[Start] [Organized] [Chronological] [Date Prev] [Date Next]

[SECWS] Bul - 1154 - 01/30/2004


The SECURITY WATCH                                    APOGÉE-Communications
Edition of Friday, January 30 2004                      All rights reserved
___________________________________________________________________________

 SUMMARY OF THIS BULLETIN
 ------------------------

* ALERTS (2)
 - CISCO          - Buffer overflow in 'Workstation'
 - SUN            - Privileged commands execution via 'pfexec'

* INFORMATION (3)
 - LINUX SuSE     - Patches for Gaim
 - VIRUS          - MyDoom virus self update on infected hosts
 - SGI            - Patch for SGI Irix

* REISSUES OF ALERTS (0)
___________________________________________________________________________

ALERTS
___________________________________________________________________________

* CISCO          - Buffer overflow in 'Workstation'

All Cisco products and applications using an unpatched version of Microsoft
Windows 2000 are vulnerable to a buffer overflow.

 - Date:        January 29 2004
 - Platform:    Cisco CallManager
                Cisco Building Broadband Service Manager (BBSM) 5.2 and
                HotSpot 1.0
                Cisco Customer Response Application Server (CRA)
                Cisco Personal Assistant (PA)
                Cisco Conference Connection (CCC)
                Cisco Emergency Responder (CER)
                Cisco IP Call Center Express (IPCC Express)
                Cisco Internet Service Node (ISN)
                All Cisco products and applications using Windows 2000
 - Severity:    High
 - Origin:      'Workstation' service of Windows 2000
 - Problem:     Remote buffer overflow
 - Damage:      Denial of service
                Arbitrary code execution using elevated privileges
 - CVE names:   No CVE name assigned at the present time
 - Description: Numerous Cisco products are vulnerable to a buffer overflow
                in the 'Workstation' service of Windows 2000. This flaw may
                cause arbitrary code to execute remotely.
 - References:  Cisco [48161]
                 http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml
 - Solution:    For Cisco CallManager, IPCC Express, PA, CER, CCC, and ISN
                products, apply patch 'win-OS-Upgrade-k9.2000-2-5sr4.exe'
                or later.
                 http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des?psrtdcat20e2
                For Cisco BBSM 5.2, apply patch 'BBSM52SP2.exe'.
                 http://www.cisco.com/pcgi-bin/tablebuild.pl/bbsm52
                For HotSpot 1.0, apply the dedicated Service Pack 1.
                 http://www.cisco.com/pcgi-bin/tablebuild.pl/bbsmhs10
                For other Windows 2000 based products, install the patch
                provided by Microsoft.
                 http://www.microsoft.com/technet/security/bulletin/MS03-049.asp
 - Our advice:  Numerous other products are vulnerable as they are based on
                Windows 2000. Refer to the Cisco alert to get a detailed
                list.
___________________________________________________________________________

* SUN            - Privileged commands execution via 'pfexec'

A flaw on Solaris allows to execute commands using elevated privileges via
'pfexec'.

 - Date:        January 29 2004
 - Platform:    Sun Solaris 8 and 9 (Sparc and Intel)
 - Severity:    High
 - Origin:      'pfexec' command
 - Problem:     Improper handling of custom rights profile
 - Damage:      Commands execution using elevated privileges
 - CVE names:   No CVE name assigned at the present time
 - Description: An unprivileged local user with custom rights profile may
                execute a 'profile' command with elevated privileges via
                'pfexec', if the execution profiles database (exec_attr)
                contains an invalid entry.
 - References:  Sun [57453]
                 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57453
 - Solution:    Apply the patch depending on your version.
                Solaris 8 (Sparc)
                 http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109007&rev=15
                Solaris 9 (Sparc)
                 http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=116237&rev=01
                Solaris 8 (Intel)
                 http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109008&rev=15
                Solaris 9 (Intel)
                 http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=116238&rev=01
___________________________________________________________________________

INFORMATION
___________________________________________________________________________

* LINUX SuSE     - Patches for Gaim

SuSE has announced the availability of patches for Gaim instant messenger
on SuSE Linux versions 8.0 through 9.0 fixing thus two buffer overflows.
CAN-2004-0005, CAN-2004-0006
SuSE 'gaim' [SuSE-SA:2004:004] (bulletin 1150 dated 01/26/2004)

http://www.suse.de/de/security/2004_04_gaim.html
___________________________________________________________________________

* VIRUS          - MyDoom virus self update on infected hosts

The 'MyDoom.b' variant (bulletin 1153 dated 01/29/2004) may, according to
F-Secure, automatically perform a self update via the backdoor opened
during a previous infection. So it is recommended to block port tcp/3127
that is used.
 http://www.f-secure.com/v-descs/mydoom_b.shtml
Some sources affirm that the virus can execute when reading the mail, but
other sources claims the opposite.
 http://www.microsoft.com/security/antivirus/mydoom.asp
On another hand, the MyDoom virus could originate from Russia.
 http://www.themoscowtimes.com/stories/2004/01/30/002.html
'mydoom' (bulletin 1152 dated 01/28/2004)

http://www.f-secure.com/v-descs/mydoom_b.shtml
___________________________________________________________________________

* SGI            - Patch for SGI Irix

SGI has announced the availability of a patch for SGI Irix versions 6.5.18m
through 6.5.22 fixing multiple vulnerabilities in 'html2ps', 'Safe.pm',
'gzip', 'libdesktopicon.so' and 'gr_osview'.
SGI 'irix' [20040104-01-P] (bulletins 227 dated 08/03/2000, 842 dated
11/04/2002, 849 dated 11/14/2002 and 991 dated 06/10/2003)

http://www.securityfocus.com/archive/1/351812
___________________________________________________________________________

Yours sincerely,

The Security Watch Team

--
Security Watch Service
mailto:veille-sec@apogee-com.fr
APOGEE Communications
15, Avenue du Cap Horn
ZA de Courtaboeuf 
91940 LES ULIS
Tel : + 33 1 69 85 56 47
Fax : + 33 1 69 85 56 48

Technical support : + 33 1 73 23 17 00

Nota: Trademarks and products appearing in this bulletin are property
      of their respective depositaries.