what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

iss.summary.5.2

iss.summary.5.2
Posted Mar 2, 2000
Site xforce.iss.net

ISS Security Alert Summary 5.2 - Summary of vulnerabilities discovered in February, 2000. Contains information on vulnerabilities in trin00-dos, netgear-multiple-dos, sambar-batfiles, win-media-dos, win-active-setup, siteserver-sitebuilder, netbsd-ptrace, netbsd-procfs, ie-image-source-redirect, sco-openserver-arc-symlink, iis-frontpage-info, and outlook-active-script-read.

tags | vulnerability
systems | netbsd
SHA-256 | 89cecfdb05cb343985151b82b3473e9791dfd89baa14bde9b015b5bf1524206d

iss.summary.5.2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

ISS Security Alert Summary
March 1, 2000
Volume 5 Number 2

X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To
receive these Alert Summaries, subscribe to the ISS Alert mailing list.
Send an email to majordomo@iss.net, and within the body of the message
type: 'subscribe alert'.

_____

Contents

12 Reported Vulnerabilities

- trin00-dos
- netgear-multiple-dos
- sambar-batfiles
- win-media-dos
- win-active-setup
- siteserver-sitebuilder
- netbsd-ptrace
- netbsd-procfs
- ie-image-source-redirect
- sco-openserver-arc-symlink
- iis-frontpage-info
- outlook-active-script-read

Risk Factor Key

_____

Date Reported: 2/14/00
Attack: trin00-dos
Platforms Affected: Any
Risk Factor: High
Attack Type: Network Based

Trin00 is a Distributed Denial of Service system that allows a master
computer to launch a denial of service attack by enlisting the help of
several client computers that contain the Trin00 client. The Trin00 client
can be used by a Trin00 master to launch a DDoS attack.

References:
ISS Security Alert: "Denial of Service Attack using the TFN2K and
Stacheldraht programs" at: http://xforce.iss.net/alerts/advise43.php3

ISS Security Alert Update: "trin00 for Windows Distributed Denial of
Service Attack Tool" at: http://xforce.iss.net/alerts/advise44.php3

_____

Date Reported: 2/25/00
Vulnerability: netgear-multiple-dos
Platforms Affected: Netgear ISDN Router RH348 and RT328
Risk Factor: Medium
Attack Type: Network Based

Netgear ISDN Routers (RH348 and RT328) contain multiple denial of service
attacks. If a remote attacker runs a SYN scan against the router, it will
deny connections to port 23 for about 5 minutes per packet, effectively
shutting it down. If a remote attacker telnets to the router and remains
idle, it will not allow any other management session. Finally, if a remote
attacker sends a large number of ICMP redirect packets, it will stop
routing packets as long as the attack exists.

Reference:
BUGTRAQ Mailing List: "DoSing the Netgear ISDN RT34x router" at:
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=Pine.LNX.4.20.0002251214450.23763-100000@voodoomindcontrol.jcius.com

_____

Date Reported: 2/23/00
Vulnerability: sambar-batfiles
Platforms Affected: Sambar Server for Windows 9x and NT
Risk Factor: High
Attack Type: Network Based

Sambar Server is a multi-threaded HTTP server for Windows 9x and NT
environments. Some beta versions of Sambar Server shipped with two files,
HELLO.BAT and ECHO.BAT, in the CGI directory. These two files, and .BAT
files like them, could allow remote attackers to execute arbitrary
commands on the server.

Reference:
BugTraq Mailing List: "Sambar Server alert!" at:
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=38B3E60A.6A84FEC3@cybcom.net

_____

Date Reported: 2/23/00
Vulnerability: win-media-dos
Platforms Affected: Microsoft Windows Media Services (4.0, 4.1)
Risk Factor: Medium
Attack Type: Network Based

Microsoft Windows Media Services contain a denial of service attack
against the media server. If a remote user sends client-side handshake
packets out of order to the server, the server will try to use resources
before it has been initialized causing the Windows Unicast Service to
crash.

Reference:
Microsoft Security Bulletin (MS00-013): "Patch Available for 'Misordered
Windows Media Services Handshake' Vulnerability" at:
http://www.microsoft.com/technet/security/bulletin/ms00-013.asp

_____

Date Reported: 2/19/00
Vulnerability: win-active-setup
Platforms Affected: Microsoft Internet Explorer
Microsoft Outlook
Risk Factor: High
Attack Type: Network/Host Based

Microsoft signed ActiveX setup files are normally installed without
notification to the user. An attacker could have the operating system
install a Microsoft component with known vulnerabilities and then exploit
them accordingly.. This could be exploited remotely if it is executed via a
web page or an HTML email message.

Reference:
BUGTRAQ Mailing List: "Microsoft signed software can be install software
without prompting users" at:
http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000221103938.T21312@securityfocus.com

_____

Date Reported: 2/18/00
Vulnerability: siteserver-sitebuilder
Platforms Affected: Microsoft SiteServer 3.0
Risk Factor: High
Attack Type: Network Based

Microsoft SiteServer 3.0 (Commerce Edition) ships with a Site Builder
wizard used to build custom sites. A security vulnerability exists in the
"product.ast" file it creates that could allow a remote attacker to
execute arbitrary SQL commands. This hole also affects the "product.asp"
file, which is part of the Volcano Coffee sample site.

Reference:
Microsoft Security Bulletin MS00-010: "Patch Available for "Site Wizard
Input Validation" Vulnerability" at:
http://www.microsoft.com/technet/security/bulletin/ms00-010.asp

_____

Date Reported: 2/16/00
Vulnerability: netbsd-ptrace
Platforms Affected: NetBSD/vax 1.4.1
Risk Factor: Medium
Attack Type: Host Based

A vulnerability in NetBSD's ptrace command could allow a local user to
construct a wrapper program that can modify the hardware privileges of the
ptrace program.

Reference:
BUGTRAQ Mailing List: "NetBSD Security Advisory 1999-012" at:
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=14505.23579.967265.266049@passion.geek.com.au

_____

Date Reported: 2/16/00
Vulnerability: netbsd-procfs
Platforms Affected: NetBSD 1.4.1
Risk Factor: High
Attack Type: Host Based

NetBSD's proc filesystem contains a vulnerability by which a local user
can trick a setuid binary into writing to /proc/<pid>. This would cause
the memory image of another setuid binary to execute a shell.

Reference:
BUGTRAQ Mailing List: "NetBSD Security Advisory 2000-001" at:
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=14505.23693.773699.404104@passion.geek.com.au

_____

Date Reported: 2/16/00
Vulnerability: ie-image-source-redirect
Platforms Affected: Microsoft Internet Explorer (4.0, 4.01, 5.0, 5.01)
Risk Factor: Medium
Attack Type: Network Based

Microsoft Internet Explorer has a problem that allows a malicious web site
operator to read files on the affected system that is browsing his
website.

Reference:
Microsoft Security Bulletin (MS00-009) "Patch Available for 'Image Source
Redirect' Vulnerability" at:
http://www.microsoft.com/technet/security/bulletin/ms00-009.asp

_____

Date Reported: 2/15/00
Vulnerability: sco-openserver-arc-symlink
Platforms Affected: SCO OpenServer 5.0.5
Risk Factor: High
Attack Type: Host Based

SCO OpenServer version 5.0.5 ARCserve agent /tmp files could allow a
symlink attack. The ARCserver agent startup script creates several files
in the /tmp directory with world writeable permissions (mode 777). An
attacker could replace these files with symlinks and create files anywhere
on the filesystem with root privileges.

Reference:
SCO Security Bulletin: "SSE063 - ARCserve startup script symlink
vulnerability in SCO OpenServer 5" at: http://www.sco.com/security

_____

Date Reported: 2/3/00
Vulnerability: iis-frontpage-info
Platforms Affected: IIS running Frontpage
Risk Factor: Medium
Attack Type: Network Based

Microsoft Windows NT 4 running Internet Information Server with Frontpage
contains a vulnerability that would allow a remote attacker to learn the
name of the anonymous Internet account and learn physical paths on the
affected system.

Reference:
BUGTRAQ Mailing List: "Alert: IIS 4 / IS 2 IDQ Cerberus Information
Security Advisory (CISADV000202)" at:
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-01-29&msg=038201bf6dd8$249e2250$5802020a@cerberusinfosec.co.uk

_____

Date Repored: 2/1/00
Vulnerability: outlook-active-script-read
Platforms Affected: Microsoft Express 5.01
Internet Explorer 5.01
Risk Factor: Medium
Attack Type: Host/Network Based

Microsoft Outlook Express 5.01 and Internet Explorer 5.01 under Windows 95
(and possibly other versions) contains a vulnerability in when active
scripting is enabled. A malicious email message could run active
scripting that would read any new messages that arrive after malicious
email has been read.

Reference:
BUGTRAQ Mailing List: "Outlook Express 5 vulnerability - Active Scripting
may read email messages" at:
http://www.securityfocus.com/templates/archive.pike?list=1&msg=896E440.553BD289@nat.bg

_____

Risk Factor Key:

High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.

Copyright (c) 1999 by Internet Security Systems, Inc. Permission is
hereby granted for the redistribution of this Alert Summary
electronically. It is not to be edited in any way without express
consent of the X-Force. If you wish to reprint the whole or any part of
this Alert Summary in any other medium excluding electronic medium,
please e-mail xforce@iss.net for permission.

Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.

X-Force PGP Key available at: http://xforce.iss.net/sensitive.php3 as
well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to:
X-Force <xforce@iss.net> of Internet Security Systems, Inc.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBOL3AUzRfJiV99eG9AQEA3wQAtJ7M11joAtjI5sF/BiAE7X49Jr9gYPRL
oW8caEAqZ1dv+6Bm4p26EcBWGBdhCXgR56k+ul5q8ADzetMJXjLrAjGaYx6HflJH
EyCqUvFLuhby9LV3S85ZFXiZ7VyDA6K3Y4Nvaisq4DIOIHEOhkmLju63v5XoPrr6
ZqOzZKys3Sk=
=FS9Z
-----END PGP SIGNATURE-----




Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close