Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Windows XP SP2 Patch released; New phpBB Release; Apple Java Update; Wireless Standards

Published: 2005-02-22
Last Updated: 2005-02-23 04:34:17 UTC
by Joshua Wright (Version: 1)
0 comment(s)

Windows XP SP2 Patch (Update at 04:13:23 UTC Feb 23 2005)



In a late entry for today, Microsoft released a patch for Windows XP SP2 systems to address an issue, which could cause a computer to stop responding if certain firewall or antivirus programs are installed (which products is unknown at this time). This issue will typically result in a blue screen with a stop error message of "Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT)". The following Knowledge Base article was mention on the Full Disclosure, bugtraq, and ntbugtraq lists last week, but there was not a general announcement by Microsoft about its release. It is surmised that this is because the patch is not exactly a security patch. Instead it was more of a hotfix for the stop condition/blue screen scenario and is not covered by the standard security bulletins.

Since the initial chatter last week about the patch, MS has apparently pushed the patch up a level to be a more critical patch without a security bulletin which may be forthcoming. So imagine my surprise when my computer announces that it has downloaded a critical patch and is ready to install. (What? It isn't MS Patch Tuesday...oh wait...it is a tuesday here still and MS did release a critical patch...so i guess it is after all. ARGH!)

So those with automatic updates or going to windows update should start seeing this patch today. ***This problem may also exist in Windows 2003 server but a patch has yet to be released. ***

For more information on it, please see: <A HREF="http://support.microsoft.com/kb/887742"> http://support.microsoft.com/kb/887742

-- Scott Fendley adding a bit for Joshua Wright (the Handler On Duty)

New phpBB Release - updated 2005-02-22/19:27 UTC



The phpBB Group has release versions 2.0.12 of phpBB, indicating the resolution of a few "potential security bugs". A recent security bulletin from iDEFENSE labs indicates flaws in handling remote avatars that allows an attacker to read any file on the filesystem as the webserver user. Users are encouraged to upgrade.


How to upgrade: http://www.phpbb.com/kb/article.php?article_id=271

Downloads: http://www.phpbb.com/downloads.php

ChangeLog: http://www.phpbb.com/support/documents.php?mode=changelog#2011



Thanks to fellow handler Swa Frantzen for the analysis.



Apple Java Update


Today, Apple has released an update for the Sun Java Runtime Engine and SDK that addresses a flaw that could let an attacker run arbitrary code on the system. This patch resolves CVE ID CAN-2004-1029.


Note: ISS reports that this vulnerability was reported on 11/22/2004 - a vulnerability 4 months old just getting resolved now. Hopefully, Apple won't keep to a similar resolution cycle for well-known vulnerabilities, else Mac OS systems will likely become a much more favorable target for attackers.


http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1029

http://docs.info.apple.com/article.html?artnum=300980




a, b, d, e, f, g, i, j, k, ma, n, p ...



No, it's not , it's the 802.11 alphabet soup. Keeping up with all the happenings with wireless networks and the IEEE 802.11 committee is no small task, so I thought I'd include some information about IEEE wireless projects in development, and why they are important:



802.11i - Security

No longer in development, 802.11i is a ratified standard to improve wireless security. It consists of two primary functions: the use of the TKIP protocol to improve security with legacy hardware (aka WPA-I) and RSN for new hardware deployments (aka WPA-II).

Benefit: Well thought-out open security standards are much better than closed "solutions" that have not been challenged openly by the security community.




802.11k - Radio Resource Management

This specification will standardize how radios deal with different wireless signal and noise information, including how they make decisions on when to roam from one AP to another. Right now, the decision to roam between access points is based on vendor criteria and isn't standardized.

Benefit: Consistent roaming between access points, improved connectivity through better medium management.




802.11ma - Corrects and clarifications to IEEE 802.11-1999.

Enhancements to 802.11 MAC and physical functions that have generally been adopted by vendors but not solidified with a standard.

Benefit: Greater consistency in vendor products through clarified standards.




802.11p - Wireless Access in Vehicular Environments (WAVE)

A new physical layer specification using the licensed 5.9 GHz band for transactions between the roadside and moving vehicles. One obvious use for this standard is toll-debit services for cars on the highway, but it could also be used for voice conversations in cars, replacing cellular technology.

Benefit: Niche solution, but forces IEEE to think carefully about "fast roaming".




802.11r - Fast Roaming

A new standard to reduce the amount of time to roam between access points, eliminating the short loss of service that is painful for real-time streaming protocols. This has some security challenges, including how to handle cached authentication credentials shared between access points.

Benefit: Improved service for real-time protocols such as streaming video and VoIP.




802.11n - Enhanced throughput for 802.11 networks

A new physical layer standard offering longer range and improved throughput using MIMO (multiple-input, multiple-output) technology. 802.11n networks are designed to achieve >100 Mbps real throughput.

Benefit: Fast Ethernet throughput on wireless networks with greater range - just be careful not to get caught up in pre-N equipment that may be incompatible with standardized 802.11n.




802.11s - ESS Mesh (estimated completion date is 2007-01-01)
Standards-based mechanism to provide peer-to-peer connectivity using other stations as repeaters. This is a wonderful application of wireless technology, allowing organizations to cover large areas without significant investment in infrastructure. I predict security to be a problem here, since the design of a mesh network is the same as that of a man-in-the-middle attack.

Benefit: Increased range with less infrastructure costs.




802.11t - Wireless Performance Prediction (WPP) - test methods and metrics
Development of a formal standard for testing performance and stability of IEEE 802.11 products. This will open the testing process for wireless equipment, opposed to the closed Wi-Fi Alliance interoperability certification process.

Benefit: Open standards and testing processes improves the quality of products and provides more assurance for interoperability between vendors.




802.11u - Interworking with non-802 networks

A new committee to examine the techniques that can be used to internetwork 802.11 networks with other wireless networks (e.g. cellular, GSM, 3GPP, WiMAX, etc.).

Benefit: This standard will likely be the basis for multi-connected devices, such as a mobile phone, that can select the cheapest available topology for communication.




802.11v - Wireless network management

The TGv (task group "v") committee will develop technology to manage access points in a distributed or a centralized fashion. Identifying the failures in SNMP, TGv is proposing a layer 2 solution to monitoring, managing the configuration, and updating software of access points.

Benefit: Updating code on hundreds of AP's with SNMP and TFTP really stinks, hopefully this task group will create an implementation-independent solution to managing growing wireless networks.



-Joshua Wright/Handler-on-Duty



Keywords:
0 comment(s)
Diary Archives