Technical Tidbits™

Posts Tagged ‘server’

There are two critical alerts I need to give you and remind you that these are NOT Halloween hoaxes.

The first is for parents. DO NOT, I repeat, DO NOT allow your children to eat any Pirates Gold Chocolate Coins. They have been recalled due to the finding of melamine in the candy.

http://www.snopes.com/food/warnings/coins.asp

The second critical alert is about Microsoft Updates. I sent a Critical Alert to our newsletter subscribers yesterday and I’m repeating it here for those of you who do not subscribe to those.

The most recent set of updates went out nearly two weeks ago on Patch Tuesday and a special “Out of Band” Security Bulletin was issued last week that was marked Critical.

This special update is titled: MS08-067 and affects:

Windows Server 2003
Windows Server 2008
Windows 2000
Windows XP
Windows Vista

This update deals with a service called the Server Service and even though you may think you aren’t using this service on your laptop, desktop, or any other kind of workstation, it is a part of your Windows Operating System and it is being used. The name does not imply what you think it does.

The reason I’m alerting you is because there is now a notice that an exploit has been publicly posted on the Internet. What that means is that a “bad guy” posted an example of how to attack someone’s un-patched computer to take over their machine from the Internet.

It is imperative that you go to the Microsoft Update Site and download the current set of updates. (You may feel free to exclude the Malicious Software Removal Tool if you are so inclined.) But please update the rest of your patches!

I have done my updates and have noticed no change in the behavior of my computer nor the programs operating on it so I can only assume these updates are safe.

And while you’re at the update site, under the Other Software category, get the new Root Certificate Server update too!

http://v4.windowsupdate.microsoft.com/en/default.asp

Technical Information

What causes the vulnerability?
The vulnerability is caused by the Windows Server service not properly handling specially crafted RPC requests.

What is the Server service?
The Server service provides RPC support, file and print support, and named pipe sharing over the network. The Server service allows the sharing of your local resources (such as disks and printers) so that other users on the network can access them. It also allows named pipe communication between applications running on other computers and your computer, which is used for RPC.

What is RPC?
Remote Procedure Call (RPC) is a protocol that a program can use to request a service from a program located on another computer in a network. RPC helps with interoperability because the program using RPC does not have to understand the network protocols that are supporting communication. In RPC, the requesting program is the client and the service-providing program is the server.

Exploit Advisory Details:

http://www.microsoft.com/technet/security/advisory/958963.mspx?pubDate=2008-10-27

Note to students in the Advanced PC Security Course (Hack Your Way to Security): Do you remember the lesson on RPC Service and why it is so dangerous? Here’s your proof!

Please update now!

If you’ve ever performed a Google search for odd malicious processes running in the background, or just some basic security issues you had questions about, chances are good that Castle Cops website & forum will come up in the top searches and the answer you were looking for!

According to Spamhaus, CastleCops has been “making cybercriminals unhappy since 2002″ and now they are in need of our help!

Well, I was surprised today to find out that the site is suffering a bit. They need a new server and they have launched a Server Donation Drive Marathon. MICE is on the donors list as of today and I’d like to challenge our readers that have ever been helped by them – and you know they don’t charge! – to kick a few spare dollars their way and help them get back online with a new server (or two).

You can see the drive information here: http://www.castlecops.com/server_marathon.html

The PayPal line is also a link if you want to send a donation via PayPal. Keep in mind that PayPal takes 2.9% plus 30 cents per transaction. But if you want to donate and not have to think about writing a check, then please do. Otherwise, the information on where to mail checks is included in the link above.

Then you can join MICE’s name on the donors list here: http://wiki.castlecops.com/CastleCops/Server_Donation_Drive

And as you can see there, the list is mighty small. Please, help them out!

Debbie

Over the past several months, I’ve heard from students and clients about how the Apple/Mac store personnel tell them how secure Mac’s are compared to PCs. So secure says one of my PC Security students that she boasts not using any antivirus software or security tools!

I received one of my many security update summaries for last week and something interesting caught my eye that made me think back to this student. The summary listed 7, yes 7, vulnerabilities in Apple/Mac software.

Of course I reported on the issue with safari here: http://mice.org/blog/microsoft-advisory-blended-threat-windows-and-safari/

But there were six others disclosed just last week that included not only the MAC OS X Server but the OS X Operating System also.

These are also beginning to sound a lot like Microsoft flaws!

Here they are:

Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated byopening the document with TextEdit. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1028)

Integer overflow in the CFDataReplaceBytes function in the CFData API inCoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1030)

Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1574)

Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1575)

Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1576)

Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video inApple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to “multiple memory corruption issues.” (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1577)

This page at Apple’s site: http://lists.apple.com/archives/security-announce/2008//May/msg00001.html also lists these items and a few more, but in all of their descriptions they call a crash an unexpected system shutdown. Ummmmm, Apple folks? Here’s a heads up for you – that’s called a CRASH!

The question remains: Are Apple Mac users that arrogant to believe they are immune to flaws purely by virtue that they are running a Mac? Or, are they purely THAT STUPID?

Linux users know better than to believe their OS is infallible! Windows users have learned from experience that they are not infallible — REPEATEDLY!

So Mac users, which is it? Arrogance or stupidity? Because it’s obvious you aren’t immune!

And to the young lady in my course that doesn’t use AV software on her MAC, I’d suggest you get one immediately!