** CIAC's C-Notes ** Last Updated on 10/11/04    -    C-Note-05-001: "MySQL Vulnerabilities" (10/11/04) C-Note-04-014: "Apache 2.0.51 Released" (rev. 10/06/04) C-Note-04-013: "Samba 3.0.x Denial of Service Flaw" (rev. 10/05/04) C-Note-04-015: "Mozilla Releases" (rev. 10/05/04)
	2-27-2004:   Negative Reporting is now a requirement for all DOE/NNSA sites and is effective immediately per the Department of Energy memorandum concerning Cyber Security Incident Reporting. For details, visit CIAC Incident Reporting Procedures.

WHAT's NEW! !!         ( 10/13/2004 ) High-Risk Vulnerabilities - Windows Buffer Overrun in JPEG Processing Could Allow Code Execution    (CIAC Bulletin   O-213) (revised) - Windows SMTP Vulnerability could Allow Remote Code Execution    (CIAC Bulletin   P-005) - Microsoft Cumulative Security Update for Internet Explorer (834707)    (CIAC Bulletin   P-006) - "imlib" and "imlib2" Packages Vulnerability    (CIAC Bulletin   O-215) (revised) - HP Web Jetadmin Remote Access Vulnerability    (CIAC Bulletin   O-218) ... more high risk vulnerabilities Website Contents CIAC Website Index Security Sites -U.S. CERT -Federal and Security Sites -Hoaxbusters -Vulnerability Search Engine Sites CIAC Information CIAC has been providing the U.S. Department of Energy with incident response, reporting, and tracking, along with other computer security support since 1989. CIAC's Vision / Mission Statements For information from CIAC, call: 925-422-8193 CIAC is a founding member of FIRST, an international organization of incident response and security teams.

Latest CIAC Bulletin Releases   ( 10/14/2004 ) Bulletins:    All         By Vendor/OS         By Series         Search for bulletins                      Technical Bulletins           High Risk Vulnerabilities P-014  CUPS Information Leak   (Released 10/14/2004) P-013  Macromedia JRun Server Vulnerabilities   (Released 10/13/2004) P-012  Microsoft Vulnerability in NNTP Could Allow Remote Code Execution (883935)   (Released 10/13/2004) P-011  Microsoft Vulnerability in NetDDE Could Allow Remote Code Execution (841533)   (Released 10/13/2004) P-010  Microsoft Compressed (Zipped) Folders Vulnerability   (Released 10/12/2004) P-009  Microsoft Excel Vulnerability Could Allow Remote Code Execution   (Released 10/12/2004) P-008  Microsoft Security Update for Microsoft Windows (840987)   (Released 10/12/2004) P-007   Microsoft Windows Shell and Program Group Converter Vulnerabilities   (Released 10/12/2004) P-006  Microsoft Cumulative Security Update for Internet Explorer (834707)   (Released 10/12/2004) P-005  Windows SMTP Vulnerability could Allow Remote Code Execution   (Released 10/12/2004) Technical Bulletins  ( 08/17/2004 ) CIACTech04-001   Remote Detection of the Mydoom.A Worm   (Release 1/30/04)    CIACTech03-001   Spamming using the Windows Messenger Service   (Release 10/29/02)    CIACTech02-005   Understanding Capturing Files with Microsoft Word Field Codes   (Release 9/27/02) CIACTech02-004   Parasite Programs; Adware, Spyware, and Stealth Networks   (Revised 11/11/02) CIACTech02-003   Protecting Office for Mac X Antipiracy Server Ports   (Revised 5/7/02) ... more Technical Bulletins Latest Revisions  ( 10/13/2004 ) O-169   Apache Buffer Overflow Vulnerability   (Revised 10/13/2004) O-103  Apache HTTP Server mod_access Information Disclosure   (Revised 10/13/2004) O-213  Windows Buffer Overrun in JPEG Processing Could Allow Code Execution   (Revised 10/13/2004) O-016  Apache HTTP Server 1.3.29 Release Fixes Security Vulnerability   (Revised 10/12/2004) O-015  Apache HTTP Server 2.0.48 Release Fixes Security Vulnerabilities   (Revised 10/12/2004) P-003  Updated Cyrus-SASL Packages Fix Security Flaw   (Revised 10/12/2004) O-222  libXpm Library Contains Multiple Integer Overflow Vulnerabilities   (Revised 10/12/2004) P-001  Red Hat Updated XFree86 Packages Fix Security Issues   (Revised 10/11/2004) O-203  Cisco Secure Access Control Server Vulnerabilities   (Revised 10/06/2004) O-124  Cisco TCP Vulnerabilities in Multiple Cisco Products   (Revised 10/06/2004) Security Articles/Guidelines/Technology Sites CIAC 2300 Document on Connecting to the Internet Securely; Windows 2000. Released March 2002. CIAC Incident Reporting Procedures   ( 04/03/2002 ) ComputerWorld - "Wireless LAN Worries Mount"   ( 02/07/2002 ) NIST - "Guidelines on Firewalls and Firewall Policy"    (.pdf)   ( 02/05/2002 ) NSA Security Recommendation Guides SANS - 20 Most Critical Internet Security Vulnerabilities DOE-CIAC Software Tools, Current Versions NID v2.6  Released 10/10/2002 SafePatch v1.2.2 for Solaris and Red Hat Linux    Released 10/10/2002 SafePatch for Windows v1.0 for Windows 2000    Released 07/09/2003 ISS Internet Scanner v7.0   Available 5/2003 ISS RealSecure Products   Available 2/05/2001 ISS System Scanner v4.1   Available 2/05/2001 IEBT v1.01    Released 9/30/2000 AIS Alarms-Unix System v1.3.1    Released 2/17/2000 DOE Developed Software Tools Multi-Platform Trusted Copy   - LANL    (CIAC's Brief Description)

Thank you for visiting our site. You are the 5359873rd visitor to the CIAC Home Page. Enjoy your stay and visit often. Comments sent to ciac@ciac.org are welcomed.   However, send comments, information on hoaxes, scams, urban myths, etc. to the HOAXMASTER at: hoaxmaster@ciac.org

UCRL-MI-119788 [Privacy and Legal Notice]