WatchGuard SOHO is an appliance firewall device targeted at small to mid-sized companies that wish to connect their network to the Internet. ISS X-Force discovered the following vulnerabilities in the SOHO Firewall that may allow an attacker to compromise or deny service to the device:
8cc47b08e479f3101cc3f6ca9d94c2fd332658761e4a019a84429b4c8c47abfb
ISS Security Advisory - An exploitable buffer overflow has been found in Microsoft's Network Monitor utility. The vulnerability allows code to be executed on the remote computer with the privilege levels of the administrator. Windows NT, 2000, and SMS 1.2 and 2.0 are affected.
62cd0a353baa2b76a80fd2668586982a383c7b7773616bd881ac0df773aaa1f1
Internet Security Systems (ISS) X-Force has discovered a vulnerability in the listener program in Oracle Enterprise Server. It is possible for a remote attacker to gain access to the Oracle owner operating system account and the Oracle database, and to execute code in various operating systems.
56a9846b839261c36ea3bf7d4d00b3a6525142283821baca682d5ef473d0d305
The tmpwatch utility is used in Red Hat Linux to remove temporary files. This utility has an option to call the fuser program, which verifies if a file is currently opened by a process. The fuser program is invoked within tmpwatch by calling the system() library subroutine. Insecure handling of the arguments to this subroutine could potentially allow an attacker to execute arbitrary commands.
3a65b520b3913eeaf250c2b7af29ca697b1fcffe8b6368c569d85201f43b3ff9
ISS Security Alert Summary for October 10, 2000. 91 new vulnerablities were reported this month. This document has links to more information and full advisories on each. Includes: apache-rewrite-view-files, win2k-simplified-chinese-ime, xinitrc-bypass-xauthority, slashcode-default-admin-passwords, quotaadvisor-quota-bypass, hinet-ipphone-get-bo, netscape-ie-password-dos, traceroute-heap-overflow, glibc-unset-symlink, lpr-checkremote-format-string, netscape-messaging-list-dos, palm-weak-encryption, mediaplayer-outlook-dos, unixware-scohelp-format, ie-getobject-expose-files, webplus-example-script, lprng-format-string, openview-nmm-snmp-bo, alabanza-unauthorized-access, pine-check-mail-bo, ciscosecure-tacacs-dos, suse-installed-packages-exposed, ciscosecure-csadmin-bo, ciscosecure-ldap-bypass-authentication, rbs-isp-directory-traversal, wincom-lpd-dos, webplus-reveal-path, webplus-expose-internal-ip, webplus-reveal-source-code, du-kdebugd-write-access, glint-symlink, mdaemon-url-dos, browsegate-http-dos, klogd-format-string, office-dll-execution, cisco-pix-smtp-filtering, horde-imp-sendmail-command, exchange-store-dos, doublevision-dvtermtype-bo, sambar-search-view-folder, camshot-password-bo, websphere-header-dos, win2k-telnet-ntlm-authentication, http-cgi-multihtml, hp-openview-nnm-scripts, freebsd-eject-port, webtv-udp-dos, imp-attach-file, fastream-ftp-dos, fur-get-dos, 602prolan-telnet-dos, 602prolan-smtp-dos, as400-firewall-dos, eftp-bo, eftp-newline-dos, sco-help-view-files, win2k-rpc-dos, mailform-attach-file, linux-mod-perl, pam-authentication-bo, siteminder-bypass-authentication, mailto-piped-address, winsmtp-helo-bo, yabb-file-access, linux-tmpwatch-fork-dos, muh-log-dos, documentdirect-username-bo, documentdirect-get-bo, documentdirect-user-agent-bo, interbase-query-dos, suse-apache-cgi-source-code, phpphoto-dir-traverse, apache-webdav-directory-listings, eudora-path-disclosure, phpphotoalbum-getalbum-directory-traversal, lpplus-permissions-dos, lpplus-process-perms-dos, lpplus-dccscan-file-read, xmail-long-apop-bo, xmail-long-user-bo, w2k-still-image-service, irc-trinity, wftpd-long-string-dos, wftpd-path-disclosure, iis-invald-url-dos, screen-format-string, ntmail-incomplete-http-requests, wavelink-authentication, php-file-upload, unix-locale-format-string, and aix-clear-netstat.
c216ccfd7bb412d411ec6ce30d33d782e379f3b95c50042b517f1d53c6b4cbc5
Internet Security Systems (ISS) has identified vulnerabilities in several utilities that ship as part of the Groff document formatting system package.
fbb240e9e8f7090ddc8625ef09174331b3b248f794fec3695f392bdad9961a77
New versions of Stacheldraht and Trinity distributed denial of service (DDoS) attack tools have been found in the wild. The new versions of Stacheldraht include Stacheldraht 1.666+antigl+yps and Stacheldraht 1.666+smurf+yps. A variant of the Trinity tool called entitee has also been reported.
bf70582377dd6c20bb49cdd77ca3e0c56492dfd692b6275a785542a9865f27f6
On July 26th, Thomas Lopatic, John McDonald, and Dug Song released vulnerability information at the Black Hat 2000 briefings that exposed the following security holes in Check Point FireWall-1:
eeedaa029a78ab96887ffba13275188e14b08454b5f8db03caf6f28381fdf2b1
ISS Security Alert Summary for September 15, 2000. 87 new vulnerablities were reported this month. This document has links to more information and full advisories on each. Includes: ftp-goodtech-rnto-dos, imail-file-attachment, go-gnome-preinstaller-symlink, mailers-cgimail-spoof, win-netbios-corrupt-cache, news-publisher-add-author, xpdf-embedded-url, intel-express-switch-dos, viking-server-bo, win2k-corrupt-lsp, vqserver-get-dos, mgetty-faxrunq-symlink, money-plaintext-password, wormhttp-dir-traverse, wormhttp-filename-dos, cgi-auction-weaver-read-files, iis-cross-site-scripting, telnetserver-rpc-bo, nai-pgp-unsigned-adk, website-pro-upload-files, account-manager-overwrite-password, subscribe-me-overwrite-password, hp-netinit-symlink, realsecure-frag-syn-dos, sunjava-webadmin-bbs, zkey-java-compromise-accounts, java-vm-applet, darxite-login-bo, gopherd-halidate-bo, phpnuke-pwd-admin-access, becky-imail-header-dos, gnome-installer-overwrite-configuration, gnome-lokkit-open-ports, minicom-capture-groupown, webshield-smtp-dos, netwin-netauth-dir-traverse, xlock-format-d-option, frontpage-ext-device-name-dos, xchat-url-execute-commands, irix-worldview-wnn-bo, os2-ftpserver-login-dos, weblogic-plugin-bo, ie-folder-remote-exe, firebox-url-dos, trustix-secure-apache-misconfig, irix-telnetd-syslog-format, rapidstream-remote-execution, ntop-bo, iis-specialized-header, linux-update-race-condition, etrust-access-control-default, zope-additional-role, list-manager-elevate-privileges, iis-incorrect-permissions, varicad-world-write-permissions, gopherd-gdeskey-bo, gopherd-gdeskey-bo, mediahouse-stats-livestats-bo, linux-umb-scheme, mdaemon-session-id-hijack, tumbleweed-mms-blank-password, ie-scriptlet-rendering-file-access, office-html-object-tag, hp-openview-nnm-password, hp-newgrp, totalbill-remote-execution, solaris-answerbook2-admin-interface, perl-shell-escape, solaris-answerbook2-remote-execution, mopd-bo, java-brownorifice, diskcheck-tmp-race-condition, servu-null-character-dos, pccs-mysql-admin-tool, irix-xfs-truncate, win-ipx-ping-packet, nai-nettools-strong-bo, fw1-unauth-rsh-connection, win2k-named-pipes, sol-libprint-bo, ntop-remote-file-access, irix-grosview-bo, irix-libgl-bo, irix-dmplay-bo, irix-inpview-symlink, nettools-pki-dir-traverse, fw1-localhost-auth.
dbd64db221e040e05a4a342ac92b13566073a9300c9dab57446e955bb03abca1
A new Distributed Denial of Service tool, Trinity v3, has been discovered in the wild. There have been reports of up to 400 hosts running the Trinity agent. In one Internet Relay Chat (IRC) channel on the Undernet network, there are 50 compromised hosts with Trinity running, with new hosts appearing every day. It is not known how many different versions of Trinity are in the wild.
ae3410dfb4415f157d96a9862a755d7384dbf4c77f8018d7149d5452d989b3e6
ISS Security Alert Summary August 1, 2000 - 37 new vulnerabilities were reported last month. This document has links to more information and full advisories on each. Includes: analogx-proxy-ftp-crash, analogx-proxy-pop3-crash, analogx-proxy-socks4-crash, roxen-null-char-url, wftpd-stat-info, bair-security-removal, roxen-admin-pw-readable, wftpd-stat-dos, wftpd-rest-dos, wftpd-mlst-dos, outlook-express-mail-browser-link, winamp-playlist-parser-bo, outlook-date-overflow, tomcat-error-path-reveal, tomcat-snoop-info, website-webfind-bo, alibaba-cgi-script-directory-listing, alibaba-get-dos, website-httpd32-bo, alibaba-script-file-overwrite, zeroport-weak-encryption, linux-usermode-dos, blackboard-courseinfo-dbase-modification, lsoft-listserv-querystring-bo, linux-nfsutils-remote-root, iis-absent-directory-dos, blackboard-courseinfo-plaintext, cvsweb-shell-access, webactive-long-get-dos, worldclient-dir-traverse, http-cgi-bigbrother-bbhostsvc, apache-source-asp-file-write, netware-port40193-dos, netscape-admin-server-password-disclosure, cisco-pix-firewall-tcp, mssql-manager-password, and minivend-viewpage-sample.
608bac3811e7784a7d30e0063ead0d9b6ab115e59950211ddd511b3ca2d93e8d
On July 18th, details of a high-risk remote buffer overflow vulnerability were made public. This vulnerability has the potential to expose millions of email users to malicious attack and compromise. All current versions of Microsoft Outlook and Microsoft Outlook Express are vulnerable.
3f47095b21cc976d9a3e6f8b8281dae78538c0a86f2a7910eb933c1511a6b1b4
Internet Security Systems (ISS) X-Force has identified a vulnerability in the makewhatis Bourne shell script that ships with many Linux distributions
1b64f135dfbec4e3b58cd4a39a867d2095425a2d0a7ce099fefc4ef401e688f6
ISS Security Alert Summary July 1, 2000 - 77 new vulnerabilities were reported last month. This document has links to more information and full advisories on each. Includes: win2k-telnetserver-dos, win2k-cpu-overload-dos, fw1-resource-overload-dos, sybergen-routing-table-modify, ircd-dalnet-summon-bo, win-arp-spoofing, imesh-tcp-port-overflow, ie-active-setup-download, ftgate-invalid-user-requests, winproxy-get-dos, firstclass-large-bcc-dos, winproxy-command-bo, boa-webserver-file-access, ie-access-vba-code-execute, ie-powerpoint-activex-object-execute, fortech-proxy-telnet-gateway, xwin-clients-default-export, sawmill-file-access, sawmill-weak-encryption, netscape-virtual-directory-bo, netscape-enterprise-netware-bo, proxyplus-telnet-gateway, glftpd-privpath-directive, irc-leafchat-dos, openbsd-isc-dhcp-bo, debian-cups-malformed-ipp, jetadmin-network-dos, wuftp-format-string-stack-overwrite, jrun-read-sample-files, redhat-secure-locate-path, redhat-gkermit, weblogic-file-source-read, netscape-ftpserver-chroot, linux-kon-bo, dmailweb-long-username-dos, dmailweb-long-pophost-dos, aix-cdmount-insecure-call, irix-workshop-cvconnect-overwrite, blackice-security-level-nervous, linux-libice-dos, xdm-xdmcp-remote-bo, webbbs-get-request-overflow, nettools-pki-http-bo, nettools-pki-unauthenticated-access, panda-antivirus-remote-admin, dragon-telnet-dos, dragon-ftp-dos, small-http-get-overflow-dos, mdaemon-pass-dos, simpleserver-long-url-dos, win2k-desktop-separation, zope-dtml-remote-modify, pgp-cert-server-dos, antivirus-nav-fail-open, antivirus-nav-zip-bo, kerberos-gssftpd-dos, sol-ufsrestore-bo, tigris-radius-login-failure, webbanner-input-validation-exe, smartftp-directory-traversal, antisniff-arptest, weblogic-jsp-source-read, websphere-jsp-source-read, freebsd-alpha-weak-encryption, mailstudio-set-passwords, http-cgi-mailstudio-bo, mailstudio-view-files, kerberos-lastrealm-bo, kerberos-localrealm-bo, kerberos-emsg-bo, kerberos-authmsgkdcrequests, kerberos-free-memory, openssh-uselogin-remote-exec, mailstudio-cgi-input-vaildation, ceilidh-path-disclosure, ceilidh-post-dos, and nt-admin-lockout.
56bdbd85738f9ce23d025f2bb8e258e5ea88fba4f6c6be7083dc0867aabe88e2
The AIX cdmount program allows regular users to mount CD-ROM filesystems. This program is basically a SUID to root wrapper of the mount command. Insecure handling of the arguments to cdmount may allow a local regular user to execute commands as root.
9f59ba46228465abd1d52f3ef05776c0a0c410e98203f09b70608a2f5f6cb353
Internet Security Systems (ISS) X-Force has discovered a vulnerability in the i-drive Filo software. i-drive.com provides web storage services for over 1.5 million users. The browser-based tool, Filo, allows users to clip and save any web page to their i-drive account. Filo is designed for saving important pages found on the web such as investment research, travel confirmations, and e-commerce receipts. Affected Versions: Filo file version 1.0.0.1 for Windows NT (SP5) is affected.
6c8a6f18158ddf0de0850c9afbdc8b697fb5d9987dd442cd7ad4ca1c9bedf826
ISS Security Alert Summary June 1, 2000 - 78 new vulnerabilities have been reported in this quarter. This document has links to more information and full advisories on each. Includes: linux-cdrecord-execute, xlock-bo-read-passwd, bsd-syscall-cpu-dos, win-browser-hostannouncement, nai-webshield-config-mod, nai-webshield-bo, mdbms-bo, mailsite-get-overflow, hp-jetadmin-malformed-url-dos, hp-jetadmin-directory-traversal, deerfield-mdaemon-dos, cayman-dsl-dos, carello-file-duplication, netscape-ssl-certificate, cobalt-cgiwrap-bypass, gnome-gdm-bo, linux-fdmount-bo, qualcomm-qpopper-euidl, cart32-price-change, gauntlet-cyberdaemon-bo, ip-fragment-reassembly-dos, domino-doc-modify, domino-web-apps-access, axent-netprowler-ipfrag-dos, lotus-domino-esmtp-bo, linux-masquerading-dos, netice-icecap-alert-execute, netice-icecap-default, beos-tcp-frag-dos, ie-frame-domain-verification, ie-malformed-component-attribute, kerberos-krb-rd-req-bo, kerberos-krb425-conv-principal-bo, kerberos-ksu-bo, kscd-shell-env-variable, cproxy-http-dos, emurl-account-access, eudora-long-attachment-filename, ie-active-movie-control, antisniff-dns-overflow, delphi-ics-dot-attack, netscape-invalid-ssl-sessions, sol-netpr-bo, ie-cookie-disclosure, iis-malformed-information-extension, iis-url-extension-data-dos, netscape-import-certificate-symlink, ssh-zedz-consultants, coldfusion-cfcache-dos, http-cgi-formmail-environment, libmytinfo-bo, netopia-snmp-comm-strings, gnapster-view-files, netstructure-root-compromise, netstructure-wizard-mode, allaire-clustercats-url-redirect, aolim-file-path, iis-shtml-reveal-path, http-cgi-dbman-db, http-cgi-dnews-bo, ultraboard-cgi-dos, aladdin-etoken-pin-reset, http-cgi-dmailweb-bo, interscan-viruswall-bo, quake3-auto-download, ultraboard-printabletopic-fileread, cart32-expdate, cisco-online-help, hp-shutdown-privileges, http-cgi-listserv-wa-bo, aaabase-execute-dot-files, aaabase-file-deletion, macos-appleshare-invalid-range, win-netbios-source-null, linux-knfsd-dos, macos-filemaker-anonymous-email, and macos-filemaker-email. ISS X-Force homepage here.
4db0d03fb6271c35418d4d58ecec415169ad7a59e0467e9f65044a7c79068f6e
Internet Security Systems (ISS) X-Force has determined that Microsoft Internet Information Server (IIS) is vulnerable to a remote Denial of Service (DoS) attack. IIS is a popular web server application for Windows NT, and comprises the majority of Windows NT based web servers. This vulnerability may allow a remote attacker to effectively disable vulnerable versions of IIS.
b3f3869ababf8355003692b68bc463889b7d558c776dd4b96ffa2393d0ca1ac3
The top 10 vulnerabilities represent the most commonly found and exploited high-risk vulnerabilities on the Internet. This list is derived from various trusted sources including ISS X-Force analysis, customer input, ISS Professional Services, and security partners. The top 10 list is maintained by ISS X-Force and distributed quarterly with the ISS Alert Summary.
b59317a46aa265aa95d222a66676bc3b18cb46a84911dc76c951b58d3d4f5a9e
A dangerous Visual Basic Script (VBScript) virus, dubbed the LoveLetter or ILOVEYOU virus, has been spreading itself across the Internet through email via Microsoft Outlook and through Internet Relay Chat (IRC) using a popular IRC client named mIRC. The virus is susceptible to activation whenever the Windows Script Host features are enabled.
fba2c99bda6968dbb189d98fd36cb2615406aa0d8be416faaf4a6c7b36fb06cc
ISS Security Alert Summary for May 1, 2000. 35 new reported vulnerabilities this quarter, including: eudora-warning-message, icradius-username-bo, postgresql-plaintext-passwords, aix-frcactrl-file-modify, cisco-ios-http-dos, meetingmaker-weak-encryption, pcanywhere-tcpsyn-dos, piranha-passwd-execute, piranha-default-password, solaris-lp-bo, solaris-xsun-bo, solaris-lpset-bo, zonealarm-portscan, cvs-tempfile-dos, imp-wordfile-dos, imp-tmpfile-view, suse-file-deletion, qpopper-fgets-spoofing, adtran ping-dos, emacs-local-eavesdrop, emacs-tempfile-creation, emacs-password-history, irix-pmcd-mounts, irix-pmcd-processes, irix-pmcd-dos, iis-myriad-escape-chars, freebsd-healthd, beos-syscall-dos, linux-trustees-patch-dos, pcanywhere-login-dos, beos-networking-dos, win2k-unattended-install, mssql-agent-stored-pw, and webobjects-post-dos.
6d59eba0abd44501049acfa5e821123af34e918e7a66fc7f61eef2851fad52c7
Internet Security Systems (ISS) has identified a vulnerability in id Software's Quake3Arena that could allow an attacker to read or write files on a computer that has the software installed. This vulnerability is important to network administrators who may be unaware that users are accessing potentially malicious Quake3Arena servers outside their network.
8a4d017e58a2be864d22ccf98c21f702854bcc48268c04bd1317160450a209b9
A new Distributed Denial of Service tool, mstream, has been discovered at the University of Washington. It has also been seen on networks at Penn State and Indiana University. A Distributed Denial of Service attack is designed to bring a network down by flooding target machines with large amounts of traffic. The source code for a version of the program was recently posted anonymously to the BugTraq and VULN-DEV e-mail lists hosted by SecurityFocus. This tool includes a master controller and a zombie. The master controller is the portion of the tool that controls all of the zombie agents. An attacker connects to the master controller using telnet to control the zombies.
831b88ac1fc976e9564f7cfad9d681900d7de2682423dab9dddec3575ad0743e
Internet Security Systems (ISS) X-Force has discovered a vulnerability in the AIX frcactrl program. The Fast Response Cache Accelerator (FRCA) is a kernel module that can be used with the IBM HTTP server to improve the performance of a web server. If the FRCA module is loaded, a local attacker could use frcactrl, a program used to manage FRCA configuration, to modify files.
4c52418fd006161d9742422a2bf61974cc7390397b5bdafb2ad32a6aba05f961
Internet Security Systems (ISS) X-Force has identified a backdoor password in the Red Hat Linux Piranha product. Piranha is a package distributed by Red Hat, Inc. that contains the Linux Virtual Server (LVS) software, a web-based GUI, and monitoring and fail-over components. A backdoor password exists in the GUI portion of Piranha that may allow remote attackers to execute commands on the server. If an affected version of Piranha is installed and the default backdoor password remains unchanged, any remote as well as local user may login to the LVS web interface. From here LVS parameters can be changed and arbitrary commands can be executed with the same privilege as that of the web server.
61d620c67900aae2e66e83528048b341915c2605077b43b58e0a2baedc393854