exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ISS Security Alert Summary September 10, 1997

ISS Security Alert Summary September 10, 1997
Posted Jul 15, 1999

ISS Security Alert Summary for September 10, 1997.

SHA-256 | 5c5e5c0971e6dbf1ff78cc4689c22d388cdb34489cef892446796a441b19d4ed

ISS Security Alert Summary September 10, 1997

Change Mirror Download

I S S X - F o r c e

The Most Wanted Alert List

[1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library
[5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback
[9]Advanced Search

_ Alert Summaries_

ISS Security Alert Summary
September 10, 1997
Volume 1 Number 2


---

8 Reported New Vulnerabilities [10]Back to Alert List
[11]- FreeBSD-procfs
[12]- wu_ftpd
[13]- majordomo
[14]- SGI-webdist
[15]- AIX-syslogd
[16]- IEcorrupt
[17]- HP-vue/dt
[18]- AIX-bugfiler

2 Updates
[19]- xlock (HP-UX)
[20]- libXt (HP-UX)

---

Date Reported: 8/12/97
Vulnerability: FreeBSD-procfs
Affected Platforms: FreeBSD (2.1.x, 2.2.x)
Risk Factor: High

procfs is used by programs like ps to interface processes on a system. It
contains a bug that allows procfs processes to write memory of other
processes. This allows any local user to gain root privileges.

Reference:

[21]http://ciac.llnl.gov/ciac/bulletins/h-101.shtml
[22]ftp://freebsd.org/pub/CERT/advisories/FreeBSD-SA-97%3A04.procfs.asc

[23]Top of Page || [24]Back to Alert List


---

Date Reported: 8/15/97
Vulnerability: wu_ftpd
Affected Platforms: BSDI (3.0)
FreeBSD (2.2.1)
SunOS (4.1.3)
(others likely, untested as of 9/9/97)
Risk Factor: Medium

A denial of service attack exists in all versions of wu_ftp servers. It
is possible to create large directory listings with a recursive nlist
command. CPU usage can rise to up to 99% and with multiple attacks can
stay that way for hours.

Reference:

Posted on security@FreeBSD.ORG. Subject: FTP compromise.

[25]Top of Page || [26]Back to Alert List


---

Date Reported: 8/24/97
Vulnerability: majordomo
Affected Platforms: Any platform running majordomo server
Risk Factor Medium

majordomo is a program that is used to subscribe and unsubscribe users to
mailing lists on a system. It contains a bug that allows both local and
remote users to execute commands with the privileges of the user running
the majordomo server. If the server has a list that includes the
'advertise' or 'noadvertise' lines in the configuration file, the server
is vulnerable.

[27]Top of Page || [28]Back to Alert List


---

Date Reported: 5/6/97 (original), 8/26/97 (updated)
Vulnerability: sgi-webdist
Affected Platforms: IRIX (5.3, 6.0.1, 6.1, 6.2, 6.3, 6.4)
Risk Factor: High

webdist.cgi is a cgi program that allows users to install software via a
web interface. It does not check arguements passed to it sufficiently
and therefore allows for the execution of commands with uid of the httpd
server, which on some insecure networks, could be privileged accounts.


Reference:
[29]ftp://sgigate.sgi.com/security/19970501-02-PX
[30]ftp://info.cert.org/pub/cert_advisories/CA-97.12.webdist

[31]Top of Page || [32]Back to Alert List


---

Date Reported: 8/27/97
Vulnerability: AIX-syslogd
Affected Platforms: AIX (4.1, 4.2)
Risk Factor: Medium

Because syslogd logs remote messages by default, AIX is vulnerable
to denial of service attacks as well as fake messages being logged to
syslog. A temporary fix is avaliable and patches will be announced as
soon as they become public.

Temporary Fix:
[33]ftp://testcase.software.ibm.com/aix/fromibm/security.syslogd.tar.Z

[34]Top of Page || [35]Back to Alert List


---

Date Reported: 9/5/97
Vulnerability: IEcorrupt
Affected Platforms: Windows NT/95
(running Microsoft Internet Explorer 3 or 4)
Risk Factor: High

A security hole exists in Microsoft's Internet Explorer web browser that
allows malicious web pages to corrupt files of viewers of that page.
Although this is not a bug in Java, it is a bug in Microsoft's extensions
to Java. This problem will be fixed in the release of Microsoft's
Internet Explorer 4 which should be out towards the end of September.

Reference:
[36]http://web.mit.edu/twm/www/expbug2/

[37]Top of Page || [38]Back to Alert List


---

Date Reported: 9/8/97
Vulnerability: HP-vue/dt
Affected Platforms: HP-UX (9.x, 10.x)
Risk Factor: Medium

Xserver programs vuefile, vuepad, dtfile, and dtpad do not authenticate
users. If a user runs one of these programs while su'd to another user,
it can result in allowed access to their accounts. Although there is no
patch for this problem, a good solution would be to avoid running these
programs when su'd to another account.

Reference:
HP Security Bulletin #00069 - [39]http://us-support.external.hp.com/

[40]Top of Page || [41]Back to Alert List


---

Date Reported: 9/8/97
Vulnerability: AIX-bugfiler
Affected Platforms: AIX (3.x)
Risk Factor: High

bugfiler is a program that automatically stores bug reports in specified
mail directories specified by the MailDirectory variable after summarizing
them. This program is setuid root which makes it possible for users to
circumvent file access restrictions. On some systems, this allows root
access to be gained.

Reference:
Posted on comp.security.unix - Subject: (fwd) AIX bugfiler vulnerability

[42]Top of Page || [43]Back to Alert List


------

Update: libXt (ISS Security Alert Summary v1 n1)
Date: 9/8/97
Vendor: Hewlett Packard
Platform: HP-UX (9.x, 10.x)

Hewlett Packard has released patches for buffer overflow problems in the
Xt library. These patches can be obtained from HP's patch site:
http://us-support.external.hp.com/

Reference:
HP Security Bulletin #00058 - [44]http://us-support.external.hp.com/

[45]Top of Page || [46]Back to Alert List


---

Update: xlock (ISS Security Alert Summary v1 n1)
Date: 9/8/97
Vendor: Hewlett Packard
Platform: HP-UX (any version with vhelock)

Hewlett Packard has released patches for buffer overflow problems in
X11/Motif libraries. These patches can be obtained from HP's patch site:
http://us-support.external.hp.com/

Reference:
HP Security Bulletin #00067 - [47]http://us-support.external.hp.com/

[48]Top of Page || [49]Back to Alert List


---
Risk Factor Key:

High any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium any vulnerability that provides information that has a
high potential of giving access to an intruder. Example:
A misconfigured TFTP or vulnerable NIS server that allows
an intruder to get the password file that possibly can
contain an account with a guessable password.
Low any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via bruteforce.


[50]Top of Page || [51]Back to Alert List

--------
Copyright (c) 1997 by Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this Alert Summary
electronically. It is not to be edited in any way without express consent
of X-Force. If you wish to reprint the whole or any part of this
Alert Summary in any other medium excluding electronic medium, please
e-mail [52]xforce@iss.net for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is
at the user's own risk.

Please send suggestions, updates, and comments to:
X Force [53]xforce@iss.net of Internet Security Systems, Inc.

Internet Security Systems, Inc.

Internet Security Systems, Inc., (ISS) is the pioneer and world's leading
supplier of network security assessment and monitoring tools, providing
comprehensive software that enables organizations to proactively manage
and minimize their network security risks. ISS' SAFEsuite® product
family automatically detects, monitors, and responds to the growing number
of network security vulnerabilities and threats. The Atlanta-based
company's flagship product, Internet Scanner, is the world's leading
security auditing tool used to eliminate network security vulnerabilities
in corporations, government agencies, and financial institutions including
9 out of the top 10 U.S. banks. ISS' real time attack recognition and
response tool, RealSecure(tm), is the leading network monitoring software
used to automatically guard networks from external threats and internal
misuse. For more information, contact the company at (800) 776-2362 or
(770) 395-0150 or visit the ISS Web site at [54]http://www.iss.net.

[55]Top of Page || [56]Back to Alert List

[57]News | [58]Serious Fun | [59]Mail Lists | [60]Security Library
[61]Protoworx | [62]Alerts | [63]Submissions | [64]Feedback
[65]Advanced Search

[66]About the Knowledge Base

Copyright ©1994-1998 Internet Security Systems, Inc.
All Rights Reserved. Sales Inquiries: [67]sales@iss.net
6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328
Phone (678) 443-6000 · Fax (678) 443-6477

Read our [68]privacy guidelines.

References

1. http://xforce.iss.net/news.php3
2. http://xforce.iss.net/seriousfun/
3. http://xforce.iss.net/maillists/
4. http://xforce.iss.net/library/
5. http://xforce.iss.net/protoworx/
6. http://xforce.iss.net/alerts/
7. http://xforce.iss.net/submission.php3
8. http://xforce.iss.net/feedback.php3
9. http://xforce.iss.net/search.php3
10. http://xforce.iss.net/alerts/alerts.php3
11. http://xforce.iss.net/alerts/vol-1_num-2.php3#free
12. http://xforce.iss.net/alerts/vol-1_num-2.php3#ftpd
13. http://xforce.iss.net/alerts/vol-1_num-2.php3#major
14. http://xforce.iss.net/alerts/vol-1_num-2.php3#sgi
15. http://xforce.iss.net/alerts/vol-1_num-2.php3#aix
16. http://xforce.iss.net/alerts/vol-1_num-2.php3#corrupt
17. http://xforce.iss.net/alerts/vol-1_num-2.php3#vue
18. http://xforce.iss.net/alerts/vol-1_num-2.php3#bugfiler
19. http://xforce.iss.net/alerts/vol-1_num-2.php3#xlockupdate
20. http://xforce.iss.net/alerts/vol-1_num-2.php3#libxtupdate
21. http://ciac.llnl.gov/ciac/bulletins/h-101.shtml
22. ftp://freebsd.org/pub/CERT/advisories/FreeBSD-SA-97%3A04.procfs.asc
23. http://xforce.iss.net/alerts/vol-1_num-2.php3#list
24. http://xforce.iss.net/alerts/alerts.php3
25. http://xforce.iss.net/alerts/vol-1_num-2.php3#list
26. http://xforce.iss.net/alerts/alerts.php3
27. http://xforce.iss.net/alerts/vol-1_num-2.php3#list
28. http://xforce.iss.net/alerts/alerts.php3
29. ftp://sgigate.sgi.com/security/19970501-02-PX
30. ftp://info.cert.org/pub/cert_advisories/CA-97.12.webdist
31. http://xforce.iss.net/alerts/vol-1_num-2.php3#list
32. http://xforce.iss.net/alerts/alerts.php3
33. ftp://testcase.software.ibm.com/aix/fromibm/security.syslogd.tar.Z
34. http://xforce.iss.net/alerts/vol-1_num-2.php3#list
35. http://xforce.iss.net/alerts/alerts.php3
36. http://web.mit.edu/twm/www/expbug2/
37. http://xforce.iss.net/alerts/vol-1_num-2.php3#list
38. http://xforce.iss.net/alerts/alerts.php3
39. http://us-support.external.hp.com/
40. http://xforce.iss.net/alerts/vol-1_num-2.php3#list
41. http://xforce.iss.net/alerts/alerts.php3
42. http://xforce.iss.net/alerts/vol-1_num-2.php3#list
43. http://xforce.iss.net/alerts/alerts.php3
44. http://us-support.external.hp.com/
45. http://xforce.iss.net/alerts/vol-1_num-2.php3#list
46. http://xforce.iss.net/alerts/alerts.php3
47. http://us-support.external.hp.com/
48. http://xforce.iss.net/alerts/vol-1_num-2.php3#list
49. http://xforce.iss.net/alerts/alerts.php3
50. http://xforce.iss.net/alerts/vol-1_num-2.php3#list
51. http://xforce.iss.net/alerts/alerts.php3
52. mailto:x-force@iss.net
53. mailto:x-force@iss.net
54. http://www.iss.net/
55. http://xforce.iss.net/alerts/vol-1_num-2.php3#list
56. http://xforce.iss.net/alerts/alerts.php3
57. http://xforce.iss.net/news.php3
58. http://xforce.iss.net/seriousfun/
59. http://xforce.iss.net/maillists/
60. http://xforce.iss.net/library/
61. http://xforce.iss.net/protoworx/
62. http://xforce.iss.net/alerts/
63. http://xforce.iss.net/submission.php3
64. http://xforce.iss.net/feedback.php3
65. http://xforce.iss.net/search.php3
66. http://xforce.iss.net/about.php3
67. http://xforce.iss.net/cgi-bin/getSGIInfo.pl
68. http://xforce.iss.net/privacy.php3
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close