what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ISS Security Alert Summary November 5, 1997

ISS Security Alert Summary November 5, 1997
Posted Jul 15, 1999

ISS Security Alert Summary for November 5, 1997.

SHA-256 | 3038a9619464c01ec344f166326bb8d1732c39f74e9583cbddee0c79460d389b

ISS Security Alert Summary November 5, 1997

Change Mirror Download

I S S X - F o r c e

The Most Wanted Alert List

[1]News | [2]Serious Fun | [3]Mail Lists | [4]Security Library
[5]Protoworx | [6]Alerts | [7]Submissions | [8]Feedback
[9]Advanced Search

_ Alert Summaries_


ISS Security Alert Summary
November 5, 1997
Volume 1 Number 6

_X-Force Vulnerability and Threat Database:_ [10]http://www.iss.net/xforce
To receive these Alert Summaries, subscribe to the
ISS Alert mailing list by sending an e-mail to [11]majordomo@iss.net
and within the body of the message type: 'subscribe alert'.
___

Index

12 Reported New Vulnerabilities [12]Back to Alert List

[13]- HP-cde
[14]- FreeBSD-open
[15]- IBM-portmir
[16]- IBM-piodmgrsu
[17]- IBM-nslookup
[18]- IBM-ftp
[19]- Sun-niscache
[20]- Sun-ftpd/rlogind
[21]- Sun-sysdef
[22]- IBM-libDtSvc
[23]- bsd-tel-tgetent
[24]- linux-lpd

1 Vulnerability Update
[25]- Sun-rlogin

[26]Top of Page || [27]Back to Alert List

Comparative Network Security Scanner Review

Risk Factor Key
__

Date Reported: 10/29/97
Vulnerability: HP-cde
Affected Platforms: HP-UX (10.10, 10.20, 10.30)
Risk Factor: High

Hewlett Packard's Common Desktop Environment is a windowing system that
contains session and window management tools, network services, and other
common desktop tools. Several setuid and setgid programs have buffer
overflow conditions that can be exploited to gain unauthorized privileges.
HP has release patches that correct these problems.

References:
HP Security Bulletin #00072 - [28]http://us-support.external.hp.com/
[29]http://ciac.llnl.gov/ciac/bulletins/i-009.shtml

[30]Top of Page || [31]Back to Alert List
___

Date Reported: 10/29/97
Vulnerability: FreeBSD-open
Affected Platforms: FreeBSD (2.1.x, 2.2.x)
FreeBSD-stable
FreeBSD-current
Risk Factor: High

A problem exists in in the way that FreeBSD's open() system call obtains
the right to execute io instructions. This would allow any local user to
exploit this problem to execute unauthorized io instructions. The problem
in open() has been corrected in FreeBSD-current 1997/10/24.

Reference:
[32]ftp://freebsd.org/pub/CERT/advisories/FreeBSD-SA-97%3A05.open.asc

[33]Top of Page || [34]Back to Alert List
___

Date Reported: 10/29/97
Vulnerability: IBM-portmir
Affected Platforms: AIX (4.2.1)
Risk Factor: High

Multiple vulnerabilities in AIX's portmir command exist that allow local
users to obtain unauthorized root privileges.

Reference:
[35]http://www.ers.ibm.com/tech-info/advisories/sva/1997/ERS-SVA-E01-1997:006.1
.txt
[36]http://ciac.llnl.gov/ciac/bulletins/i-011.shtml

[37]Top of Page || [38]Back to Alert List
___

Date Reported: 10/29/97
Vulnerability: IBM-piodmgrsu
Affected Platforms: AIX (4.1, 4.2)
Risk Factor: Medium

Piodmgrsu is a program that performs various operations on the printer
backend's alternate ODM database. It contains a vulnerability in the way
that is passes environment variables to child processes that allows local
users to obtain access to the printq group.

Reference:
[39]http://www.ers.ibm.com/tech-info/advisories/sva/1997/ERS-SVA-E01-1997:007.1
.txt
[40]http://ciac.llnl.gov/ciac/bulletins/i-010.shtml

[41]Top of Page || [42]Back to Alert List
___

Date Reported: 10/29/97
Vulnerability: IBM-nslookup
Affected Platforms: AIX (4.1, 4.2)
Risk Factor: High

Nslookup is a program that is used to query Internet domain name servers
and return various information about hosts. It contains a vulnerability
that allows local users to obtain unauthorized root access.

Reference:
[43]http://www.ers.ibm.com/tech-info/advisories/sva/1997/ERS-SVA-E01-1997:008.1
.txt
[44]http://ciac.llnl.gov/ciac/bulletins/i-010.shtml

[45]Top of Page || [46]Back to Alert List
___

Date Reported: 10/29/97
Vulnerability: IBM-ftp
Affected Platforms: AIX (3.2, 4.1, 4.2)
Risk Factor: High

The File Transfer Protocol (ftp) client contains a vulnerability in that
it can be tricked into executing arbitrary commands. Remote servers can
name a file preceded by the | symbol, and the local ftp client will
execute that file as a shell script on the local machine. It is possible
that root access could be acquired using this trick.

Reference:
[47]http://www.ers.ibm.com/tech-info/advisories/sva/1997/ERS-SVA-E01-1997:009.1
.txt

[48]Top of Page || [49]Back to Alert List
___

Date Reported: 10/28/97
Vulnerability: Sun-niscache
Affected Platforms: Solaris (2.4, 2.5, 2.5.1)
Risk Factor: High

The program nis_cachemgr is used by NIS+ to cache location information of
NIS+ servers. This would allow an attacker to potentially add directory
objects to the shared cache and specify rogue NIS+ servers that they
control.

References:
[50]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-155.txt
[51]http://ciac.llnl.gov/ciac/bulletins/i-007.shtml

[52]Top of Page || [53]Back to Alert List
___

Date Reported: 10/28/97
Vulnerability: Sun-ftpd/rlogind
Affected Platforms: Solaris (2.3, 2.4, 2.5, 2.5.1)
SunOS (4.1.3, 4.1.4)
Risk Factor: High

A vulnerability exists in the Internet File Transfer Protocol server
process (in.ftpd) and the rlogin server process (in.rlogind). The
attacker can execute arbitrary commands on the host by connecting from the
ftp server's data port to the rlogin server on a trusted host.

References:
[54]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-156.txt
[55]http://ciac.llnl.gov/ciac/bulletins/i-007.shtml

[56]Top of Page || [57]Back to Alert List
___

Date Reported: 10/28/97
Vulnerability: Sun-sysdef
Affected Platforms: Solaris (2.3, 2.4, 2.5, 2.5.1)
Risk Factor: High

The command, sysdef, is used to display current system information such as
hardware devices, system devices, kernel parameters, etc. It contains a
vulnerability that would allow local users to read kernel memory. Kernel
memory can contain such information as un encrypted passwords, and could
possibly lead to root access.

References:
[58]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-157.txt
[59]http://ciac.llnl.gov/ciac/bulletins/i-007.shtml

[60]Top of Page || [61]Back to Alert List
___

Date Reported: 10/28/97
Vulnerability: IBM-libDtSvc
Affected Platforms: AIX (4.1, 4.2)
Risk Factor: High

AIX has a buffer overflow in the libDtSrv.a library that allows
unauthorized local users to obtain root privileges. An exploit for this
vulnerability was posted on a security mailing list and is publicly
available.

Reference:
[62]http://www.ers.ibm.com/tech-info/advisories/sva/1997/ERS-SVA-E01-1997:005.1
.txt
[63]http://ciac.llnl.gov/ciac/bulletins/i-010.shtml

[64]Top of Page || [65]Back to Alert List
___

Date Reported: 10/21/97
Vulnerability: bsd-tel-tgetent
Affected Platforms: BSD/OS (2.1)
Risk Factor: High

The telnet daemon, telnetd, contains a vulnerability in its tgetent
library routine. By manipulating environment variables which are passed
to the telnet daemon, an attacker can produce a buffer overflow to obtain
root privileges.

Reference:
[66]ftp://ftp.secnet.com/pub/advisories/SNI-20.telnetd.tgetent.advisory

[67]Top of Page || [68]Back to Alert List
___

Date Reported: 10/6/97
Vulnerability: linux-lpd
Affected Platforms: Linux (Redhat 4.2)
Risk Factor: High

The first problem is that Redhat calls the printfilter software package
when any file is being printed. After determining the file type,
printfilter applies the appropriate filter to the file so that it can be
printed properly. Some filters use the /tmp directory to write in,
therefore local users can create system links that will overwrite files
with uid bin and gid root. The second problem concerns groff requests
that allows local as well as remote users execute programs as uid bin and
gid root, which can easily lead to root access.

Reference:
[69]http://www.dec.net/ksrt/adv4.html

[70]Top of Page || [71]Back to Alert List
___

Date: 10/28/97
Update: Sun-rlogin
Vendor: Sun Microsystems, Inc.
Platforms: Solaris (2.3, 2.4, 2.5, 2.5.1)
SunOS (4.1.3, 4.1.4)

Sun has released patches for the rlogin vulnerability in which the TERM
environment variable is copied to an internal buffer. The buffer can be
overflowed and arbitrary code can be executed. Since rlogin is setuid
root, local accounts would be able obtain unauthorized root access.

References:
[72]http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-158.txt
[73]http://ciac.llnl.gov/ciac/bulletins/h-25a.shtml
[74]ftp://info.cert.org/pub/cert_advisories/CA-97.06.rlogin-term

For a comparative review of five network security scanners, see
Network World Magazine. [75]http://www.nwfusion.com and register for a login.
Review: [76]http://www.nwfusion.com/reviews/1027rev.html

[77]Top of Page || [78]Back to Alert List

---
Risk Factor Key:

High any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium any vulnerability that provides information that has a
high potential of giving access to an intruder. Example:
A misconfigured TFTP or vulnerable NIS server that allows
an intruder to get the password file that possibly can
contain an account with a guessable password.
Low any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force.

Developed and maintained by renown security experts, the X-Force Computer
Vulnerability and Threat Database is the world's most comprehensive
on-line source for information on network security risks. It details
hundreds of network security vulnerabilities and threats, including
information on the relative severity of each risk, and recommended
corrective actions to tighten security holes. Visit it at
[79]http://www.iss.net/xforce

Internet Security Systems, Inc., (ISS) is the pioneer and world's
leading supplier of network security assessment and intrusion detection
tools, providing comprehensive software that enables organizations to
proactively manage and minimize their network security risks. For more
information, contact the company at (800) 776-2362 or (770) 395-0150 or
visit the ISS Web site at [80]http://www.iss.net

[81]Top of Page || [82]Back to Alert List

--------
Copyright (c) 1997 by Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this Alert Summary
electronically. It is not to be edited in any way without express consent
of X-Force. If you wish to reprint the whole or any part of this
Alert Summary in any other medium excluding electronic medium, please
e-mail [83]xforce@iss.net for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is
at the user's own risk.

X-Force PGP Key available at: [84]http://www.iss.net/xforce/sensitive.html
as well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to:
X Force [85]xforce@iss.net of Internet Security Systems, Inc.

[86]Top of Page || [87]Back to Alert List

[88]News | [89]Serious Fun | [90]Mail Lists | [91]Security Library
[92]Protoworx | [93]Alerts | [94]Submissions | [95]Feedback
[96]Advanced Search

[97]About the Knowledge Base

Copyright ©1994-1998 Internet Security Systems, Inc.
All Rights Reserved. Sales Inquiries: [98]sales@iss.net
6600 Peachtree-Dunwoody Rd · Bldg 300 · Atlanta, GA 30328
Phone (678) 443-6000 · Fax (678) 443-6477

Read our [99]privacy guidelines.

References

1. http://xforce.iss.net/news.php3
2. http://xforce.iss.net/seriousfun/
3. http://xforce.iss.net/maillists/
4. http://xforce.iss.net/library/
5. http://xforce.iss.net/protoworx/
6. http://xforce.iss.net/alerts/
7. http://xforce.iss.net/submission.php3
8. http://xforce.iss.net/feedback.php3
9. http://xforce.iss.net/search.php3
10. http://www.iss.net/xforce
11. mailto:majordomo@iss.net
12. http://xforce.iss.net/alerts/alerts.php3
13. http://xforce.iss.net/alerts/vol-1_num-6.php3#HP-cde
14. http://xforce.iss.net/alerts/vol-1_num-6.php3#FreeBSD-open
15. http://xforce.iss.net/alerts/vol-1_num-6.php3#portmir
16. http://xforce.iss.net/alerts/vol-1_num-6.php3#piodmgrsu
17. http://xforce.iss.net/alerts/vol-1_num-6.php3#lookup
18. http://xforce.iss.net/alerts/vol-1_num-6.php3#ftp
19. http://xforce.iss.net/alerts/vol-1_num-6.php3#niscache
20. http://xforce.iss.net/alerts/vol-1_num-6.php3#rlogind
21. http://xforce.iss.net/alerts/vol-1_num-6.php3#sysdef
22. http://xforce.iss.net/alerts/vol-1_num-6.php3#libDtSvc
23. http://xforce.iss.net/alerts/vol-1_num-6.php3#tgetent
24. http://xforce.iss.net/alerts/vol-1_num-6.php3#linux
25. http://xforce.iss.net/alerts/vol-1_num-6.php3#rlogin
26. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
27. http://xforce.iss.net/alerts/alerts.php3
28. http://us-support.external.hp.com/
29. http://ciac.llnl.gov/ciac/bulletins/i-009.shtml
30. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
31. http://xforce.iss.net/alerts/alerts.php3
32. ftp://freebsd.org/pub/CERT/advisories/FreeBSD-SA-97%3A05.open.asc
33. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
34. http://xforce.iss.net/alerts/alerts.php3
35. http://www.ers.ibm.com/tech-info/advisories/sva/1997/ERS-SVA-E01-1997:006.1.txt
36. http://ciac.llnl.gov/ciac/bulletins/i-011.shtml
37. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
38. http://xforce.iss.net/alerts/alerts.php3
39. http://www.ers.ibm.com/tech-info/advisories/sva/1997/ERS-SVA-E01-1997:007.1.txt
40. http://ciac.llnl.gov/ciac/bulletins/i-010.shtml
41. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
42. http://xforce.iss.net/alerts/alerts.php3
43. http://www.ers.ibm.com/tech-info/advisories/sva/1997/ERS-SVA-E01-1997:008.1.txt
44. http://ciac.llnl.gov/ciac/bulletins/i-010.shtml
45. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
46. http://xforce.iss.net/alerts/alerts.php3
47. http://www.ers.ibm.com/tech-info/advisories/sva/1997/ERS-SVA-E01-1997:009.1.txt
48. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
49. http://xforce.iss.net/alerts/alerts.php3
50. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-155.txt
51. http://ciac.llnl.gov/ciac/bulletins/i-007.shtml
52. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
53. http://xforce.iss.net/alerts/alerts.php3
54. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-156.txt
55. http://ciac.llnl.gov/ciac/bulletins/i-007.shtml
56. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
57. http://xforce.iss.net/alerts/alerts.php3
58. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-157.txt
59. http://ciac.llnl.gov/ciac/bulletins/i-007.shtml
60. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
61. http://xforce.iss.net/alerts/alerts.php3
62. http://www.ers.ibm.com/tech-info/advisories/sva/1997/ERS-SVA-E01-1997:005.1.txt
63. http://ciac.llnl.gov/ciac/bulletins/i-010.shtml
64. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
65. http://xforce.iss.net/alerts/alerts.php3
66. ftp://ftp.secnet.com/pub/advisories/SNI-20.telnetd.tgetent.advisory
67. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
68. http://xforce.iss.net/alerts/alerts.php3
69. http://www.dec.net/ksrt/adv4.html
70. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
71. http://xforce.iss.net/alerts/alerts.php3
72. http://sunsolve.sun.com/sunsolve/secbulletins/security-alert-158.txt
73. http://ciac.llnl.gov/ciac/bulletins/h-25a.shtml
74. ftp://info.cert.org/pub/cert_advisories/CA-97.06.rlogin-term
75. http://www.nwfusion.com/
76. http://www.nwfusion.com/reviews/1027rev.html
77. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
78. http://xforce.iss.net/alerts/alerts.php3
79. http://www.iss.net/xforce
80. http://www.iss.net/
81. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
82. http://xforce.iss.net/alerts/alerts.php3
83. mailto:xforce@iss.net
84. http://xforce.iss.net/alerts/sensitive.html
85. mailto:xforce@iss.net
86. http://xforce.iss.net/alerts/vol-1_num-6.php3#list
87. http://xforce.iss.net/alerts/alerts.php3
88. http://xforce.iss.net/news.php3
89. http://xforce.iss.net/seriousfun/
90. http://xforce.iss.net/maillists/
91. http://xforce.iss.net/library/
92. http://xforce.iss.net/protoworx/
93. http://xforce.iss.net/alerts/
94. http://xforce.iss.net/submission.php3
95. http://xforce.iss.net/feedback.php3
96. http://xforce.iss.net/search.php3
97. http://xforce.iss.net/about.php3
98. http://xforce.iss.net/cgi-bin/getSGIInfo.pl
99. http://xforce.iss.net/privacy.php3
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close