Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> Extract from latest SANS security digest

Extract from latest SANS security digest

From: Boivin, Patrice J <>
Date: Fri, 30 Nov 2001 18:06:34 -0800
Message-ID: <>

Fyi, which company had the most security bugs reported in November?

Section II: Security Alert Summary
4. Microsoft Security Bulletins

****CRITICAL RISK Bulletins

4.1     MS01-056: Windows Media Player .ASF Processor Contains Unchecked
*** HIGH RISK Bulletins
4.2     MS01-055: Cookie Data in IE Can Be Exposed or Altered Through
        Script Injection

** MODERATE RISK Bulletins
There were no moderate risk bulletins issued this month.
*       LOW RISK Bulletins
4.3     MS01-054: Invalid Universal Plug and Play Request can Disrupt
        System Operation

5.      Additional Microsoft Software Issues

5.1     Internet Explorer Issues
        5.1.1   Internet Explorer allows spoofing of file extensions
        5.1.2   Internet Explorer file reading vulnerability
        5.1.3   Internet Explorer patch existence vulnerability

5.2     Microsoft Office Issues
        No issues reported this month.
5.3     Other Microsoft Product Issues
        5.3.1   Voyager Alpha Force worm targets Microsoft SQL Server
        5.3.2   Flaw in Microsoft Passport Allows Theft of Personal
        5.3.3   ISA Server Denial of Service
        5.3.4   Windows Terminal Services IP Address Spoofing
        5.3.5   Windows 2000 "RunAs" vulnerabilities

6.      Virus Alerts
6.1     Badtrans.B worm
6.2     Aliz worm
6.3     Klez worm variant

7.      Third-Party Software Issues

7.1     Buffer Overflows
        7.1.1   Ipswitch WS_FTP Server Buffer Overflow
        7.1.2   ActiveState ActivePerl Buffer Overflow
        7.1.3   Compaq Insight Manager Buffer Overflow

7.2     Flaw in personal firewall outbound traffic filtering
7.3     DeltaThree PC-to-Phone information disclosure
7.4     Lotus Notes automatic code execution
7.5     RSA WebID vulnerabilities
7.6     CheckPoint VPN-1 account harvesting
7.7     Symantec Raptor Firewall denial of service
7.8     Web Crossing WebX unauthorized access
7.9     Progress Database privilege elevation
7.10    Entrust GetAccess directory traversal
7.11 Multiple Lotus Domino vulnerabilities 7.12 Opera Web Browser cross-site scripting
8.      Updates and Corrections
8.1     Patch Available for Citrix MetaFrame Denial of Service

Patrice Boivin
Systems Analyst (Oracle Certified DBA)


Please see the official ORACLE-L FAQ:

Author: Boivin, Patrice J

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
To REMOVE yourself from this mailing list, send an E-Mail message to: (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Fri Nov 30 2001 - 20:06:34 CST

Original text of this message