103363 2003-06-03 23:30 /226 rader/ CERT Advisory <cert-advisory@cert.org>
Importerad: 2003-06-03 23:30 av Brevbäraren
Extern mottagare: cert-advisory@cert.org
Mottagare: Bugtraq (import) <5121>
Ärende: CERT Summary CS-2003-02
------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
CERT Summary CS-2003-02
June 3, 2003
Each quarter, the CERT Coordination Center (CERT/CC) issues the
CERT Summary to draw attention to the types of attacks
reported to our incident response team, as well as other
noteworthy incident and vulnerability information. The summary
includes pointers to sources of information for dealing with the
problems.
Past CERT summaries are available from:
CERT Summaries
http://www.cert.org/summaries/
______________________________________________________________________
Recent Activity
Since the last regularly scheduled CERT summary, issued in March
2003 (CS-2003-01), we have seen an integer overflow
vulnerability within Sun's XDR Library, multiple vulnerabilities
in Lotus Notes and Domino Server, a buffer overflow
vulnerability in Sendmail, and multiple vulnerabilities within
Snort's preprocessors.
For more current information on activity being reported to
the CERT/CC, please visit the CERT/CC Current Activity page. The
Current Activity page is a regularly updated summary of the
most frequent, high-impact types of security incidents and
vulnerabilities being reported to the CERT/CC. The information on
the Current Activity page is reviewed and updated as reporting
trends change.
CERT/CC Current Activity
http://www.cert.org/current/current_activity.html
1. Integer overflow in Sun RPC XDR library routines
An integer overflow vulnerability exists in the
xdrmem_getbytes() function distributed as part of the Sun
Microsystems XDR library. This overflow may allow a
remote attacker to execute arbitrary code on the victim
machine.
CERT Advisory CA-2003-10: Integer overflow in Sun RPC
XDR library routines
http://www.cert.org/advisories/CA-2003-10.html
Vulnerability Note VU#516825: Integer overflow in Sun
RPC XDR library routines
http://www.kb.cert.org/vuls/id/516825
2. Multiple Vulnerabilities in Lotus Notes and Domino
Multiple vulnerabilities had been reported to affect Lotus
Notes clients and Domino servers. Due to the confusion
surrounding these vulnerabilities we released an advisory to
clairfy the details of the vulnerabilities, the versions
affected, and the patches that resolve these issues.
CERT Advisory CA-2003-11: Multiple
Vulnerabilities in Lotus Notes and Domino
http://www.cert.org/advisories/CA-2003-11.html
Vulnerability Note VU#206361: Lotus iNotes
vulnerable to buffer overflow via PresetFields
FolderName field http://www.kb.cert.org/vuls/id/206361
Vulnerability Note VU#355169: Lotus Domino Web
Server vulnerable to denial of service via
incomplete POST request
http://www.kb.cert.org/vuls/id/355169
Vulnerability Note VU#542873: Lotus iNotes
vulnerable to buffer overflow via PresetFields
s_ViewName field http://www.kb.cert.org/vuls/id/542873
Vulnerability Note VU#772817: Lotus Domino Web Server
vulnerable to buffer overflow via non-existent
"h_SetReturnURL" parameter with an overly long "Host
Header" field
http://www.kb.cert.org/vuls/id/772817
Vulnerability Note VU#571297: Lotus Notes and Domino COM
Object Control Handler contains buffer overflow
http://www.kb.cert.org/vuls/id/571297
Vulnerability Note VU#433489: Lotus Domino Server
susceptible to a pre-authentication buffer overflow
during Notes
http://www.kb.cert.org/vuls/id/433489
Vulnerability Note VU#411489: Lotus Domino Web
Retriever contains a buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/411489
Vulnerability Note VU#583184: Lotus Domino R5
Server Family contains multiple vulnerabilities in
LDAP handling code
http://www.kb.cert.org/vuls/id/583184
3. Buffer Overflow in Sendmail
There is a remotely exploitable vulnerability in sendmail
that could allow an attacker to gain control of a vulnerable
sendmail server.
Due to a variable type conversion problem, sendmail may
not adequately check the length of email address tokens. A
specially crafted email message could trigger a stack overflow.
CERT Advisory CA-2003-12: Buffer Overflow in Sendmail
http://www.cert.org/advisories/CA-2003-12.html
Vulnerability Note VU#897604: Sendmail address
parsing buffer overflow
http://www.kb.cert.org/vuls/id/897604
4. Multiple Vulnerabilities in Snort Preprocessors
There are two vulnerabilities in the Snort Intrusion Detection
System, each in a separate preprocessor module. Both
vulnerabilities allow remote attackers to execute arbitrary code
with the privileges of the user running Snort, typically root
CERT Advisory CA-2003-13: Multiple
Vulnerabilities in Snort Preprocessors
http://www.cert.org/advisories/CA-2003-13.html
Vulnerability Note VU#139129: Heap overflow in
Snort "stream4" preprocessor
http://www.kb.cert.org/vuls/id/139129
Vulnerability Note VU#916785: Buffer overflow in Snort
RPC preprocessor
http://www.kb.cert.org/vuls/id/916785
______________________________________________________________________
What's New and Updated
Since the last CERT Summary, we have published new and updated
* Advisories
http://www.cert.org/advisories/
* Vulnerability Notes
http://www.kb.cert.org/vuls
* CERT/CC Statistics
http://www.cert.org/stats/cert_stats.html
* Training Schedule
http:/www.cert.org/training/
______________________________________________________________________
This document is available from:
http://www.cert.org/summaries/CS-2003-02.html
______________________________________________________________________
CERT/CC Contact Information
Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
EDT(GMT-4) Monday through Friday; they are on call for emergencies
during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by
email. Our public PGP key is available from
http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for
more information.
Getting security information
CERT publications and other security information are available
from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and
bulletins, send email to majordomo@cert.org. Please include in
the body of your message
subscribe cert-advisory
* "CERT" and "CERT Coordination Center" are registered in the
U.S. Patent and Trademark Office.
______________________________________________________________________
NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software
Engineering Institute is furnished on an "as is" basis. Carnegie
Mellon University makes no warranties of any kind, either expressed or
implied as to any matter including, but not limited to, warranty of
fitness for a particular purpose or merchantability, exclusivity or
results obtained from use of the material. Carnegie Mellon University
does not make any warranty of any kind with respect to freedom from
patent, trademark, or copyright infringement.
_________________________________________________________________
Conditions for use, disclaimers, and sponsorship information
Copyright ©2003 Carnegie Mellon University.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQCVAwUBPtz0zmjtSoHZUTs5AQGLYgQAq4zW2wa54HJUPWpho57bLIOlZ2PwwiQ1
NPU2SgRI1HlIHL2N3c+21VJ5IfA2DNpoZKlp0xFUI/oPaitMm+XgyyrFkAeMG23A
bXFPchvtsDEQyl9um8C6eSd3gU/XGrNg3tBoBpdvj4WaiRs7/qmkNPPrfo/VB+HP
nX2s9pdNJOA=
=PnMK
-----END PGP SIGNATURE-----
(103363) /CERT Advisory <cert-advisory@cert.org>/(Ombruten)