Archive of CERT general posting, CERT Summary CS-2003-02

04/06/03, CERT Summary CS-2003-02
From: CERT Advisory <cert-advisory@cert.org>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.
Search

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


To: cert-advisory@cert.org
Subject: CERT Summary CS-2003-02
From: CERT Advisory <cert-advisory@cert.org>
Date: Tue, 3 Jun 2003 15:55:52 -0400
List-archive: <http://www.cert.org/>
List-help: <http://www.cert.org/>, <mailto:Majordomo@cert.org?body=help>
List-owner: <mailto:cert-advisory-owner@cert.org>
List-post: NO (posting not allowed on this list)
List-subscribe: <mailto:Majordomo@cert.org?body=subscribe%20cert-advisory>
List-unsubscribe: <mailto:Majordomo@cert.org?body=unsubscribe%20cert-advisory>
Mail-from: From cert-advisory-owner@cert.org Wed Jun 4 03:41:25 2003
Organization: CERT(R) Coordination Center - +1 412-268-7090


-----BEGIN PGP SIGNED MESSAGE-----

CERT Summary CS-2003-02

   June 3, 2003

   Each  quarter, the CERT Coordination Center (CERT/CC) issues the CERT
   Summary  to  draw  attention  to  the types of attacks reported to our
   incident  response  team,  as  well  as  other noteworthy incident and
   vulnerability information. The summary includes pointers to sources of
   information for dealing with the problems.

   Past CERT summaries are available from:

          CERT Summaries
          http://www.cert.org/summaries/
   ______________________________________________________________________

Recent Activity

   Since  the last regularly scheduled CERT summary, issued in March 2003
   (CS-2003-01),  we  have  seen an integer overflow vulnerability within
   Sun's  XDR Library, multiple vulnerabilities in Lotus Notes and Domino
   Server,  a  buffer  overflow  vulnerability  in Sendmail, and multiple
   vulnerabilities within Snort's preprocessors.

   For  more  current  information  on  activity  being  reported  to the
   CERT/CC,  please  visit the CERT/CC Current Activity page. The Current
   Activity  page  is  a  regularly updated summary of the most frequent,
   high-impact  types  of  security  incidents  and vulnerabilities being
   reported  to the CERT/CC. The information on the Current Activity page
   is reviewed and updated as reporting trends change.

          CERT/CC Current Activity
          http://www.cert.org/current/current_activity.html


    1. Integer overflow in Sun RPC XDR library routines

       An  integer overflow vulnerability exists in the xdrmem_getbytes()
       function  distributed as part of the Sun Microsystems XDR library.
       This  overflow  may  allow  a remote attacker to execute arbitrary
       code on the victim machine.

                CERT Advisory CA-2003-10: Integer overflow in Sun RPC XDR
                library routines
                http://www.cert.org/advisories/CA-2003-10.html

                Vulnerability Note VU#516825: Integer overflow in Sun RPC
                XDR library routines
                http://www.kb.cert.org/vuls/id/516825


    2. Multiple Vulnerabilities in Lotus Notes and Domino

       Multiple  vulnerabilities  had been reported to affect Lotus Notes
       clients and Domino servers. Due to the confusion surrounding these
       vulnerabilities  we released an advisory to clairfy the details of
       the  vulnerabilities,  the versions affected, and the patches that
       resolve these issues.

                CERT  Advisory  CA-2003-11:  Multiple  Vulnerabilities in
                Lotus Notes and Domino
                http://www.cert.org/advisories/CA-2003-11.html

                Vulnerability  Note VU#206361: Lotus iNotes vulnerable to
                buffer overflow via PresetFields FolderName field
                http://www.kb.cert.org/vuls/id/206361

                Vulnerability  Note  VU#355169:  Lotus  Domino Web Server
                vulnerable  to  denial  of  service  via  incomplete POST
                request
                http://www.kb.cert.org/vuls/id/355169

                Vulnerability  Note VU#542873: Lotus iNotes vulnerable to
                buffer overflow via PresetFields s_ViewName field
                http://www.kb.cert.org/vuls/id/542873

                Vulnerability  Note  VU#772817:  Lotus  Domino Web Server
                vulnerable    to   buffer   overflow   via   non-existent
                "h_SetReturnURL"  parameter  with  an  overly  long "Host
                Header" field
                http://www.kb.cert.org/vuls/id/772817

                Vulnerability  Note VU#571297: Lotus Notes and Domino COM
                Object Control Handler contains buffer overflow
                http://www.kb.cert.org/vuls/id/571297

                Vulnerability   Note   VU#433489:   Lotus  Domino  Server
                susceptible   to  a  pre-authentication  buffer  overflow
                during Notes
                http://www.kb.cert.org/vuls/id/433489

                Vulnerability  Note VU#411489: Lotus Domino Web Retriever
                contains a buffer overflow vulnerability
                http://www.kb.cert.org/vuls/id/411489

                Vulnerability  Note  VU#583184:  Lotus  Domino  R5 Server
                Family contains multiple vulnerabilities in LDAP handling
                code
                http://www.kb.cert.org/vuls/id/583184


    3. Buffer Overflow in Sendmail

       There  is  a  remotely  exploitable vulnerability in sendmail that
       could  allow  an attacker to gain control of a vulnerable sendmail
       server.

       Due  to  a  variable  type  conversion  problem,  sendmail may not
       adequately  check  the length of email address tokens. A specially
       crafted email message could trigger a stack overflow.

                CERT Advisory CA-2003-12: Buffer Overflow in Sendmail
                http://www.cert.org/advisories/CA-2003-12.html

                Vulnerability  Note  VU#897604:  Sendmail address parsing
                buffer overflow
                http://www.kb.cert.org/vuls/id/897604


    4. Multiple Vulnerabilities in Snort Preprocessors

       There  are  two  vulnerabilities  in the Snort Intrusion Detection
       System,   each   in   a   separate   preprocessor   module.   Both
       vulnerabilities  allow  remote attackers to execute arbitrary code
       with the privileges of the user running Snort, typically root

                CERT  Advisory  CA-2003-13:  Multiple  Vulnerabilities in
                Snort Preprocessors
                http://www.cert.org/advisories/CA-2003-13.html

                Vulnerability  Note  VU#139129:  Heap  overflow  in Snort
                "stream4" preprocessor
                http://www.kb.cert.org/vuls/id/139129

                Vulnerability  Note  VU#916785:  Buffer overflow in Snort
                RPC preprocessor
                http://www.kb.cert.org/vuls/id/916785
   ______________________________________________________________________

What's New and Updated

   Since the last CERT Summary, we have published new and updated
     * Advisories
       http://www.cert.org/advisories/
     * Vulnerability Notes
       http://www.kb.cert.org/vuls
     * CERT/CC Statistics
       http://www.cert.org/stats/cert_stats.html
     * Training Schedule
       http:/www.cert.org/training/
   ______________________________________________________________________

   This document is available from:
   http://www.cert.org/summaries/CS-2003-02.html
   ______________________________________________________________________

CERT/CC Contact Information

   Email: cert@cert.org
          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890
          U.S.A.

   CERT/CC   personnel   answer  the  hotline  08:00-17:00  EST(GMT-5)  /
   EDT(GMT-4)  Monday  through  Friday;  they are on call for emergencies
   during other hours, on U.S. holidays, and on weekends.

    Using encryption

   We  strongly  urge you to encrypt sensitive information sent by email.
   Our public PGP key is available from
   http://www.cert.org/CERT_PGP.key

   If  you  prefer  to  use  DES,  please  call the CERT hotline for more
   information.

    Getting security information

   CERT  publications  and  other security information are available from
   our web site
   http://www.cert.org/

   To  subscribe  to  the CERT mailing list for advisories and bulletins,
   send  email  to majordomo@cert.org. Please include in the body of your
   message

   subscribe cert-advisory

   *  "CERT"  and  "CERT  Coordination Center" are registered in the U.S.
   Patent and Trademark Office.
   ______________________________________________________________________

   NO WARRANTY
   Any  material furnished by Carnegie Mellon University and the Software
   Engineering  Institute  is  furnished  on  an  "as is" basis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied  as  to  any matter including, but not limited to, warranty of
   fitness  for  a  particular purpose or merchantability, exclusivity or
   results  obtained from use of the material. Carnegie Mellon University
   does  not  make  any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.
     _________________________________________________________________

   Conditions for use, disclaimers, and sponsorship information

   Copyright 2003 Carnegie Mellon University.

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBPtz0zmjtSoHZUTs5AQGLYgQAq4zW2wa54HJUPWpho57bLIOlZ2PwwiQ1
NPU2SgRI1HlIHL2N3c+21VJ5IfA2DNpoZKlp0xFUI/oPaitMm+XgyyrFkAeMG23A
bXFPchvtsDEQyl9um8C6eSd3gU/XGrNg3tBoBpdvj4WaiRs7/qmkNPPrfo/VB+HP
nX2s9pdNJOA=
=PnMK
-----END PGP SIGNATURE-----



Previous message sorted by date: CERT Summary CS-2003-01
Next message sorted by date: CERT Summary CS-2003-03
Previous message sorted by thread: CERT Summary CS-2003-01
Next message by thread: CERT Summary CS-2003-03
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Jan 2004