exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ISS Security Alert Summary January 7, 1998

ISS Security Alert Summary January 7, 1998
Posted Jul 15, 1999

ISS Security Alert Summary for January 7, 1998.

SHA-256 | 1749ffdb7113015a66ddcd6d0b2326ce0095a3e0622df159783fe43ae854313e

ISS Security Alert Summary January 7, 1998

Change Mirror Download

I S S X - F o r c e

The Most Wanted Alert List

[1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library
[5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback
[9]Advanced Search

_ Alert Summaries_

ISS Security Alert Summary
January 7, 1998
Volume 1 Number 10


_X-Force Vulnerability and Threat Database:_ [10]http://www.iss.net/xforce

To receive these Alert Summaries, subscribe to the ISS Alert mailing list
by sending an e-mail to [11]majordomo@iss.net and within the body of the
message type: 'subscribe alert'.

___

Index

3 Reported New Vulnerabilities [12]Back to Alert List
[13] - apache-dos
[14] - quake2-dos
[15] - cisco-7xxcrash

2 Updates
[16] - sun-pentium
[17] - sgi-statd

Risk Factor Key

[18]Top of Page || [19]Back to Alert List
___

Date Reported: 12/30/97
Vulnerability: apache-dos
Platforms Affected: Apache httpd (1.2.x, 1.3b3)

Risk Level: Medium

A vulnerability exists in Apache httpd servers that allow an attacker to
increase the load average on the machine. When an attacker sends
excessive http requests with thousands of '/'s inside, the system running
the server slows down effectively denying service. This problem has a
patch and will be corrected in 1.2.5 release.

Reference:
[20]http://www.netspace.org/cgi-bin/wa?A1=ind9712eL=bugtraq#2

Patches:
[21]http://www.apache.org/dist/patches/apply_to_1.2.4/no2slash-loop-fix.patch
[22]http://www.apache.org/dist/patches/apply_to_1.3b3/no2slash-loop-fix.patch

[23]Top of Page || [24]Back to Alert List
___

Date Reported: 12/24/97
Vulnerability: quake2-dos
Platforms Affected: Windows Machines running Quake 2 Server
Risk Level: Low

Quake 2 servers have a vulnerability that allows a remote attacker to shut
down the server. By sending a couple of spoofed UDP packets with a return
address of 127.0.0.1 or a return address of another Quake 2 server to the
machine running server, the it will then try to start a game with itself,
and crash.

References:
[25]http://www.netspace.org/cgi-bin/wa?A2=ind9712dL=bugtraq&O=T&P=828

Patch:
[26]ftp://ftp.idsoftware.com/idstuff/quake2/patch_07.zip

[27]Top of Page || [28]Back to Alert List
___

Date Reported: 12/15/97
Vulnerability: cisco-7xxcrash
Platforms Affected: Cisco 7xx routers (IOS 700 4.1(1), 4.1(2),
or 4.1 interim releases earlier than 4.1(2.1))
Risk Level: High

Cisco 7xx routers running IOS 700 are vulnerable to a denial of service
attack that reboots the router. An attacker can telnet to the router, and
enter a very long password string that overflows the data buffer that
is used for passwords. This forces the router to crash denying service to
legitimate users.

References:
[29]http://www.cisco.com/warp/public/770/pwbuf-pub.shtml
[30]http://www.netspace.org/cgi-bin/wa?A2=ind9712cL=bugtraq&O=T&P=1126

[31]Top of Page || [32]Back to Alert List
___

Date: 12/18/97
Update: sun-pentium
Vendor: Sun Microsystems, Inc.
Platforms: Pentium machines running Solaris
(2.4, 2.5 , 2.5.1, 2.6)

Sun has released patches for its Solaris Intel platforms for the Intel
Pentium Invalid Operand instruction. On unpatched Pentium, and Pentium MMX
systems, an unprivileged user can deny service to other users by causing
the system to hang. This vulnerability does not apply to Pentium Pro or
Pentium II processors.

References:
[33]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-161.txt
[34]http://www.intel.com/support/processors/pentium/ppiie/index.htm

[35]Top of Page || [36]Back to Alert List
___

Date: 12/16/97 (Cert Advisory 97.26)
Update: sgi-statd
Vendor: Silicon Graphics Inc.
Platforms: IRIX (5.0.x, 5.1.x, 5.2, 5.3)

Silicon Graphics Inc. has released a temporary solution and patches for
the statd vulnerability that allows remote and local users to execute
commands with root privileges.

References:
[37]ftp://sgigate.sgi.com/security/19971201-01-P1391
[38]ftp://info.cert.org/pub/cert_advisories/CA-97.26.statd

[39]Top of Page || [40]Back to Alert List
___

Risk Factor Key:

High any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium any vulnerability that provides information that has a
high potential of giving access to an intruder. Example:
A misconfigured TFTP or vulnerable NIS server that allows
an intruder to get the password file that possibly can
contain an account with a guessable password.
Low any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via bruteforce.

Internet Security Systems, Inc., (ISS) is the pioneer and world's leading
supplier of network security assessment and intrusion detection tools,
providing comprehensive software that enables organizations to proactively
manage and minimize their network security risks. For more information,
contact the company at (800) 776-2362 or (770) 395-0150 or visit the ISS
Web site at [41]http://www.iss.net.

[42]Top of Page || [43]Back to Alert List
________

Copyright (c) 1997 by Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this Alert Summary
electronically. It is not to be edited in any way without express consent
of X-Force. If you wish to reprint the whole or any part of this
Alert Summary in any other medium excluding electronic medium, please
e-mail [44]xforce@iss.net for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is
at the user's own risk.

X-Force PGP Key available at: [45]http://www.iss.net/xforce/sensitive.html
as well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to:
X Force xforce@iss.net

> of Internet Security Systems, Inc. [46]Top of Page || [47]Back to
Alert List

[48]News | [49]Serious Fun | [50]Mail Lists | [51]Security Library
[52]Protoworx | [53]Alerts | [54]Submissions | [55]Feedback
[56]Advanced Search

[57]About the Knowledge Base

Copyright ©1994-1998 Internet Security Systems, Inc.
All Rights Reserved. Sales Inquiries: [58]sales@iss.net
6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328
Phone (678) 443-6000 · Fax (678) 443-6477

Read our [59]privacy guidelines.

References

1. http://xforce.iss.net/news.php3
2. http://xforce.iss.net/seriousfun/
3. http://xforce.iss.net/maillists/
4. http://xforce.iss.net/library/
5. http://xforce.iss.net/protoworx/
6. http://xforce.iss.net/alerts/
7. http://xforce.iss.net/submission.php3
8. http://xforce.iss.net/feedback.php3
9. http://xforce.iss.net/search.php3
10. http://www.iss.net/xforce
11. mailto:majordomo@iss.net
12. http://xforce.iss.net/alerts/alerts.php3
13. http://xforce.iss.net/alerts/vol-1_num-10.php3#apache-dos
14. http://xforce.iss.net/alerts/vol-1_num-10.php3#quake2-dos
15. http://xforce.iss.net/alerts/vol-1_num-10.php3#cisco-7xxcrash
16. http://xforce.iss.net/alerts/vol-1_num-10.php3#sun-pentium
17. http://xforce.iss.net/alerts/vol-1_num-10.php3#sgi-statd
18. http://xforce.iss.net/alerts/vol-1_num-10.php3#list
19. http://xforce.iss.net/alerts/alerts.php3
20. http://www.netspace.org/cgi-bin/wa?A1=ind9712eL=bugtraq#2
21. http://www.apache.org/dist/patches/apply_to_1.2.4/no2slash-loop-fix.patch
22. http://www.apache.org/dist/patches/apply_to_1.3b3/no2slash-loop-fix.patch
23. http://xforce.iss.net/alerts/vol-1_num-10.php3#list
24. http://xforce.iss.net/alerts/alerts.php3
25. http://www.netspace.org/cgi-bin/wa?A2=ind9712dL=bugtraq&O=T&P=828
26. ftp://ftp.idsoftware.com/idstuff/quake2/patch_07.zip
27. http://xforce.iss.net/alerts/vol-1_num-10.php3#list
28. http://xforce.iss.net/alerts/alerts.php3
29. http://www.cisco.com/warp/public/770/pwbuf-pub.shtml
30. http://www.netspace.org/cgi-bin/wa?A2=ind9712cL=bugtraq&O=T&P=1126
31. http://xforce.iss.net/alerts/vol-1_num-10.php3#list
32. http://xforce.iss.net/alerts/alerts.php3
33. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-161.txt
34. http://www.intel.com/support/processors/pentium/ppiie/index.htm
35. http://xforce.iss.net/alerts/vol-1_num-10.php3#list
36. http://xforce.iss.net/alerts/alerts.php3
37. ftp://sgigate.sgi.com/security/19971201-01-P1391
38. ftp://info.cert.org/pub/cert_advisories/CA-97.26.statd
39. http://xforce.iss.net/alerts/vol-1_num-10.php3#list
40. http://xforce.iss.net/alerts/alerts.php3
41. http://www.iss.net/
42. http://xforce.iss.net/alerts/vol-1_num-10.php3#list
43. http://xforce.iss.net/alerts/alerts.php3
44. mailto:xforce@iss.net
45. http://www.iss.net/xforce/sensitive.html
46. http://xforce.iss.net/alerts/vol-1_num-10.php3#list
47. http://xforce.iss.net/alerts/alerts.php3
48. http://xforce.iss.net/news.php3
49. http://xforce.iss.net/seriousfun/
50. http://xforce.iss.net/maillists/
51. http://xforce.iss.net/library/
52. http://xforce.iss.net/protoworx/
53. http://xforce.iss.net/alerts/
54. http://xforce.iss.net/submission.php3
55. http://xforce.iss.net/feedback.php3
56. http://xforce.iss.net/search.php3
57. http://xforce.iss.net/about.php3
58. http://xforce.iss.net/cgi-bin/getSGIInfo.pl
59. http://xforce.iss.net/privacy.php3
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close