[Start]
[Organized]
[Chronological]
[Date Prev]
[Date Next]
[SECWS] Bul - 1154 - 01/30/2004
The SECURITY WATCH APOGÉE-Communications
Edition of Friday, January 30 2004 All rights reserved
___________________________________________________________________________
SUMMARY OF THIS BULLETIN
------------------------
* ALERTS (2)
- CISCO - Buffer overflow in 'Workstation'
- SUN - Privileged commands execution via 'pfexec'
* INFORMATION (3)
- LINUX SuSE - Patches for Gaim
- VIRUS - MyDoom virus self update on infected hosts
- SGI - Patch for SGI Irix
* REISSUES OF ALERTS (0)
___________________________________________________________________________
ALERTS
___________________________________________________________________________
* CISCO - Buffer overflow in 'Workstation'
All Cisco products and applications using an unpatched version of Microsoft
Windows 2000 are vulnerable to a buffer overflow.
- Date: January 29 2004
- Platform: Cisco CallManager
Cisco Building Broadband Service Manager (BBSM) 5.2 and
HotSpot 1.0
Cisco Customer Response Application Server (CRA)
Cisco Personal Assistant (PA)
Cisco Conference Connection (CCC)
Cisco Emergency Responder (CER)
Cisco IP Call Center Express (IPCC Express)
Cisco Internet Service Node (ISN)
All Cisco products and applications using Windows 2000
- Severity: High
- Origin: 'Workstation' service of Windows 2000
- Problem: Remote buffer overflow
- Damage: Denial of service
Arbitrary code execution using elevated privileges
- CVE names: No CVE name assigned at the present time
- Description: Numerous Cisco products are vulnerable to a buffer overflow
in the 'Workstation' service of Windows 2000. This flaw may
cause arbitrary code to execute remotely.
- References: Cisco [48161]
http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml
- Solution: For Cisco CallManager, IPCC Express, PA, CER, CCC, and ISN
products, apply patch 'win-OS-Upgrade-k9.2000-2-5sr4.exe'
or later.
http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des?psrtdcat20e2
For Cisco BBSM 5.2, apply patch 'BBSM52SP2.exe'.
http://www.cisco.com/pcgi-bin/tablebuild.pl/bbsm52
For HotSpot 1.0, apply the dedicated Service Pack 1.
http://www.cisco.com/pcgi-bin/tablebuild.pl/bbsmhs10
For other Windows 2000 based products, install the patch
provided by Microsoft.
http://www.microsoft.com/technet/security/bulletin/MS03-049.asp
- Our advice: Numerous other products are vulnerable as they are based on
Windows 2000. Refer to the Cisco alert to get a detailed
list.
___________________________________________________________________________
* SUN - Privileged commands execution via 'pfexec'
A flaw on Solaris allows to execute commands using elevated privileges via
'pfexec'.
- Date: January 29 2004
- Platform: Sun Solaris 8 and 9 (Sparc and Intel)
- Severity: High
- Origin: 'pfexec' command
- Problem: Improper handling of custom rights profile
- Damage: Commands execution using elevated privileges
- CVE names: No CVE name assigned at the present time
- Description: An unprivileged local user with custom rights profile may
execute a 'profile' command with elevated privileges via
'pfexec', if the execution profiles database (exec_attr)
contains an invalid entry.
- References: Sun [57453]
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57453
- Solution: Apply the patch depending on your version.
Solaris 8 (Sparc)
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109007&rev=15
Solaris 9 (Sparc)
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=116237&rev=01
Solaris 8 (Intel)
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109008&rev=15
Solaris 9 (Intel)
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=116238&rev=01
___________________________________________________________________________
INFORMATION
___________________________________________________________________________
* LINUX SuSE - Patches for Gaim
SuSE has announced the availability of patches for Gaim instant messenger
on SuSE Linux versions 8.0 through 9.0 fixing thus two buffer overflows.
CAN-2004-0005, CAN-2004-0006
SuSE 'gaim' [SuSE-SA:2004:004] (bulletin 1150 dated 01/26/2004)
http://www.suse.de/de/security/2004_04_gaim.html
___________________________________________________________________________
* VIRUS - MyDoom virus self update on infected hosts
The 'MyDoom.b' variant (bulletin 1153 dated 01/29/2004) may, according to
F-Secure, automatically perform a self update via the backdoor opened
during a previous infection. So it is recommended to block port tcp/3127
that is used.
http://www.f-secure.com/v-descs/mydoom_b.shtml
Some sources affirm that the virus can execute when reading the mail, but
other sources claims the opposite.
http://www.microsoft.com/security/antivirus/mydoom.asp
On another hand, the MyDoom virus could originate from Russia.
http://www.themoscowtimes.com/stories/2004/01/30/002.html
'mydoom' (bulletin 1152 dated 01/28/2004)
http://www.f-secure.com/v-descs/mydoom_b.shtml
___________________________________________________________________________
* SGI - Patch for SGI Irix
SGI has announced the availability of a patch for SGI Irix versions 6.5.18m
through 6.5.22 fixing multiple vulnerabilities in 'html2ps', 'Safe.pm',
'gzip', 'libdesktopicon.so' and 'gr_osview'.
SGI 'irix' [20040104-01-P] (bulletins 227 dated 08/03/2000, 842 dated
11/04/2002, 849 dated 11/14/2002 and 991 dated 06/10/2003)
http://www.securityfocus.com/archive/1/351812
___________________________________________________________________________
Yours sincerely,
The Security Watch Team
--
Security Watch Service
mailto:veille-sec@apogee-com.fr
APOGEE Communications
15, Avenue du Cap Horn
ZA de Courtaboeuf
91940 LES ULIS
Tel : + 33 1 69 85 56 47
Fax : + 33 1 69 85 56 48
Technical support : + 33 1 73 23 17 00
Nota: Trademarks and products appearing in this bulletin are property
of their respective depositaries.