From security em unicamp.br Fri Jul 11 16:02:33 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 11 Jul 2008 16:02:33 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA08-189A -- Microsoft Office Snapshot Viewer ActiveX Vulnerability Message-ID: <20080711190233.GB36566@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA08-189A -- Microsoft Office Snapshot Viewer ActiveX Vulnerability To: technical-alerts em us-cert.gov Date: Mon, 7 Jul 2008 16:06:47 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-189A Microsoft Office Snapshot Viewer ActiveX Vulnerability Original release date: July 7, 2008 Last revised: -- Source: US-CERT Systems Affected * Microsoft Office Access 2000 * Microsoft Office Access XP * Microsoft Office Access 2003 * Microsoft Office Snapshot Viewer Overview An unpatched vulnerability in the Microsoft Office Snapshot Viewer ActiveX control is being used in attacks. I. Description Microsoft has released Security Advisory (955179) to describe attacks on a vulnerability in the Microsoft Office Snapshot Viewer ActiveX control. Because no fix is currently available for this vulnerability, please see the Security Advisory and US-CERT Vulnerability Note VU#837785 for workarounds. II. Impact A remote, unauthenticated attacker could execute arbitrary code. III. Solution Apply workarounds Microsoft has provided workarounds for this vulnerability in Security Advisory (955179). Additional details and workarounds are provided in US-CERT Vulnerability Note VU#837785. The most effective workaround for this vulnerability is to set kill bits for the Snapshot Viewer ActiveX control, as outlined in the documents noted above. Other workarounds include disabling ActiveX, as specified in the Securing Your Web Browser document, and upgrading to Internet Explorer 7, which can help mitigate the vulnerability with its ActiveX opt-in feature. IV. References * US-CERT Vulnerability Note VU#837785 - * Microsoft Security Advisory (955179) - * Securing Your Web Browser - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA08-189A Feedback VU#837785" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History July 7, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSHJ0D3IHljM+H4irAQI4/gf9GMgKMgFwrFpwXqtkcESdNuOqHHBU2z57 tRdKpqpZL0nRY11z5FEx2wBK56/GBYVBn5pGjH9/LpWnbvsqVdt3wePgXHhbAJYW GMhZj4JKa+313sTszdrEUmTZK8gK+QZtx2V3+rSVNhMbnQHVUYxevjUtNGrI5Sni iITq9GVJX7GIQb3aI+uFaxScWD84tf9rnUqP71SmapWvaz5rnTdPH/QPLZtpcoT8 Nw/uQAzekHUfvqbvkUdud39X4IOJKz2Vi10r3QC+gdkHCrNaXtM2RoIfkU9+B3f4 91SBnJpmhwgifILsll9WHHvYATZScUWINUkMMA/vpBXHNxMmXP+7XQ== =lT3a -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Fri Jul 11 16:03:22 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 11 Jul 2008 16:03:22 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA08-190A -- Microsoft Updates for Multiple Vulnerabilities Message-ID: <20080711190322.GD36566@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA08-190A -- Microsoft Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 8 Jul 2008 16:08:43 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-190A Microsoft Updates for Multiple Vulnerabilities Original release date: July 8, 2008 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Windows Server * Microsoft SQL Server * Microsoft Outlook Web Access Overview Microsoft has released updates that address vulnerabilities in Microsoft Windows, Windows Server, Microsoft SQL Server, and Microsoft Outlook Web Access. I. Description Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Windows Server, Microsoft SQL Server, and Microsoft Outlook Web Access as part of the Microsoft Security Bulletin Summary for July 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database. II. Impact A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the July 2008 Security Bulletin Summary. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * US-CERT Vulnerability Notes for Microsoft July 2008 updates - * Microsoft Security Bulletin Summary for July 2008 - * Microsoft Update - * Windows Server Update Services - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA08-190A Feedback VU#561331" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History July 8, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSHPIPHIHljM+H4irAQIuAAf/e4VhfZYXzh06QKu22GRuLdCTA+b5ONfi Bnk7R1ECjhfNLI7qvLE2/9mKQfCL9QD6BDS+SDZb/yB2vM5IGJQbv0GcIByUaiUb lRcyZaTvqcJYO/yY8q6p27qzQaI5f0ppW6ZvMsX13+GBCkh4A7hjXHb4aoIvtiy8 DV5PlMcD56s3uZQTNyx+FPCmzi9hhld14ri3zy5dOzPV6Cn5+LGwg6bJQAOCAvYp GwXhALyFt6u2dJ8tvvbRxsvIUjwi7AtRQg1iNt9knDziIGsED19rg9+25D50yMiD veARJhfc5elEQ0klAE9aqOzzo+N8vQDVVw09vpQKqGSq+26Wc4FJIg== =BTia -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Fri Jul 11 16:03:39 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 11 Jul 2008 16:03:39 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA08-190B -- Multiple DNS implementations vulnerable to cache poisoning Message-ID: <20080711190339.GE36566@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA08-190B -- Multiple DNS implementations vulnerable to cache poisoning To: technical-alerts em us-cert.gov Date: Tue, 8 Jul 2008 16:49:13 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-190B Multiple DNS implementations vulnerable to cache poisoning Original release date: July 08, 2008 Last revised: -- Source: US-CERT Systems Affected Systems implementing: * Caching DNS resolvers * DNS stub resolvers Affected systems include both client and server systems, and any other networked systems that include this functionality. Overview Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. Effective attack techniques against these vulnerabilities have been demonstrated. I. Description DNS cache poisoning (sometimes referred to as cache pollution) is an attack technique that allows an attacker to introduce forged DNS information into the cache of a caching nameserver. The general concept has been known for some time, and a number of inherent deficiencies in the DNS protocol and defects in common DNS implementations that facilitate DNS cache poisoning have previously been identified and described in public literature. Examples of these vulnerabilities can be found in Vulnerability Note VU#800113. Recent research into these and other related vulnerabilities has produced extremely effective exploitation methods to achieve cache poisoning. Tools and techniques have been developed that can reliably poison a domain of the attacker's choosing on most current implementations. As a result, the consensus of DNS software implementers is to implement source port randomization in their resolvers as a mitigation. US-CERT is tracking this issue as VU#800113. This reference number corresponds to CVE-2008-1447. II. Impact An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control. III. Solution Apply a patch from your vendor Patches have been released by a number of vendors to implement source port randomization in the nameserver. This change significantly reduces the practicality of cache poisoning attacks. Please see the Systems Affected section of Vulnerability Note VU#800113 for additional details for specific vendors. As mentioned above, stub resolvers are also vulnerable to these attacks. Stub resolvers that will issue queries in response to attacker behavior, and may receive packets from an attacker, should be patched. System administrators should be alert for patches to client operating systems that implement port randomization in the stub resolver. Workarounds Restrict access Administrators, particularly those who are unable to apply a patch, can limit exposure to this vulnerability by restricting sources that can ask for recursion. Note that restricting access will still allow attackers with access to authorized hosts to exploit this vulnerability. Filter traffic at network perimeters Because the ability to spoof IP addresses is necessary to conduct these attacks, administrators should take care to filter spoofed addresses at the network perimeter. IETF Request for Comments (RFC) documents RFC 2827, RFC 3704, and RFC 3013 describe best current practices (BCPs) for implementing this defense. It is important to understand your network's configuration and service requirements before deciding what changes are appropriate. Run a local DNS cache In lieu of strong port randomization characteristics in a stub resolver, administrators can protect their systems by using local caching full-service resolvers, both on the client systems and on servers that are topologically close on the network to the client systems. This should be done in conjunction with the network segmentation and filtering strategies mentioned above. Disable recursion Disable recursion on any nameserver responding to DNS requests made by untrusted systems. Implement source port randomization Vendors that implement DNS software are encouraged to review IETF Internet Draft, "Measures for making DNS more resilient against forged answers," for additional information about implementing mitigations in their products. This document is a work in progress and may change prior to its publication as an RFC, if it is approved. IV. References * US-CERT Vulnerability Note VU#800113 - * US-CERT Vulnerability Note VU#484649 - * US-CERT Vulnerability Note VU#252735 - * US-CERT Vulnerability Note VU#927905 - * US-CERT Vulnerability Note VU#457875 - * Internet Draft: Measures for making DNS more resilient against forged answers - * RFC 3833 - * RFC 2827 - * RFC 3704 - * RFC 3013 - * Microsoft Security Bulletin MS08-037 - * Internet Systems Consortium BIND Vulnerabilities - ____________________________________________________________________ US-CERT thanks Dan Kaminsky of IOActive and Paul Vixie of Internet Systems Consortium (ISC) for notifying us about this problem and for helping us to construct this advisory. ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA08-190B Feedback VU#800113" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History July 8, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSHPRlXIHljM+H4irAQLzsgf/SHKWDnJ+/OI42x+gbgKTXCjKffPOYicl Sruqe4kCR3k0OuEZS90VsvhaSuiWV1GvASbwLDGTjfh1Q7jZU3g4GMY/DEcZXerF vGC/NiOuaoWfjLkQsOkJKIReKqcDZEOVQD7PIIxVYYZJn8u99X/JSGQ/KMe8h5x+ CzBVepk06FvRnT3+y21YECnMRoTzxTmqbLqm1lH9OnyRZ+ORoE4QBUJvN69EB4fO 15JF+y8ZKcGJaczMM+mdNOfaQcQAHZ1B8zTQlBfm1L35gtjnjhvZAwHtde/E0sl6 vGaDtbGJ/IPRS5b5y/mXReOl1ExrMb0VyWneM3Ddcdo7X5iB892AUg== =22We -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Fri Jul 11 16:04:13 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 11 Jul 2008 16:04:13 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no ISC BIND (VU#800113) Message-ID: <20080711190412.GF36566@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no ISC BIND (VU#800113) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 8 Jul 2008 18:09:07 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta do US-CERT, intitulado "VU#800113 - Multiple DNS implementations vulnerable to cache poisoning", que trata de deficiencias no protocolo DNS (Domain Name System) e em implementacoes de DNS que permitem ataques de envenenamento de cache DNS. Este tipo de ataque consiste em um atacante introduzir dados forjados no cache de um servidor de nomes DNS. Um atacante que consiga realizar um ataque de envenenamento de cache com sucesso pode fazer com que clientes de um servidor DNS sejam direcionados para um host malicioso, sob controle do atacante. Qualquer tipo de servico pode ser redirecionado com a exploracao desta tecnica, web e e-mail por exemplo. Este tipo de ataque e' particularmente preocupante porque explora um problema nao previsto pela maioria massiva dos usuarios, que naturalmente nao confere se o host que responde por determinado servico e' legitimo, embora o dominio esteja correto. Sistemas afetados: . Cisco Systems, Inc. . Foundry Networks, Inc. . Internet Software Consortium (BIND) . Juniper Networks, Inc. . Microsoft Corporation . Nominum . PowerDNS . Red Hat, Inc. . Sun Microsystems, Inc. Correcoes disponiveis: Por favor consulte o site do fornecedor da implementacao de DNS que voce possui em sua organizacao. Para uma lista mais atualizada de produtos afetados por favor consulte a referencia VU#800113, disponivel na secao "Mais informacoes". No momento a unica solucao definitiva para este tipo de vulnerabilidade, que e' recorrente no protocolo DNS, e' a implantacao de DNS Security Extensions (DNSSEC). Para mais informacoes sobre DNSSEC no contexto brasileiro por favor consulte o site do Registro .br, disponivel na secao "Mais informacoes". Mais informacoes: . US-CERT VU#800113 - Multiple DNS implementations vulnerable to cache poisoning http://www.kb.cert.org/vuls/id/800113 . BIND Vulnerabilities - CERT VU#800113 DNS Cache Poisoning Issue http://www.isc.org/index.pl?/sw/bind/bind-security.php . DNSSEC disponivel no .br (04/06/2007) http://registro.br/anuncios/20070604.html . Black Hat Briefings USA 08 Schedule - Dan Kaminsky (IOActive) http://www.blackhat.com/html/bh-usa-08/bh-usa-08-speakers.html#Kaminsky Identificador CVE (http://cve.mitre.org): CVE-2008-1447 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSHPXeukli63F4U8VAQGT8gP8C2E/93W96HDqFZjKXzSn3H9+zoi2tBY7 rBZYMDLSRc/yvVIaz+iSCFzkID04F91EJ1HvjDdnhf4D5RhaizvS3qjxp2Nqopuf DxqM2L37keGV7sVnsH8PcLcJSKSC4/4dJ3Cz8e9R9VdPKkl33KeopHOXrall8mvd aeMB4tfdP8s= =1ZjM -----END PGP SIGNATURE----- -- Para SAIR da lista rnp-alerta envie uma mensagem em branco para: ----- End forwarded message ----- From security em unicamp.br Fri Jul 11 16:04:50 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 11 Jul 2008 16:04:50 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidades no Windows DNS (MS08-037) Message-ID: <20080711190450.GG36566@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidades no Windows DNS (MS08-037) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Thu, 10 Jul 2008 16:08:19 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-037 - Vulnerabilities in DNS Could Allow Spoofing (953230)", que trata de duas vulnerabilidades Windows Domain Name System (DNS). A vulnerabilidade descrita em CVE-2008-1447 permite que um atacante forje respostas a requisicoes do protocolo DNS, incluindo "records". A vulnerabilidade descrita em CVE-2008-1454 permite que um atacante envie respostas a requisicoes DNS feitas por sistemas vulneraveis. Caso um atacante consiga explorar com sucesso esta vulnerabilidade, ele podera' redirecionar o trafego do host autentico de um site para um outro host de interesse do atacante. As vulnerabilidades existem tanto no cliente quanto no servidor DNS. Sistemas afetados: . Cliente DNS - Microsoft Windows 2000 Service Pack 4 - Windows XP Service Pack 2 - Windows XP Service Pack 3 - Windows XP Professional x64 Edition - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 1 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 com SP1 para Sistemas baseados em Itanium - Windows Server 2003 com SP2 para Sistemas baseados em Itanium . Servidor DNS - Microsoft Windows 2000 Server Service Pack 4 - Windows Server 2003 Service Pack 1 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 com SP1 para Sistemas baseados em Itanium - Windows Server 2003 com SP2 para Sistemas baseados em Itanium - Windows Server 2008 para Sistemas 32-bit - Windows Server 2008 para Sistemas baseados em x64 Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Cliente DNS - Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?familyid=269c219c-9d6b-4b12-b621-c70cd07cdd22 - Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=ed989a33-7a9e-4423-93a8-b38907467cdf - Windows XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?familyid=ed989a33-7a9e-4423-93a8-b38907467cdf - Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?familyid=a2b016fa-b108-4e8e-b41b-4ca89002907b - Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=a2b016fa-b108-4e8e-b41b-4ca89002907b - Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?familyid=4ef5033c-9843-4e0b-bfad-fcaf05d7dab9 - Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=4ef5033c-9843-4e0b-bfad-fcaf05d7dab9 - Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?familyid=66624a1f-38bf-4af7-936d-3131474ffe1f - Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=66624a1f-38bf-4af7-936d-3131474ffe1f - Windows Server 2003 com SP1 para Sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?familyid=facc80da-61d6-49c5-872d-a1980b66ae3e - Windows Server 2003 com SP2 para Sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?familyid=facc80da-61d6-49c5-872d-a1980b66ae3e . Servidor DNS - Microsoft Windows 2000 Server Service Pack 4 http://www.microsoft.com/downloads/details.aspx?familyid=332aa92f-a1ad-42a0-87d0-485d2d41335b - Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?familyid=d1fcb794-e6a5-4c28-b3b3-9cd88f468a42 - Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=d1fcb794-e6a5-4c28-b3b3-9cd88f468a42 - Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?familyid=040a1ba8-21b0-439e-bf21-1acd1c43b162 - Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=040a1ba8-21b0-439e-bf21-1acd1c43b162 - Windows Server 2003 com SP1 para Sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?familyid=c63e3ee6-6055-4313-b0f1-fec7408886bb - Windows Server 2003 com SP2 para Sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?familyid=c63e3ee6-6055-4313-b0f1-fec7408886bb - Windows Server 2008 para Sistemas 32-bit http://www.microsoft.com/downloads/details.aspx?familyid=1fcea8f4-b233-42e1-b913-c4fcae276c7b - Windows Server 2008 para Sistemas baseados em x64 http://www.microsoft.com/downloads/details.aspx?familyid=1fcea8f4-b233-42e1-b913-c4fcae276c7b Mais informacoes: . MS08-037 - Vulnerabilities in DNS Could Allow Spoofing (953230) http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx . SANS ISC Handler's Diary 2008-07-08: July 2008 black tuesday overview http://isc.sans.org/diary.html?storyid=4684 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-1447, CVE-2008-1454 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSHZeLekli63F4U8VAQG/QQQAm+Z5CD7AeIZ0eyZC69cwTCx9Imk5XAVE Xu8JMyOmu6mf1/NPchb4lXonH/Xtbs3PhXtDFvPmaYCftYI78jnrhCpg7duKrxbp FwvzvBsvoSA9WOdMlU0Yfni4JnEo6yxIDIcmnmCZdx3/2gAeBafgH8cPM/A8+YMW 53HZPyqJ6Oc= =u/wd -----END PGP SIGNATURE----- -- Para SAIR da lista rnp-alerta envie uma mensagem em branco para: ----- End forwarded message ----- From security em unicamp.br Fri Jul 11 16:05:49 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 11 Jul 2008 16:05:49 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Windows Explorer (MS08-038) Message-ID: <20080711190549.GH36566@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Windows Explorer (MS08-038) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Thu, 10 Jul 2008 16:09:43 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-038 - Important Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)", que trata de uma vulnerabilidade descoberta no Windows Explorer. A vulnerabilidade de execucao remota de codigo existe devido `a maneira incorreta como o Windows Explorer manipula arquivos de resultados de pesquisas (saved-search file) quando esta salvando-os. Caso um atacante consiga explorar com sucesso esta vulnerabilidade, ele podera obter o controle total sobre o sistema afetado. Usuarios cujas contas estao configuradas com direitos de acesso restritos no sistema podem sofrer menos impacto no caso de um ataque do que os usuarios que operam com privilegios administrativos. Sistemas afetados: . Windows Vista . Windows Vista Service Pack 1 . Windows Vista x64 Edition . Windows Vista x64 Edition Service Pack 1 . Windows Server 2008 para sistemas 32-bit* . Windows Server 2008 para sistemas baseados em x64* . Windows Server 2008 para sistemas baseados em Itanium Obs: * Instalacao do Windows Server 2008 server core afetada. Para mais informacoes, veja a versao original do alerta, cuja URL esta disponivel na secao "Mais informacoes". Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em : . Windows Vista http://www.microsoft.com/downloads/details.aspx?familyid=06739ca6-7368-4acb-bb67-7e8146071a29 . Windows Vista Service Pack 1 http://www.microsoft.com/downloads/details.aspx?familyid=06739ca6-7368-4acb-bb67-7e8146071a29 . Windows Vista x64 Edition http://www.microsoft.com/downloads/details.aspx?familyid=74ea0893-7c2f-4fad-ad27-588ad953b046 . Windows Vista x64 Edition Service Pack 1 http://www.microsoft.com/downloads/details.aspx?familyid=74ea0893-7c2f-4fad-ad27-588ad953b046 . Windows Server 2008 para sistemas 32-bit* http://www.microsoft.com/downloads/details.aspx?familyid=189a4170-b495-4904-9cbd-209e7494d303 . Windows Server 2008 para sistemas baseados em x64* http://www.microsoft.com/downloads/details.aspx?familyid=85d8701d-f8c7-4079-8a21-a3a9d5ba71ce . Windows Server 2008 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?familyid=b30ee4f0-850f-4ff3-86a4-663603a0a802 Mais informacoes: . MS08-038 - Important Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) http://www.microsoft.com/technet/security/Bulletin/MS08-038.mspx . SANS ISC Handler's Diary 2008-07-08 - July 2008 black tuesday overview http://www.isc.sans.org/diary.html?storyid=4684 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-1435 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSHZefOkli63F4U8VAQEmIQP/a/nndO9oVJ0+yfIXc4P6rwNgC17Nsmzm 2njSENx6duyH/MNJHIHZpkvQOEzY+i3p3OpWXAVZLM4xS1eYePn2Xb9sCOp6Jwwe TNI+I8aOQ6vTP3dXZEQj5+Vm4J5HA+5aGJiXPkjP8reTft7nBdNzp8h5z+VAdCAO UMHOHvuRuc4= =l6mX -----END PGP SIGNATURE----- -- Para SAIR da lista rnp-alerta envie uma mensagem em branco para: ----- End forwarded message ----- From security em unicamp.br Fri Jul 11 16:06:05 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 11 Jul 2008 16:06:05 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidades no Microsoft Outlook Web Access (MS08-039) Message-ID: <20080711190605.GI36566@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidades no Microsoft Outlook Web Access (MS08-039) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Thu, 10 Jul 2008 16:12:05 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-039 - Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)", que trata de duas vulnerabilidades no Outlook Web Access (OWA) para Microsoft Exchange Server. Estas vulnerabilidades sao do tipo cross-site scripting (XSS). A vulnerabilidade descrita em CVE-2008-2247 esta' na validacao de dados, enquanto a vulnerabilidade descrita em CVE-2008-2248 esta' no tratamento de conteudo HTML. Para explorar estas vulnerabilidades um atacante precisa convencer um usuario de um sistema vulneravel a abrir uma mensagem maliciosa. Se o atacante tiver sucesso este script malicioso incluido nesta mensagem sera' executado e podera' realizar as mesmas acoes que o usuario em questao puder, como ler, enviar e apagar mensagens. Sistemas afetados: . Microsoft Exchange Server 2003 Service Pack 2 . Microsoft Exchange Server 2007 . Microsoft Exchange Server 2007 Service Pack 1 Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em : . Microsoft Exchange Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=E099C1D1-5AF6-4D6C-B735-9599412B3131 . Microsoft Exchange Server 2007 http://www.microsoft.com/downloads/details.aspx?familyid=086A2A13-A1DE-4B1D-BD12-B148BFD2DAFA . Microsoft Exchange Server 2007 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?familyid=63E7F26C-92A8-4264-882D-F96B348C96AB Mais informacoes: . MS08-039 - Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) http://www.microsoft.com/technet/security/Bulletin/MS08-039.mspx . SANS ISC Handler's Diary 2008-07-08: July 2008 black tuesday overview http://isc.sans.org/diary.html?storyid=4684 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-2247, CVE-2008-2248 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSHZfD+kli63F4U8VAQFm1wQAlZEv5DGnflnmuz2EOXNJFb6gq+pVxEpV smCZ9akymlboSNlzwr8eFQ5fXpzDVAfCHeHxdAOXLTDAjS4GE2tQ/7WHcRnfyx+c Dj+xnxsZ+z5i7ZUYRksIJ9cqElaqMdm+MLZRTCWWmVxxe7xeACcwvd0U2V3WT1E2 NncHiO67pNM= =UCFW -----END PGP SIGNATURE----- -- Para SAIR da lista rnp-alerta envie uma mensagem em branco para: ----- End forwarded message ----- From security em unicamp.br Fri Jul 11 16:06:26 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 11 Jul 2008 16:06:26 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidades no Microsoft SQL (MS08-040) Message-ID: <20080711190626.GJ36566@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidades no Microsoft SQL (MS08-040) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Thu, 10 Jul 2008 16:16:48 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)", que trata de quatro vulnerabilidades identificadas no Microsoft SQL. A vulnerabilidade mais critica pode permitir a um atacante o controle completo do sistema atacado. As vulnerabilidades estao relacionadas com a forma gerenciamento de memoria virtual (swap) do SQL, com a funcao de conversao do SQL, uma falha na rotina de processo de backup da base e uma falha no SQL quer pode permitir o buffer overflow e consequente escalacao de privilegios do atacante. Sistemas afetados: . SQL Server 7.0 Service Pack 4 . SQL Server 2000 Service Pack 4 . SQL Server 2000 Itanium-based Edition Service Pack 4 . SQL Server 2005 Service Pack 2 . SQL Server 2005 x64 Edition Service Pack 2 . SQL Server 2005 com SP2 para sistemas baseados em Itanium . Microsoft Data Engine (MSDE) 1.0 Service Pack 4 . Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4 . Microsoft SQL Server 2005 Express Edition Service Pack 2 . Microsoft SQL Server 2005 Express Edition com Advanced Services Service Pack 2 . Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Microsoft Windows 2000 Service Pack 4 . Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Windows Server 2003 Service Pack 1 e Windows Server 2003 Service Pack 2 . Windows Internal Database (WYukon) Service Pack 2 componente do Windows Server 2003 Service Pack 1 e Windows Server 2003 Service Pack 2 . Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Windows Server 2003 x64 Edition e Windows Server 2003 x64 Edition Service Pack 2 . Windows Internal Database (WYukon) x64 Edition Service Pack 2 componente do Windows Server 2003 x64 Edition e Windows Server 2003 x64 Edition Service Pack 2 . Windows Internal Database (WYukon) Service Pack 2 componente do Windows Server 2008 for 32-bit Systems . Windows Internal Database (WYukon) x64 Edition Service Pack 2 componente do Windows Server 2008 for x64-based Systems Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . SQL Server 7.0 Service Pack 4 GDR http://www.microsoft.com/downloads/details.aspx?familyid=C95B2CB3-51A4-44E4-B9F4-9416E9CE16A0 QFE http://www.microsoft.com/downloads/details.aspx?familyid=C95B2CB3-51A4-44E4-B9F4-9416E9CE16A0 . SQL Server 2000 Service Pack 4 GDR http://www.microsoft.com/downloads/details.aspx?familyid=4FD1F86A-94A2-43D8-9B0A-774C81426D9E QFE http://www.microsoft.com/downloads/details.aspx?familyid=8316BC5E-8C2D-4710-8ACC-B815CCC81CD4 . SQL Server 2000 Itanium-based Edition Service Pack 4 GDR http://www.microsoft.com/downloads/details.aspx?familyid=4FD1F86A-94A2-43D8-9B0A-774C81426D9E QFE http://www.microsoft.com/downloads/details.aspx?familyid=8316BC5E-8C2D-4710-8ACC-B815CCC81CD4 . SQL Server 2005 Service Pack 2 GDR http://www.microsoft.com/downloads/details.aspx?familyid=4C9851CC-2C4C-4190-872C-84993A7623B7 QFE http://www.microsoft.com/downloads/details.aspx?familyid=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3 . SQL Server 2005 x64 Edition Service Pack 2 GDR http://www.microsoft.com/downloads/details.aspx?familyid=4C9851CC-2C4C-4190-872C-84993A7623B7 QFE http://www.microsoft.com/downloads/details.aspx?familyid=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3 . SQL Server 2005 com SP2 para sistemas baseados em Itanium GDR http://www.microsoft.com/downloads/details.aspx?familyid=4C9851CC-2C4C-4190-872C-84993A7623B7 QFE http://www.microsoft.com/downloads/details.aspx?familyid=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3 . Microsoft Data Engine (MSDE) 1.0 Service Pack 4 GDR http://www.microsoft.com/downloads/details.aspx?familyid=C95B2CB3-51A4-44E4-B9F4-9416E9CE16A0 QFE http://www.microsoft.com/downloads/details.aspx?familyid=C95B2CB3-51A4-44E4-B9F4-9416E9CE16A0 . Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4 GDR http://www.microsoft.com/downloads/details.aspx?familyid=4FD1F86A-94A2-43D8-9B0A-774C81426D9E QFE http://www.microsoft.com/downloads/details.aspx?familyid=8316BC5E-8C2D-4710-8ACC-B815CCC81CD4 . Microsoft SQL Server 2005 Express Edition Service Pack 2 GDR http://www.microsoft.com/downloads/details.aspx?familyid=4C9851CC-2C4C-4190-872C-84993A7623B7 QFE http://www.microsoft.com/downloads/details.aspx?familyid=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3 . Microsoft SQL Server 2005 Express Edition com Advanced Services Service Pack 2 GDR http://www.microsoft.com/downloads/details.aspx?familyid=4C9851CC-2C4C-4190-872C-84993A7623B7 QFE http://www.microsoft.com/downloads/details.aspx?familyid=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3 . Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?familyid=1c0ae18b-1f17-44b3-a337-b36e7de437a7 . Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Windows Server 2003 Service Pack 1 e Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=1c0ae18b-1f17-44b3-a337-b36e7de437a7 . Windows Internal Database (WYukon) Service Pack 2 componente do Windows Server 2003 Service Pack 1 e Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=48f6aaa5-49fc-4a16-bc34-8514e214b8cf . Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Windows Server 2003 x64 Edition e Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=1c0ae18b-1f17-44b3-a337-b36e7de437a7 . Windows Internal Database (WYukon) x64 Edition Service Pack 2 componente do Windows Server 2003 x64 Edition e Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=48f6aaa5-49fc-4a16-bc34-8514e214b8cf . Windows Internal Database (WYukon) Service Pack 2 componente do Windows Server 2008 for 32-bit Systems http://www.microsoft.com/downloads/details.aspx?familyid=48f6aaa5-49fc-4a16-bc34-8514e214b8cf . Windows Internal Database (WYukon) x64 Edition Service Pack 2 componente do Windows Server 2008 for x64-based Systems http://www.microsoft.com/downloads/details.aspx?familyid=48f6aaa5-49fc-4a16-bc34-8514e214b8cf Mais informacoes: . MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx . SANS ISC Handler's Diary 2008-07-08: July 2008 black tuesday overview http://isc.sans.org/diary.html?storyid=4684 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-0085, CVE-2008-0086, CVE-2008-0107, CVE-2008-0106 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSHZgJekli63F4U8VAQGNCgP9HLfLoQ7J9ruo7K4DwPMIwvcQxBg9wiYI KLZom+vuWdJw07mXUbjCZEGT/OOchyEQzsi2FSOnl6kSXrTpGPN3ItoATCLFnQDm R3voHUDsGL0WHGlnG7aamz8epUCzU5qZAe0D7zynzlGe+CQWmuw2HgxvI1MljCmb CgRU4NCMrwg= =5N6V -----END PGP SIGNATURE----- -- Para SAIR da lista rnp-alerta envie uma mensagem em branco para: ----- End forwarded message ----- From security em unicamp.br Tue Jul 15 15:29:24 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 15 Jul 2008 15:29:24 -0300 Subject: [SECURITY-L] CAIS-Alerta: Multiplas Vulnerabilidades no Sun Java (TA08-193A) Message-ID: <20080715182923.GB14484@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Multiplas Vulnerabilidades no Sun Java (TA08-193A) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Mon, 14 Jul 2008 14:48:28 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta do US-CERT, intitulado "TA08-193A - Sun Java Updates for Multiple Vulnerabilities", que trata de 13 vulnerabilidades que afetam diversas versoes do Sun Java Runtime Environment. Caso um atacante consiga explorar com sucesso algumas destas vulnerabilidades, ele podera ler ou alterar dados armazenados em um sistema vulneravel, contornando mecanismos de seguranca e comprometendo estes sistemas. Uma vez que uma das principais caracteristicas de aplicacoes Java e' a portabilidade, a capacidade de executar aplicacoes em diversos sistemas operacionais (Windows, distribuicoes Linux) e classes de dispositivos (PCs, celulares) torna estas vulnerabilidades ainda mais criticas e devem ser corrigidas por meio de atualizacao o mais breve possivel. Hoje Sun Java e Adobe Flash sao dois plugins de navegador essenciais para o usuario de Internet, seja para Microsoft Internet Explorer ou Mozilla Firefox. O CAIS recomenda que as atualizacoes destas duas aplicacoes sejam aplicadas sempre o mais rapido possivel. Sistemas afetados: . JDK e JRE 6 Update 6 e anteriores . JDK e JRE 5.0 Update 15 e anteriores . SDK e JRE 1.4.2_17 e anteriores . SDK e JRE 1.3.1_22 e anteriores Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . JDK and JRE 6 Update 7 http://java.sun.com/javase/downloads/index.jsp . JDK and JRE 5.0 Update 16 http://java.sun.com/javase/downloads/index_jdk5.jsp . SDK and JRE 1.4.2_18 http://java.sun.com/j2se/1.4.2/download.html . SDK and JRE 1.3.1_23 http://java.sun.com/j2se/1.3/download.html Se voce nao for um desenvolvedor de aplicacoes Java e' bem provavel que a versao de Java adequada para voce seja Java Runtime Environment (JRE). O ambiente JRE e' o estritamente necessario para a execucao de aplicacoes desenvolvidas em Java, normalmente paginas Web com "applets" Java. O CAIS recomenda a remocao de todas as versoes anteriores de JRE antes da instalacao da ultima versao disponivel. Lembramos, entretanto, que existe o risco de incompatibilidade entre aplicacoes Java desenvolvidas em versoes mais antigas e versoes mais novas de JRE. Se voce for um usuario corporativo por favor consulte o departamento responsavel antes de qualquer atualizacao. Mais informacoes: . TA08-193A - Sun Java Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA08-193A.html . SA31010 - Sun Java JDK / JRE Multiple Vulnerabilities http://secunia.com/advisories/31010/ . Sun Alert 238628 - Security Vulnerabilities in the Java Runtime Environment related to the processing of XML Data http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1 . Sun Alert 238666 - A Security Vulnerability with the processing of fonts in the Java Runtime Environment may allow Elevation of Privileges http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1 . Sun Alert 238687 - Security Vulnerabilities in the Java Runtime Environment Scripting Language Support http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1 . Sun Alert 238905 - Multiple Security Vulnerabilities in Java Web Start may allow Privileges to be Elevated http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1 . Sun Alert 238965 - Security Vulnerability in Java Management Extensions (JMX) http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1 . Sun Alert 238966 - Security Vulnerability in JDK/JRE Secure Static Versioning http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1 . Sun Alert 238967 - Security Vulnerability in the Java Runtime Environment Virtual Machine may allow an untrusted Application or Applet to Elevate Privileges http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1 . Sun Alert 238968 - Security Vulnerabilities in the Java Runtime Environment may allow Same Origin Policy to be Bypassed http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1 . Java SE Security http://java.sun.com/javase/technologies/security/index.jsp . General Questions - Can I remove older versions of the JRE after installing a newer version? http://www.java.com/en/download/faq/5000070400.xml Identificador CVE (http://cve.mitre.org): CVE-2008-3103, CVE-2008-3104, CVE-2008-3105, CVE-2008-3106, CVE-2008-3107, CVE-2008-3108, CVE-2008-3109, CVE-2008-3110, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, CVE-2008-3115 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSHuReekli63F4U8VAQGGCwP9Hb/9QMMmbOpc036P8pvDWroBcw4ExhnF bbPEVECiQzeVZlKY3qm2oAjH1FPjJ4bKPJZnw3ix9ULj+DIZHqwNydjvsN+qkRS2 jZmecQH2fFxejSryBDQHsRrvHoysyYiQaDkLgh5lEbwoFIsBRGRxgco6me/3Xxzh rzWPhtQtq5Y= =MdHa -----END PGP SIGNATURE----- -- Para SAIR da lista rnp-alerta envie uma mensagem em branco para: ----- End forwarded message ----- From security em unicamp.br Thu Jul 17 15:55:33 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 17 Jul 2008 15:55:33 -0300 Subject: [SECURITY-L] CAIS-Alerta: Multiplas Vulnerabilidades em Produtos Oracle - Julho 2008 Message-ID: <20080717185532.GA22422@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Multiplas Vulnerabilidades em Produtos Oracle - Julho 2008 To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Wed, 16 Jul 2008 16:24:31 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Oracle, intitulado "Oracle Critical Patch Update - July 2008", que trata de uma serie de correcoes para multiplas vulnerabilidades em diversos produtos Oracle. No total 45 vulnerabilidades sao cobertas por estas correcoes. O impacto das vulnerabilidades depende do produto, componente ou configuracao do sistema. Consequencias potenciais incluem execucao remota de codigo arbitrario, obtencao de informacoes sensiveis e negacao de servico (DoS). Componentes vulneraveis podem estar disponiveis para atacantes remotos mesmo que estes nao tenham se autenticado. As correcoes estao distribuidas da seguinte forma: . 14 novas correcoes para o Oracle Database . 9 novas correcoes para o Oracle Application Server . 6 novas correcoes para o Oracle E-Business Suite e Applications . 2 novas correcoes para o Oracle Oracle Enterprise Manager . 7 novas correcoes para o Oracle PeopleSoft Enterprise e JD Edwards EnterpriseOne . 7 novas correcoes para o BEA Product Suite Sistemas afetados: . Oracle Database 11g, versao 11.1.0.6 . Oracle Database 10g Release 2, versoes 10.2.0.2, 10.2.0.3, 10.2.0.4 . Oracle Database 10g, versao 10.1.0.5 . Oracle Database 9i Release 2, versoes 9.2.0.8, 9.2.0.8DV . Oracle Application Server 10g Release 3 (10.1.3), versoes 10.1.3.1.0, 10.1.3.3.0 . Oracle Application Server 10g Release 2 (10.1.2), versoes 10.1.2.2.0, 10.1.2.3.0 . Oracle Application Server 10g (9.0.4), versao 9.0.4.3 . Oracle Hyperion BI Plus versoes 9.2.0.3, 9.2.1.0, 9.3.1.0 . Oracle Hyperion Performance Suite versoes 8.3.2.4, 8.5.0.3 . OracleE-Business Suite Release 12, versao 12.0.4 . Oracle E-Business Suite Release 11i, versao 11.5.10.2 . Oracle Enterprise Manager Database Control 11i versao 11.1.0.6 . Oracle Enterprise Manager Database Control 10g Release 2, versoes 10.2.0.2, 10.2.0.3, 10.2.0.4 . Oracle Enterprise Manager Database Control 10g Release 1, versoes 10.1.0.5 . Oracle Enterprise Manager Grid Control 10g Release 1, versoes 10.1.0.5, 10.1.0.6 . Oracle PeopleSoft Enterprise PeopleTools versoes 8.48.17, 8.49.11 . Oracle PeopleSoft Enterprise CRM versoes 8.9, 9.0 . Oracle WebLogic Server (antigo BEA WebLogic Server) 10.0 ate' MP1 . Oracle WebLogic Server (antigo BEA WebLogic Server) 9.0, 9.1, 9.2 ate' MP3 . Oracle WebLogic Server (antigo BEA WebLogic Server) 8.1 ate' SP6 . Oracle WebLogic Server (antigo BEA WebLogic Server) 7.0 ate' SP7 . Oracle WebLogic Server (antigo BEA WebLogic Server) 6.1 ate' SP7 Correcoes disponiveis: As correcoes para os produtos Oracle estao disponiveis mediante usuario e senha, atraves dos enderecos fornecidos abaixo: . Oracle Database http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=579278.1#DBAVAIL . Oracle Application Server http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=579278.1#ASMIDTIER . Oracle E-Business Suite e Application http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=605117.1 . Oracle Enterprise Manager http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=579278.1#OEMAVAIL . Oracle PeopleSoft Enterprise e JD Edwards Enterprise http://www.peoplesoft.com/corp/en/support/security_index.jsp . BEA Product Suite https://support.bea.com/application_content/product_portlets/securityadvisories/index.html Mais informacoes: . Oracle Critical Patch Update - July 2008 http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html . SA31087 - Oracle Products Multiple Vulnerabilities http://secunia.com/advisories/31087/ . SANS ISC Handler's Diary 2008-07-15: Oracle (and BEA, Hyperion and TimesTen) critical patch update July 15th,2008 http://isc.sans.org/diary.html?storyid=4732 Identificador CVE (http://cve.mitre.org): CVE-2007-1359, CVE-2008-2576, CVE-2008-2577, CVE-2008-2578, CVE-2008-2579, CVE-2008-2580, CVE-2008-2581, CVE-2008-2582, CVE-2008-2583, CVE-2008-2585, CVE-2008-2586, CVE-2008-2587, CVE-2008-2589, CVE-2008-2590, CVE-2008-2591, CVE-2008-2592, CVE-2008-2593, CVE-2008-2594, CVE-2008-2595, CVE-2008-2596, CVE-2008-2597, CVE-2008-2598, CVE-2008-2599, CVE-2008-2600, CVE-2008-2601, CVE-2008-2602, CVE-2008-2603, CVE-2008-2604, CVE-2008-2605, CVE-2008-2606, CVE-2008-2607, CVE-2008-2608, CVE-2008-2609, CVE-2008-2610, CVE-2008-2611, CVE-2008-2612, CVE-2008-2613, CVE-2008-2614, CVE-2008-2615, CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2620, CVE-2008-2621, CVE-2008-2622 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSH5LAekli63F4U8VAQFDOgP+KCEUsCcS0SRgf9si+W/YhXR3UliPf0Fn 4+28n0DhdTls2cdWMil2VBH0yvVCS3YZIqJ6P/2u15W9L9nqUedwmUy0BuI1KcR5 lqDDtjUayEMHbl7sp9djYxtn2eatp5qiGfTb8y8zVX5r5WtT6VegMee2YXe9lLTn 4lcCjtdQPhA= =4nii -----END PGP SIGNATURE----- -- Para SAIR da lista rnp-alerta envie uma mensagem em branco para: ----- End forwarded message -----