Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 5
February 3, 2005

SANS Newsletters Home

Both Windows and Apple Mac users have something to fix right away. Millions of users of Winamp should download the new version. Otherwise they can be infected just by visiting malicious (or infected) websites, without taking any action to download or open anything (#1 below). Mac users need to install Apple's cumulative security update. (#2 below)

Call for experts: SANS annual Top 20 Internet Security Vulnerabilities ( http://www.sans.org/top20) is one of the most widely used security documents, because it provides a means of prioritizing vulnerability remediation. The 2005 Top 20 program managers would like your help in making sure it reflects the most current thinking of the experts. Please see the call for experts at the end of this issue of @RISK and contribute your expertise if you can. It's a very good feeling when you see your name attached to something as widely used as the SANS Top 20.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 1 (#3)
    • Third Party Windows Apps
    • 6 (#1)
    • Mac Os
    • 2 (#2)
    • Linux
    • 2
    • HP-UX
    • 1
    • Unix
    • 3 (#5)
    • Novell
    • 2
    • Cross Platform
    • 7 (#6)
    • Web Application
    • 10
    • Network Device
    • 2 (#4)
    • Hardware
    • 1

************ Sponsored by SANS First Wednesday Webcasts******************

"Spam Prevention: Past, Present and Future" What is the future of spam prevention? And how has it changed over the years? This archived webcast features Hal Pomeranz and Jeff Brainard. Hal is one of the nation's most respected security professionals and teachers, and founder and CEO of Deer Run Associates, a systems management and security consulting firm. Jeff Brainard is the Director of Corporate & Product Marketing for Mirapoint. You may view this webcast at https://www.sans.org/webcasts/show.php?webcastid=90550

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Mac Os
Linux
HP-UX
Unix
Novell
Cross Platform
Web Application
Network Device
Hardware

************************** SPONSORED LINKS ******************************

Privacy notice: Sponsored links redirect to non-SANS web pages. (1) Stop online threats now. Learn about McAfee(r) SCM, an integrated solution to protect your business. http://www.sans.org/info.php?id=722

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by the security team at TippingPoint (www.tippingpoint.com), a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) HIGH: Apple Mac OS X Cumulative Update
  • Affected:
    • Mac OS X Server and client versions 10.3.7, 10.2.8

  • Description: Apple released a cumulative security update for Mac OS X servers and clients. This update fixes the following important vulnerabilities. (a) Vulnerabilities in PHP that may be used to execute arbitrary code on a Mac OS webserver. These PHP flaws have been discussed in previous issues of the @RISK newsletter, and multiple exploits are publicly available. (b) A buffer overflow vulnerability in the libxml2 URL parsing function that can be exploited to execute arbitrary code. Exploit code has been publicly posted for this flaw as well. (c) Colorsync component contains a heap-based buffer overflow that can be triggered by a malformed color profile. The technical details required to exploit this flaw have not been posted yet.

  • Status: Apply the cumulative update which also fixes other less severe vulnerabilities in Safari browser, "at" command etc.

  • Council Site Actions: Three of the reporting council sites are running the affected software. All sites have already patched their affected systems.

  • References:
  • (3) UPDATE: Internet Explorer Drag and Drop Vulnerability

  • Description: Another exploit has been posted for the "drag and drop" vulnerability in Internet Explorer that can be used to completely compromise a Windows system (with RealPlayer installed). An attacker can create a webpage that installs a malicious executable in the user's "Startup" folder. Note that Microsoft has not issued a patch for this vulnerability since its announcement in October 2004. An unofficial fix, as described in a previous issue of the @RISK newsletter, is to set the kill bit for the "Shell.Explorer" ActiveX control.

  • Council Site Actions: All council sites are waiting on a confirmation and an official patch from Microsoft. Several sites commented that they are relying on their current layered security protection methods.

  • References:
Other Software
  • (4) HIGH: Cisco IP/VC Systems Default SNMP Community Strings
  • Affected:
    • Cisco IPVC-3510-MCU
    • Cisco IPVC-3520-GW-2B/4B/2V/4V/2B2V
    • Cisco IPVC-3525-GW-1P
    • Cisco IPVC-3530-VTA

  • Description: Cisco IP/VC family of products is designed for IP-based video conferencing. These products contain hard-coded SNMP community strings. An attacker can use these hard-coded SNMP strings to obtain complete control over the affected devices. Note that the IP/VC gateways bridge the IP and PSTN networks. Hence, an attacker taking control over the gateway may be able to make free calls, in addition, to disrupting the conferencing operations.

  • Status: Cisco is not going to provide software fixes for this vulnerability. The workaround is to block ports 161/udp and 162/udp to the affected devices.

  • References:
  • (6) MODERATE: Mozilla and Firefox Browser Multiple Vulnerabilities
  • Affected:
    • Mozilla version prior to 1.7.5
    • Firefox version prior to 1.0

  • Description: Mozilla and Firefox browser are being adopted by users as an alternative to Internet Explorer. These products contain following vulnerabilities. (a) A vulnerability in displaying SSL lock icon (on the lower right corner) of Mozilla and Firefox browser can be exploited to trick users into believing that they are browsing a secure site. The flaw can be exploited via specially crafted "view-source" URLs. (b) Another flaw in displaying the SSL lock icon can be exploited by downloading binary content from a secure site while browsing an insecure site. The SSL lock displays the secure site's certificate whereas the address bar still displays the insecure site.(c) Malicious webpages can script the user click behavior leading to download of malicious files on the user's system without any warning. The details regarding the flaws can be obtained by viewing the Mozilla bugzilla entries.

  • Status: Mozilla confirmed. Upgrade to Firefox version 1.0 and Mozilla version 1.7.5. These versions also fix a number of other less severe vulnerabilities.

  • Council Site Actions: Most of the sites have at least a few systems running Mozilla or Firefox. Several sites do not plan any action other than notification of their support group. One site has already upgraded their affected systems. One site has a large number of potentially affected systems. Their Mozilla UNIX systems will be updated later this month. They currently don't offer any support services for their Windows or Macintosh users of Mozilla and Firefox or support services for Firefox on UNIX. However, they believe that many of their users have their Mozilla or Firefox web browser configured to check for updates regularly, and will install an update once alerted. A final site is running the browsers, but not the older versions.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 5, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4048 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 05.5.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: IceWarp Web Mail Multiple Remote Vulnerabilities
  • Description: IceWarp Web Mail is a web-based mail application. IceWarp Web Mail is affected by multiple remote vulnerabilities such as cross-site scripting and HTML injection. IceWarp Web Mail versions 5.3 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/388751
  • 05.5.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VooDoo cIRCle Unspecified Vulnerability
  • Description: VooDoo cIRCle is an IRC bot. There is an unspecified issue that affects the NET_SEND command when processing administrator messages. VooDoo cIRCle versions 1.0 through 1.0.16 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12393/info/
  • 05.5.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Magic Winmail Server Multiple Vulnerabilities
  • Description: Magic Winmail Server is an email server. It is affected by multiple directory traversal, SQL injection and arbitrary file upload issues. Magic Winmail Server versions 4.0 (Build 1112) and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/388552
  • 05.5.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: War FTP Daemon Remote Denial of Service
  • Description: War FTP Daemon is vulnerable to a remote denial of service issue due to a failure of the application to handle an execption condition. War FTP Daemon 1.82.00-RC9 is vulnerable to this issue.
  • Ref: http://support.jgaa.com/index.php?cmd=ShowReport&ID=02643
  • 05.5.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SnugServer FTP Service Directory Traversal
  • Description: SnugServer server suite contains an FTP service. The service is vulnerable to a directory traversal vulnerability when a "..." argument is passed to the "CD" FTP command. SnugServer FTP server version 3.0.0.40 is known to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12387/info/
  • 05.5.6 - CVE: CAN-2004-1150
  • Platform: Third Party Windows Apps
  • Title: Winamp Variant in_cdda.dll Remote Buffer Overflow
  • Description: Nullsoft Winamp is a media player. It is vulnerable to a remote buffer overflow issue in the in_cdda.dll library. NullSoft Winamp 5.08c has been released to fix this issue.
  • Ref: http://forums.winamp.com/showthread.php?s=&threadid=202799
  • 05.5.7 - CVE: CAN-2005-0126
  • Platform: Mac Os
  • Title: Apple ColorSync ICC Header Remote Buffer Overflow
  • Description: Apple ColorSync has a buffer overflow vulnerability. This issue is due to a failure of the application to properly validate user-supplied data prior to copying it into static process buffers. An attacker may leverage this issue to execute arbitrary code in the context of the ColorSync utility.
  • Ref: http://www.securityfocus.com/advisories/7928
  • 05.5.8 - CVE: CAN-2005-0127
  • Platform: Mac Os
  • Title: Apple Mail Message ID Header Information Disclosure
  • Description: Apple Mail is an email client. It is reported to be vulnerable to an information disclosure issue due to a design error that causes the application to insecurely generate email message IDs. An attacker may leverage this issue to identify the specific computer that an email has been sent from. Other attacks may also be possible.
  • Ref: http://www.securityfocus.com/bid/12366
  • 05.5.9 - CVE: CAN-2005-0014, CAN-2005-0013
  • Platform: Linux
  • Title: ncpfs Multiple Remote Vulnerabilities
  • Description: ncpfs is a utility designed to facilitate integration with Novell NetWare technologies. Due to a failure to manage access privileges and to validate the length of user-supplied strings, the utility is exposed to various privilege escalation and code execution issues. ncpfs versions 2.x are affected.
  • Ref: http://www.gentoo.org/security/en/glsa/glsa-200501-44.xml
  • 05.5.10 - CVE: Not Available
  • Platform: Linux
  • Title: Openswan XAUTH/PAM Remote Buffer Overflow
  • Description: Xelerance Corporation Openswan is an implementation of the IP Security Protocol (IPSEC). It is reported to be vulnerable to remote buffer overflow due to improper sanitization of user-supplied strings. Openswan versions 1.0.8 and earlier as well as versions 2.2 and earlier are reported to be vulnerable.
  • Ref: http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities&
    amp;flashstatus=true
  • 05.5.11 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP-UX VirtualVault TGA Daemon Remote Denial of Service
  • Description: A remote denial of service condition has been reported to affect devices running the HP VVOS operating system. This occurs because the TGA daemon can not handle certain malformed network data. An attacker may leverage this issue to deny service to legitimate users of such devices.
  • Ref: http://www.securityfocus.com/advisories/7960
  • 05.5.12 - CVE: Not Available
  • Platform: Unix
  • Title: Squid Proxy Oversized HTTP Headers Unspecified Remote Vulnerability
  • Description: Squid Proxy is a web proxy software package. It is reported to be vulnerable to an unspecified issue. The issue presents itself when the application receives oversized HTTP reply headers. Squid has released a patch to address the issue.
  • Ref: http://secunia.com/advisories/14091/
  • 05.5.13 - CVE: CAN-2005-0133
  • Platform: Unix
  • Title: ClamAV ZIP File Parsing Remote Denial of Service
  • Description: ClamAV is anti-virus software. A denial of service issue is exposed when the software attempts to scan maliciously crafted zip files. ClamAV version 0.81 has been released to fix the issue.
  • Ref: http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml
  • 05.5.14 - CVE: Not Available
  • Platform: Unix
  • Title: BerliOS gpsd Remote Format String Vulnerability
  • Description: BerliOS gpsd is a service that monitors a GPS device and publishes collected data to queries made on TCP port 2947. Insufficient sanitization of user-supplied input results in various format string issues in the application. BerliOS gpsd versions 1.90 and earlier are affected.
  • Ref: http://www.digitalmunition.com/DMA%5B2005-0125a%5D.txt
  • 05.5.15 - CVE: Not Available
  • Platform: Novell
  • Title: Novell iChain Authentication Bypass
  • Description: Novell iChain is identity-based web security software. An iChain server using SSL Certificate Mutual Authentication is vulnerable to unauthorized access by an attacker creating a client certificate signed by any iChain server's ICS_TREE CA (Certificate Authority). Novell iChain Server versions 2.2, 2.2 SP2, 2.2SP3 and 2.3 are reported to be vulnerable.
  • Ref: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096315.htm
  • 05.5.16 - CVE: CAN-2005-0102
  • Platform: Novell
  • Title: Evolution Camel-Lock-Helper Application Integer Overflow
  • Description: Novell Evolution camel-lock-helper application is reportedly vulnerable to an integer overflow issue while processing certain network data. This can be leveraged towards remote arbitrary code execution.
  • Ref: http://www.securityfocus.com/advisories/7916
  • 05.5.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PostgreSQL Multiple Remote Vulnerabilities
  • Description: PostgreSQL is a relational database suite. Due to design errors and buffer mismanagement issues the application is exposed to various privilege escalation and buffer overflow issues. PostgreSQL versions 7.x and 8.x are affected.
  • Ref: http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php
  • 05.5.18 - CVE: CAN-2005-0141, CAN-2005-0143, CAN-2005-0144,CAN-2005-0145, CAN-2005-0146, CAN-2005-0147, CAN-2005-0148,CAN-2005-0149, CAN-2005-0150
  • Platform: Cross Platform
  • Title: Multiple Mozilla/Firefox/Thunderbird Vulnerabilities
  • Description: Mozilla, Firefox, and Thunderbird applications are vulnerable to multiple security issues such as access control bypass, status bar spoofing, tab spoofing and some javascript security problems.
  • Ref: http://www.mozilla.org/security/announce/
  • 05.5.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Xoops Incontent Module Directory Traversal
  • Description: Xoops Incontent module allows users to add content to a web site. The Incontent module is vulnerable to a directory traversal due to failing to sanitize the "uri" parameter of the "index.php" script. Incontent version 3.0 is known to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12406/info/
  • 05.5.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Infinite Mobile Delivery Webmail Path Disclosure
  • Description: Captaris Infinite Mobile Delivery Webmail is a mobile wireless application. Insufficient sanitization of user supplied URI parameters expose an absolute path disclosure issue in the application. Infinite Mobile Delivery Webmail version 2.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/388897
  • 05.5.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ngIRCd Remote Buffer Overflow
  • Description: ngIRCd is an IRC server. It is vulnerable to a remote buffer overflow issue due to insufficient boundaries checks in the "Lists_MakeMask()" function of the "lists.c" file. ngIRCd versions 0.8.1 and earlier are known to be vulnerable.
  • Ref: http://arthur.ath.cx/pipermail/ngircd-ml/2005-January/000228.html
  • 05.5.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IMAP Server CRAM-MD5 Remote Authentication Bypass
  • Description: University of Washington IMAP server, UW-IMAP, is affected by a remote authentication bypass issue. The issue exists due to an error in processing of the CRAM-MD5 authentication routine. UW-IMAP version 2004b fixes the issue.
  • Ref: http://www.kb.cert.org/vuls/id/702777
  • 05.5.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WebWasher Classic HTTP CONNECT Unauthorized Access
  • Description: WebWasher Classic is free Internet filtering software. It is vulnerable to an issue that may allow remote attackers to connect to arbitrary ports on a vulnerable computer using the HTTP CONNECT request and bypass access controls implemented by the application. WebWasher Classic versions 3.3 and 2.2.1 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/388698
  • 05.5.24 - CVE: Not Available
  • Platform: Web Application
  • Title: Eurofull E-Commerce Cross-Site Scripting
  • Description: Eurofull E-Commerce is a web based E-Commerce system. It is reported to be vulnerable to a cross-site scripting issue, due to improper sanitization of the "nombre" parameter of the "mensresp.asp" script.
  • Ref: http://secunia.com/advisories/14106/
  • 05.5.25 - CVE: CAN-2005-0152,CAN-2005-0104
  • Platform: Web Application
  • Title: SquirrelMail Multiple Vulnerabilities
  • Description: SquirrelMail is a web-based mail application. It is vulnerable to a cross-site scripting and remote code execution issue. A patch has been released to fix these issues.
  • Ref: http://www.debian.org/security/2005/dsa-662
  • 05.5.26 - CVE: Not Available
  • Platform: Web Application
  • Title: CitrusDB Credit Card Data Remote Information Disclosure
  • Description: CitrusDB is an open source customer database application implemented using PHP and MySQL. It is vulnerable to a remote information disclosure issue due to a design problem and may be exploited to access sensitive credit card data. Citrus DB versions 0.3.6 and earlier are vulnerable.
  • Ref: http://freshmeat.net/projects/citrusdb/
  • 05.5.27 - CVE: Not Available
  • Platform: Web Application
  • Title: JShop E-Commerce Suite Cross-Site Scripting
  • Description: JShop E-Commerce Suite is a web-based E-Commerce system implemented in PHP. It is reported to be vulnerable to a cross-site scripting issue due to improper sanitization of "xProd" and "xSec" parameters to the "product.php" script. JShop versions 1.2.0 and earlier are reported to be vulnerable.
  • Ref: http://secunia.com/advisories/14074/
  • 05.5.28 - CVE: Not Available
  • Platform: Web Application
  • Title: phpPGAds HTTP Response Splitting Vulnerability
  • Description: phpPgAds is a banner management and tracking system. It has an HTTP response splitting issue that allows remote attackers to misrepresent web content served to legitimate clients. phpPgAds versions earlier than 2.0.2 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12398/
  • 05.5.29 - CVE: Not Available
  • Platform: Web Application
  • Title: Alt-N WebAdmin Multiple Remote Vulnerabilities
  • Description: Alt-N WebAdmin is an optional component for MDaemon and RelayFax that allows remote administration. It is reported to be vulnerable to multiple cross-site scripting and access validation issues due to improper sanitization of user-supplied input. Alt-N WebAdmin version 3.0.2 is reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2005-01/0313.html
  • 05.5.30 - CVE: Not Available
  • Platform: Web Application
  • Title: CoolForum Multiple Input Validation Vulnerabilities
  • Description: CoolForum is vulnerable to multiple security issues resulting from input validation errors. These issues may allow an attacker to carry out HTML and SQL injection attacks. These can be leveraged towards theft of authentication credentials or to compromise the backend database. CoolForum version 0.7.2 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12392/
  • 05.5.31 - CVE: Not Available
  • Platform: Web Application
  • Title: eCommerce index.php Multiple Cross-Site Scripting Vulnerabilities
  • Description: Comdev eCommerce is a web-based ordering system. Insufficient sanitization of user-supplied URI parameters in the index.php script exposes the application to various cross-site scripting issues. Comdev eCommerce versions 3.0 and earlier are affected.
  • Ref: http://www.systemsecure.org/wwwboard/messages/222.html
  • 05.5.32 - CVE: Not Available
  • Platform: Web Application
  • Title: Ginp Java Preferences API Access Control Bypass
  • Description: Ginp is a Java-based web application to publish image collections. It is reported to be vulnerable to a remote access control bypass issue due to the "preferences" API implementation error. Ginp version 0.20 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12386/info/
  • 05.5.33 - CVE: Not Available
  • Platform: Web Application
  • Title: MercuryBoard Input Validation Vulnerabilities
  • Description: MercuryBoard is a web-based message board application. There are multiple input validation vulnerabilites due to the application's failure to properly sanitize user input of the "index.php" script. MercuryBoard Message Board versions 1.1 and 1.1.1 are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/388256
  • 05.5.34 - CVE: Not Available
  • Platform: Network Device
  • Title: Ingate Firewall Persistent PPTP Tunnel Vulnerability
  • Description: Ingate Firewalls have an unauthorized access vulnerability. If a client has a PPTP session open through the firewall while the user is disabled administratively, the PPTP sessions persist and the client retains access to resources protected by the firewall. Ingate Firewall versions 4.1.3 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/388520
  • 05.5.35 - CVE: CAN-2004-0467
  • Platform: Network Device
  • Title: JUNOS Unspecified Remote Denial of Service
  • Description: Juniper Networks JUNOS is an operating system with IP service toolkit. Juniper Networks routers running JUNOS are affected by an unspecified remote denial of service vulnerability. Juniper Networks routers running JUNOS that were built prior to January 7th, 2005 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/409555
  • 05.5.36 - CVE: Not Available
  • Platform: Hardware
  • Title: Nokia Series 60 Embedded Operating System Automatic File Execution
  • Description: The Series 60 Operating System (OS) is based on the Symbian OS. It is reported to be vulnerable to an automatic file execution issue. The issue presents itself when an attacker renames an executable file and sends it through MMS. The target executes it automatically. Series 60 OS on Nokia hardware is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12340

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters.

To change your subscription, address, or other information, visit http://portal.sans.org

Copyright 2005. All rights reserved. No posting or reuse allowed, other that listed above, without prior written permission.

====

SANS CRITICAL INTERNET THREATS 2005

=====================================

SANS Critical Internet Threats research is undertaken annually and provides the basis for the SANS "Top-20" report. The "Top-20" report describes the most serious internet security threats in detail, and provides the steps to identify and mitigate these threats.

The "Top-20" began its life as a research study undertaken jointly between the SANS Institute and the National Infrastructure Protection Centre (NIPC) at the FBI. Today thousands of organizations from all spheres of industry are using the "Top-20" as a definitive list to prioritize their security efforts.

The current "Top-20" is broken into two complimentary yet distinct sections:

  • The 10 most critical vulnerabilities for Windows systems.
  • The 10 most critical vulnerabilities for UNIX and Linux systems.

The 2005 Top-20 will once again create the experts' consensus on threats - - the result of a process that brings together security experts, leaders, researchers and visionaries from the most security-conscious federal agencies in the US, UK and around the world; the leading security software vendors and consulting firms; the university-based security programs; many other user organizations; and the SANS Institute. In addition to the Windows and UNIX vulnerabilities, this year's research will also focus on the 10 most severe vulnerabilities in the Cisco platforms.

For reference a copy of the 2004 paper is available online: http://www.sans.org/top20.htm. *A list of participants may be found in the Appendix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CALL FOR SECURITY and ASSURANCE EXPERTS

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you are interested in the Top-20 2005 research please contact the Director Top-20, Ross Patel (rpatel@sans.org), with the following details:

  • Your Name
  • The Organization you represent and your role
  • Contact Details (inc. email and phone)
  • A brief description of your security specialty

The fire hose strikes again! My brain hurts!
-Dean Farrington, Wells Fargo

Securing the Internet of Things - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU