From security em unicamp.br Wed Feb 13 09:03:29 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 09:03:29 -0200 Subject: [SECURITY-L] CAIS-Alerta: Termino do Horario de Verao 2007/2008 Message-ID: <20080213110329.GA61505@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Termino do Horario de Verao 2007/2008 To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Mon, 11 Feb 2008 16:44:16 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS gostaria de alertar a todos que, de acordo com o decreto 6.212 de 26 de Setembro de 2007, o horario de verao 2007/2008 terminara 'a zero hora (00:00) do dia 17 de Fevereiro de 2008. Assim, o horario do sistema de maquinas devidamente configuradas passara': De 00h00 de 17 de Fevereiro Para 23h00 de 16 de Fevereiro Para tanto, nos estados que participaram do horario de verao, sera' necessario atrasar os relogios em 1 hora. Sao eles: Rio Grande do Sul, Santa Catarina, Parana, Sao Paulo, Rio de Janeiro, Espirito Santo, Minas Gerais, Goias, Mato Grosso, Mato Grosso do Sul e Distrito Federal. Sistemas que foram devidamente configurados seguindo as orientacoes do Alerta do CAIS nao precisam ter a hora corrigida manualmente. Ressaltamos que, se tratando de incidentes de seguranca, a precisao dos relogios dos sistemas e' fundamental para que haja consistencia nos logs, alem de ser imprescindivel na investigacao e identificacao de responsaveis. Vale ressaltar que, apos o termino do horario de verao, os logs reportados retornarao ao timezone UTC/GMT -0300. O Decreto 6.212, que institui o horario de verao 2007/2008 no territorio nacional, esta' disponivel em formato pdf no seguinte endereco: . Diario Oficial da Uniao - Ano CXLIV no. 187 - 27 de setembro de 2007 https://www.in.gov.br/imprensa/jsp/jsp/jornaiscompletos/visualizacao/pdf/visualiza_pdf.jsp?jornal=do&secao=1&pagina=01&data=27/09/2007 Mais informacoes sobre o horario de verao podem ser obtidos nos seguintes Alertas do CAIS: . Alteracoes de configuracao necessarias para o Horario de Verao 2007/2008 Alerta do CAIS 20071005 [CAIS, 05.10.2007] http://www.rnp.br/cais/alertas/2007/cais-alr-20071005.html . Inicio do Horario de Verao 2007/2008 Alerta do CAIS 20070927 [CAIS, 27.09.2007] http://www.rnp.br/cais/alertas/2007/cais-alr-20070927.html O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBR7CXj+kli63F4U8VAQFP1QQAkYbJnb6C3IXT+NPVRAgKksCyH8xiOWfc d2ROiRPEXLBeWWQscnFo7T1KEziaPvERr7ndQLTvn7mVYMQqo7Eghvs1nTa83KqB 3MgFGauOIuTq5HipqsS+wKKNc5fWMf+tCFc2HWRdXdtg9GFwxiSTQgwwJRv7tWce Bj7MF7n3QJA= =v06H -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 13 09:04:17 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 09:04:17 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidades no Adobe Reader sendo exploradas (SA28802) Message-ID: <20080213110417.GB61505@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidades no Adobe Reader sendo exploradas (SA28802) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Mon, 11 Feb 2008 16:46:08 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Secunia, intitulado "SA28802 - Adobe Reader/Acrobat Multiple Vulnerabilities", que trata de multiplas vulnerabilidades que afetam o leitor de arquivos pdf Adobe Reader. Segundo informacoes disponiveis as vulnerabilidades estao sendo exploradas no momento, o que pode levar o sistema a uma condicao de negacao de servico (DoS) ou mesmo resultar na infeccao do sistema por uma variante do trojan Zonebac. A exploracao ocorre atraves do acesso a paginas web maliciosas que possuem um banner com um arquivo pdf (1.pdf no caso reportado). Sistemas afetados: . Adobe Reader 8.1.1 e anteriores . Adobe Acrobat Professional 8.1.1 e anteriores . Adobe Acrobat 3D 8.1.1 e anteriores . Adobe Acrobat 8.1.1 e anteriores Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Adobe Reader 8.1.2 http://www.adobe.com/go/getreader . Adobe Acrobat 8.1.2 http://www.adobe.com/support/downloads/detail.jsp?ftpID=3849 . Adobe Acrobat 3D 8.1.2 http://www.adobe.com/support/downloads/detail.jsp?ftpID=3850 . Adobe 8 para sistemas Mac http://www.adobe.com/support/downloads/detail.jsp?ftpID=3856 Mais informacoes: . SA28802 - Adobe Reader/Acrobat Multiple Vulnerabilities http://secunia.com/advisories/28802/ . iDefense Labs: Adobe Reader and Acrobat Multiple Stack-based Buffer Overflow Vulnerabilities http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657 . iDefense Labs: Adobe Reader and Acrobat JavaScript Insecure Method Exposure Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=656 . iDefense Labs: Adobe Reader Security Provider Unsafe Libary Path Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=655 . SANS ISC Handler's Diary 2008-02-08: Multiple vulnerabilities in commonly used client software http://isc.sans.org/diary.html?storyid=3955 . SANS ISC Handler's Diary 2008-02-09: Adobe Reader exploit in the wild http://isc.sans.org/diary.html?storyid=3958 . Adobe Security Advisory: Security update available for Adobe Reader and Acrobat 8 (APSA08-01) http://www.adobe.com/support/security/advisories/apsa08-01.html Identificador CVE (http://cve.mitre.org): CVE-2007-5666, CVE-2007-5663, CVE-2007-5659 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBR7CX+ekli63F4U8VAQHRmwP8Czqf5vJZqxx2Yr4L0UIES54EJ6YS0q/5 sGFTutUxEELquTElrD+Z3U9Xaa3UE/lN5Guq8jwKafXbgr8bWgXTNfWyRiqJ+x8h S01pwPqs0BLRkErV1U7evbq05cKGEDT5d+GYqhgZvY3/PDHktnswcj7WQliLD+7K 2+gP/f6FcNQ= =RB5K -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 13 09:57:49 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 09:57:49 -0200 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA08-043A -- Adobe Reader and Acrobat Vulnerabilities Message-ID: <20080213115749.GC61574@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA08-043A -- Adobe Reader and Acrobat Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 12 Feb 2008 09:51:48 -0500 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-043A Adobe Reader and Acrobat Vulnerabilities Original release date: February 12, 2008 Last revised: -- Source: US-CERT Systems Affected * Adobe Reader version 8.1.1 and earlier * Adobe Acrobat Professional, 3D, and Standard versions 8.1.1 and earlier Overview Adobe has released Security advisory APSA08-01 to address multiple vulnerabilities affecting Adobe Reader and Acrobat. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code. I. Description Adobe Security advisory APSA08-01 addresses a number of vulnerabilities affecting the Adobe Acrobat family of products, including Adobe Reader. Acrobat versions 8.1.1 and earlier are affected. Further details are available in the US-CERT Vulnerability Notes Database. An attacker could exploit these vulnerabilities by convincing a user to load a specially crafted Adobe Portable Document Format (PDF) file. Acrobat integrates with popular web browsers, and visiting a web site is usually sufficient to cause Acrobat to load PDF content. At least one of these vulnerabilities is being actively exploited. The SANS Internet Storm Center Handler's Diary contains more information. II. Impact The impacts of these vulnerabilities vary. The most severe of these vulnerabilities allows a remote attacker to execute arbitrary code. III. Solution Upgrade Upgrade Adobe Reader or Acrobat to version 8.1.2 according to the information in Adobe Security advisory APSA08-01. Disable web browser display for PDF documents Preventing PDF documents from opening inside a web browser may mitigate this vulnerability. Applying the following workaround in conjunction with upgrading may prevent similar vulnerabilities from being automatically exploited. To prevent PDF documents from automatically being opened in a web browser with Acrobat or Reader: 1. Open Adobe Acrobat or Adobe Reader. 2. Open the Edit menu. 3. Choose the Preferences option. 4. Choose the Internet section. 5. De-select the "Display PDF in browser" check box. Disable automatic opening of PDF documents in Microsoft Internet Explorer To disable automatic opening of PDF files in Microsoft Internet Explorer (IE), a second step is required. To configure IE to prompt before opening a PDF file, disable the "Display PDF in browser" feature (as described above) and then make the following changes to the Windows registry: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Disable JavaScript in Adobe Reader and Acrobat Disabling JavaScript in Adobe Reader and Acrobat may prevent this vulnerability from being exploited. In Acrobat Reader, JavaScript can be disabled in the General preferences dialog (Edit --> Preferences --> JavaScript, de-select Enable Acrobat JavaScript). IV. References * US-CERT Vulnerability Notes for Adobe Security advisory APSA08-01 - * Securing Your Web Browser - * Adobe Security Advisory APSA08-01 - * Adobe Reader 8.1.2 Release Notes - * SANS Internet Storm Center Handler's Diary - * Configuring Windows Explorer - Registry EditFlags - * Internet Explorer Opens .exe Files Instead of Downloading Them - * Office Documents opening in IE - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA08-043A Feedback VU#666281" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History February 12, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR7GpKvRFkHkM87XOAQLYfwf9EXuDalc6LTL67Y8B10IOYyOokKTVoU6S KELfTOOutRM4mZB0RFaqR1baphSya2T4mt6Zt+52pJzVga2bKkifvHIgY4kQ0sgA 2Le9xiBd+9ZQGglcEVn0QlUl9FazFp5bQNC3gRtobxCAKz0ERUy9hznjk6mFqcJG xYvVuYf3NauoaLGFBqg59XFpXyjLzN67vNKqsOE8FXX9eOjzqEGS78FTi3BM2/fW JZeLe8zqn4WAOqCgqvUwotqi1rFvD97xwkh6w890Mspgku0nbCV3ZptLTHRSwLg4 5SIApXzuxRx2OntUyCMYYuhNnODlAGlT2RfO6Wtkes1E+8c1cscaag== =zk0E -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 13 09:58:16 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 09:58:16 -0200 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA08-043B -- Apple Updates for Multiple Vulnerabilities Message-ID: <20080213115816.GD61574@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA08-043B -- Apple Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 12 Feb 2008 14:29:27 -0500 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-043B Apple Updates for Multiple Vulnerabilities Original release date: February 12, 2008 Last revised: -- Source: US-CERT Systems Affected * Apple Mac OS X versions prior to and including 10.4.11 and 10.5.1 * Apple Mac OS X Server versions prior to and including 10.4.11 and 10.5.1 These vulnerabilities affect both Intel and PowerPC platforms Overview Apple has released Security Update 2008-001 and OS X version 10.5.2 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service. I. Description Apple Security Update 2008-001 and Apple Mac OS X version 10.5.2 address a number of vulnerabilities affecting Apple Mac OS X and OS X Server versions prior to and including 10.4.11 and 10.5.1. Further details are available in the US-CERT Vulnerability Notes Database. The update also addresses vulnerabilities in other vendors' products that ship with Apple OS X or OS X Server. These products include Samba and X11. II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, and denial of service. III. Solution Install updates from Apple Install Apple Security Update 2008-001 or Apple Mac OS X version 10.5.2. These and other updates are available via Software Update or via Apple Downloads. IV. References * US-CERT Vulnerability Notes for Apple Security Update 2008-001 - * About the security content of Mac OS X 10.5.2 and Security Update2008-001 - * About the Mac OS X 10.5.2 Update - * Mac OS X: Updating your software - * Apple - Support - Downloads - * X.org Foundataion Security Advisories - * Samba Security Releases - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA08-043B Feedback VU#774345" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History February 12, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg jMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp /1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO PPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet r7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9 SAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug== =qwP5 -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 13 09:58:41 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 09:58:41 -0200 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA08-043C -- Microsoft Updates for Multiple Vulnerabilities Message-ID: <20080213115841.GE61574@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA08-043C -- Microsoft Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 12 Feb 2008 17:58:40 -0500 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-043C Microsoft Updates for Multiple Vulnerabilities Original release date: February 12, 2008 Last revised: February 12, 2008 Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer * Microsoft Office * Microsoft Visual Basic * Microsoft Internet Information Services (IIS) Overview Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Office, Visual Basic and Internet Information Services (IIS). Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, gain elevated privileges, or crash a vulnerable system. I. Description Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, Office, Visual Basic and Internet Information Services (IIS) as part of the Microsoft Security Bulletin Summary for February 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database. II. Impact A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a denial of service. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the February 2008 security bulletins. The security bulletins describe any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * US-CERT Vulnerability Notes for Microsoft February 2008 updates - * Microsoft Security Bulletin Summary for February 2008 - * Microsoft Update - * Windows Server Update Services - _________________________________________________________________ The most recent version of this document can be found at: _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA08-043C Feedback VU#104665" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . _________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: _________________________________________________________________ Revision History February 12, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR7IkKvRFkHkM87XOAQIMdgf/Z4QINqEeDeTdbKj9Jn4K+v5WKr+GWL0R J3C7PfJyQvqnl0ctnqF4DOBvi8xgPXWuhCqh6XEgi7ImkJVxI8HPpy1gj8K9YC5J ZDidLPOPvo3suzeEw3pNX/9oN9sOSsvCxwkzgq3cw7e3/vh69zLJWEg3Mz5Vc0UC lU8u4HLMpDFXzn2NA3/YlTDyc45OV3Z5LCA8GHkqIBzZLZUtprIjIeXBOxbY3pqw Ac9f8FB5c88PHW8+34pXmzt7QXuynW+8yrCuApIc0ZduUpB1+7Pi1aVmDwxxGdSz GUP3Ue8minBwUIyBn3h1jxUwO7nADPToVVLHj8fwHaFXvoNQha8iKg== =imPA -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 13 10:16:15 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 10:16:15 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Active Directory (MS08-003) Message-ID: <20080213121615.GF61574@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Active Directory (MS08-003) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 12 Feb 2008 17:53:45 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-003 - Vulnerability in Active Directory Could Allow Denial of Service (946538)", que trata de uma vulnerabilidade recem-descoberta no Active Directory. A vulnerabilidade existe devido a validacao incorreta de solicitacoes LDAP especialmente montadas. Caso um atacante consiga explorar com sucesso esta vulnerabilidade, ele podera levar o sistema a uma condicao de negacao de servico (DoS). Esta vulnerabilidade tambem esta presente em implementacoes do Active Directory Application Mode (ADAM) quando instalado em Windows XP e Windows Server 2003. O Active Directory e' responsavel por centralizar a autenticacao e autorizacao para servicos entre computadores que utilizam o Microsoft Windows e LDAP (Lightweight Directory Access Protocol) e' um protocolo para acesso ao Active Directory. Sistemas afetados: . Microsoft Windows 2000 Server Service Pack 4 (Active Directory) . Windows XP Professional Service Pack 2 (ADAM) . Windows XP Professional x64 Edition (ADAM) . Windows XP Professional Edition Service Pack 2 (ADAM) . Windows Server 2003 Service Pack 1 (Active Directory) . Windows Server 2003 Service Pack 2 (Active Directory) . Windows Server 2003 Service Pack 1 (ADAM) . Windows Server 2003 Service Pack 2 (ADAM) . Windows Server 2003 x64 Edition (Active Directory) . Windows Server 2003 x64 Edition Service Pack 2 (Active Directory) . Windows Server 2003 x64 Edition (ADAM) . Windows Server 2003 x64 Edition Service Pack 2 (ADAM) . Windows Server 2003 com SP1 para sistemas baseados em Itanium (Active Directory) . Windows Server 2003 com SP2 para sistemas baseados em Itanium (Active Directory) Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows 2000 Server Service Pack 4 (Active Directory) http://www.microsoft.com/downloads/details.aspx?FamilyID=9df0875d-0466-4974-b4c0-1ecc777173b1 . Windows XP Professional Service Pack 2 (ADAM) http://www.microsoft.com/downloads/details.aspx?FamilyID=bff7dcb9-5d00-442e-b03c-ce923d213faa . Windows XP Professional x64 Edition (ADAM) http://www.microsoft.com/downloads/details.aspx?FamilyID=36e36e1a-ed0d-45a6-b707-766fabc01fbd . Windows XP Professional Edition Service Pack 2 (ADAM) http://www.microsoft.com/downloads/details.aspx?FamilyID=36e36e1a-ed0d-45a6-b707-766fabc01fbd . Windows Server 2003 Service Pack 1 (Active Directory) http://www.microsoft.com/downloads/details.aspx?FamilyID=63d3d784-f057-4686-b85e-ab5fbab5a722 . Windows Server 2003 Service Pack 2 (Active Directory) http://www.microsoft.com/downloads/details.aspx?FamilyID=63d3d784-f057-4686-b85e-ab5fbab5a722 . Windows Server 2003 Service Pack 1 (ADAM) http://www.microsoft.com/downloads/details.aspx?FamilyID=60781cf3-7c6d-4795-a9d0-bc18ee356e94 . Windows Server 2003 Service Pack 2 (ADAM) http://www.microsoft.com/downloads/details.aspx?FamilyID=60781cf3-7c6d-4795-a9d0-bc18ee356e94 . Windows Server 2003 x64 Edition (Active Directory) http://www.microsoft.com/downloads/details.aspx?FamilyID=60781cf3-7c6d-4795-a9d0-bc18ee356e94 . Windows Server 2003 x64 Edition Service Pack 2 (Active Directory) http://www.microsoft.com/downloads/details.aspx?FamilyID=60781cf3-7c6d-4795-a9d0-bc18ee356e94 . Windows Server 2003 x64 Edition (ADAM) http://www.microsoft.com/downloads/details.aspx?FamilyID=5e97698d-8150-44f9-9d34-87a0db6ba5a7 . Windows Server 2003 x64 Edition Service Pack 2 (ADAM) http://www.microsoft.com/downloads/details.aspx?FamilyID=5e97698d-8150-44f9-9d34-87a0db6ba5a7 . Windows Server 2003 com SP1 para sistemas baseados em Itanium (Active Directory) http://www.microsoft.com/downloads/details.aspx?FamilyID=eda8af09-1a4c-4163-a8bb-97dacdebeae4 . Windows Server 2003 com SP2 para sistemas baseados em Itanium (Active Directory) http://www.microsoft.com/downloads/details.aspx?FamilyID=eda8af09-1a4c-4163-a8bb-97dacdebeae4 Mais informacoes: . MS08-003 - Vulnerability in Active Directory Could Allow Denial of Service (946538) http://www.microsoft.com/technet/security/bulletin/ms08-003.mspx . SANS ISC Handler's Diary 2008-02-12: February Black Tuesday overview http://isc.incidents.org/diary.html?storyid=3973 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-0088 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBR7H5V+kli63F4U8VAQFb4wP/aUdGY4lFpcHsBdKeIOjbM0ZdPoag0GVp tae9X0C+xVxJ3sYDPta0RB07St4S0Th4jVI/gdGPMMQbZIplZ5aZEAE0YqUhodYV jnxFs9ZL5DaXwTWAePBPh0qTjrIWh2feEefGRdC2bvRLpCiB1SlVwYs9ie2wwBwv v5HjR1w7dtU= =8Zxj -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 13 10:17:15 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 10:17:15 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Windows TCP/IP (MS08-004) Message-ID: <20080213121714.GG61574@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Windows TCP/IP (MS08-004) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 12 Feb 2008 17:56:09 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-004 - Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)", que trata de uma vulnerabilidade recem-descoberta no processamento do Transmission Control Protocol/Internet Protocol (TCP/IP). A vulnerabilidade existe devido `a maneira como sao manipulados pacotes TCP/IP recebidos de servidores DHCP. Caso um atacante consiga explorar com sucesso esta vulnerabilidade, ele podera levar o sistema a uma condicao de negacao de servico (DoS) ou mesmo podera fazer com que o sistema reinicie automaticamente. O servico DHCP (Dynamic Host Configuration Protocol) permite que um equipamento obtenha de um servidor as configuracoes de enderecamento IP necessarias para operar corretamente conectado `a rede. Sistemas afetados: . Windows Vista . Windows Vista x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Windows Vista http://www.microsoft.com/downloads/details.aspx?familyid=8ce9608b-7049-47cd-adc4-22a803877d33 . Windows Vista x64 Edition http://www.microsoft.com/downloads/details.aspx?familyid=d7b9c3d1-9c23-4e05-bac6-d0b327feaf53 Mais informacoes: . MS08-004 - Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456) http://www.microsoft.com/technet/security/bulletin/ms08-004.mspx . SANS ISC Handler's Diary 2008-02-12: February Black Tuesday overview http://isc.incidents.org/diary.html?storyid=3973 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-0084 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBR7H6Cukli63F4U8VAQEgKAP+PKxKAEtwBkJW3xEWVXZzZzbnQLD5GPDq FlOwJ/aXYrFNGH3krQOetTEWrhl6xVcG+k1f6aejW5+IhZi5lDf2vxT5k73dxjNt ymL9hGjg8RGETtU8hI0opn7Wj7A8In1k9LuUgJZj+bSBJWxRp1BdXZ79e2vhupGx RNYAzRjRtac= =cDkF -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 13 10:19:32 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 10:19:32 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Internet Information Services (MS08-005) Message-ID: <20080213121932.GH61574@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Internet Information Services (MS08-005) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 12 Feb 2008 17:59:22 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-005 - Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)", que trata de uma vulnerabilidade recem-descoberta no Internet Information Services (IIS). Uma vulnerabilidade de elevacao de privilegios existe no IIS devido a maneira com que este manipula notificacoes sobre modificacoes em arquivos dentro das pastas FTPRoot, NNTPFile\Root e WWWRoot. Caso um atacante consiga explorar com sucesso esta vulnerabilidade, ele podera obter o controle total sobre o sistema afetado. Sistemas afetados: . Microsoft Windows 2000 Service Pack 4 (IIS 5.0) . Windows XP Professional Service Pack 2 (IIS 5.1) . Windows XP Professional x64 Edition (IIS 5.1) . Windows XP Professional x64 Edition Service Pack 2 (IIS 5.1) . Windows Server 2003 Service Pack 1 (IIS 6.0) . Windows Server 2003 Service Pack 2 (IIS 6.0) . Windows Server 2003 x64 Edition (IIS 6.0) . Windows Server 2003 x64 Edition Service Pack 2 (IIS 6.0) . Windows Server 2003 com SP1 para sistemas baseados em Itanium (IIS 6.0) . Windows Server 2003 com SP2 para sistemas baseados em Itanium (IIS 6.0) . Windows Vista (IIS 7.0) . Windows Vista x64 Edition (IIS 7.0) Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em : . Microsoft Windows 2000 Service Pack 4 (IIS 5.0) http://www.microsoft.com/downloads/details.aspx?familyid=b24f34fb-40b9-4aa5-b5ac-e3f0a6062753 . Windows XP Professional Service Pack 2 (IIS 5.1) http://www.microsoft.com/downloads/details.aspx?familyid=73d24fcf-bea9-4b13-9f1c-4e068c53a4ae . Windows XP Professional x64 Edition (IIS 5.1) http://www.microsoft.com/downloads/details.aspx?familyid=103a6bc0-034a-443d-b1d4-81117820dcb2 . Windows XP Professional x64 Edition Service Pack 2 (IIS 5.1) http://www.microsoft.com/downloads/details.aspx?familyid=103a6bc0-034a-443d-b1d4-81117820dcb2 . Windows Server 2003 Service Pack 1 (IIS 6.0) http://www.microsoft.com/downloads/details.aspx?familyid=516ef8e8-3cb6-4660-b771-3c7f66917a11 . Windows Server 2003 Service Pack 2 (IIS 6.0) http://www.microsoft.com/downloads/details.aspx?familyid=516ef8e8-3cb6-4660-b771-3c7f66917a11 . Windows Server 2003 x64 Edition (IIS 6.0) http://www.microsoft.com/downloads/details.aspx?familyid=e24fb33c-67b9-4ed4-9317-b5fd535d005a . Windows Server 2003 x64 Edition Service Pack 2 (IIS 6.0) http://www.microsoft.com/downloads/details.aspx?familyid=e24fb33c-67b9-4ed4-9317-b5fd535d005a . Windows Server 2003 com SP1 para sistemas baseados em Itanium (IIS 6.0) http://www.microsoft.com/downloads/details.aspx?familyid=5a4a6083-8c67-4403-8e20-7f2b82178124 . Windows Server 2003 com SP2 para sistemas baseados em Itanium (IIS 6.0) http://www.microsoft.com/downloads/details.aspx?familyid=5a4a6083-8c67-4403-8e20-7f2b82178124 . Windows Vista (IIS 7.0) http://www.microsoft.com/downloads/details.aspx?familyid=8c7018ec-ae80-4a30-93fc-0f7386732514 . Windows Vista x64 Edition (IIS 7.0) http://www.microsoft.com/downloads/details.aspx?familyid=4de2fffc-5793-4acf-98ee-1b801e59ae39 Mais informacoes: . MS08-005 - Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831) http://www.microsoft.com/technet/security/bulletin/ms08-005.mspx . SANS ISC Handler's Diary 2008-02-12: February Black Tuesday overview http://isc.incidents.org/diary.html?storyid=3973 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-0074 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBR7H6oukli63F4U8VAQEEmgP+K4gdVCjSsrx7zemJ4FIrp5b6sj7xyXZD zIvhs7BSKuUOXh1hv9c7N/hCPZtULWydhl8EofZUNfC/tUhDB9UYG9jaM999/CGx ke5wyrYZAFk17FfCzjIeLORV0fUa2uPyeZKq8Q1OKJC6tGoVUBFyAdWxLoZXLZN2 QqQ3PXhDCUQ= =sOJ5 -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 13 10:21:05 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 10:21:05 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Internet Information Services (MS08-006) Message-ID: <20080213122104.GI61574@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Internet Information Services (MS08-006) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 12 Feb 2008 18:01:14 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-006 - Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)", que trata de uma vulnerabilidade recem-descoberta no Internet Information Services (IIS). A vulnerabilidade existe devido `a maneira incorreta como o IIS manipula a entrada de dados em paginas desenvolvidas utilizando-se a linguagem ASP. Caso um atacante consiga explorar com sucesso esta vulnerabilidade, ele podera executar remotamente codigo malicioso no servidor IIS com as mesmas permissoes do "Worker Process Identity (WPI)", que por padrao e' configurado com os privilegios da conta "Network Service". Sistemas afetados: . Windows XP Professional Service Pack 2 (IIS 5.1) . Windows XP Professional x64 Edition (IIS 6.0) . Windows XP Professional x64 Edition Service Pack 2 (IIS 6.0) . Windows Server 2003 Service Pack 1 (IIS 6.0) . Windows Server 2003 Service Pack 2 (IIS 6.0) . Windows Server 2003 x64 Edition (IIS 6.0) . Windows Server 2003 x64 Edition Service Pack 2 (IIS 6.0) . Windows Server 2003 com SP1 para sistemas baseados em Itanium (IIS 6.0) . Windows Server 2003 com SP2 para sistemas baseados em Itanium (IIS 6.0) Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em : . Windows XP Professional Service Pack 2 (IIS 5.1) http://www.microsoft.com/downloads/details.aspx?FamilyID=2b498065-d682-4227-b23e-d234d7d6a3fe . Windows XP Professional x64 Edition (IIS 6.0) http://www.microsoft.com/downloads/details.aspx?FamilyID=df9875f7-04d6-486e-bdb5-35e9e305fa1d . Windows XP Professional x64 Edition Service Pack 2 (IIS 6.0) http://www.microsoft.com/downloads/details.aspx?FamilyID=df9875f7-04d6-486e-bdb5-35e9e305fa1d . Windows Server 2003 Service Pack 1 (IIS 6.0) http://www.microsoft.com/downloads/details.aspx?FamilyID=6583e798-d16d-419c-aee1-30c3e6c635b3 . Windows Server 2003 Service Pack 2 (IIS 6.0) http://www.microsoft.com/downloads/details.aspx?FamilyID=6583e798-d16d-419c-aee1-30c3e6c635b3 . Windows Server 2003 x64 Edition (IIS 6.0) http://www.microsoft.com/downloads/details.aspx?familyid=e8286174-8209-409f-8805-e534715a741c . Windows Server 2003 x64 Edition Service Pack 2 (IIS 6.0) http://www.microsoft.com/downloads/details.aspx?familyid=e8286174-8209-409f-8805-e534715a741c . Windows Server 2003 com SP1 para sistemas baseados em Itanium (IIS 6.0) http://www.microsoft.com/downloads/details.aspx?familyid=29faa70d-f1ac-4da4-b72a-faf1973cd845 . Windows Server 2003 com SP2 para sistemas baseados em Itanium (IIS 6.0) http://www.microsoft.com/downloads/details.aspx?familyid=29faa70d-f1ac-4da4-b72a-faf1973cd845 Mais informacoes: . MS08-006 - Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830) http://www.microsoft.com/technet/security/bulletin/ms08-006.mspx . SANS ISC Handler's Diary 2008-02-12: February Black Tuesday overview http://isc.incidents.org/diary.html?storyid=3973 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-0075 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBR7H7Dukli63F4U8VAQHCTAP/XUv7ARoAPtfrjtbXx7eZUebaFBoylDOc HoRY0n7EDH/XFjQYPPN0Fj6PTLiIRKXbFzQzJjp7iJLdKTnwLlfgvjKKMwC4Ar8W GuDjBibGwLJecEKNfTxxV4P3dEtfbL5MKPQYAIRJ+aAyTmzcMX3unQFjFyDFE2zf 49e2/+ezWQQ= =6Zny -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 13 10:22:02 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 10:22:02 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no WebDAV (MS08-007) Message-ID: <20080213122202.GJ61574@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no WebDAV (MS08-007) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 12 Feb 2008 18:02:40 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-007 - Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)", que trata de uma vulnerabilidade no cliente de redirecionamento do WebDAV. O WebDAV � uma extensao ao protocolo HTTP que define funcoes para edicao remota de paginas web. O mini redirecionador WebDAV permite que diretorios remotos em um servidor web sejam mapeados localmente como diretorios compartilhados. Existe uma vulnerabilidade de estouro de heap na forma como o mini redirecionador WebDAV processa respostas de um servidor. Um atacante pode criar respostas maliciosas para explorar essa vulnerabilidade e executar codigo remotamente na maquina afetada, e com isso obter controle total sobre o sistema. Sistemas afetados: . Windows XP Service Pack 2 . Windows XP Professional x64 Edition . Windows XP Professional x64 Edition Service Pack 2 . Windows Server 2003 Service Pack 1 . Windows Server 2003 Service Pack 2 . Windows Server 2003 x64 Edition . Windows 2003 Server x64 Edition Service Pack 2 . Windows Server 2003 com SP1 para sistemas baseados em Itanium . Windows Server 2003 com SP2 para sistemas baseados em Itanium . Windows Vista . Windows Vista x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=afeef3ec-6160-4c1d-94bd-0bfce641d0a2 . Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyID=15b7d1c4-4ef4-47b2-9e3b-22eafbdb90d8 . Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyID=15b7d1c4-4ef4-47b2-9e3b-22eafbdb90d8 . Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyID=b7e725bf-7248-4119-aca5-b7d502c09cfc . Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyID=b7e725bf-7248-4119-aca5-b7d502c09cfc . Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyID=8af82f86-731c-46a0-a025-b62447e2af38 . Windows 2003 Server x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyID=8af82f86-731c-46a0-a025-b62447e2af38 . Windows Server 2003 com SP1 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyID=bca224db-fe0e-411d-a948-1c776ce974f3 . Windows Server 2003 com SP2 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyID=bca224db-fe0e-411d-a948-1c776ce974f3 . Windows Vista http://www.microsoft.com/downloads/details.aspx?FamilyID=ba7a2b42-1c89-45e5-b8a6-049fa500c03a . Windows Vista x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyID=45962232-af78-42cb-bfa0-9ce7de199585 Mais informacoes: . MS08-007 - Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026) http://www.microsoft.com/technet/security/bulletin/ms08-007.mspx . SANS ISC Handler's Diary 2008-02-12: February Black Tuesday overview http://isc.incidents.org/diary.html?storyid=3973 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-0080 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBR7H7ZOkli63F4U8VAQGf7AQAsCz8uEXcx4mHuSnpw3/351zSw88Gt2iK Cr0bfcxlDMuqUKhfCLnpqysbt0SKA+EWP1rBJS89z/bjymAabINwlKxBySD9oL+3 gj7HFQkgBOCY6oLoB1OOyqhoEqsO2XgmG0q74j+u+0/4i8iiusJ+c2BQ76KCT0pB rpX/vwWBJW8= =RLa5 -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 13 10:23:14 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 10:23:14 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade na Automacao OLE (MS08-008) Message-ID: <20080213122313.GK61574@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade na Automacao OLE (MS08-008) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 12 Feb 2008 18:03:41 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-008 - Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)", que trata de uma vulnerabilidade encontrada no protocolo de automacao OLE. O protocolo de automacao OLE e' uma biblioteca de funcoes que permite a comunicacao entre programas. Existe uma vulnerabilidade no gerenciamento de memoria de scripts executados, que permite a um atacante remoto a execucao de codigo malicioso. Caso o atacante consiga executar o codigo, podera' obter acesso ao sistema com as permissoes do usuario conectado. Se o usuario conectado no sistema vulneravel tiver permissoes de administrador, o atacante podera' obter o controle total sobre o sistema. Para explorar essa vulnerabilidade, o atacante precisa induzir a vitima a acessar uma pagina web especialmente construida. Sistemas afetados: . Microsoft Windows 2000 Service Pack 4 . Windows XP Service Pack 2 . Windows XP Professional x64 Edition . Windows XP Professional x64 Edition Service Pack 2 . Windows Server 2003 Service Pack 1 . Windows Server 2003 Service Pack 2 . Windows Server 2003 x64 Edition . Windows Server 2003 x64 Edition Service Pack 2 . Windows Server 2003 com SP1 para sistemas baseados em Itanium . Windows Server 2003 com SP2 para sistemas baseados em Itanium . Windows Vista . Windows Vista x64 Edition . Microsoft Office 2004 para Mac . Microsoft Visual Basic 6.0 Service Pack 6 Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=93b3d0a3-2091-405e-8dd4-10f20dc2be7f . Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=5c331a3a-93e0-42e4-9cd1-4e32ebdda38d . Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=e0a15967-7184-4194-8edb-81760e440604 . Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=e0a15967-7184-4194-8edb-81760e440604 . Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=cfa0d5c6-a9b0-4c5c-a651-898e9f900799 . Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=cfa0d5c6-a9b0-4c5c-a651-898e9f900799 . Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=a08e87dc-993b-493b-8af3-be6e98643aeb . Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=a08e87dc-993b-493b-8af3-be6e98643aeb . Windows Server 2003 com SP1 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=5a88522b-ee30-4deb-878b-598e852fd60e . Windows Server 2003 com SP2 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=5a88522b-ee30-4deb-878b-598e852fd60e . Windows Vista http://www.microsoft.com/downloads/details.aspx?FamilyID=c67ec357-0f86-4f7d-9af0-d63d8b765f44 . Windows Vista x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=9137108f-e80b-46f1-b547-82da8fb058bf . Microsoft Office 2004 para Mac http://www.microsoft.com/downloads/details.aspx?FamilyId=36B00C58-192D-488C-A069-730C69F0B6B0 . Microsoft Visual Basic 6.0 Service Pack 6 http://www.microsoft.com/downloads/details.aspx?FamilyID=C96420A9-7436-4625-9649-75F1514B0FE3 Mais informacoes: . MS08-008 - Vulnerability in OLE Automation Could Allow Remote Code Execution (947890) http://www.microsoft.com/technet/security/bulletin/ms08-008.mspx . SANS ISC Handler's Diary 2008-02-12: February Black Tuesday overview http://isc.incidents.org/diary.html?storyid=3973 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2007-0065 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBR7H7oukli63F4U8VAQE5AgP8DLL0UPm2mi7ocDkabsP2OeDqnitgCRuD Zq8npNShUwYimo8zcgC3c7foXuMyExTu6k1f4i2US54YjWHKqcCN455cfNvBQYg5 6BLuNK6l3okg5kkf4yd8ejrjJkXQN3oolCNWIQZIzK0HBgTNRVMVDUT1qRLlC1ju dF3DnIkHifQ= =UXEs -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 13 15:48:28 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 15:48:28 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft Word (MS08-009) Message-ID: <20080213174827.GL61574@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Microsoft Word (MS08-009) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 12 Feb 2008 18:05:04 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-009 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)", que trata de uma vulnerabilidade encontrada Microsoft Word. A vulnerabilidade afeta o modo como o Word processa arquivos de documento especialmente construidos, podendo causar o corrompimento da memoria. Um atacante pode explorar essa vulnerabilidade criando um arquivo de documento Word com valores invalidos, e com isso executar codigo no sistema vulneravel com as permissoes do usuario conectado. Se o usuario conectado tiver permissoes de administrador, o atacante podera' obter controle total sobre o sistema. Sistemas afetados: . Microsoft Office 2000 Service Pack 3 . Microsoft Office XP Service Pack 3 . Microsoft Office 2003 Service Pack 2 . Microsoft Office Word Viewer 2003 Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Office 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=A513069B-8244-48E9-B136-01DDD3862802 . Microsoft Office XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=78C338AA-E410-4422-9E36-562F70D742E9 . Microsoft Office 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=85CB1AA5-211F-4652-827B-2E79B8FFC2FC . Microsoft Office Word Viewer 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=FD4DDECD-ABD6-4783-B300-32B9D4BAD22A Mais informacoes: . MS08-009 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077) http://www.microsoft.com/technet/security/bulletin/ms08-009.mspx . SANS ISC Handler's Diary 2008-02-12: February Black Tuesday overview http://isc.incidents.org/diary.html?storyid=3973 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-0109 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBR7H79ekli63F4U8VAQGrdAQAv+4VdMmcij+Xl1ZuQZayJDaXGkJcglqs FEJlLXOJDbLgo945yLVScKGRiJxNsvqrtCxirZUBLNZth16UMxFWLx/HKjrGrbo+ xC5ME6DwhYS9MgNdxQFkHewzz9kR3TTeVVlk/7HRK3wq3hSZ82zn+BZjXOtuEs15 p4rRSedHARQ= =6K3s -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 13 15:48:51 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 15:48:51 -0200 Subject: [SECURITY-L] CAIS-Alerta: Correcoes de Seguranca Acumulativas para Internet Explorer (MS08-010) Message-ID: <20080213174850.GM61574@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Correcoes de Seguranca Acumulativas para Internet Explorer (MS08-010) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 12 Feb 2008 18:06:30 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-010 - Cumulative Security Update for Internet Explorer (944533)", que trata de quatro vulnerabilidades identificadas no navegador Internet Explorer. A vulnerabilidade mais critica permite a execucao remota de codigo caso um usuario abra uma pagina Web maliciosa com um navegador Internet Explorer afetado. Usuarios cujas contas tenham menos privilegios no sistema podem sofrer menos impacto. As atualizacoes deste boletim substituem as do boletim MS07-069, divulgado em Dezembro de 2007. Sistemas afetados: . Internet Explorer 5.01 e Internet Explorer 6 Service Pack 1 - Microsoft Windows 2000 Service Pack 4 - Microsoft Windows 2000 Service Pack 4 . Internet Explorer 6 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 1 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 com SP1 para sistemas baseados em Itanium - Windows Server 2003 com SP2 para sistemas baseados em Itanium . Internet Explorer 7 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 1 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 com SP1 para sistemas baseados em Itanium - Windows Server 2003 com SP2 para sistemas baseados em Itanium - Windows Vista - Windows Vista x64 Edition Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Internet Explorer 5.01 e Internet Explorer 6 Service Pack 1 - Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=1032A039-468B-4C5F-8C1C-5E54C2832E41 - Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=87E66DCE-5060-4814-8754-829B4E190359 . Internet Explorer 6 - Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=BB2AA3CB-021F-4890-AB20-2A51F8E17554 - Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=8989F576-8B30-4866-90EC-929D24F3B409 - Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=8989F576-8B30-4866-90EC-929D24F3B409 - Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=429B7ED1-FE78-459A-B834-D0F3C69CB703 - Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=429B7ED1-FE78-459A-B834-D0F3C69CB703 - Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=E989E23C-38BB-4FE7-A830-D7BDF7659392 - Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=E989E23C-38BB-4FE7-A830-D7BDF7659392 - Windows Server 2003 com SP1 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=5A097F7A-B696-48D0-B13F-337C5FD14E24 - Windows Server 2003 com SP2 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=5A097F7A-B696-48D0-B13F-337C5FD14E24 . Internet Explorer 7 - Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=D4AA293A-6332-4C6C-B128-876F516BD030 - Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=B72AF1B6-6E23-4005-AEF6-82195B380153 - Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=B72AF1B6-6E23-4005-AEF6-82195B380153 - Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=B2AA6562-881E-4FD6-BE1B-53426A0FF4A9 - Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=B2AA6562-881E-4FD6-BE1B-53426A0FF4A9 - Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=4BB99AFC-BE14-4F2E-9570-B7FE09E39131 - Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=4BB99AFC-BE14-4F2E-9570-B7FE09E39131 - Windows Server 2003 com SP1 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=6FA80E2C-5E91-4B33-ACD9-33F156660AE7 - Windows Server 2003 com SP2 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=6FA80E2C-5E91-4B33-ACD9-33F156660AE7 - Windows Vista http://www.microsoft.com/downloads/details.aspx?FamilyId=0DE25B98-F443-4874-A06F-4DAAE14C16B0 - Windows Vista x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=C08EBBE7-639B-4EA2-8304-FAB531930ABF Mais informacoes: . MS08-010 - Cumulative Security Update for Internet Explorer (944533) http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx . SANS ISC Handler's Diary 2008-02-12: February Black Tuesday overview http://isc.incidents.org/diary.html?storyid=3973 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2007-4790, CVE-2008-0078, CVE-2008-0077, CVE-2008-0076 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBR7H8S+kli63F4U8VAQGgxgQAuT1+j2YBysJeXMZaNOlXVl43C3XGz353 Uty1u/7TiqAXtrCsJkfMCsO79uFCAYxtPg9YGoL0DHjPN6O0xXXczjDdK0yB71ZX KIBcftKB0zoAi7EOrmFhI3W1PWWP6bTzQ030dJGIXui9TVwGqVyjnk7vitp/NRTc iJn8i0ZvOw0= =6kKQ -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 13 15:50:53 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 15:50:53 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no conversor de arquivos do Microsoft Works (MS08-011) Message-ID: <20080213175052.GO61574@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no conversor de arquivos do Microsoft Works (MS08-011) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 12 Feb 2008 18:07:20 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-011 - Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)", que trata de tres vulnerabilidades encontradas no conversor de arquivos do Microsoft Works. As tres vulnerabilidades permitem a execucao de codigo malicioso quando exploradas. Para explorar essas vulnerabilidades um atacante precisa construir um arquivo no formato .wps e induzir o usuario a abri-lo. Caso consiga executar o codigo malicioso, o atacante podera' obter as permissoes do usuario conectado. Se o usuario conectado tiver permissoes de administrador, o atacante podera obter controle total sobre o sistema. Sistemas afetados: . Microsoft Office 2003 Service Pack 2 . Microsoft Office 2003 Service Pack 3 . Microsoft Works 8.0 . Microsoft Works Suite 2005 Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Office 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286 . Microsoft Office 2003 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286 . Microsoft Works 8.0 http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286 . Microsoft Works Suite 2005 http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286 Mais informacoes: . MS08-009 - Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081) http://www.microsoft.com/technet/security/bulletin/ms08-009.mspx . SANS ISC Handler's Diary 2008-02-12: February Black Tuesday overview http://isc.incidents.org/diary.html?storyid=3973 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2007-0216, CVE-2008-0105, CVE-2008-0108 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBR7H8e+kli63F4U8VAQGSJAP/dWVLnXdm/JAegl9EsCbwImJlj2spG47e pzH5LXDGD2U0t0NaTElAdQzqpUhcFNP3m7zzHR35mftX++p4QSIM3GBW2A0fypW3 uBkE/AvrxJ8NRx1hOcwjAtrvjmrdCjvhQCjpquHt23Trw8y1EjxktWkItDwiLrv8 JpyMJUZHO44= =rDft -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 13 15:51:19 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 15:51:19 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft Office Publisher (MS08-012) Message-ID: <20080213175119.GP61574@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Microsoft Office Publisher (MS08-012) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 12 Feb 2008 18:08:24 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-012 - Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)", que trata de duas vulnerabilidades identificadas no Microsoft Office Publisher e que foram reportadas a Microsoft de forma privada. A primeira vulnerabilidade decorre de erro ao validar dados da aplicacao ao carregar em memoria arquivos do Publisher. A segunda vulnerabilidade e' decorrente de erro ao se validar os valores de index. Ambas podem ser exploradas atraves da abertura de arquivos maliciosos no formato .pub permitindo a um atacante a obtencao do controle total sobre o sistema. Sistemas afetados: . Microsoft Office Publisher 2000 parte integrante do Microsoft Office 2000 Service Pack 3 . Microsoft Office Publisher 2002 parte integrante do Microsoft Office XP Service Pack 3 . Microsoft Office Publisher 2003 Service Pack 2 parte integrante do Microsoft Office 2003 Service Pack 2 Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Office Publisher 2000 http://www.microsoft.com/downloads/details.aspx?FamilyId=D8B085FB-858F-4C7E-96DE-EDFF8F49D62A . Microsoft Office Publisher 2002 http://www.microsoft.com/downloads/details.aspx?FamilyId=1135C63A-6CE7-4051-81BA-BFBBA8D857FB . Microsoft Office Publisher 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=7078B952-09F6-4C47-8C05-40667E1F1C3B Mais informacoes: . MS08-012 - Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085) http://www.microsoft.com/technet/security/bulletin/ms08-012.mspx . SANS ISC Handler's Diary 2008-02-12: February Black Tuesday overview http://isc.incidents.org/diary.html?storyid=3973 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-0104, CVE-2008-0102 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBR7H8vOkli63F4U8VAQH1mAP9Hp4//PjY8r/F81ZRNqzbUi/Tp4WSIOcJ +rQt6c2uy7C2Sc2uhA29JE0a6SuNA0o+UMbp/08wr/K0JQqHUIEMciTqumxiPY4E 0Kj/sBfsK4MtYLuLuiW9orGPO3vwmoQVe6QsAL0Xf4RcMmFrz+W5skc8N+9p+KeQ 9RsKiSrS98A= =7Xnu -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Feb 13 15:51:54 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 13 Feb 2008 15:51:54 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft Office (MS08-013) Message-ID: <20080213175154.GQ61574@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Microsoft Office (MS08-013) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 12 Feb 2008 18:09:28 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-013 - Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)", que trata de uma vulnerabilidade encontrada no Microsoft Office e que foi reportada a Microsoft de forma privada. A vulnerabilidade decorre de erro ao manipular a abertura de arquivos e permite a um atacante sua exploracao ao construir um arquivo Word malicioso e induzir o usuario de um sistema afetado a abri-lo, o que permitiria a obtencao do controle total sobre o sistema. Sistemas afetados: . Microsoft Office 2000 Service Pack 3 . Microsoft Office XP Service Pack 3 . Microsoft Office 2003 Service Pack 2 . Microsoft Office 2004 para Mac Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Office 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=5FB74E24-D9EE-4951-9C46-E1C84617F097 . Microsoft Office XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=3E147B1A-F3BE-465F-8587-7F3A33D6A6E5 . Microsoft Office 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=F4AC0F34-4604-4BBE-9669-01DB645041CA . Microsoft Office 2004 para Mac http://www.microsoft.com/downloads/details.aspx?FamilyId=36B00C58-192D-488C-A069-730C69F0B6B0 Mais informacoes: . MS08-013 - Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108) http://www.microsoft.com/technet/security/bulletin/ms08-013.mspx . SANS ISC Handler's Diary 2008-02-12: February Black Tuesday overview http://isc.incidents.org/diary.html?storyid=3973 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-0103 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBR7H8/ukli63F4U8VAQE69AQArLoRyx6B2bfcndHFk5GmuQYn4YlrEzVv 3EHJq0Ef//rzCMCeM/RpDEDui0Nowo9GuNJ9HkgIhEkK970G1Hif2bV8ypSPense HOIh7dsB8iDNHVmJkSWd12n+fvTC/mm23oNlwi6L6ynwn9khKPLqnbDs+RgnszEa 1bA7sheVnXE= =4wSr -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Feb 14 15:53:30 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 14 Feb 2008 15:53:30 -0200 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidades locais no kernel do Linux Message-ID: <20080214175330.GA66266@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidades locais no kernel do Linux To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Wed, 13 Feb 2008 17:25:13 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Security Focus intitulado "Linux Kernel Multiple Prior to 2.6.24.1 Multiple Memory Access Vulnerabilities (Bugtraq ID 27704)", que trata de multiplas vulnerabilidades em diversas versoes do kernel do Linux. Existem multiplas vulnerabilidades no gerenciamento de memoria do kernel do Linux que permitem que um usuario comum leia ou escreva dados em areas arbitrarias da memoria. Se exploradas com sucesso estas vulnerabilidades permitem que o atacante obtenha o controle total sobre o sistema. O CAIS destaca que uma vulnerabilidade local deste tipo e' critica, uma vez que qualquer usuario poderia explora-la. Alem disso, ja' existem codigos maliciosos capazes de explorar essa vulnerabilidade disponiveis publicamente. Vale lembrar que este tipo de ataque local normalmente esta' associado a ataques remotos feitos atraves de vulnerabilidades em outros programas, como aplicativos PHP, servicos publicos ou ataques de forca bruta contra o servico SSH. Apos conseguir acesso ao sistema atraves desses metodos, o atacante pode utilizar as vulnerabilidades locais para conseguir acesso de administrador. Sistemas afetados: . Kernel do Linux 2.6.24.1 e anteriores Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Linux kernel source 2.6.24.2 http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.24.2.tar.bz2 . Para distribuicoes especificas, visite o site de seu fabricante. Versoes do kernel que implementem o patch "grsecurity" e tenham a variavel PAX_MEMORY_UDEREF corretamente configurada nao sao vulneraveis. Alem disso, o codigo comentado na pagina abaixo pode ser utilizado para desabilitar temporariamente a funcao do kernel vulneravel, ate' o proximo reinicio do sistema: . http://article.gmane.org/gmane.linux.debian.devel.kernel/35305 Mais informacoes: . Linux Kernel Multiple Prior to 2.6.24.1 Multiple Memory Access Vulnerabilities http://www.securityfocus.com/bid/27704 . SANS Internet Storm Center Handler's Diary 2008-02-11 Linux Kernel Vulnerability ... 2.6.24.1 and prior http://isc.sans.org/diary.html?storyid=3968 . Linux kernel vulnerability http://archives.neohapsis.com/archives/fulldisclosure/2008-02/0268.html . Redhat Important: kernel security update http://rhn.redhat.com/errata/RHSA-2008-0129.html Identificador CVE (http://cve.mitre.org): CVE-2008-0009, CVE-2008-0010, CVE-2008-0600, CVE-2008-0163 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBR7NEjukli63F4U8VAQH5LQQAwT/rjW2yKK8uKPRZASuaMPQj08agawwG 2kHWyp3QxapiEUdZeoJtRyWbsJrQi6ATd7emOXcuT2fmSjJy24OiLRYF3v555SNf X6g6VZFSo5qVfyIa7fck3HvNM2CbjjISgD4Tv62u4LUNoJTk5renhqZM+csGNlIa hpIULeCNWV8= =ecm7 -----END PGP SIGNATURE----- ----- End forwarded message -----