5144353 2000-05-30 00:15 /258 rader/ Postmaster
Mottagare: Bugtraq (import) <11060>
Ärende: Re: [linux-security] Re: [RHSA-2000:028-02] Netscape 4.7
------------------------------------------------------------
available
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
X-Face: ]IrGs{LrofDtGfsrG!As5=G'2HRr2zt:H>djXb5@v|Dr!jOelxzAZ`!}("]}
Q!)1w#X;)nLlb'XhSu,QL>;)L/l06wsI?rv-xy6%Y1e"BUiV%)mU;]f-5<#U
UthZ0QrF7\_p#q}*Cn}jd|XT~7P7ik]Q!2u%aTtvc;)zfH\:3f<[a:)M
X-OS: Linux-2.2.12 RedHat 6.1
X-URL: http://www.growzone.com.au/tony
Message-ID: <200005282339.JAA08385@gandalf.growzone.com.au>
Date: Mon, 29 May 2000 09:39:28 +1000
Reply-To: Tony Nugent <tony@GROWZONE.COM.AU>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Tony Nugent <tony@GROWZONE.COM.AU>
Organization: GrowZone OnLine
X-To: Jean-Mario <jmcharest@sympatico.ca>
X-cc: linux-security@redhat.com, bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: message-id <008801bfc7e0$77cd2cc0$6400a8c0@icerealm> of Sat
May 27 09:35:36 2000
This posting is already outdated, 4.73 appears to have similar bugs.
-------------------------------
CERT Advisory CA-2000-08 Inconsistent Warning Messages in Netscape
Navigator
Original release date: May 26, 2000
Last Revised: --
Source: CERT/CC
A complete revision history is at the end of this file.
Systems Affected
* Systems running Netscape Navigator, up to and including Navigator
4.73, without the Personal Security Manager installed
Overview
A flaw exists in Netscape Navigator that could allow an attacker
to masquerade as a legitimate web site if the attacker can
compromise the validity of certain DNS information. This is
different from the problem reported in CERT Advisory CA-2000-05,
but it has a similar impact. This vulnerability was recently
discovered by Kevin Fu of of the Massachusetts Institute of
Technology and, independently, by Jon Guyer.
If a user visits a web site in which the certificate name does not
match the site name and proceeds with the connection despite the
warning produced by Netscape, then subsequent connections to any
sites that have the same certificate will not result in a warning
message.
[...]
On Sat May 27 2000 at 09:35, "Jean-Mario" wrote:
>
> ----- Original Message -----
> From: <bugzilla@redhat.com>
> To: <redhat-watch-list@redhat.com>
> Cc: <linux-security@redhat.com>; <bugtraq@securityfocus.com>
> Sent: Friday, May 19, 2000 8:11 PM
> Subject: [RHSA-2000:028-02] Netscape 4.73 available
>
>
> > ---------------------------------------------------------------------
> > Red Hat, Inc. Security Advisory
> >
> > Synopsis: Netscape 4.73 available
> > Advisory ID: RHSA-2000:028-02
> > Issue date: 2000-05-19
> > Updated on: 2000-05-19
> > Product: Red Hat Linux
> > Keywords: netscape SSL telnet rlogin
> > Cross references:
> http://www.securityfocus.com/vdb/bottom.html?section=discussion&vid=1188
> > ---------------------------------------------------------------------
> >
> > 1. Topic:
> >
> > Netscape 4.73 packages are available. These new packages fix
> > bugs in SSL certificate validation; these bugs could allow
> > for the compromising of encrypted SSL sessions.
> >
> > It is recommended that all users of Netscape update to the new packages.
> >
> > 2. Relevant releases/architectures:
> >
> > Red Hat Linux 5.2 - i386
> > Red Hat Linux 6.2 - i386 alpha
> >
> > 3. Problem description:
> >
> > The description of the vulnerability, taken from
> > http://www.securityfocus.com/:
> > --
> > An attacker poisons a nameserver to redirect all
> > connections to www.goodguy.com, normally
> > 100.100.100.100, to 99.99.99.99, www.badguy.com.
> >
> > The attacker causes all normal http requests to return
> > what they normally would on www.goodguy.com, even though
> > a user attempting to contact www.goodguy.com hits
> > www.badguy.com.
> >
> > Upon getting a hit to www.badguy.com, the attacker
> > causes an SSL connection to be established. This can be
> > done by embedding a small image. The user may or may not
> > get a warning about establishing a secure connection --
> > this warning is on by default, although many users will
> > choose to disable this warning. The attacker needs to
> > use a legitimate SSL key, certified by someone listed as
> > trustworthy (thwate.com, for instance)
> >
> > The user can continue to shop to their hearts content,
> > on the real site, as it's being proxied.
> >
> > When the user decides to check out, it will attempt to
> > establish an SSL connection to www.goodguy.com. Upon
> > checking the ip address for www.goodguy.com, for
> > establishing an SSL connection, it will note that an SSL
> > connection already exists to it's IP. The key, however,
> > was issued to www.badguy.com. The SSL connection will be
> > established, and by all indications appear to go to
> > www.goodguy.com, when in fact it is to www.badguy.com.
> >
> > This could be used by a would be attacker to steal
> > information such as credit cards, or any other
> > information protected by SSL.
> > ---
> >
> > Another minor vulnerability exists in current versions
> > of Netscape; by default, netscape will respond to
> > rlogin: and telnet: URLs by launching a helper application
> > of the appropriate type. It is possible that when following URLs
> > of these types that certain information about the local
> > user (user name, environment settings) can be exposed to
> > a remote host. To change the default associations to avoid
> > this, users can go to Edit->Preferences, and choose
> > Communicator->Applications. Then, change the default
> > commands associated with 'telnet' and 'rlogin' to something
> > that does not open up a connection to the remote host,
> > for example, simply 'xterm'.
> >
> > 4. Solution:
> >
> > For each RPM for your particular architecture, run:
> >
> > rpm -Fvh [filename]
> >
> > where filename is the name of the RPM.
> >
> > For Red Hat Linux 5.0 and 5.1, use the Red Hat Linux 5.2
> > packages. For Red Hat Linux 6.0 and 6.1, use the Red Hat Linux
> > 6.2 packages.
> >
> > 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
> >
> > 11379 - Netscape 4.73 release for security problems in 4.72
> >
> >
> > 6. RPMs required:
> >
> > Red Hat Linux 5.2:
> >
> > intel:
> > ftp://ftp.redhat.com/5.2/i386/netscape-common-4.73-0.5.2.i386.rpm
> > ftp://ftp.redhat.com/5.2/i386/netscape-navigator-4.73-0.5.2.i386.rpm
> > ftp://ftp.redhat.com/5.2/i386/netscape-communicator-4.73-0.5.2.i386.rpm
> >
> > sources:
> > ftp://ftp.redhat.com/5.2/SRPMS/netscape-4.73-0.5.2.src.rpm
> >
> > Red Hat Linux 6.2:
> >
> > intel:
> > ftp://ftp.redhat.com/6.2/i386/netscape-common-4.73-1.i386.rpm
> > ftp://ftp.redhat.com/6.2/i386/netscape-navigator-4.73-1.i386.rpm
> > ftp://ftp.redhat.com/6.2/i386/netscape-communicator-4.73-1.i386.rpm
> >
> > alpha:
> > ftp://ftp.redhat.com/6.2/alpha/netscape-common-4.73-1.alpha.rpm
> > ftp://ftp.redhat.com/6.2/alpha/netscape-navigator-4.73-1.alpha.rpm
> > ftp://ftp.redhat.com/6.2/alpha/netscape-communicator-4.73-1.alpha.rpm
> >
> > sources:
> > ftp://ftp.redhat.com/6.2/SRPMS/netscape-4.73-1.src.rpm
> > ftp://ftp.redhat.com/6.2/SRPMS/netscape-alpha-4.73-1.src.rpm
> >
> > 7. Verification:
> >
> > MD5 sum Package Name
> > --------------------------------------------------------------------------
> > 3e881194baf12d2d7e761a63041ba404 5.2/SRPMS/netscape-4.73-0.5.2.src.rpm
> > 52498e09827f5e854f99e320e2923fc4
> 5.2/i386/netscape-common-4.73-0.5.2.i386.rpm
> > 1e15dfb4454c36e7352cd1803974f871
> 5.2/i386/netscape-communicator-4.73-0.5.2.i386.rpm
> > 703a4a0b80ca0c45967cb8cc569b0600
> 5.2/i386/netscape-navigator-4.73-0.5.2.i386.rpm
> > a83932536aef2837be8733621c3415d0 6.2/SRPMS/netscape-4.73-1.src.rpm
> > bb79a4d70ebc7ab6cd91c04fbb951ca8 6.2/SRPMS/netscape-alpha-4.73-1.src.rpm
> > e800a7af7c20be924469aedb75ad807f
> 6.2/alpha/netscape-common-4.73-1.alpha.rpm
> > 9502f4ec6d2c99f8f61329898f31450f
> 6.2/alpha/netscape-communicator-4.73-1.alpha.rpm
> > d812be498d83e19dba903282c8805ee2
> 6.2/alpha/netscape-navigator-4.73-1.alpha.rpm
> > de054f11902c5777446baff909da817c 6.2/i386/netscape-common-4.73-1.i386.rpm
> > d3825c0c61838da0b35570fb0dc7e743
> 6.2/i386/netscape-communicator-4.73-1.i386.rpm
> > aea9965093a8202196f637e8385035d9
> 6.2/i386/netscape-navigator-4.73-1.i386.rpm
> >
> > These packages are GPG signed by Red Hat, Inc. for security. Our key
> > is available at:
> > http://www.redhat.com/corp/contact.html
> >
> > You can verify each package with the following command:
> > rpm --checksig <filename>
> >
> > If you only wish to verify that each package has not been corrupted or
> > tampered with, examine only the md5sum with the following command:
> > rpm --checksig --nogpg <filename>
> >
> > 8. References:
> >
> > N/A
> >
> >
> >
> >
> > --
> > To unsubscribe: mail redhat-watch-list-request@redhat.com with
> > "unsubscribe" as the Subject.
> >
> >
>
> --
> ----------------------------------------------------------------------
> Please refer to the information about this list as well as general
> information about Linux security at http://www.aoy.com/Linux/Security.
> ----------------------------------------------------------------------
>
> To unsubscribe:
> mail -s unsubscribe linux-security-request@redhat.com < /dev/null
>
Cheers
Tony
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
Tony Nugent <Tony@growzone.com.au> Systems Administrator, RHCE
GrowZone OnLine (a project of) GrowZone Development Network
POBox 475 Toowoomba Oueensland Australia 4350 Ph: 07 4637 8322
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
(5144353) ------------------------------------------(Ombruten)