacao de Seguranca para Outlook Express e Windows Mail (MS07-056) Message-ID: <20071010115546.GC50661@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Atualizacao de Seguranca para Outlook Express e Windows Mail (MS07-056) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 9 Oct 2007 18:13:03 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS07-056 - Critical Security Update for Outlook Express and Windows Mail (941202)", que trata de uma vulnerabilidade recem-descoberta no Microsoft Outlook express e no Microsoft Windows Mail. Uma vulnerabilidade de execucao remota de codigo existe no Outlook Express e no Windows Mail, devido ao tratamento incorreto dado a uma resposta NNTP (Network News Transfer Protocol) mal formada. Caso um atacante consiga explorar com sucesso esta vulnerabilidade, ele podera executar remotamente codigo no sistema vulneravel e assim podera obter o controle total sobre o sistema. Sistemas afetados: . Outlook Express 5.5 Service Pack 2 instalado em Microsoft Windows 2000 Service Pack 4 . Outlook Express 6 Service Pack 1 instalado em Microsoft Windows 2000 Service Pack 4 . Microsoft Outlook Express 6 instalado em Windows XP Service Pack 2 . Microsoft Outlook Express 6 instalado em Windows XP Professional x64 Edition Service Pack 2 . Microsoft Outlook Express 6 instalado em Windows Server 2003 Service Pack 1 . Microsoft Outlook Express 6 instalado em Windows Server 2003 Service Pack 2 . Microsoft Outlook Express 6 instalado em Windows Server 2003 x64 Edition . Microsoft Outlook Express 6 instalado em Windows Server 2003 x64 Edition Service Pack 2 . Microsoft Outlook Express 6 instalado em Windows Server 2003 com SP1 para sistemas baseados em Itanium . Microsoft Outlook Express 6 instalado em Windows Server 2003 com SP2 para sistemas baseados em Itanium . Windows Mail instalado em Windows Vista . Windows Mail instalado em Windows Vista x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Outlook Express 5.5 Service Pack 2 instalado em Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=5AA009C9-4EDC-4F34-989B-0493549649E8 . Outlook Express 6 Service Pack 1 instalado em Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=b537115d-611c-4486-960c-08d2df450579 . Microsoft Outlook Express 6 instalado em Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=3ed7f466-78c7-4251-ba24-8ae71ad54e18 . Microsoft Outlook Express 6 instalado em Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=6468a552-2194-4866-97d5-ff77ae205eea . Microsoft Outlook Express 6 instalado em Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=708926e4-f8af-4533-8747-22d6536ebd66 . Microsoft Outlook Express 6 instalado em Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=708926e4-f8af-4533-8747-22d6536ebd66 . Microsoft Outlook Express 6 instalado em Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=26720f5a-d7e9-44b9-9330-2e9faa4af0d9 . Microsoft Outlook Express 6 instalado em Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=26720f5a-d7e9-44b9-9330-2e9faa4af0d9 . Microsoft Outlook Express 6 instalado em Windows Server 2003 com SP1 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=a8844fbb-5b2c-41f3-80f1-dce563aa7cb7 . Microsoft Outlook Express 6 instalado em Windows Server 2003 com SP2 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=a8844fbb-5b2c-41f3-80f1-dce563aa7cb7 . Windows Mail instalado em Windows Vista http://www.microsoft.com/downloads/details.aspx?FamilyId=b6ac8d93-adc3-4ec3-bad1-4990bd7d52b4 . Windows Mail instalado em Windows Vista x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=34aaf9dd-4d63-43e2-b631-bbf492d56a26 Mais informacoes: . MS07-056 - Critical Security Update for Outlook Express and Windows Mail (941202) http://www.microsoft.com/technet/security/Bulletin/MS07-056.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2007-3897 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBRwvu5ekli63F4U8VAQGNGAP/QODdwLsCAd84j1vfP/Z6o5oJhId0btr5 JJhGhRRZsSsHM9ObvQ/1sXkmF+g/Gb8ayAM7ul9zixmpB/dnGWg2CRrJcvMTd0jA ptFUi6Q/Smshlz3EgIqbZHS4DSkOOxUeS+gi+uZbf/nIvFtOPz4vLh2HgS5sQsng kewh0mUW98M= =gLDm -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Oct 10 08:56:19 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 10 Oct 2007 08:56:19 -0300 Subject: [SECURITY-L] CAIS-Alerta: Correcoes de Seguranca Acumulativas para Internet Explorer (MS07-057) Message-ID: <20071010115618.GD50661@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Correcoes de Seguranca Acumulativas para Internet Explorer (MS07-057) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 9 Oct 2007 18:16:34 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS07-057 - Cumulative Security Update for Internet Explorer (939653)", que trata de quatro vulnerabilidades identificadas no navegador Internet Explorer. A primeira vulnerabilidade pode permitir a um atacante mostrar conteudo falso em uma janela do Internet Explorer. A segunda vulnerabilidade pode permitir a execucao remota de codigo em razao de uma falha na forma com que o Internet Explorer lida com uma fila de arquivos que estao sendo baixados (download). A terceira e quarta vulnerabilidades estao relacionadas com uma falha no campo de enderecos de url que pode permitir a um atacante mostrar conteudo falso que pode iludir o usuario. As quatro vulnerabilidades sao consideradas criticas pela Microsoft e podem permitir a execucao remota de codigo ou a sua utilizacao para ataques de phishing caso alguma destas vulnerabilidades seja explorada com sucesso. Sistemas afetados: . Microsoft Internet Explorer 5.01 Service Pack 4 para Windows 2000 Service Pack4 . Microsoft Internet Explorer 6 Service Pack 1 para Windows 2000 Service Pack 4 . Microsoft Internet Explorer 6 para Windows XP Service Pack 2 . Microsoft Internet Explorer 6 para Windows XP Professional x64 Edition . Microsoft Internet Explorer 6 para Windows XP Professional x64 Edition Service Pack 2 . Microsoft Internet Explorer 6 para Windows Server 2003 Service Pack 1 . Microsoft Internet Explorer 6 para Windows Server 2003 Service Pack 2 . Microsoft Internet Explorer 6 para Windows Server 2003 x64 Edition . Microsoft Internet Explorer 6 para Windows Server 2003 x64 Edition Service Pack 2 . Microsoft Internet Explorer 6 para Windows Server 2003 com SP1 para sistemas baseados em Itanium . Microsoft Internet Explorer 6 para Windows Server 2003 com SP2 para sistemas baseados em Itanium . Windows Internet Explorer 7 para Windows XP Service Pack 2 . Windows Internet Explorer 7 para Windows XP Professional x64 Edition . Windows Internet Explorer 7 para Windows XP Professional x64 Edition Service Pack 2 . Windows Internet Explorer 7 para Windows Server 2003 Service Pack 1 . Windows Internet Explorer 7 para Windows Server 2003 Service Pack 2 . Windows Internet Explorer 7 para Windows Server 2003 x64 Edition . Windows Internet Explorer 7 para Windows Server 2003 x64 Edition Service Pack2 . Windows Internet Explorer 7 para Windows Server 2003 com SP1 para sistemas baseados em Itanium . Windows Internet Explorer 7 para Windows Server 2003 com SP2 para sistemas baseados em Itanium . Windows Internet Explorer 7 para Windows Vista . Windows Internet Explorer 7 para Windows Vista x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Internet Explorer 5.01 Service Pack 4 para Windows 2000 Service Pack4 http://www.microsoft.com/downloads/details.aspx?FamilyId=95827F3F-A984-4E34-A949-D16A0614121A . Microsoft Internet Explorer 6 Service Pack 1 para Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=DF3BA596-7C5B-4151-9884-6957AA884AAB . Microsoft Internet Explorer 6 para Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=513A8320-6D36-4FC9-A38A-867192B55B53 . Microsoft Internet Explorer 6 para Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=AE8A26D8-1910-4B8C-8A73-6E2FA6B5B29F . Microsoft Internet Explorer 6 para Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=AE8A26D8-1910-4B8C-8A73-6E2FA6B5B29F . Microsoft Internet Explorer 6 para Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=4AEFAA38-8757-4E6E-8924-57CABD1C2FC3 . Microsoft Internet Explorer 6 para Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=4AEFAA38-8757-4E6E-8924-57CABD1C2FC3 . Microsoft Internet Explorer 6 para Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=88ABA9DD-653B-4CDF-A513-CCA32A7D7E41 . Microsoft Internet Explorer 6 para Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=88ABA9DD-653B-4CDF-A513-CCA32A7D7E41 . Microsoft Internet Explorer 6 para Windows Server 2003 com SP1 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=309A8F10-C7EA-4961-A969-092B0C4D7BBC . Microsoft Internet Explorer 6 para Windows Server 2003 com SP2 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=309A8F10-C7EA-4961-A969-092B0C4D7BBC . Windows Internet Explorer 7 para Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=4CA0AC93-BF51-40FE-A1BA-CB3E0A36D8B5 . Windows Internet Explorer 7 para Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=DBD284D0-2664-42A4-AD16-A0535244C81C . Windows Internet Explorer 7 para Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=DBD284D0-2664-42A4-AD16-A0535244C81C . Windows Internet Explorer 7 para Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=0A31C451-32F4-4551-AE45-D600F8B3B11B . Windows Internet Explorer 7 para Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=0A31C451-32F4-4551-AE45-D600F8B3B11B . Windows Internet Explorer 7 para Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=C1915633-D181-4CA1-A4F0-7CA0F865AA72 . Windows Internet Explorer 7 para Windows Server 2003 x64 Edition Service Pack2 http://www.microsoft.com/downloads/details.aspx?FamilyId=C1915633-D181-4CA1-A4F0-7CA0F865AA72 . Windows Internet Explorer 7 para Windows Server 2003 com SP1 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=093A2250-3BE3-494F-80E0-89CA7217030F . Windows Internet Explorer 7 para Windows Server 2003 com SP2 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=86392E8D-098C-427F-A233-699CDB9375AE . Windows Internet Explorer 7 para Windows Vista http://www.microsoft.com/downloads/details.aspx?FamilyId=86392E8D-098C-427F-A233-699CDB9375AE . Windows Internet Explorer 7 para Windows Vista x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=62490E6D-0A21-4A15-90BD-63CA8F8886B6 Mais informacoes: . MS07-057 - Cumulative Security Update for Internet Explorer (939653) http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com Identificador CVE (http://cve.mitre.org): CVE-2007-3892, CVE-2007-3893, CVE-2007-1091, CVE-2007-3826 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBRwvvuOkli63F4U8VAQGXuQP/S+7DEN3tIS4Ypj9lP+8qrsDkH7Pe2942 TBWxNPmW8Jg6APVT1Fop3VEzwpR2SAcPQb7swASm979jUr4WsS8GZj4SUNuDDk67 0qatQk5Jnw4zw9sDHA+hv/LlF4AyR8J+79SU/YRXKjPDDUdXzAHmx/xwHUuXiRWu TJhF6ei6ir0= =Lvus -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Oct 10 08:56:50 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 10 Oct 2007 08:56:50 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft RPC (MS07-058) Message-ID: <20071010115649.GE50661@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Microsoft RPC (MS07-058) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 9 Oct 2007 18:17:49 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS07-058 - Vulnerability in RPC Could Allow Denial of Service (933729)", que trata de uma vulnerabilidade no Microsoft RPC. Esta vulnerabilidade existe na autenticacao de requisicoes RPC. Um atacante remoto pode explorar esta vulnerabilidade enviando uma requisicao de autenticacao RPC especialmente preparada para explorar esta vulnerabilidade. Caso um atacante consiga explorar com sucesso esta vulnerabilidade, ele podera fazer com que o sistema afetado pare de responder, o que caracteriza uma condicao de negacao de servico ou "denial of service" (DoS), e na sequencia reinicie. Sistemas afetados: . Microsoft Windows 2000 Service Pack 4 . Windows XP Service Pack 2 . Windows XP Professional x64 Edition . Windows Server 2003 Service Pack 1 . Windows Server 2003 Service Pack 2 . Windows Server 2003 x64 Edition . Windows Server 2003 x64 Edition Service Pack 2 . Windows Server 2003 com SP1 para Sistemas baseados em Itanium . Windows Server 2003 com SP2 para Sistemas baseados em Itanium . Windows Vista . Windows Vista x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=6c7fb9a8-1d8d-4307-b5c6-bc6c28ee09de . Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=1fee539c-ab86-4298-b6f4-22ce31ee7b8b . Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=ac7bd100-0a03-426b-adc8-0516c602a280 . Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=011593a0-f37e-4578-bee1-a985639b521b . Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=011593a0-f37e-4578-bee1-a985639b521b . Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=e9bb8df5-f39e-4473-9d0c-e84430c7f859 . Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=e9bb8df5-f39e-4473-9d0c-e84430c7f859 . Windows Server 2003 com SP1 para Sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=492ae87c-047c-45c1-ad04-ee36352de85b . Windows Server 2003 com SP2 para Sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=492ae87c-047c-45c1-ad04-ee36352de85b . Windows Vista http://www.microsoft.com/downloads/details.aspx?FamilyId=ceca7f8c-7b56-48fc-8c17-87ffadf25629 . Windows Vista x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=7625f5a4-2921-41ce-986d-4cc0c264135c Mais informacoes: . MS07-058 - Vulnerability in RPC Could Allow Denial of Service (933729) http://www.microsoft.com/technet/security/Bulletin/MS07-058.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2007-2228 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBRwvwAekli63F4U8VAQFAFQQAjPDKnqb4SUm/d30aYpCZdbi3218DivrJ uXUGejj8qXCqXvE9pfffVazhE7YaoGLtgG4oaqoNYul8GZiDmvI1LWZeI86gHIJq B9eFVC1Ur+5muePnRa/kJovyon19FcM9vjk39gv/oCLfn2pj9TcMmsvp3LHuj3xg fehjVoqk6Rc= =MO3e -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Oct 10 08:57:17 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 10 Oct 2007 08:57:17 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Windows SharePoint Services 3.0 e no Office SharePoint Server 2007 (MS07-059) Message-ID: <20071010115717.GF50661@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Windows SharePoint Services 3.0 e no Office SharePoint Server 2007 (MS07-059) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 9 Oct 2007 18:19:19 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS07-059 - Important Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)", que trata de uma vulnerabilidade recem-descoberta no Microsoft Windows SharePoint Services 3.0 e no Microsoft Office SharePoint Server 2007. Uma vulnerabilidade de elevacao de privilegios existe devido `a validacao incorreta de solicitacoes URL-encoded realizada pelo Microsoft Windows SharePoint Services 3.0 e pelo Microsoft Office SharePoint Server 2007. A vulnerabilidade poderia permitir a um atacante executar scripts arbitrarios que causariam a elevacao de privilegios dentro do site SharePoint, ao inves de causar a elevacao de privilegios na estacao de trabalho ou no ambiente do servidor. A vulnerabilidade poderia permitir tambem a um atacante que modificasse o cache do usuario, resultando na exposicao de informacoes confidenciais da estacao de trabalho. Entretanto, a interacao com o usuario e' necessaria para a exploracao desta vulnerabilidade. Sistemas afetados: Windows Server 2003: . Microsoft Windows SharePoint Services 3.0 instalado em Windows Server 2003 Service Pack 1 . Microsoft Windows SharePoint Services 3.0 instalado em Windows Server 2003 Service Pack 2 . Microsoft Windows SharePoint Services 3.0 instalado em Windows Server 2003 x64 Edition . Microsoft Windows SharePoint Services 3.0 instalado em Windows Server 2003 x64 Edition Service Pack 2 Microsoft Office SharePoint Server 2007: . Microsoft Office SharePoint Server 2007 . Microsoft Office SharePoint Server 2007 x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em : Windows Server 2003: . Microsoft Windows SharePoint Services 3.0 instalado em Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=76FC2225-2802-46E5-A294-A842E3841877 . Microsoft Windows SharePoint Services 3.0 instalado em Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=76FC2225-2802-46E5-A294-A842E3841877 . Microsoft Windows SharePoint Services 3.0 instalado em Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=667335DD-DF2E-4F14-A130-5758701BE055 . Microsoft Windows SharePoint Services 3.0 instalado em Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=667335DD-DF2E-4F14-A130-5758701BE055 Microsoft Office SharePoint Server 2007: . Microsoft Office SharePoint Server 2007 http://www.microsoft.com/downloads/details.aspx?FamilyId=AAEA9695-F541-4C4C-9107-81EAD5CFC8C9 . Microsoft Office SharePoint Server 2007 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=1D319164-D133-4493-BE27-1AEDA62362C4 Mais informacoes: . MS07-059 - Important Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017) http://www.microsoft.com/technet/security/Bulletin/MS07-059.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2007-2581 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBRwvwXukli63F4U8VAQHnjgQAiVZ/I1Guowny4YL38nwiBROHCM+sqg3F o1ScUjtoF73xOheoTrigaGWXoVfbAr2uPsfwCX3SieCGSh0kpvmos/bxXDht7Cws dWbcyguaMF/VtOYIA1w0yKc4R2GoS2ACAvqq9zx+BS/SJDF3Hy+jk2CdeAsKpX7z wDeSaLDzhpk= =tbMe -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Oct 10 08:57:50 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 10 Oct 2007 08:57:50 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft Word (MS07-060) Message-ID: <20071010115748.GG50661@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Microsoft Word (MS07-060) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 9 Oct 2007 18:20:40 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS está repassando o alerta da Microsoft, intitulado "MS07-060 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)", que trata de uma vulnerabilidade recem identificada no Microsoft Word. A vulnerabilidade e' causada pela maneira indevida como o Word trata sequencias de dados dentro de um arquivo ao abrir o mesmo. Usuarios cujas contas no sistema estejam configuradas com menos privilegios sofrerao menos impacto no caso de um ataque do que os usuarios que se utilizam de permissoes administrativas. Sistemas afetados: . Microsoft Word 2000 Service Pack 3 parte integrante do Microsoft Office 2000 Service Pack 3 . Microsoft Word 2002 Service Pack 3 parte integrante do Microsoft Office XP Service Pack 3 . Microsoft Office 2004 para Mac Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em : . Microsoft Word 2000 Service Pack 3 parte integrante do Microsoft Office 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=8B3072FB-5933-47F7-A498-13A93E268E57 . Microsoft Word 2002 Service Pack 3 parte integrante do Microsoft Office XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=D6B787BB-03FF-4F67-8B69-6011FB18BA75 . Microsoft Office 2004 para Mac http://www.microsoft.com/mac/downloads.aspx#Office2004 Mais informacoes: . MS07-060 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695) http://www.microsoft.com/technet/security/Bulletin/MS07-060.mspx . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2007-3899 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBRwvwrOkli63F4U8VAQE7QAP+No2UO+VBqRjth5Mh3aVpAkzKBccmOY8j BhIf8HYvGVdmNcm/QcZf6nA38WTyulieTyHscgYTw/OuQVxYi/Z86D+dk3qw1qbJ NtgGYRRtHdUK/W26QpRacWBfX3RXKQtWF/hGjJu4ZElWSQFm329Mk3bjMi98O6vB VrVmYwY4vjo= =/srY -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Oct 18 09:43:01 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 18 Oct 2007 09:43:01 -0200 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA07-290A -- Oracle Updates for Multiple Vulnerabilities Message-ID: <20071018114301.GA66935@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA07-290A -- Oracle Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Wed, 17 Oct 2007 15:13:43 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-290A Oracle Updates for Multiple Vulnerabilities Original release date: October 17, 2007 Last revised: -- Source: US-CERT Systems Affected * Oracle Database 10g * Oracle 9i Database * Oracle Enterprise Manager 10g Database Control * Oracle Application Server 10g * Oracle Collaboration Suite 10g * Oracle PeopleSoft Enterprise * Oracle E-Business Suite * Oracle PeopleSoft Enterprise Human Capital Management For more information regarding affected product versions, please see the Oracle Critical Patch Update - October 2007. Overview Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service. I. Description Oracle has released Critical Patch Update - October 2007. This update addresses more than forty vulnerabilities in different Oracle products and components. The Critical Patch Update provides information about affected components, access and authorization required, and the impact from the vulnerabilities on data confidentiality, integrity, and availability. MetaLink customers should refer to MetaLink Note 394487.1 (login required) for more information on terms used in the Critical Patch Update. According to Oracle, none of the vulnerabilities corrected in the Oracle Critical Patch Update affect Oracle Database Client-only installations. In most cases, Oracle does not associate Vuln# identifiers (e.g., DB01) with other available information. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database. II. Impact The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to gain access to sensitive information. III. Solution Apply a patch Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update - October 2007. Note that this Critical Patch Update only lists newly corrected issues. Updates to patches for previously known issues are not listed. As noted in the update, some patches are cumulative, others are not: The Oracle Database, Oracle Application Server, Oracle Enterprise Manager Grid Control, Oracle Collaboration Suite, JD Edwards EnterpriseOne and OneWorld Tools, and PeopleSoft Enterprise Portal Applications patches in the Updates are cumulative; each successive Critical Patch Update contains the fixes from the previous Critical Patch Updates. Oracle E-Business Suite and Applications patches are not cumulative, so E-Business Suite and Applications customers should refer to previous Critical Patch Updates to identify previous fixes they wish to apply. Patches for some platforms and components were not available when the Critical Patch Update was published on October 17, 2007. Please see MetaLink Note 360465.1 (login required) for more information. Known issues with Oracle patches are documented in the pre-installation notes and patch readme files. Please consult these documents specific to your system before applying patches. Appendix A. Vendor Information Oracle Please see Oracle Critical Patch Update - October 2007 and Critical Patch Updates and Security Alerts. Appendix B. References * Critical Patch Update - October 2007 - * Critical Patch Updates and Security Alerts - * Map of Public Vulnerability to Advisory/Alert - * Oracle Database Security Checklist (PDF) - * MetaLink Note 360465.1 (login required) - * Details Oracle Critical Patch Update October 2007 - _________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History October 17, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRxZc1PRFkHkM87XOAQIyogf+PJ0RLVWBZMzR+Jn8pQ3398NbqIERMLPA xqxrWbPAu0EChmguWg4eYUzfMMg6W0rbmVVgmilZsW8eL3UVeMjzX8hBVhyaQUXy RXsKJIpTVhL3dgHr6z9mA+Y2VfQspYstAXtVAGjEvCvzuJJqoY/R5ZRitXuRgfGY i1l1mt4rc/A2IoaanlJSJJtH6kxZ42dZWiGZCRdqemmBIUvL9kWY7jlgOh7Hifdc U2zkCNioBLYFxk+cn9CKAvMlBOtbcsryRLPt5e32lCE7I4NSA87xM/4c8J86Weyw y0prw11nwX3LXa7k96b5Kmb/bjDovgQ/O12SkRs9XS2+uHtvEbUXFw== =1546 -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Fri Oct 26 10:26:43 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 26 Oct 2007 10:26:43 -0200 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA07-297A -- RealNetworks RealPlayer ActiveX Playlist Buffer Overflow Message-ID: <20071026122640.GB93380@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA07-297A -- RealNetworks RealPlayer ActiveX Playlist Buffer Overflow To: technical-alerts em us-cert.gov Date: Wed, 24 Oct 2007 15:04:23 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-297A RealNetworks RealPlayer ActiveX Playlist Buffer Overflow Original release date: October 24, 2007 Last revised: -- Source: US-CERT Systems Affected Windows systems with * RealPlayer 11 beta * RealPlayer 10.5 * RealPlayer 10 * RealOne Player v2 * RealOne Player Overview RealNetworks RealPlayer client for Microsoft Windows contains a stack buffer overflow in the playlist paramater passed to the client by an ActiveX control. This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code using a specially crafted web page or HTML email message. I. Description RealNetworks RealPlayer is a multimedia application that allows users to view local and remote audio and video content. RealPlayer for Microsoft Windows includes the IERPCtl ActiveX control that can be used with Internet Explorer to import a local file into a playlist. RealPlayer does not adequately validate the playlist paramater passed from the ActiveX control, resulting in stack buffer overflow vulnerability. The IERPCtl ActiveX control is present in RealOne Player and later versions. RealNetworks has released a patch for this vulnerability as described in RealPlayer Security Vulnerability. There are public reports that this vulnerability is being actively exploited. This vulnerability can be exploited using the IERPCtl ActiveX control, which effectively means that only Windows Internet Explorer users are affected. The ActiveX control was introduced in RealOne Player, so Windows versions of RealPlayer 8 and earlier are not affected. Mactintosh and Linux versions of RealPlayer are not affected. II. Impact By convincing a user to view a specially crafted HTML document or HTML mail message, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user on a vulnerable system. Note that the RealPlayer software does not need to be running for this vulnerability to be exploited. For more information, please see US-CERT Vulnerability Note VU#871673. III. Solution Upgrade and apply a patch See RealPlayer Security Vulnerability for information about upgrading and patching RealPlayer. RealPlayer 10.5 and RealPlayer 11 beta users should install the patch specified in the RealNetworks document. RealOne, RealOne Player v2, and RealPlayer 10 users should upgrade to RealPlayer 10.5 or RealPlayer 11 beta and install the patch. Disable the IERPCtl ActiveX control Disable the IERPCtl AcctiveX control by setting the kill bit for the following CLSID: {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} More information about how to set the kill bit is available in Microsoft Support Document 240797. Alternatively, the following text can be saved with a .reg file and imported into the Windows registry: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5}] "Compatibility Flags"=dword:00000400 Disable ActiveX Disabling ActiveX in the Internet Zone (or any zone used by an attacker) reduces the chances of exploitation of this and other vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document. Appendix A. Vendor Information RealNetworks For information about updating RealPlayer, see the RealPlayer Security Vulnerability and Security Update for Real Player. Appendix B. References * Customer Support - Real Security Updates - * Security Update for RealPlayer - * US-CERT Vulnerability Note VU#871673 - * Securing Your Web Browser - _________________________________________________________________ The most recent version of this document can be found at: _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-297A Feedback VU#871673" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: _________________________________________________________________ Revision History October 24, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRx+V7fRFkHkM87XOAQI30gf/TvEjRojRbGghMIW/Ky72nn8iGyyAcdzt eOe8e08SxfqMr2zz4RTe8zQBvf3v3MvTv0a8N2Z5eyBarHEQzvWohtshubIJUXWy WygaRqr4cTVX2S7dbA7EBIXJfbH8xmCDQe2OGzSprNwELZ6JJAQ3XiuoM0jsCtI1 uElilw8CqHZMOZM8GJLmj6exstljAL2JNd4icnG1kSGrCs0gJkPVOFgH/tdrJ2cu TUZ4ypRyjpMJ2Lcz7lNkF0Y3lZCVmsOOefKV+tvsK4IerexI7Zcq1Kyu90IjXNzQ 5Ix9pEX4kbpv/7wfLeRFO5rWjA019wUtPeMZ3+kf6vp7GaWqR+WnMg== =MlFp -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Fri Oct 26 10:27:00 2007 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 26 Oct 2007 10:27:00 -0200 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA07-297B -- Adobe Updates for Microsoft Windows URI Vulnerability Message-ID: <20071026122659.GC93380@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA07-297B -- Adobe Updates for Microsoft Windows URI Vulnerability To: technical-alerts em us-cert.gov Date: Wed, 24 Oct 2007 17:45:24 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-297B Adobe Updates for Microsoft Windows URI Vulnerability Original release date: October 24, 2007 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows XP and Windows Server 2003 systems with Internet Explorer 7 and any of the following Adobe products: * Adobe Reader 8.1 and earlier * Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier * Adobe Reader 7.0.9 and earlier * Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and earlier Overview Adobe has released updates for the Adobe Reader and Adobe Acrobat product families. The update addresses a URI handling vulnerability in Microsoft Windows XP and Server 2003 systems with Internet Explorer 7. I. Description Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server 2003 changes the way Windows handles Uniform Resource Identifiers (URIs). This change has introduced a flaw that can cause Windows to incorrectly determine the appropriate handler for the protocol specified in a URI. By creating a specially crafted URI in a PDF document, an attacker can execute arbitrary commands on a vulnerable system. More information about this vulnerability is available in US-CERT Vulnerability Note VU#403150. Public reports indicate that this vulnerability is being actively exploited with malicious PDF files. Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability. II. Impact By convincing a user to open a specially crafted PDF file, a remote, unauthenticated attacker may be able to execute arbitrary commands. III. Solution Apply an update Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to address this issue. These Adobe products handle URIs in a way that mitigates the vulnerability in Microsoft Windows. Disable the mailto: URI in Adobe Reader and Adobe Acrobat If you are unable to install an updated version of the software, this vulnerability can be mitigated by disabling the mailto: URI handler in Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin APSB07-18 for details. Appendix A. Vendor Information Adobe For information about updating affected Adobe products, see Adobe Security Bulletin APSB07-18. Appendix B. References * Adobe Security Bulletin APSB07-18 - * Microsoft Security Advisory (943521) - * US-CERT Vulnerability Note VU#403150 - _________________________________________________________________ The most recent version of this document can be found at: _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-297B Feedback VU#403150" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: _________________________________________________________________ Revision History October 24, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H 3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ lKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s VNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57 4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI LazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ== =PgB9 -----END PGP SIGNATURE----- ----- End forwarded message -----