Security Digest 1.01

Table of Contents

Welcome

Welcome to the first issue of Codetalker Digest. This digest is an attempt to categorize and archive news related to computer and network security. Each month we hope to summarize the main advisories, seurity issues, and news items that came up during the month. Because security information is often timely in nature, we try to ensure that the latest information is available on our news page.

We at Codetalker don't make any money on the digest, but we do try to keep it up to date and accurate. If you notice any errors or omissions, however, feel free to drop us a line at info@codetalker.com.

Enjoy the Digest!

Security News

97-01-27 - NT DNS Denial of Service

Another bug having to do with bad packets and NT servers. This time, a malformed DNS packet can cause increased processor activity or complete denial of Domain Naming service under NT Server 4.0.

No fixes are available yet. See Secure Networks, Inc. for more information.

97-01-24 - NT RPC Vulnerability

A bug has been discovered in the Windows NT RPC subsystem that may lead to denial of service attacks against busy servers. This problem appears on all current versions of NT 3.5x and 4.0 (Server and Workstation, latest service pack levels).

A Patch is available from Microsoft

97-01-12 - Apache Webserver Vulnerability

A bug has been found in the Apache 1.1.1 Web Server code. This bug, a buffer overflow in the optional mod_cookies module makes it possible for an intruder to gain unauthorized access to the web server machine.

This bug has been fixed in version 1.1.2 and the 1.2 beta code. Sites making use of the optional mod_cookies module should upgrade immediately.

Latest Advisories

General

CERT

AUSCERT

CIAC

SNI

Misc

Vendor Specific

HP

SGI

About the Digest

Codetalker Digest was a monthly summary of security related news, information, and advisories collected throughout the month by Codetalker Communications, Inc.

About Codetalker

Codetalker Communications, Inc. was the creation of Calgary-based systems professionals Kjell Wooding, Evan Spence, Steve McQuade, Chris Grant, and Mat Hepton. It was born out of the need for a security focused consulting and development company in Western Canada.

Codetalker took its name from the Navajo codetalkers, Navajo radiomen employed by the US Marine Corps during World War II. Because they spoke a rather cryptic and slangy version of the Navajo language—one that was difficult for even uninitiated Navajos to understand—codetalker communications were essentially impossible for the Enemy to decode.

Codetalker Communications, Inc. was primarily focused in the areas of system and network security, including Internet and Intranet-related issues.

Disclaimer

By its very nature, security-related information can often be hard to come by. Many vendors (and users) do not subscribe to an open policy when it comes to releasing security information. This is unfortunate, as the policy of “security through obscurity” has repeatedly proven itself as a dangerous and highly fallible posture. The information contained in this digest came from a variety of publicly accessible sources. Wherever possible, Codetalker Communications, Inc. tried to deliver the most accurate information posssible, however, it cannot be held responsible for errors or ommissions contained herein. If you are aware of any errors in this digest, please contact Kjell Wooding .

Redistribution

Codetalker Digest is copyright © 1997-99, Codetalker Communications, Inc. It may be freely redistributed provided that this copyright notice remains intact, and no fee is charged for its distribution.

pintday.org » Fresh every Tuesday.