fyi.
-----Original Message-----
From: [EMAIL PROTECTED]
[SMTP:[EMAIL PROTECTED]]
Sent: Sunday, April 11, 1999 20:42
Subject: Sunbelt NTools E-News: Win2000 Shipdate October 6-th?
2. "TECH BRIEFING"
* 21 NEW VULNERABILITIES FOUND IN NT
Most of you know that Security Threats continue to increase as more
companies provide external access to their internal systems via the
Internet for mission critical applications. This requires an ever
increasing vigilance to make sure you are hacker or cracker-proof.
These are the new vulnerabilities you have to protect yourself
against when you run NT. A good example was the Melissa Virus.
This list was compiled by the developer of STAT, which has proven
to be an instant HIT at Sunbelt. Over 30 licenses were sold in less
than 3 weeks. Here are the latest culprits that STAT will find and
warn you about: The number in front of each vulnerability is simply
the next in sequence.
V467 Footprint Macro Virus - The W97M.Footprint Word macro virus
overwrites the footers on all open documents. It also overwrites all
macros in open documents and open and attached templates with the
macro virus code.
V468 Marker virus - W97M.marker is a Word macro virus that uploads
users information to an FTP site. V469 Boserve.exe - The executable
program, boserve.exe, usually contains a virus called CDC-BO.A
(Hacktool).
V470 Whack.exe - The executable program, whack.exe, usually contains
the W32.CIH. SPACEFILLER virus.
V471 Reboot.ini - BackOffice Server 4.0 does not delete the installation
setup file, "reboot.ini". This file may contain the account userid and
password for selected services.
V472 Outlook Express - Microsoft Outlook Express and Outlook 98 can
crash when attempting to open a file attachment with an extremely
long file name.
V473 KnownDLLs List - Core operating system DLLs are kept in virtual
memory and shared between the programs running on the system. A data
structure called the KnownDLLs is referenced to determine the location
on the DLL in virtual memory. By default, any user can read from and
write to the KnownDLLs list. A user can load a malicious DLL to
increase privileges.
V474 Sndvol.exe - Sndvol.exe is a trojan horse program that mails
information back to a Bulgarian Internet Service provider. The trojan
horse is installed when users click on a message supposedly from
Microsoft about an Internet Explorer update. The program may delete
the original sndvol32.exe sound volume program.
V475 Mprexe.dll - Mprexe.dll is a trojan horse program that mails
information back to a Bulgarian Internet Service provider. The trojan
horse is installed when users click on a message supposedly from
Microsoft about an Internet Explorer update. The program may delete
the original sndvol32.exe sound volume program.
V476 Rundll - Rundll2.dl_ is a trojan horse that is installed when
running a game such as whack-a-mole (game.exe or whack.exe). this is
part of the NetBus backdoor utility.
V477 Args.bat - The args.bat demo file that comes with O'Reilly's
Website Pro 2.0 webserver allows a user to run arbitrary commands on
the web server by placing cgi scripts there. This could compromise
a web server. This file is usually found in the /cgi-dos directory.
V478 IISADMPWD - When IIS 4.0 server is installed, the
\winnt\system32\inetsrv\iisadmpwd directory by default has a number
of .htr files that anyone can access over the Internet. A remote
attacker can attack user accounts or gain user information through
this directory and default files.
V479 JavaScript Enabled - Enabling JavaScript on a browser may
introduce malicious Java scripts that could cause a denial of service
or be used for information gathering.
V480 Java Applet Enabled - Enabling Java applet on a browser may
introduce malicious Java scripts that could cause a denial of service
or be used for information gathering.
V481 Form Data Submit Warning Disabled - There is a default warning
that is displayed when submitting non-encrypted forms. The warning
prompt makes sure users are alerted if a script attempts to submit
data using forms. Users should be cautious if they see this warning
when browsing and have not actually chosen to submit any data.
V482 Scripts Directory - When IIS 4.0 server is installed, the
\winnt\system32\inetsrv\scripts directory by default has a repost.asp
file that anyone can access over the Internet. This could potentially
allow users to upload files to the /users directory.
V483 Photo Trojan Horse - The photos17.exe is a trojan horse email
attachment, usually sent from Harvard. When executed, it deletes the
sndvol32.exe sound volume program, installs sndvol.exe and creates a
registry key. When Internet Explorer is open, this program conducts
a port scan across a class C network in Bulgaria. This program can
also overload a firewall memory table space.
V484 WinFreeze - WinFreeze is an ICMP/Redirect-host message storm
program that will cause a denial of service
485 Word Macro Virus Protection - Disable macros in Microsoft Word
to prevent macro viruses such as the Melissa virus.
486 Excel Macro Virus Protection - Disable macros in Microsoft Excel
to prevent macro viruses such as the Papa virus.
487 PowerPoint Macro Virus Protection - Disable macros in Microsoft
PowerPoint to prevent macro viruses.
For info on STAT, see NT Third Party News Section.
[ baru di onshop -> stampede linux, turbo linux 3.0.1, mandrake 5.3, ]
[ freebsd 3.1 , cheapbytes linux archives, cheapbytes rpm galore's ]
======================================================================
berhenti dari milis hackerlink : [EMAIL PROTECTED]
peraturan pada milis hackerlink : [EMAIL PROTECTED]
arsip milis ini : http://www.mail-archive.com/[email protected]
