November 3, 1999 - Security UPDATE Alert - Four new security risks were reported in the last couple of days. Georgio Guninski discovered another problem in IE 5.0 that allows of frame spoofing to occur. Microsoft has issued no comment regarding this problem. USSRLABS reported a denial of service potential with Deerfield.com's FTP Serv-U software. No vendor response is known at this time. Microsoft reported a problem with IIS and Site Server where an SSL ISAPI filter may leak plain text data under rare circumstances. A patch has been issued to correct the problems. Tim Adams reported a problem with IE 5.0's automatic proxy detection routines. Microsoft has issued a remedy for this problem. For complete details on each of the discoveries, please visit our Web site at the URLs listed below: - IE 5.0 Frame Spoofing http://www.ntsecurity.net/scripts/loader.asp?iD=/security/ie56.htm - IE 5.0 Proxy Detection Issue http://www.ntsecurity.net/scripts/loader.asp?iD=/security/ie55.htm - FTP Serv-U v2.5a http://www.ntsecurity.net/scripts/loader.asp?iD=/security/servu1.htm - IIS and Site Server SSL http://www.ntsecurity.net/scripts/loader.asp?iD=/security/iis2.htm Thanks for subscribing to Security UPDATE. Please tell your friends about this newsletter and alert list! Sincerely, The Security UPDATE Team security@ntsecurity.net ======================================================================= TO UNSUBSCRIBE from this alert list DO NOT REPLY, instead send e-mail to listserv@listserv.ntsecurity.net with the words "unsubscribe securityupdate" in the body of the message without the quotes. TO SUBSCRIBE to this alert list, send e-mail to the same address listed above with the words "subscribe securityupdate anonymous" in the body of the message without the quotes. ======================================================================= Security UPDATE is powered by LISTSERV(R) software http://www.lsoft.com/LISTSERV-powered.html ======================================================================= Copyright (c) 1999 Duke Communications Intl. Inc. - ALL RIGHTS RESERVED Forwarding this email is permitted, as long as the entire message body, the mail header, and this notice are included.