Modérateur: modos Ixus
par max » 26 Mars 2004 19:48
par Burps » 26 Mars 2004 20:01
par antolien » 26 Mars 2004 20:20
par MoiCVincent » 26 Mars 2004 20:21
par MoiCVincent » 26 Mars 2004 20:22
par Franck78 » 26 Mars 2004 20:29
*************************************************************************
@RISK: The Consensus Security Vulnerability Alert
March 24, 2004 Vol. 3. Week 12
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
- -----------------------------------------------------------------------
Summary of the vulnerabilities reported this week
Category - # of Updates & Vulnerabilities
(Found in Part I(Item #) or Part II)
- -----------------------------------------------------------------------
Windows - 1
Other Microsoft Products - 1
Third Party Windows Apps -19 (#1, #3, #4)
BSD - 1
Mac OS - 1 (#6)
UNIX - 6 (#2, #6)
Cross Platform - 8 (#5, #7)
Web Application -14
Network Device - 2 (#5)
- -----------------------------------------------------------------------
Part I Critical Vulnerabilities
Part I is compiled by the security team at TippingPoint
(www.tippingpoint.com) as a by-product of that company's continuous
effort to ensure that its intrusion prevention products effectively
block exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed
description of the process may be found at
http://www.sans.org/newsletters/cva/#process
Archives at http://www.sans.org/newsletters/
******************
Contents of Part I
(1) CRITICAL: ISS ICQ Protocol Parsing Buffer Overflow
(2) HIGH: Common Desktop Environment dtlogin Double Free Vulnerability
(3) MODERATE: Symantec Norton AntiSpam Buffer Overflow
(4) MODERATE: Symantec Norton Internet Security Remote Code Execution
(5) LOW: OpenSSL Multiple Denial-of-Service Vulnerabilities
(6) LOW: Apple MacOS X Administration Service Buffer Overflow
Other Software
(7) MODERATE: Apache mod_security Module Buffer Overflow
****************************************************************
(5) LOW: OpenSSL Multiple Denial-of-Service Vulnerabilities
Affected:
OpenSSL version 0.9.6k and prior, 0.9.7a, 0.9.7b and 0.9.7c
Multiple vendor products such as Cisco, Avaya and NetScreen.
Description: OpenSSL is a very widely deployed open source
implementation of the SSL/TLS protocols. The OpenSSL code base is used
in many mission critical products provided by a multiple vendors,
including Cisco. The OpenSSL software contains multiple vulnerabilities
that can be exploited by a remote, unauthenticated attacker to possibly
cause a denial-of-service to the application using the OpenSSL library.
A number of Cisco devices are affected by one of the denial-of-service
vulnerabilities, if they have the secure HTTP (HTTPS) service enabled.
Successful exploitation may reboot a vulnerable Cisco device.
Status: OpenSSL has released updates that fix the flaws. Cisco has
released fixed versions of the software for some platforms. A workaround
for Cisco products is to disable the HTTPS service on the vulnerable
devices or restrict access to the HTTPS service to trusted hosts. Please
refer to the CERT Vulnerability Notes for the status regarding other
vendors.
Council Site Actions: All of the council sites are responding to this
vulnerability on some level. Several of the reporting council sites only
sent a notification to their appropriate support teams. The other sites
plan to roll out the patches during their next regularly scheduled
system update process. One site is still investigating, along with their
appropriate support areas, other OpenSSL installations to ensure
communications have been received concerning the threat and the
appropriate steps taken to ensure risk is minimized or eliminated for
any vulnerable systems. Another site is still investigating whether
their SSL VPN appliance devices are vulnerable.
References:
CERT Advisory and Vulnerability Notes
http://www.us-cert.gov/cas/techalerts/TA04-078A.html
http://www.kb.cert.org/vuls/id/288574
http://www.kb.cert.org/vuls/id/465542
http://www.kb.cert.org/vuls/id/484726
Cisco Security Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
SecurityFocus BID
http://www.securityfocus.com/bid/9899
****************************************************************
par Fesch » 26 Mars 2004 20:37
antolien a écrit:C'est déconseillé oui; même si c'est du ssl, je ne comprend pas le choix du port 445. C'est un protocole M$ régulièrement scanné.
Cela dit, si tu change le port avec un moins sensible, c'est le mieux pour administrer a distance ton firewall ipcop.
Par ailleurs, la dernière faille open_ssl à été corrigée pour ipcop ?? j'ai rien vu là dessus...
par antolien » 26 Mars 2004 20:45
est-ce la guerre des contradictions ?
Utilisateur(s) parcourant actuellement ce forum : Aucun utilisateur inscrit et 1 invité