Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Extract from latest SANS security digest

Extract from latest SANS security digest

From: Boivin, Patrice J <BoivinP_at_mar.dfo-mpo.gc.ca>
Date: Fri, 30 Nov 2001 18:06:34 -0800
Message-ID: <F001.003D2856.20011130173517@fatcity.com> 






Fyi, which company had the most security bugs reported in November?



Section II: Security Alert Summary


4.      Microsoft Security Bulletins



****CRITICAL RISK Bulletins

4.1     MS01-056: Windows Media Player .ASF Processor Contains Unchecked
        Buffer
*** HIGH RISK Bulletins
4.2     MS01-055: Cookie Data in IE Can Be Exposed or Altered Through
        Script Injection




**  MODERATE RISK Bulletins


There were no moderate risk bulletins issued this month.

*       LOW RISK Bulletins
4.3     MS01-054: Invalid Universal Plug and Play Request can Disrupt
        System Operation

5.      Additional Microsoft Software Issues

5.1     Internet Explorer Issues
        5.1.1   Internet Explorer allows spoofing of file extensions
        5.1.2   Internet Explorer file reading vulnerability
        5.1.3   Internet Explorer patch existence vulnerability

5.2     Microsoft Office Issues
        No issues reported this month.
5.3     Other Microsoft Product Issues
        5.3.1   Voyager Alpha Force worm targets Microsoft SQL Server
        5.3.2   Flaw in Microsoft Passport Allows Theft of Personal
Information
        5.3.3   ISA Server Denial of Service
        5.3.4   Windows Terminal Services IP Address Spoofing
        5.3.5   Windows 2000 "RunAs" vulnerabilities


6.      Virus Alerts
6.1     Badtrans.B worm
6.2     Aliz worm
6.3     Klez worm variant


7.      Third-Party Software Issues

7.1     Buffer Overflows
        7.1.1   Ipswitch WS_FTP Server Buffer Overflow
        7.1.2   ActiveState ActivePerl Buffer Overflow
        7.1.3   Compaq Insight Manager Buffer Overflow

7.2     Flaw in personal firewall outbound traffic filtering
7.3     DeltaThree PC-to-Phone information disclosure
7.4     Lotus Notes automatic code execution
7.5     RSA WebID vulnerabilities
7.6     CheckPoint VPN-1 account harvesting
7.7     Symantec Raptor Firewall denial of service
7.8     Web Crossing WebX unauthorized access
7.9     Progress Database privilege elevation
7.10    Entrust GetAccess directory traversal


7.11    Multiple Lotus Domino vulnerabilities
7.12    Opera Web Browser cross-site scripting



8.      Updates and Corrections
8.1     Patch Available for Citrix MetaFrame Denial of Service






Regards,


Patrice Boivin


Systems Analyst (Oracle Certified DBA)



-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: Boivin, Patrice J


  INET: BoivinP_at_mar.dfo-mpo.gc.ca


Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Fri Nov 30 2001 - 20:06:34 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US