I S S   X - F o r c e
                                      
                         The Most Wanted Alert List
                                      
       [1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library
          [5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback
                             [9]Advanced Search
                                      
   _ Alert Summaries_

ISS Security Alert Summary
September 24, 1997
Volume 1 Number 3


---

5 Reported New Vulnerabilities                  [10]Back to Alert List
 [11]- SGI-schemebo
 [12]- rdist-bo3
 [13]- Sun-libX11bo
 [14]- OpenBSD-iosig
 [15]- SGI-lockout

---

Date Reported:          9/15/97
Vulnerability:          SGI-schemebo
Affected Platforms:     IRIX (5.0.x, 5.1.x, 5.2, 5.3, 6.0.x,
                              6.1, 6.2, 6.3, 6.4)
Risk Factor:            High

SGI uses /usr/lib/iaf/scheme as its login program which allows arguments
to be passed to it.  An attacker can send a set of arguments that can
result in a buffer overflow condition.  Arbitrary commands can be executed
as a result of this vulnerability as a privileged account.

References:
[16]ftp://sgigate.sgi.com/security/19970508-02-PX
[17]http://ciac.llnl.gov/ciac/bulletins/h-106.shtml

[18]Top of Page || [19]Back to Alert List


---

Date Reported:          9/16/97
Vulnerability:          rdist-bo3
Affected Platforms:     AIX (3.2, 4.1, 4.2)
                        FreeBSD (2.1.0)
                        Solaris (currently producting patches)
                        SunOS (currently producing patches)
Risk Factor:            High

A buffer overflow problem has been found in set-uid 'root' versions of
rdist.  It is possible to make rdist execute user created code as 'root'
which results in the execution of arbitrary commands such as /usr/bin/csh.

References:
[20]ftp://info.cert.org/pub/cert_advisories/CA-97.23.rdist
[21]http://ciac.llnl.gov/ciac/bulletins/h-107.shtml

[22]Top of Page || [23]Back to Alert List


---

Date Reported:          9/17/97
Vulnerability:          Sun-libX11bo
Affected Platforms:     SunOS (4.1.3, 4.1.4)
                        Solaris (2.3, 2.4, 2.5, 2.5.1)
Risk Factor:            High

The X Windows system library, libX11, contains several buffer overflows
that may be exploited through setuid and setgid programs that link libX11.
These exploits can lead to increased access including the 'root' user
account.

References:
[24]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-154.txt
[25]http://ciac.llnl.gov/ciac/bulletins/h-108.shtml

[26]Top of Page || [27]Back to Alert List


---

Date Reported:          9/15/97
Vulnerability:          OpenBSD-iosig
Affected Platforms:     BSD (4.4 based)
                            - BSDI
                            - NetBSD
                            - OpenBSD
                            - FreeBSD
Risk Factor:            Medium

OpenBSD (as well as other 4.4BSD kernel based operating systems)
contains
a vulnerability in the way it handles certain i/o signals.  This bug
allows unprivileged users to send signals to arbitrary processes of
programs on the system and inturrupt its operation, or even kill the
process all together.

Reference:
[28]http://www.cdc.net/~x/advisories/open-iosig.asc

[29]Top of Page || [30]Back to Alert List


---

Date Reported:          9/15/97
Vulnerability:          SGI-lockout
Affected Platforms:     IRIX (5.0.x, 5.1.x, 5.2, 5.3, 6.0.x,
                              6.1, 6.2, 6.3, 6.4)
Risk Factor:            Low

A vulnerability exists in IRIX's login program.  LOCKOUT is used to
lock out accounts when a given number of unsuccessful login attempts
has been reached.  When the LOCKOUT value is set to a value greater than
zero, files can be created or corrupted.

References:
[31]ftp://sgigate.sgi.com/security/19970508-02-PX
[32]http://ciac.llnl.gov/ciac/bulletins/h-106.shtml

[33]Top of Page || [34]Back to Alert List


---
Risk Factor Key:

        High    any vulnerability that provides an attacker with immediate
                access into a machine, gains superuser access, or bypasses
                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version
                that allows an intruder to execute commands on mail
                server.
        Medium  any vulnerability that provides information that has a
                high potential of giving access to an intruder.  Example:
                A misconfigured TFTP or vulnerable NIS server that allows
                an intruder to get the password file that possibly can
                contain an account with a guessable password.
        Low     any vulnerability that provides information that
                potentially could lead to a compromise.  Example:  A
                finger that allows an intruder to find out who is online
                and potential accounts to attempt to crack passwords
                via bruteforce.


[35]Top of Page || [36]Back to Alert List

--------
Copyright (c) 1997 by Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this Alert Summary
electronically.  It is not to be edited in any way without express consent
of X-Force.  If you wish to reprint the whole or any part of this
Alert Summary in any other medium excluding electronic medium, please
e-mail [37]xforce@iss.net for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is
at the user's own risk.

Please send suggestions, updates, and comments to:
X Force [38]xforce@iss.net of Internet Security Systems, Inc.

Internet Security Systems, Inc.

Internet Security Systems, Inc., (ISS) is the pioneer and world's leading
supplier of network security assessment and monitoring tools,  providing
comprehensive software that enables organizations to proactively manage
and minimize their network security risks. ISS' SAFEsuite® product
family automatically detects, monitors, and responds to the growing number
of network security vulnerabilities and threats. The Atlanta-based
company's flagship product, Internet Scanner, is the world's leading
security auditing tool used to eliminate network security vulnerabilities
in corporations, government agencies, and financial institutions including
9 out of the top 10 U.S. banks. ISS' real time attack recognition and
response tool, RealSecure(tm), is the leading network monitoring software
used to automatically guard networks from external threats and internal
misuse. For more information, contact the company at (800) 776-2362 or
(770) 395-0150 or visit the ISS Web site at [39]http://www.iss.net.

[40]Top of Page || [41]Back to Alert List

     [42]News | [43]Serious Fun | [44]Mail Lists | [45]Security Library
        [46]Protoworx | [47]Alerts | [48]Submissions | [49]Feedback
                            [50]Advanced Search
                                      
                        [51]About the Knowledge Base
                                      
            Copyright ©1994-1998 Internet Security Systems, Inc.
          All Rights Reserved. Sales Inquiries: [52]sales@iss.net
         6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328
                 Phone (678) 443-6000 · Fax (678) 443-6477
                                      
                      Read our [53]privacy guidelines.

References

   1. http://xforce.iss.net/news.php3
   2. http://xforce.iss.net/seriousfun/
   3. http://xforce.iss.net/maillists/
   4. http://xforce.iss.net/library/
   5. http://xforce.iss.net/protoworx/
   6. http://xforce.iss.net/alerts/
   7. http://xforce.iss.net/submission.php3
   8. http://xforce.iss.net/feedback.php3
   9. http://xforce.iss.net/search.php3
  10. http://xforce.iss.net/alerts/alerts.php3
  11. http://xforce.iss.net/alerts/vol-1_num-3.php3#SCHEMEBO
  12. http://xforce.iss.net/alerts/vol-1_num-3.php3#RDIST
  13. http://xforce.iss.net/alerts/vol-1_num-3.php3#LIB
  14. http://xforce.iss.net/alerts/vol-1_num-3.php3#OPEN
  15. http://xforce.iss.net/alerts/vol-1_num-3.php3#SGI
  16. ftp://sgigate.sgi.com/security/19970508-02-PX
  17. http://ciac.llnl.gov/ciac/bulletins/h-106.shtml
  18. http://xforce.iss.net/alerts/vol-1_num-3.php3#list
  19. http://xforce.iss.net/alerts/alerts.php3
  20. ftp://info.cert.org/pub/cert_advisories/CA-97.23.rdist
  21. http://ciac.llnl.gov/ciac/bulletins/h-107.shtml
  22. http://xforce.iss.net/alerts/vol-1_num-3.php3#list
  23. http://xforce.iss.net/alerts/alerts.php3
  24. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-154.txt
  25. http://ciac.llnl.gov/ciac/bulletins/h-108.shtml
  26. http://xforce.iss.net/alerts/vol-1_num-3.php3#list
  27. http://xforce.iss.net/alerts/alerts.php3
  28. http://www.cdc.net/~x/advisories/open-iosig.asc
  29. http://xforce.iss.net/alerts/vol-1_num-3.php3#list
  30. http://xforce.iss.net/alerts/alerts.php3
  31. ftp://sgigate.sgi.com/security/19970508-02-PX
  32. http://ciac.llnl.gov/ciac/bulletins/h-106.shtml
  33. http://xforce.iss.net/alerts/vol-1_num-3.php3#list
  34. http://xforce.iss.net/alerts/alerts.php3
  35. http://xforce.iss.net/alerts/vol-1_num-3.php3#list
  36. http://xforce.iss.net/alerts/alerts.php3
  37. mailto:x-force@iss.net
  38. mailto:x-force@iss.net
  39. http://www.iss.net/
  40. http://xforce.iss.net/alerts/vol-1_num-3.php3#list
  41. http://xforce.iss.net/alerts/alerts.php3
  42. http://xforce.iss.net/news.php3
  43. http://xforce.iss.net/seriousfun/
  44. http://xforce.iss.net/maillists/
  45. http://xforce.iss.net/library/
  46. http://xforce.iss.net/protoworx/
  47. http://xforce.iss.net/alerts/
  48. http://xforce.iss.net/submission.php3
  49. http://xforce.iss.net/feedback.php3
  50. http://xforce.iss.net/search.php3
  51. http://xforce.iss.net/about.php3
  52. http://xforce.iss.net/cgi-bin/getSGIInfo.pl
  53. http://xforce.iss.net/privacy.php3