Chirurgia spinală minim invazivă
Chirurgia spinală minim invazivă oferă pacienților oportunitatea unui tratament eficient, permițându-le o recuperare ultra rapidă și nu în ultimul rând minimizând leziunile induse chirurgical. Echipa noastră utilizează un spectru larg de tehnici minim invazive, din care enumerăm câteva: endoscopia cu variantele ei (transnazală, transtoracică, transmusculară, etc), microscopul operator, abordurile trans tubulare și nu în ultimul rând infiltrațiile la toate nivelurile coloanei vertebrale. www.neurohope.ro |
Symantec Security Response Newsletter
Last Updated: Jul 10 2003 20:06, Started by
Guest_AcidMan_*
, Jul 10 2003 20:06
·
0
#1
Guest_AcidMan_*
Posted 10 July 2003 - 20:06
symantec symantec security response
ISSN 1444-999 June 2003 Newsletter -------------------------------------------------------------------------- Bugbear made a comeback this month in the form of W32.Bugbear.b@mm. This variant has some significant differences to the original version. Of most concern is the key logging and data export. Of course users wouldn't be infected if their systems were patched up to date. It's the same problem, an old vulnerability, first discovered in March 2001, still giving viruses and worms like Bugbear a way onto your PC. We are late publishing the June edition, I've been busy with the next version of Symantec's Internet Threat Report, due out in September, analysing the Newsletter survey results and working on the new HTML format. In response to the survey conducted on this newsletter we have added a couple of new sections, changed a few sections and taken note of your comments. Later editions will be further enhanced but in this edition you'll find a calendar of selected security events and IT Security news links that may be of interest. One of the more controversial additions are the 'Symantec Solution' boxes embedded in the articles. These are a compromise, we didn't want to carry advertising but many subscribers want to know what products we have to combat security issues, so these boxes are, I think, a reasonable way of covering these issues. AVAR (Association of anti Virus Asia Researchers) have just issued their call for papers for the conference that will be held in Sydney, Australia later this year. As an AVAR VP I'm proud to be the conference chair on behalf of AVAR for this year. Details of the event are in the calendar. I've recently had the pleasure of working with Syngress to write the Forward to a new book; Configuring Symantec AntiVirus Corporate Edition (ISBN: 1-931836-81-7). You can get a copy from Amazon here, and no I won't make any money from promoting this link. Best Regards David Banes. Editor, Symantec Security Response Newletter. -------------------------------------------------------------------------- Useful Links -------------------------------------------------------------------------- Note: Participate in the Online Subscriber Survey. http://survey.confir...161533899/i.asp Use Symantec Security Alerts on Your Web Site http://securityrespo...n/syndicate.cgi To unsubscribe to this newsletter please go to; http://securityrespo...newsletter.html Incorrect MIME Header Can Cause IE to Execute E-mail Attachment http://www.microsoft...in/MS01-020.asp Virus Removal Tools Fix tools for threats such as W32.HLLW.Lovgate , W32.SQLExp.Worm , W32.Sobig.A@mm and W32.Bugbear@mm http://www.sarc.com/...tools.list.html Virus Hoaxes ------------ There are many email virus hoaxes, please check here before forwading email virus warnings. http://securityrespo...enter/hoax.html Joke Programs ------------ Joke programs are not malicious and can be safely deleted. http://securityrespo...nter/jokes.html -------------------------------------------------------------------------- Top Malicious Code Threats Risk Threat Discovered Protection 4 W32.Bugbear.B@mm 4 Jun 2003 5 Jun 2003 4 W32.Klez.H@mm 17 Apr 2002 17 Apr 2002 3 W32.Sobig.E@mm 25 Jun 2003 25 Jun 2003 3 W32.HLLW.Fizzer@mm 8 May 2003 9 May 2003 3 W32.SQLExp.Worm 24 Jan 2003 24 Jan 2003 -------------------------------------------------------------------------- Latest Malicious Code Threats Risk Threat Discovered Protection 2 W32.Vivael@mm 28 Jun 2003 28 Jun 2003 2 W32.Klexe.Worm 27 Jun 2003 28 Jun 2003 2 W32.Mumu.B.Worm 26 Jun 2003 26 Jun 2003 1 W32.HLLW.Lovgate.L@mm 25 Jun 2003 25 Jun 2003 1 W32.Yaha.T@mm 24 Jun 2003 25 Jun 2003 -------------------------------------------------------------------------- Common Vulnerabilities Microsoft IE MIME Header Attachment Execution Vulnerability Bugtraq ID 2524 CVE Reference CVE-2001-0154 Exploited by W32.Klez, W32.Sobig, W32.BugbearW32.Yaha, W32.Nimda, W32.Lirva MS IIS/PWS Escaped Characters Decoding Command Execution Vulnerability Bugtraq ID 2708 CVE Reference CVE-2001-0333 Exploited by W32.Nimda Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability Bugtraq ID 1806 CVE Reference CVE-2000-0884 Exploited by W32.Nimda Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability Bugtraq ID 1780 CVE Reference CVE-2000-0979 Exploited by W32.Opaserv Microsoft SQL Server Resolution Service buffer overflows allow arbitrary code execution Bugtraq ID 5311 CVE Reference CAN-2002-0649 Exploited by W32.SQLExp.Worm -------------------------------------------------------------------------- Viruses, Worms & Trojans -------------------------------------------------------------------------- W32.Bugbear.B@mm Aliases : Win32.Bugbear.B [CA], W32/Bugbear.b@MM [McAfee], PE_BUGBEAR.B [Trend], W32/Bugbear-B [Sophos], I-Worm.Tanatos.b [KAV], W32/Bugbear.B [Panda], Win32/Bugbear.B@mm [RAV] Risk : High [4] Date : 4th June 2003 Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me Overview W32.Bugbear.B@mm worm is: - A variant of W32.Bugbear@mm . - A mass-mailing worm that also spreads through network shares. - Polymorphic and also infects a select list of executable files. - Possesses keystroke-logging and Backdoor capabilities. - Attempts to terminate the processes of various antivirus and firewall programs. The worm uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability to cause unpatched systems to auto-execute the worm when reading or previewing an infected message. In addition, the worm contains routines that specifically affect financial institutions. This functionality will cause the worm to send sensitive data to one of ten hard-coded public Internet e-mail addresses The information sent includes cached passwords and key-logging data. Because the worm does not properly handle the network resource types, it may flood shared printer resources, which causes them to print garbage or disrupt their normal functionality. NOTE : If you believe your computer may already be infected with W32.Bugbear.B@mm because your antivirus software does not work, scan your system over the Internet with Symantec Security Check . Symantec Security Response has created a tool to remove W32.Bugbear.B@mm, which is the easiest way to remove this threat. Credits Write-up by: Eric Chien, Security Response EMEA. References Symantec Security Response http://www.sarc.com/[email protected] -------------------------------------------------------------------------- W32.Sobig.E@mm Aliases Win32.Sobig.E [CA], W32/Sobig-E [Sophos], W32/Sobig.e@MM [McAfee], WORM_SOBIG.E [Trend] Risk :Medium [3] Date : 25th June 2003 Systems Affected Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me Overview W32.Sobig.E@mm is a mass-mailing worm that sends itself to all the email addresses that it finds in the files with the following extensions: .wab .dbx .htm .html .eml .txt The email falsely purports that Yahoo sent it ([email protected]). Email Routine Details The email message has the following characteristics: From: [email protected] ( NOTE : W32.Sobig.E@mm spoofs this field. It could be any address.) Subject: The subject line will be one of the following: Re: Application Re: Movie Re: Movies Re: Submitted Re: ScRe:ensaver Re: Documents Re: Re: Application ref 003644 Re: Re: Document Your application Application.pif Applications.pif movie.pif Screensaver.scr submited.pif new document.pif Re: document.pif 004448554.pif Referer.pif Attachment: The attachment name will be one of the following: Your_details.zip (contains Details.pif) Application.zip (contains Application.pif) document.zip (contains document.pif) Screensaver.zip (contains Sky.world.scr) Movie.zip (contains Movie.pif) NOTE: The worm de-activates on July 14, 2003, and therefore, the last day on which the worm will spread is July 13, 2003. Symantec Security Response has created a tool to remove W32.Sobig.E@mm. References Symantec Security Response http://www.sarc.com/[email protected] -------------------------------------------------------------------------- Featured Analyses from Symantec DeepSight Threat Management System http://tms.symantec.com/ Fu Rootkit Analysis ------------------- Fu is a kernel rootkit created for Microsoft Windows NT4, Microsoft Windows 2000, and Microsoft Windows XP. By directly accessing Windows kernel data structures, Fu creates an effective avenue of clandestine access, which attackers may use to conceal their presence and perform operations with elevated privileges on a compromised system. Manifesting itself in the form of a device driver, Fu is especially dangerous because it modifies the behaviour of the underlying operating system at the lowest possible level. Once deployed, operations performed via this utility may be extremely difficult to detect. Spybot version 3 Analysis ------------------------- Spybot, also known as Milkit, is an open source trojan that contains several mechanisms of propagation. Spybot can spread using file sharing applications and vulnerabilities in other trojans as propagation vectors. Spybot will attempt to take control of systems that were previously compromised and are running the Sub-Seven or Kuang2 trojan. An infected system will connect to an Internet Relay Chat (IRC) channel and wait for the attacker to issue instructions. Once a system has been infected, that attacker will have complete control of the system via IRC. An attacker can modify the Spybot source code to create a trojan that will meet the attackers needs. The customisable nature of Spybot can result in dynamic behaviour and unique binaries, which can make detection and removal a complex task. W32.Illpatient IRC-based RAT Analysis ------------------------------------- W32.Illpatient is an IRC-based Remote Access Tool (RAT), written in C, which runs on the Win32 family of operating systems. It was obtained from a compromised Symantec DeepSight Honeypot and was found compressed with UPX. This utility was loaded onto a compromised Symantec DeepSight Honeypot, with what may have been a scripted installation routine, as this utility does not appear to be capable of propagating automatically. W32.Illpatient receives commands from its owner through Internet Relay Chat (IRC). During startup, it connects to a hard-coded IRC server, and joins a private, keyed channel. Although W32.Illpatient contains several features, including a Denial of Service (DoS) routine, testing has indicated that it is not very stable. -------------------------------------------------------------------------- Security News PetCo Plugs Credit Card Leak By Kevin Poulsen Jun 30 2003 Pet supply site offered more than kitty litter and flea collars. ... >> http://www.securityfocus.com/news/6194 AT&T lets phone fraud victims off the hook By Kevin Poulsen Jun 25 2003 The company will abandon its efforts to collect on four-figure phone bills left by a voice-mail cracking scheme. ... >> http://www.securityfocus.com/news/6158 ------------------------------------------------------------------------- Security Advisories FastTrack P2P Supernode Packet Handler Buffer Overflow Vulnerability Risk :High Date :26th May 2003 Components Affected: Many, listed here; http://securityrespo...ntent/7680.html Overview FastTrack P2P Supernode Packet Handler has been reported prone to a buffer overflow vulnerability. The issue presents itself in the FastTrack Supernode packet handler. The handler does not perform sufficient bounds checking on supernode entries received before they are copied into a reserved buffer in internal memory. An attacker may exploit this vulnerability to trigger a denial of service condition or ultimately have arbitrary attacker supplied code executed. Code execution would occur in the context of the user running an application that incorporates the vulnerable FastTrack P2P Packet Handler. It should be noted that this vulnerability has been tested on KaZaA version 2.0.2. Other versions of KaZaA and similar file-sharing clients based on FastTrack P2P technology may also be affected. Recommendations Block external access at the network boundary, unless service is required by external parties. If applicable, block all incoming FastTrack P2P based traffic at the network boundary. Credits Discovery of this vulnerability has been credited to random nut References Source: Grokster Homepage URL: http://www.grokster.com/ Source: iMesh Product Homepage URL: http://www.imesh.com Source: KaZaA Homepage URL: http://www.kazaa.com/ Source: Morpheus Homepage URL: http://www.musiccity.com Symantec Security Response http://securityrespo...ntent/7680.html -------------------------------------------------------------------------- PMachine Lib.Inc.PHP Remote Include Command Execution Vulnerability Risk :High Date :15thJune 2003 Components Affected PMachine PMachine 2.2.1 Overview It has been reported that PMachine does not properly handle include files under some circumstances. Because of this, an attacker may be able to remotely execute commands. Recommendations Block external access at the network boundary, unless service is required by external parties. Filter untrusted network traffic at border routers and network firewalls. Running the server in a closed or restricted environment may limit the consequences of successful exploitation. Execute server processes with the least privileges required, and place processes in a restrictive environment. Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] . PMachine PMachine 2.2.1: Credits Discovery credited to "Frog Man" References Source: SecurityFocus URL: http://www.securityf.../bid/7919/info/ Source: PMachine Homepage URL: http://www.pmachine.com -------------------------------------------------------------------------- Security Events Calendar SANSFIRE 2003 July 14-19, 2003 Washington, DC, USA. http://www.sans.org/sansfire03/ -------------------------------------------------------------------------- Department of Homeland Security IT Security Conference July 9-10, 2003 Baltimore, MD, USA -------------------------------------------------------------------------- VB2003 - VB Conference 2003 Sept 25-26, 2003 Toronto, Canada http://www.virusbtn....b2003/index.xml -------------------------------------------------------------------------- AVAR 2003 - Malicious Code Conference 2003 November 6-7, 2003. Sydney, Australia http://www.aavar.org/ -------------------------------------------------------------------------- Symantec Glossary for definitions of viruses, Trojans and worms and more. http://www.symantec....enter/refa.html -------------------------------------------------------------------------- Contacts -------------------------------------------------------------------------- Correspondence by email to: [email protected] no unsubscribe or support emails please. Send virus samples to: [email protected] Newsletter Archive: http://www.symantec....ewsletters.html -------------------------------------------------------------------------- Subscribe and Unsubscribe -------------------------------------------------------------------------- To be added or removed from the subscription mailing list, please fill out the form available on the Symantec website at: http://www.symantec..../subscribe.html The Symantec Security Response NEwsletter is published periodically by Symantec Corporation. No reprint without permission in writing, in advance. -------------------------------------------------------------------------- This message contains Symantec Corporation's current view of the topics discussed as of the date of this document. The information contained in this message is provided "as is" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and freedom from infringement. The user assumes the entire risk as to the accuracy and the use of this document. This document may not be distributed for profit. Symantec and the Symantec logo are U.S. registered trademarks of Symantec Corporation. Other brands and products are trademarks of their respective holder(s). © Copyright 2002 Symantec Corporation. All rights reserved. Materials may not be published in other documents without the express, written permission of Symantec Corporation. -------------------------------------------------------------------------- -------------------------------------------------------------------------------- ISSN 1444-9994 Symantec Security Response Newsletter June 2003 Best viewed at 1024x768 resolution Bugbear Makes a Comeback! Bugbear made a comeback this month in the form of W32.Bugbear.b@mm. This variant has some significant differences to the original version. Of most concern is the key logging and data export. Of course users wouldn't be infected if their systems were patched up to date. It's the same problem, an old vulnerability, first discovered in March 2001, still giving viruses and worms like Bugbear a way onto your PC. We are late publishing the June edition, I've been busy with the next version of Symantec's Internet Threat Report, due out in September, analysing the Newsletter survey results and working on the new HTML format. In response to the survey conducted on this newsletter we have added a couple of new sections, changed a few sections and taken note of your comments. Later editions will be further enhanced but in this edition you'll find a calendar of selected security events and IT Security news links that may be of interest. One of the more controversial additions are the 'Symantec Solution' boxes embedded in the articles. These are a compromise, we didn't want to carry advertising but many subscribers want to know what products we have to combat security issues, so these boxes are, I think, a reasonable way of covering these issues. AVAR (Association of anti Virus Asia Researchers) have just issued their call for papers for the conference that will be held in Sydney, Australia later this year. As an AVAR VP I'm proud to be the conference chair on behalf of AVAR for this year. Details of the event are in the calendar. I've recently had the pleasure of working with Syngress to write the Forward to a new book; Configuring Symantec AntiVirus Corporate Edition (ISBN: 1-931836-81-7). You can get a copy from Amazon here, and no I won't make any money from promoting this link. Best Regards David Banes Viruses, Trojans & Worms W32.Bugbear.B@mm Aliases : Win32.Bugbear.B [CA], W32/Bugbear.b@MM [McAfee], PE_BUGBEAR.B [Trend], W32/Bugbear-B [Sophos], I-Worm.Tanatos.b [KAV], W32/Bugbear.B [Panda], Win32/Bugbear.B@mm [RAV] Risk : High [4] Date : 4th June 2003 Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me Overview W32.Bugbear.B@mm worm is: - A variant of W32.Bugbear@mm . - A mass-mailing worm that also spreads through network shares. - Polymorphic and also infects a select list of executable files. - Possesses keystroke-logging and Backdoor capabilities. - Attempts to terminate the processes of various antivirus and firewall programs. The worm uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability to cause unpatched systems to auto-execute the worm when reading or previewing an infected message. In addition, the worm contains routines that specifically affect financial institutions. This functionality will cause the worm to send sensitive data to one of ten hard-coded public Internet e-mail addresses The information sent includes cached passwords and key-logging data. Ă Because the worm does not properly handle the network resource types, it may flood shared printer resources, which causes them to print garbage or disrupt their normal functionality. Symantec Solutions Symantec AntiVirus for SMTP Gateways, Intruder Alert, NetProwler, Gateway Security, Symantec Manhunt NOTE : If you believe your computer may already be infected with W32.Bugbear.B@mm because your antivirus software does not work, scan your system over the Internet with Symantec Security Check . Symantec Security Response has created a tool to remove W32.Bugbear.B@mm, which is the easiest way to remove this threat. Credits Write-up by: Eric Chien, Security Response EMEA. References Symantec Security Response http://www.sarc.com/[email protected] -------------------------------------------------------------------------------- W32.Sobig.E@mm Aliases Win32.Sobig.E [CA], W32/Sobig-E [Sophos], W32/Sobig.e@MM [McAfee], WORM_SOBIG.E [Trend] Risk :Medium [3] Date : 25th June 2003 Systems Affected Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me Overview W32.Sobig.E@mm is a mass-mailing worm that sends itself to all the email addresses that it finds in the files with the following extensions: .wab .dbx .htm .html .eml .txt The email falsely purports that Yahoo sent it ([email protected]). Email Routine Details The email message has the following characteristics: From: [email protected] ( NOTE : W32.Sobig.E@mm spoofs this field. It could be any address.) Subject: The subject line will be one of the following: Re: Application Re: Movie Re: Movies Re: Submitted Re: ScRe:ensaver Re: Documents Re: Re: Application ref 003644 Re: Re: Document Your application Application.pif Applications.pif movie.pif Screensaver.scr submited.pif new document.pif Re: document.pif 004448554.pif Referer.pif Symantec Solutions Symantec AntiVirus for SMTP Gateways, Intruder Alert, NetProwler, Gateway Security, Symantec Manhunt Attachment: The attachment name will be one of the following: Your_details.zip (contains Details.pif) Application.zip (contains Application.pif) document.zip (contains document.pif) Screensaver.zip (contains Sky.world.scr) Movie.zip (contains Movie.pif) NOTE: The worm de-activates on July 14, 2003, and therefore, the last day on which the worm will spread is July 13, 2003. Symantec Security Response has created a tool to remove W32.Sobig.E@mm. References Symantec Security Response http://www.sarc.com/[email protected] Featured Analyses from Symantec DeepSight Threat Management System http://tms.symantec.com/ Fu Rootkit Analysis Fu is a kernel rootkit created for Microsoft Windows NT4, Microsoft Windows 2000, and Microsoft Windows XP. By directly accessing Windows kernel data structures, Fu creates an effective avenue of clandestine access, which attackers may use to conceal their presence and perform operations with elevated privileges on a compromised system. Manifesting itself in the form of a device driver, Fu is especially dangerous because it modifies the behaviour of the underlying operating system at the lowest possible level. Once deployed, operations performed via this utility may be extremely difficult to detect. -------------------------------------------------------------------------------- Spybot version 3 Analysis Spybot, also known as Milkit, is an open source trojan that contains several mechanisms of propagation. Spybot can spread using file sharing applications and vulnerabilities in other trojans as propagation vectors. Spybot will attempt to take control of systems that were previously compromised and are running the Sub-Seven or Kuang2 trojan. An infected system will connect to an Internet Relay Chat (IRC) channel and wait for the attacker to issue instructions. Once a system has been infected, that attacker will have complete control of the system via IRC. An attacker can modify the Spybot source code to create a trojan that will meet the attackers needs. The customisable nature of Spybot can result in dynamic behaviour and unique binaries, which can make detection and removal a complex task. -------------------------------------------------------------------------------- W32.Illpatient IRC-based RAT Analysis W32.Illpatient is an IRC-based Remote Access Tool (RAT), written in C, which runs on the Win32 family of operating systems. It was obtained from a compromised Symantec DeepSight Honeypot and was found compressed with UPX. This utility was loaded onto a compromised Symantec DeepSight Honeypot, with what may have been a scripted installation routine, as this utility does not appear to be capable of propagating automatically. W32.Illpatient receives commands from its owner through Internet Relay Chat (IRC). During startup, it connects to a hard-coded IRC server, and joins a private, keyed channel. Although W32.Illpatient contains several features, including a Denial of Service (DoS) routine, testing has indicated that it is not very stable. Top Malicious Code Threats Risk Threat Discovered Protection 4 W32.Bugbear.B@mm 4 Jun 2003 5 Jun 2003 4 W32.Klez.H@mm 17 Apr 2002 17 Apr 2002 3 W32.Sobig.E@mm 25 Jun 2003 25 Jun 2003 3 W32.HLLW.Fizzer@mm 8 May 2003 9 May 2003 3 W32.SQLExp.Worm 24 Jan 2003 24 Jan 2003 Latest Malicious Code Threats Risk Threat Discovered Protection 2 W32.Vivael@mm 28 Jun 2003 28 Jun 2003 2 W32.Klexe.Worm 27 Jun 2003 28 Jun 2003 2 W32.Mumu.B.Worm 26 Jun 2003 26 Jun 2003 1 W32.HLLW.Lovgate.L@mm 25 Jun 2003 25 Jun 2003 1 W32.Yaha.T@mm 24 Jun 2003 25 Jun 2003 Common Vulnerabilities Microsoft IE MIME Header Attachment Execution Vulnerability Bugtraq ID CVE Reference Exploited by 2524 CVE-2001-0154 W32.Klez, W32.Sobig, W32.BugbearW32.Yaha, W32.Nimda, W32.Lirva MS IIS/PWS Escaped Characters Decoding Command Execution Vulnerability 2708 CVE-2001-0333 W32.Nimda Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability 1806 CVE-2000-0884 W32.Nimda Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability 1780 CVE-2000-0979 W32.Opaserv Microsoft SQL Server Resolution Service buffer overflows allow arbitrary code execution 5311 CAN-2002-0649 W32.SQLExp.Worm Security News PetCo Plugs Credit Card Leak By Kevin Poulsen Jun 30 2003 Pet supply site offered more than kitty litter and flea collars. ... >> AT&T lets phone fraud victims off the hook ByĂ Kevin Poulsen Jun 25 2003 The company will abandon its efforts to collect on four-figure phone bills left by a voice-mail cracking scheme. ... >> Useful Links Incorrect MIME Header Can Cause IE to Execute E-mail Attachment -------------------------------------------------------------------------------- Virus Removal Tools Fix tools for threats such as W32.HLLW.Lovgate , W32.SQLExp.Worm , W32.Sobig.A@mm and W32.Bugbear@mm -------------------------------------------------------------------------------- Virus Hoaxes There are many email virus hoaxes, please check here before forwading email virus warnings. -------------------------------------------------------------------------------- Joke Programs Joke programs are not malicious and can be safely deleted. Security Events Calendar SANSFIRE 2003 July 14-19, 2003 Washington, DC, USA. http://www.sans.org/sansfire03/ -------------------------------------------------------------------------------- Department of Homeland Security IT Security Conference July 9-10, 2003 Baltimore, MD, USA -------------------------------------------------------------------------------- VB2003 - VB Conference 2003 Sept 25-26, 2003 Toronto, Canada http://www.virusbtn....b2003/index.xml -------------------------------------------------------------------------------- AVAR 2003 - Malicious Code Conference 2003 November 6-7, 2003. Sydney, Australia http://www.aavar.org/ Security Advisories FastTrack P2P Supernode Packet Handler Buffer Overflow Vulnerability Risk :High Date :26th May 2003 Components Affected: Many, listed here; http://securityrespo...ntent/7680.html Overview FastTrack P2P Supernode Packet Handler has been reported prone to a buffer overflow vulnerability. The issue presents itself in the FastTrack Supernode packet handler. The handler does not perform sufficient bounds checking on supernode entries received before they are copied into a reserved buffer in internal memory. An attacker may exploit this vulnerability to trigger a denial of service condition or ultimately have arbitrary attacker supplied code executed. Code execution would occur in the context of the user running an application that incorporates the vulnerable FastTrack P2P Packet Handler. Symantec Solutions Intruder Alert, Symantec Manhunt, Enterprise Firewall It should be noted that this vulnerability has been tested on KaZaA version 2.0.2. Other versions of KaZaA and similar file-sharing clients based on FastTrack P2P technology may also be affected. Recommendations Block external access at the network boundary, unless service is required by external parties. If applicable, block all incoming FastTrack P2P based traffic at the network boundary. Credits Discovery of this vulnerability has been credited to random nut References Source: Grokster Homepage URL: http://www.grokster.com/ Source: iMesh Product Homepage URL: http://www.imesh.com Source: KaZaA Homepage URL: http://www.kazaa.com/ Source: Morpheus Homepage URL: http://www.musiccity.com Symantec Security Response http://securityrespo...ntent/7680.html -------------------------------------------------------------------------------- PMachine Lib.Inc.PHP Remote Include Command Execution Vulnerability Risk :High Date :15thJune 2003 Components Affected PMachine PMachine 2.2.1 Overview It has been reported that PMachine does not properly handle include files under some circumstances. Because of this, an attacker may be able to remotely execute commands. Recommendations Block external access at the network boundary, unless service is required by external parties. Filter untrusted network traffic at border routers and network firewalls. Symantec Solutions Intruder Alert, Symantec Manhunt, Enterprise Firewall Running the server in a closed or restricted environment may limit the consequences of successful exploitation. Execute server processes with the least privileges required, and place processes in a restrictive environment. Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] . PMachine PMachine 2.2.1: Credits Discovery credited to "Frog Man" References Source: SecurityFocus URL: http://www.securityf.../bid/7919/info/ Source: PMachine Homepage URL: http://www.pmachine.com Symantec, the Symantec logo, [registered trademarks in alphabetical order] are U.S. registered trademarks of Symantec Corporation. [Common law trademarks in alphabetical order] are trademarks of Symantec Corporation. Windows, Windows NT, and the Windows logo are registered trademarks of Microsoft Corporation in the United States and other countries. All other brand and product names are trademarks of their respective holder(s).Ă Copyright Ă© 2003 Symantec Corporation. All rights reserved. Printed in Australia.March 2003. Follow this link to subscribe or unsubscribe http://securityrespo...regions/en.html -------------------------------------------------------------------------------- Last Updated: July 9, 2003 |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users