[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[orca-tech:01009] 【緊急情報】Yet another bad Windows XP/2000/NT hole; OpenSSH remote exploit
- To: orca-biz@xxxxxxxxxxxxxx, orca-testers@xxxxxxxxxxxxxx, orca-tech@xxxxxxxxxxxxxx, orca-users@xxxxxxxxxxxxxx
- Subject: [orca-tech:01009] 【緊急情報】Yet another bad Windows XP/2000/NT hole; OpenSSH remote exploit
- From: 北岡 有喜 <ykitaoka@xxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 18 Sep 2003 07:56:43 +0900
- Cc: wami@xxxxxxxxxx, onomichi@xxxxxxxxxxxxxx
北岡有喜@国立京都病院医療情報部です。
LAからの緊急情報です。
Subject:
Yet another bad Windows XP/2000/NT hole; OpenSSH remote
exploit
Date:
16 Sep 2003 23:59:59 -0700
From:
Paul Eggert <eggert@xxxxxxxxxxx>
To:
tech@xxxxxxxxxxx
Last week Microsoft announced another serious security hole in its
RPCSS service. If you have a Windows box running Windows NT or later,
your box can be taken over by an attacker unless you install the patch
supplied by Microsoft Security Bulletin MS03-039. This is
particularly important if you have a laptop or home desktop that runs
outside our firewall.
Today OpenSSH announced some buffer management errors that may be
potentially exploitable. If you manage OpenSSH hosts visible to the
Internet, I suggest updating them to OpenSSH 3.7.1p1, or to the
relevant patched version of earlier OpenSSH releases. I have updated
all the internal Solaris development hosts at Twin Sun El Segundo.
The Debian advisory for this possible remote vulnerability is DSA-382.
References:
http://www.cert.org/advisories/CA-2003-23.html
http://www.cert.org/advisories/CA-2003-24.html
http://www.debian.org/security/2003/dsa-382
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
京都大学医学博士
北 岡 有 喜(きたおか ゆうき)
mailto:ykitaoka@xxxxxxxxxxxxxxxxxxxxx
臨床研修審査官(厚生労働省近畿厚生局総務課内)←月水金
Tel: 06-6942-2284(直通) Fax: 06-6946-1500
mailto:kitaoka-yuuki@xxxxxxxxxx
http://www.hosp.go.jp/~kinki
国立京都病院 医療情報部長/産科医長 ←火木
Tel: 075-645-8401(内線7232) Fax: 075-646-3127
mailto:ykitaoka@xxxxxxxxxxxxxxxxxxx
http://www.hosp.go.jp/~kyotolan
http://w3.hosp.go.jp/~hospnet (HOSPnet研究会)
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/