[orca-tech:01009] 【緊急情報】Yet another bad Windows XP/2000/NT hole; OpenSSH remote exploit

[北岡 有喜 <ykitaoka@xxxxxxxxxxxxxxxxxxxxx>]

北岡有喜＠国立京都病院医療情報部です。
LAからの緊急情報です。

Subject:
          Yet another bad Windows XP/2000/NT hole; OpenSSH remote
exploit
Date:
          16 Sep 2003 23:59:59 -0700
From:
          Paul Eggert <eggert@xxxxxxxxxxx>
 To:
          tech@xxxxxxxxxxx

Last week Microsoft announced another serious security hole in its
RPCSS service.  If you have a Windows box running Windows NT or later,
your box can be taken over by an attacker unless you install the patch
supplied by Microsoft Security Bulletin MS03-039.  This is
particularly important if you have a laptop or home desktop that runs
outside our firewall.

Today OpenSSH announced some buffer management errors that may be
potentially exploitable.  If you manage OpenSSH hosts visible to the
Internet, I suggest updating them to OpenSSH 3.7.1p1, or to the
relevant patched version of earlier OpenSSH releases.  I have updated
all the internal Solaris development hosts at Twin Sun El Segundo.
The Debian advisory for this possible remote vulnerability is DSA-382.

References:
http://www.cert.org/advisories/CA-2003-23.html
http://www.cert.org/advisories/CA-2003-24.html
http://www.debian.org/security/2003/dsa-382

＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/

京都大学医学博士
北　岡　有　喜（きたおか　ゆうき）
mailto:ykitaoka@xxxxxxxxxxxxxxxxxxxxx

臨床研修審査官（厚生労働省近畿厚生局総務課内）←月水金
Tel: 06-6942-2284(直通)　Fax: 06-6946-1500
mailto:kitaoka-yuuki@xxxxxxxxxx
http://www.hosp.go.jp/~kinki

国立京都病院　医療情報部長/産科医長 ←火木
Tel: 075-645-8401(内線7232)　Fax: 075-646-3127
mailto:ykitaoka@xxxxxxxxxxxxxxxxxxx
http://www.hosp.go.jp/~kyotolan
http://w3.hosp.go.jp/~hospnet  (HOSPnet研究会)

＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/＿/